#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
260007 |
|
28-Dec-2013 |
trociny |
MFC r257155, r257582, r259191, r259192, r259193, r259194, r259195, r259196:
r257155:
Make hastctl list command output current queue sizes.
Reviewed by: pjd
r257582 (pjd):
Correct alignment.
r259191:
For memsync replication, hio_countdown is used not only as an indication when a request can be moved to done queue, but also for detecting the current state of memsync request.
This approach has problems, e.g. leaking a request if memsynk ack from the secondary failed, or racy usage of write_complete, which should be called only once per write request, but for memsync can be entered by local_send_thread and ggate_send_thread simultaneously.
So the following approach is implemented instead:
1) Use hio_countdown only for counting components we waiting to complete, i.e. initially it is always 2 for any replication mode.
2) To distinguish between "memsync ack" and "memsync fin" responses from the secondary, add and use hio_memsyncacked field.
3) write_complete() in component threads is called only before releasing hio_countdown (i.e. before the hio may be returned to the done queue).
4) Add and use hio_writecount refcounter to detect when write_complete() can be called in memsync case.
Reported by: Pete French petefrench ingresso.co.uk Tested by: Pete French petefrench ingresso.co.uk
r259192:
Add some macros to make the code more readable (no functional chages).
r259193:
Fix compiler warnings.
r259194:
In remote_send_thread, if sending a request fails don't take the request back from the receive queue -- it might already be processed by remote_recv_thread, which lead to crashes like below:
(primary) Unable to receive reply header: Connection reset by peer. (primary) Unable to send request (Connection reset by peer): WRITE(954662912, 131072). (primary) Disconnected from kopusha:7772. (primary) Increasing localcnt to 1. (primary) Assertion failed: (old > 0), function refcnt_release, file refcnt.h, line 62.
Taking the request back was not necessary (it would properly be processed by the remote_recv_thread) and only complicated things.
r259195:
Send wakeup to threads waiting on empty queue before releasing the lock to decrease spurious wakeups.
Submitted by: davidxu
r259196:
Check remote protocol version only for the first connection (when it is actually sent by the remote node).
Otherwise it generated confusing "Negotiated protocol version 1" debug messages when processing the second connection.
|
#
249236 |
|
07-Apr-2013 |
trociny |
MFC r246922 (pjd):
- Add support for 'memsync' mode. This is the fastest replication mode that's why it will now be the default. - Bump protocol version to 2 and add backward compatibility for version 1. - Allow to specify hosts by kern.hostid as well (in addition to hostname and kern.hostuuid) in configuration file.
Sponsored by: Panzura
|
#
234294 |
|
14-Apr-2012 |
trociny |
MFC r233392, r233679:
r233392:
Fix typo.
r233679:
If hastd is invoked with "-P pidfile" option always create pidfile regardless of whether -F (foreground) option is set or not.
Also, if -P option is specified, ignore pidfile setting from configuration not only on start but on reload too. This fixes the issue when for hastd run with -P option reload caused the pidfile change.
Reviewed by: pjd
|
#
231017 |
|
05-Feb-2012 |
trociny |
MFC r229699, r229744, r229778, r229944, r229945, r229946, r230092, r230395, r230396, r230436, r230457, r230515, r230976:
r229744 (pjd):
fork(2) returns -1 on failure, not some random negative number.
r229699 (pjd):
Constify argument.
r229778 (uqs):
Spelling fixes for sbin/
r229944 (pjd):
Don't touch pidfiles when running in foreground. Before that change we would create an empty pidfile on start and check if it changed on SIGHUP.
r229945 (pjd):
For functions that return -1 on failure check exactly for -1 and not for any negative number.
r229946 (pjd):
- Fix a bug where pidfile was removed in SIGHUP when it hasn't changed in configuration file. - Log the fact that pidfile has changed.
r230092 (pjd):
Style cleanups.
r230395 (pjd):
Remove unused token 'port'.
r230396 (pjd):
Remove another unused token.
r230436 (pjd):
Fix minor memory leak.
r230457 (pjd):
Free memory that won't be used in child.
r230515 (pjd):
- Fix documentation to note that /etc/hast.conf is the default configuration file for hastd(8) and hastctl(8) and not hast.conf. - In copyright statement correct that this file is documentation, not software. - Bump date.
r230976 (pjd):
Fix typo in comment.
|
#
229509 |
|
04-Jan-2012 |
trociny |
MFC r225773, r225781, r225782, r225783, r225784, 225785, r225786, r225787, r225830, r225831, r225832, r225835, r226461, r226462, r226463, r226842, r226851, r226852, r226854, r226855, r226856, r226857, r226859, r226861, r228542, r228542, r228543, r228544, r228695, r228696:
r225773 (pjd):
Ensure that pjdlog functions don't modify errno.
r225781 (pjd):
No need to use KEEP_ERRNO() macro around pjdlog functions, as they don't modify errno.
r225782 (pjd):
Prefer PJDLOG_ASSERT() and PJDLOG_ABORT() over assert() and abort(). pjdlog versions will log problem to syslog when application is running in background.
r225783 (pjd):
Correct two mistakes when converting asserts to PJDLOG_ASSERT()/PJDLOG_ABORT().
r225784 (pjd):
- Convert some impossible conditions into assertions. - Add missing 'if' in comment.
r225785 (pjd):
Prefer PJDLOG_ASSERT()/PJDLOG_ABORT() over assert().
r225786 (pjd):
No need to wrap pjdlog functions around with KEEP_ERRNO() macro.
r225787 (pjd):
Use PJDLOG_ASSERT() and PJDLOG_ABORT() everywhere instead of assert().
r225830 (pjd):
After every activemap change flush disk's write cache, so that write reordering won't make the actual write to be committed before marking the coresponding extent as dirty.
It can be disabled in configuration file.
If BIO_FLUSH is not supported by the underlying file system we log a warning and never send BIO_FLUSH again to that GEOM provider.
r225831 (pjd):
Break a bit earlier.
r225832 (pjd):
If the underlying provider doesn't support BIO_FLUSH, log it only once and don't bother trying in the future.
r225835 (pjd):
Correct typo.
r226461 (pjd):
When path to the configuration file is relative, obtain full path, so we can always find the file, even after daemonizing and changing working directory to /.
r226462 (pjd):
Remove redundant space.
r226463 (pjd):
Allow to specify pidfile in HAST configuration file.
r226842 (pjd):
Correct comments.
r226851 (pjd):
Delay resuid generation until first connection to secondary, not until first write. This way on first connection we will synchronize only the extents that were modified during the lifetime of primary node, not entire GEOM provider.
r226852 (pjd):
Minor cleanups.
r226854 (pjd):
- Eliminate the need for hio_nv. - Introduce hio_clear() function for clearing hio before returning it onto free queue.
r226855 (pjd):
Improve comment so it doesn't suggest race is possible, but that we handle the race.
r226856 (pjd):
Reduce indentation.
r226857 (pjd):
Minor cleanups.
r226859 (pjd):
Implement 'async' mode for HAST.
r226861 (pjd):
Remove redundant space.
r228542 (pjd):
Remove redundant setting of the error variable.
Found by: Clang Static Analyzer
r228543 (pjd):
Simplify code by changing functions types from int to avoid, as the functions always return 0.
Found by: Clang Static Analyzer
r228544 (pjd):
Remove redundant assignment.
Found by: Clang Static Analyzer
r228695 (pjd):
Don't use function name as format string.
Detected by: clang
r228696 (pjd):
Use lex's standard way of not generating unused function.
Inspired by: r228555
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
222108 |
|
19-May-2011 |
pjd |
In preparation for IPv6 support allow to specify multiple addresses to listen on.
MFC after: 3 weeks
|
#
221076 |
|
26-Apr-2011 |
trociny |
Rename HASTCTL_ defines, which are used for conversion between main hastd process and workers, remove unused one and set different range of numbers. This is done in order not to confuse them with HASTCTL_CMD defines, used for conversation between hastctl and hastd, and to avoid bugs like the one fixed in in r221075.
Approved by: pjd (mentor) MFC after: 1 week
|
#
220899 |
|
20-Apr-2011 |
pjd |
Correct comment.
MFC after: 1 week
|
#
220898 |
|
20-Apr-2011 |
pjd |
When we become primary, we connect to the remote and expect it to be in secondary role. It is possible that the remote node is primary, but only because there was a role change and it didn't finish cleaning up (unmounting file systems, etc.). If we detect such situation, wait for the remote node to switch the role to secondary before accepting I/Os. If we don't wait for it in that case, we will most likely cause split-brain.
MFC after: 1 week
|
#
220890 |
|
20-Apr-2011 |
pjd |
If we act in different role than requested by the remote node, log it as a warning and not an error.
MFC after: 1 week
|
#
219900 |
|
23-Mar-2011 |
pjd |
Don't create socketpair for connection forwarding between parent and secondary. Secondary doesn't need to connect anywhere.
MFC after: 1 week
|
#
219864 |
|
22-Mar-2011 |
pjd |
White space cleanups.
MFC after: 1 week
|
#
219837 |
|
21-Mar-2011 |
pjd |
Before handling any events on descriptors check signals so we can update our info about worker processes if any of them was terminated in the meantime.
This fixes the problem with 'hastctl status' running from a hook called on split-brain: 1. Secondary calls a hooks and terminates. 2. Hook asks for resource status via 'hastctl status'. 3. The main hastd handles the status request by sending it to the secondary worker who is already dead, but because signals weren't checked yet he doesn't know that and we get EPIPE.
MFC after: 1 week
|
#
219818 |
|
21-Mar-2011 |
pjd |
In hast.conf we define the other node's address in 'remote' variable. This way we know how to connect to secondary node when we are primary. The same variable is used by the secondary node - it only accepts connections from the address stored in 'remote' variable. In cluster configurations it is common that each node has its individual IP address and there is one addtional shared IP address which is assigned to primary node. It seems it is possible that if the shared IP address is from the same network as the individual IP address it might be choosen by the kernel as a source address for connection with the secondary node. Such connection will be rejected by secondary, as it doesn't come from primary node individual IP.
Add 'source' variable that allows to specify source IP address we want to bind to before connecting to the secondary node.
MFC after: 1 week
|
#
219814 |
|
21-Mar-2011 |
pjd |
When creating connection on behalf of primary worker, set pjdlog prefix to resource name and role, so that any logs related to that can be identified properly.
MFC after: 1 week
|
#
219813 |
|
21-Mar-2011 |
pjd |
If there is any traffic on one of out descriptors, we were not checking for long running hooks. Fix it by not using select(2) timeout to decide if we want to check hooks or not.
MFC after: 1 week
|
#
219354 |
|
06-Mar-2011 |
pjd |
Allow to compress on-the-wire data using two algorithms: - HOLE - it simply turns all-zero blocks into few bytes header; it is extremely fast, so it is turned on by default; it is mostly intended to speed up initial synchronization where we expect many zeros; - LZF - very fast algorithm by Marc Alexander Lehmann, which shows very decent compression ratio and has BSD license.
MFC after: 2 weeks
|
#
219351 |
|
06-Mar-2011 |
pjd |
Allow to checksum on-the-wire data using either CRC32 or SHA256.
MFC after: 2 weeks
|
#
218376 |
|
06-Feb-2011 |
pjd |
Now that we break the loop on fstat(2) failure we no longer need to satisfy gcc's imperfections.
MFC after: 1 week
|
#
218375 |
|
06-Feb-2011 |
pjd |
Add (void) cast before snprintf(3)s for which we are not interested in return values.
MFC after: 1 week
|
#
218374 |
|
06-Feb-2011 |
pjd |
Treat fstat(2) failure (different than EBADF) as fatal error.
Reported by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 1 week
|
#
218373 |
|
06-Feb-2011 |
pjd |
Open syslog when logging sysconf(3) failure.
Reported by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 1 week
|
#
218370 |
|
06-Feb-2011 |
pjd |
Close more descriptors that can be open if the worker process for the given resource is already running.
Submitted by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 1 week
|
#
218218 |
|
03-Feb-2011 |
pjd |
Setup another socketpair between parent and child, so that primary sandboxed worker can ask the main privileged process to connect in worker's behalf and then we can migrate descriptor using this socketpair to worker. This is not really needed now, but will be needed once we start to use capsicum for sandboxing.
MFC after: 1 week
|
#
218138 |
|
31-Jan-2011 |
pjd |
- Use pjdlog for assertions and aborts as this will log assert/abort message to syslog if we run in background. - Asserts in proto.c that method we want to call is implemented and remove dummy methods from protocols implementation that are only there to abort the program with nice message.
MFC after: 1 week
|
#
218044 |
|
28-Jan-2011 |
pjd |
Add function to assert that the only descriptors we have open are the ones we expect to be open. Also assert that they point at expected type.
Because openlog(3) API is unable to tell us descriptor number it is using, we have to close syslog socket, remember assert message in local buffer and if we fail on assertion, reopen syslog socket and log the message.
MFC after: 1 week
|
#
218041 |
|
28-Jan-2011 |
pjd |
Add function to close all unneeded descriptors after fork(2).
MFC after: 1 week
|
#
217967 |
|
27-Jan-2011 |
pjd |
Close the control socket before exiting, so it will be unlinked.
MFC after: 1 week
|
#
217965 |
|
27-Jan-2011 |
pjd |
Add functions to initialize/finalize pjdlog. This allows to open/close log file at will.
MFC after: 1 week
|
#
217784 |
|
24-Jan-2011 |
pjd |
Don't open configuration file from worker process. Handle SIGHUP in the master process only and pass changes to the worker processes over control socket. This removes access to global namespace in preparation for capsicum sandboxing.
MFC after: 2 weeks
|
#
217729 |
|
22-Jan-2011 |
pjd |
- On primary worker reload, update hr_exec field. - Update comment.
MFC after: 1 week
|
#
217307 |
|
12-Jan-2011 |
pjd |
Install default signal handlers before masking signals we want to handle. It is possible that the parent process ignores some of them and sigtimedwait() will never see them, eventhough they are masked.
The most common situation for this to happen is boot process where init(8) ignores SIGHUP before starting to execute /etc/rc. This in turn caused hastd(8) to ignore SIGHUP.
Reported by: trasz Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com MFC after: 3 days
|
#
216477 |
|
16-Dec-2010 |
pjd |
Log the fact of launching and include protocol version number.
MFC after: 3 days
|
#
214273 |
|
24-Oct-2010 |
pjd |
Load geom_gate.ko module after parsing arguments.
MFC after: 3 days
|
#
213981 |
|
17-Oct-2010 |
pjd |
Log correct connection when canceling half-open connection.
Submitted by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 3 days
|
#
213430 |
|
04-Oct-2010 |
pjd |
Decrease report interval to 5 seconds, as this also means we will check for signals every 5 seconds and not every 10 seconds as before.
MFC after: 3 days
|
#
213429 |
|
04-Oct-2010 |
pjd |
hook_check() is now only used to report about long-running hooks, so the argument is redundant, remove it.
MFC after: 3 days
|
#
213428 |
|
04-Oct-2010 |
pjd |
We can't mask ignored signal, so install dummy signal hander for SIGCHLD before masking it.
This fixes bogus reports about hooks running for too long and other problems related to garbage-collecting child processes.
Reported by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 3 days
|
#
213009 |
|
22-Sep-2010 |
pjd |
Switch to sigprocmask(2) API also in the main process and secondary process. This way the primary process inherits signal mask from the main process, which fixes a race where signal is delivered to the primary process before configuring signal mask.
Reported by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 3 days
|
#
213008 |
|
22-Sep-2010 |
pjd |
Assert that descriptor numbers are sane.
MFC after: 3 days
|
#
213006 |
|
22-Sep-2010 |
pjd |
Fix descriptor leaks: when child exits, we have to close control and event socket pairs. We did that only in one case out of three.
MFC after: 3 days
|
#
212038 |
|
30-Aug-2010 |
pjd |
Because it is very hard to make fork(2) from threaded process safe (we are limited to async-signal safe functions in the child process), move all hooks execution to the main (non-threaded) process.
Do it by maintaining connection (socketpair) between child and parent and sending events from the child to parent, so it can execute the hook.
This is step in right direction for others reasons too. For example there is one less problem to drop privs in worker processes.
MFC after: 2 weeks Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
|
#
212037 |
|
30-Aug-2010 |
pjd |
We only want to know if descriptors are ready for reading.
MFC after: 2 weeks Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
|
#
211977 |
|
29-Aug-2010 |
pjd |
Allow to run hooks from the main hastd process.
MFC after: 2 weeks Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
|
#
211899 |
|
27-Aug-2010 |
pjd |
When SIGTERM or SIGINT is received, terminate worker processes.
MFC after: 2 weeks Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
|
#
211886 |
|
27-Aug-2010 |
pjd |
Allow to execute specified program on various HAST events.
MFC after: 2 weeks Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
|
#
210886 |
|
05-Aug-2010 |
pjd |
Implement configuration reload on SIGHUP. This includes: - Load added resources. - Stop and forget removed resources. - Update modified resources in least intrusive way, ie. don't touch /dev/hast/<name> unless path to local component or provider name were modified.
Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com MFC after: 1 month
|
#
210883 |
|
05-Aug-2010 |
pjd |
Prepare configuration parsing code to be called multiple times: - Don't exit on errors if not requested. - Don't keep configuration in global variable, but allocate memory for configuration. - Call yyrestart() before yyparse() so that on error in configuration file we will start from the begining next time and not from the place we left of.
MFC after: 1 month
|
#
210879 |
|
05-Aug-2010 |
pjd |
- Use pjdlog_exitx() to log errors and exit instead of errx(). - Use 'unable to' (instead of 'cannot') consistently.
MFC after: 1 month
|
#
209185 |
|
14-Jun-2010 |
pjd |
Correct various log messages.
Submitted by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 3 days
|
#
209177 |
|
14-Jun-2010 |
pjd |
Remove macros that are not really needed. The idea was to have them in case we grow more descriptors, but I'll reconsider readding them once we get there.
Passing (a = b) expression to FD_ISSET() is bad idea, as FD_ISSET() evaluates its argument twice.
Found by: Coverity Prevent CID: 5243 MFC after: 3 days
|
#
207372 |
|
29-Apr-2010 |
pjd |
- Check if the worker process was killed by signal and restart it. - Improve logging.
Pointed out by: Garrett Cooper <yanefbsd@gmail.com> MFC after: 3 days
|
#
207371 |
|
29-Apr-2010 |
pjd |
Fix a problem where hastd will stuck in recv(2) after sending request to secondary, which died between send(2) and recv(2). Do it by adding timeout to recv(2) for primary incoming and outgoing sockets and secondary outgoing socket.
Reported by: Mikolaj Golub <to.my.trociny@gmail.com> Tested by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 3 days
|
#
207348 |
|
28-Apr-2010 |
pjd |
Restart worker thread only if the problem was temporary. In case of persistent problem we don't want to loop forever.
MFC after: 3 days
|
#
207345 |
|
28-Apr-2010 |
pjd |
Use WEXITSTATUS() to obtain real exit code.
MFC after: 3 days
|
#
206696 |
|
16-Apr-2010 |
pjd |
Fix control socket leak when worker process exits.
Submitted by: Mikolaj Golub <to.my.trociny@gmail.com> MFC after: 3 days
|
#
204076 |
|
18-Feb-2010 |
pjd |
Please welcome HAST - Highly Avalable Storage.
HAST allows to transparently store data on two physically separated machines connected over the TCP/IP network. HAST works in Primary-Secondary (Master-Backup, Master-Slave) configuration, which means that only one of the cluster nodes can be active at any given time. Only Primary node is able to handle I/O requests to HAST-managed devices. Currently HAST is limited to two cluster nodes in total.
HAST operates on block level - it provides disk-like devices in /dev/hast/ directory for use by file systems and/or applications. Working on block level makes it transparent for file systems and applications. There in no difference between using HAST-provided device and raw disk, partition, etc. All of them are just regular GEOM providers in FreeBSD.
For more information please consult hastd(8), hastctl(8) and hast.conf(5) manual pages, as well as http://wiki.FreeBSD.org/HAST.
Sponsored by: FreeBSD Foundation Sponsored by: OMCnet Internet Service GmbH Sponsored by: TransIP BV
|