glusterfs.git/rpc/rpc-transport, branch v4.1.3 rpc: set listen-backlog to high value 2018-04-13T03:23:47+00:00 Milind Changire mchangir@redhat.com 2018-04-09T05:56:05+00:00 31da3f1d8513b10d0449a1855fbad5060bd6191d Problem: On node reboot, when glusterd starts volumes rapidly, there's a flood of connections from the bricks to glusterd and from the self-heal daemons to the bricks. This causes SYN Flooding and dropped connections when the listen-backlog is not enough to hold the pending connections to compensate for the rate at which connections are accepted by the RPC layer. Solution: Increase the listen-backlog value to 1024. This is a partial solution. Part of the solution is to rearm the listener socket early for quicker accept() of connections. See commit 6964640a977cb10c0c95a94e03c229918fa6eca8 (change 19833) Change-Id: I62283d1f4990dd43839f9a6932cf8a36effd632c fixes: bz#1564600 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Problem:
On node reboot, when glusterd starts volumes rapidly, there's a flood of
connections from the bricks to glusterd and from the self-heal daemons
to the bricks. This causes SYN Flooding and dropped connections when the
listen-backlog is not enough to hold the pending connections to
compensate for the rate at which connections are accepted by the RPC
layer.

Solution:
Increase the listen-backlog value to 1024. This is a partial solution.
Part of the solution is to rearm the listener socket early for quicker
accept() of connections.
See commit 6964640a977cb10c0c95a94e03c229918fa6eca8 (change 19833)

Change-Id: I62283d1f4990dd43839f9a6932cf8a36effd632c
fixes: bz#1564600
Signed-off-by: Milind Changire <mchangir@redhat.com>
rpc: rearm listener socket early 2018-04-07T03:01:09+00:00 Milind Changire mchangir@redhat.com 2018-04-06T17:49:07+00:00 6964640a977cb10c0c95a94e03c229918fa6eca8 Problem: On node reboot, when glusterd starts volumes, a setup with a large number of bricks might cause SYN Flooding and connections to be dropped if the connections are not accepted quickly enough. Solution: accept() the connection and rearm the listener socket early to receive more connection requests as soon as possible. Change-Id: Ibed421e50284c3f7a8fcdb4de7ac86cf53d4b74e fixes: bz#1564600 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Problem:
On node reboot, when glusterd starts volumes, a setup with a large
number of bricks might cause SYN Flooding and connections to be dropped
if the connections are not accepted quickly enough.

Solution:
accept() the connection and rearm the listener socket early to receive
more connection requests as soon as possible.

Change-Id: Ibed421e50284c3f7a8fcdb4de7ac86cf53d4b74e
fixes: bz#1564600
Signed-off-by: Milind Changire <mchangir@redhat.com>
socket: Improve error logging when loading SSL files fails 2018-03-21T17:44:53+00:00 Niklas Hambüchen mail@nh2.me 2017-11-03T17:53:54+00:00 ba87963b7622e31cacb4348af817c777d1c443ab * Say which file had the problem * Dump openssl error stack Fixes gluster/glusterfs#431. Change-Id: I66e9a0ae7758e9d7d8a5f19cc8ff898f01f2b491 Signed-off-by: Niklas Hambüchen <mail@nh2.me> 
* Say which file had the problem
* Dump openssl error stack

Fixes gluster/glusterfs#431.

Change-Id: I66e9a0ae7758e9d7d8a5f19cc8ff898f01f2b491
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
glusterd: TLS verification fails while using intermediate CA 2018-03-19T19:00:03+00:00 Mohit Agrawal moagrawa@redhat.com 2018-03-14T04:07:52+00:00 cf06dd544004701ef43fa81c5b7a95353d5c1d65 Problem: TLS verification fails while using intermediate CA if mgmt SSL is enabled. Solution: There are two main issue of TLS verification failing 1) not calling ssl_api to set cert_depth 2) The current code does not allow to set certificate depth while MGMT SSL is enabled. After apply this patch to set certificate depth user need to set parameter option transport.socket.ssl-cert-depth <depth> in /var/lib/glusterd/secure_acccess instead to set in /etc/glusterfs/glusterd.vol. At the time of set secure_mgmt in ctx we will check the value of cert-depth and save the value of cert-depth in ctx.If user does not provide any value in cert-depth in that case it will consider default value is 1 BUG: 1555154 Change-Id: I89e9a9e1026e37efb5c20f9ec62b1989ef644f35 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
Problem: TLS verification fails while using intermediate CA
         if mgmt SSL is enabled.

Solution: There are two main issue of TLS verification failing
          1) not calling ssl_api to set cert_depth
          2) The current code does not allow to set certificate depth
             while MGMT SSL is enabled.
          After apply this patch to set certificate depth user
          need to set parameter option transport.socket.ssl-cert-depth <depth>
          in /var/lib/glusterd/secure_acccess instead to set in
          /etc/glusterfs/glusterd.vol. At the time of set secure_mgmt in ctx
          we will check the value of cert-depth and save the value of cert-depth
          in ctx.If user does not provide any value in cert-depth in that case
          it will consider default value is 1

BUG: 1555154
Change-Id: I89e9a9e1026e37efb5c20f9ec62b1989ef644f35
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
socket: options update for GD2 2018-02-19T17:38:36+00:00 Mohit Agrawal moagrawa@redhat.com 2018-01-25T03:23:21+00:00 134c539e79f96691622ed15debaeace2071c6937 All socket options update for GD2 Change-Id: I227c16965e92018a5ab5aacd9c2617fb2735268c Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
All socket options update for GD2

Change-Id: I227c16965e92018a5ab5aacd9c2617fb2735268c
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
protocol: utilize the version 4 xdr 2018-02-01T11:40:24+00:00 Amar Tumballi amarts@redhat.com 2018-01-18T05:01:38+00:00 d663b9a323f34919da3f35bfc221a0aa91d9ab94 updates #384 Change-Id: Id80bf470988dbecc69779de9eb64088559cb1f6a Signed-off-by: Amar Tumballi <amarts@redhat.com> 
updates #384

Change-Id: Id80bf470988dbecc69779de9eb64088559cb1f6a
Signed-off-by: Amar Tumballi <amarts@redhat.com>
build: Link libgfrpc within rpc-transport shared libraries 2018-01-11T12:41:54+00:00 Anoop C S anoopcs@redhat.com 2018-01-08T12:02:05+00:00 0e4fdfbc4fec55cdc3eb6e0e27408682afe22696 Now with https://review.gluster.org/#/c/19056/ merged, we perform dlopen() with RTLD_LOCAL so that every shared library is expected to be explicitly linked against other required libraries. "undefined symbol ..." was seen while trying to access GlusterFS volumes via NFS-Ganesha/Samba using libgfapi resulting in an unusable state. This is a follow-up patch to https://review.gluster.org/#/c/17659/ to make sure that we link libgfrpc too while making socket and rdma rpc-transport shared libraries. Change-Id: I9943cdc449c257ded3cb9f9f2becdd5784d1d82d BUG: 1532238 Signed-off-by: Anoop C S <anoopcs@redhat.com> 
Now with https://review.gluster.org/#/c/19056/ merged, we perform
dlopen() with RTLD_LOCAL so that every shared library is expected to
be explicitly linked against other required libraries.

"undefined symbol ..." was seen while trying to access GlusterFS volumes
via NFS-Ganesha/Samba using libgfapi resulting in an unusable state.

This is a follow-up patch to https://review.gluster.org/#/c/17659/
to make sure that we link libgfrpc too while making socket and rdma
rpc-transport shared libraries.

Change-Id: I9943cdc449c257ded3cb9f9f2becdd5784d1d82d
BUG: 1532238
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Revert "rpc: merge ssl infra with epoll infra" 2018-01-07T03:55:51+00:00 Milind Changire mchangir@redhat.com 2018-01-05T05:47:46+00:00 9b12157fea5ac054106ed14f9d91cdb8bad665c7 This reverts commit 56e5fdae74845dfec0ff7ad0c8fee77695d36ad5. Change-Id: Ia62cee5440bbe8e23f5da9cff692d792091d544a Signed-off-by: Milind Changire <mchangir@redhat.com> 
This reverts commit 56e5fdae74845dfec0ff7ad0c8fee77695d36ad5.

Change-Id: Ia62cee5440bbe8e23f5da9cff692d792091d544a
Signed-off-by: Milind Changire <mchangir@redhat.com>
rpc-transport/rdma: Fix coverity issues in rdma transport 2017-12-28T06:59:04+00:00 Yi Wang wangyi@storswift.com 2017-12-25T17:17:04+00:00 3f0405f3ee81e05666116720c4f136403f778188 Issues: [1] https://download.gluster.org/pub/gluster/glusterfs/static-analysis/master/glusterfs-coverity/2017-12-25-0bc22bef/cov-errors.txt Resolved: [1] rdma.c:128 var_deref_op: Dereferencing null pointer "post". [2] rdma.c:677: Potentially overflowing expression [3] rdma.c:4250: freed_arg: "rpc_transport_unref" frees "peer->trans". [4] rdma.c:4644: var_deref_op: Dereferencing null pointer "rdma_ctx". [5] rdma.c:4945: cond_false: Condition "rdma_ctx != NULL", taking false branch. Change-Id: Iec38f118d645df4131739da412a6c741ebbd2f85 BUG: 789278 Signed-off-by: Yi Wang <wangyi@storswift.com> 
Issues:
[1] https://download.gluster.org/pub/gluster/glusterfs/static-analysis/master/glusterfs-coverity/2017-12-25-0bc22bef/cov-errors.txt

Resolved:
[1] rdma.c:128 var_deref_op: Dereferencing null pointer "post".
[2] rdma.c:677: Potentially overflowing expression
[3] rdma.c:4250: freed_arg: "rpc_transport_unref" frees "peer->trans".
[4] rdma.c:4644: var_deref_op: Dereferencing null pointer "rdma_ctx".
[5] rdma.c:4945: cond_false: Condition "rdma_ctx != NULL", taking false branch.

Change-Id: Iec38f118d645df4131739da412a6c741ebbd2f85
BUG: 789278
Signed-off-by: Yi Wang <wangyi@storswift.com>
all: Simplify component message id's definition 2017-12-14T02:33:51+00:00 Xavier Hernandez jahernan@redhat.com 2017-12-12T21:31:53+00:00 415e0bcc80b350fc75f325b490560f44ba419b20 This patch creates a new way of defining message id's that is easier and less error prone because it doesn't require so many manual changes each time a new component is defined or a new message created. Change-Id: I71ba8af9ac068f5add7e74f316a2478bc991c67b Signed-off-by: Xavier Hernandez <jahernan@redhat.com> 
This patch creates a new way of defining message id's that is easier
and less error prone because it doesn't require so many manual changes
each time a new component is defined or a new message created.

Change-Id: I71ba8af9ac068f5add7e74f316a2478bc991c67b
Signed-off-by: Xavier Hernandez <jahernan@redhat.com>