glusterfs.git/xlators/mgmt/glusterd/src/glusterd-replace-brick.c, branch v3.3.2qa1 localtime and ctime are not MT-SAFE 2013-02-08T20:04:42+00:00 Kaleb S. KEITHLEY kkeithle@redhat.com 2012-06-22T15:25:32+00:00 988460a9f597a489f22d39cd259fdb17fe2e5de6 There are a number of nit-level issues throughout the source with the use of localtime and ctime. While they apparently aren't causing too many problems, apart from the one in bz 828058, they ought to be fixed. Among the "real" problems that are fixed in this patch: 1) general localtime and ctime not MT-SAFE. There's a non-zero chance that another thread calling localtime (or ctime) will over-write the static data about to be used in another thread 2) localtime(& <64-bit-type>) or ctime(& <64-bit-type>) generally not a problem on 64-bit or little-endian 32-bit. But even though we probably have zero users on big-ending 32-bit platforms, it's still incorrect. 3) multiple nested calls passed as params. Last one wins, i.e. over- writes result of prior calls. 4) Inconsistent error handling. Most of these calls are for logging, tracing, or dumping. I submit that if an error somehow occurs in the call to localtime or ctime, the log/trace/dump still should still occur. 5) Appliances should all have their clocks set to UTC, and all log entries, traces, and dumps should use GMT. 6) fix strtok(), change to strtok_r() Other things this patch fixes/changes (that aren't bugs per se): 1) Change "%Y-%m-%d %H:%M:%S" and similar to their equivalent shorthand, e.g. "%F %T" 2) change sizeof(timestr) to sizeof timestr. sizeof is an operator, not a function. You don't use i +(32), why use sizeof(<var>). (And yes, you do use parens with sizeof(<type>).) 3) change 'char timestr[256]' to 'char timestr[32]' where appropriate. Per-thread stack is limited. Time strings are never longer than ~20 characters, so why waste 220+ bytes on the stack? Things this patch doesn't fix: 1) hodgepodge of %Y-%m-%d %H:%M:%S versus %Y/%m/%d-%H%M%S and other variations. It's not clear to me whether this ever matters, not to mention 3rd party log filtering tools may already rely on a particular format. Still it would be nice to have a single manifest constant and have every call to localtime/strftime consistently use the same format. BUG: 832173 Change-Id: Iee9719db4576eacc6c75694d9107954d0912cba8 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: http://review.gluster.org/3613 Reviewed-by: Anand Avati <avati@redhat.com> Tested-by: Anand Avati <avati@redhat.com> 
There are a number of nit-level issues throughout the source with
the use of localtime and ctime. While they apparently aren't causing
too many problems, apart from the one in bz 828058, they ought to be
fixed. Among the "real" problems that are fixed in this patch:
1) general localtime and ctime not MT-SAFE. There's a non-zero chance
   that another thread calling localtime (or ctime) will over-write
   the static data about to be used in another thread
2) localtime(& <64-bit-type>) or ctime(& <64-bit-type>) generally
   not a problem on 64-bit or little-endian 32-bit. But even though
   we probably have zero users on big-ending 32-bit platforms, it's
   still incorrect.
3) multiple nested calls passed as params. Last one wins, i.e. over-
   writes result of prior calls.
4) Inconsistent error handling. Most of these calls are for logging,
   tracing, or dumping. I submit that if an error somehow occurs in
   the call to localtime or ctime, the log/trace/dump still should
   still occur.
5) Appliances should all have their clocks set to UTC, and all log
   entries, traces, and dumps should use GMT.
6) fix strtok(), change to strtok_r()

Other things this patch fixes/changes (that aren't bugs per se):
1) Change "%Y-%m-%d %H:%M:%S" and similar to their equivalent shorthand,
   e.g. "%F %T"
2) change sizeof(timestr) to sizeof timestr. sizeof is an operator,
   not a function. You don't use i +(32), why use sizeof(<var>).
   (And yes, you do use parens with sizeof(<type>).)
3) change 'char timestr[256]' to 'char timestr[32]' where appropriate.
   Per-thread stack is limited. Time strings are never longer than ~20
   characters, so why waste 220+ bytes on the stack?

Things this patch doesn't fix:
1) hodgepodge of %Y-%m-%d %H:%M:%S versus %Y/%m/%d-%H%M%S and other
   variations. It's not clear to me whether this ever matters, not to
   mention 3rd party log filtering tools may already rely on a
   particular format. Still it would be nice to have a single manifest
   constant and have every call to localtime/strftime consistently use
   the same format.

BUG: 832173

Change-Id: Iee9719db4576eacc6c75694d9107954d0912cba8
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/3613
Reviewed-by: Anand Avati <avati@redhat.com>
Tested-by: Anand Avati <avati@redhat.com>
glusterd: Replace-brick should create dst brick path only on 'dst' node. 2012-05-28T17:45:12+00:00 Krishnan Parthasarathi kp@gluster.com 2012-05-23T09:45:51+00:00 063679d8fbeaad7034db33f1dc4cb1713754cb3a Change-Id: I61e6f8aa44dfef85c7cd98f40b176b796422c4b2 BUG: 824302 Signed-off-by: Krishnan Parthasarathi <kp@gluster.com> Reviewed-on: http://review.gluster.com/3457 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
Change-Id: I61e6f8aa44dfef85c7cd98f40b176b796422c4b2
BUG: 824302
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Reviewed-on: http://review.gluster.com/3457
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
glusterd: Fixed glusterd_brick_create_path algo. 2012-05-19T10:27:20+00:00 Krishnan Parthasarathi kp@gluster.com 2012-05-07T08:01:24+00:00 ef3cd63cc95c26fdf7f7a2d8046b4686b02cb836 - check if any prefix of the brick path has "trusted.gfid" or "trusted.glusterfs.volume-id" set. - set trusted.glusterfs.volume-id on the bricks as soon as its induction into the volume is settled. Earlier, the setting of "volume-id" used to happen during the first run of the brick process, leaving of window for bricks part of one volume to be (ab)used by another volume inadvertently. - removed creation of brick directory (if missing), during start volume force. This is to avoid directory creation as part 'force'ful starting of volume and leave the responsibility with the user, who understands the 'availability' of the export directory (brick) better. Change-Id: I4237ec4ea7a4e38a7501027e7de7112edd67de8c BUG: 812214 Signed-off-by: Krishnan Parthasarathi <kp@gluster.com> Reviewed-on: http://review.gluster.com/3280 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> Reviewed-on: http://review.gluster.com/3313 
- check if any prefix of the brick path has "trusted.gfid"
  or "trusted.glusterfs.volume-id" set.
- set trusted.glusterfs.volume-id on the bricks as soon as
  its induction into the volume is settled. Earlier, the setting of
  "volume-id" used to happen during the first run of the brick process,
  leaving of window for bricks part of one volume to be (ab)used by another
  volume inadvertently.
- removed creation of brick directory (if missing), during start volume force.
  This is to avoid directory creation as part 'force'ful starting of volume
  and leave the responsibility with the user, who understands the
  'availability' of the export directory (brick) better.

Change-Id: I4237ec4ea7a4e38a7501027e7de7112edd67de8c
BUG: 812214
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Reviewed-on: http://review.gluster.com/3280
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
Reviewed-on: http://review.gluster.com/3313
glusterd: Fail replace-brick subcmds on bricks other src/dst. 2012-04-28T14:52:13+00:00 Krishnan Parthasarathi kp@gluster.com 2012-04-18T10:15:44+00:00 99bdbb2ed9697bb93f006d4060d4f1aaeb0850af Change-Id: I5b55d3e353e70a9d4d8b7948853cbfa5b001a447 BUG: 811956 Signed-off-by: Krishnan Parthasarathi <kp@gluster.com> Reviewed-on: http://review.gluster.com/3184 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amarts@redhat.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
Change-Id: I5b55d3e353e70a9d4d8b7948853cbfa5b001a447
BUG: 811956
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Reviewed-on: http://review.gluster.com/3184
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
glusterd: Fixed replace-brick commit_force algo. 2012-03-27T17:34:13+00:00 Krishnan Parthasarathi kp@gluster.com 2012-02-13T13:45:17+00:00 c3c4ee24a64a2447f77788cb84559f1e07a21e04 - commit force subcommand of replace-brick (rb) should be allowed even if source brick is (irrecoverably) offline. - modified rb_timer to be active only for start subcommand. This is important since, the rb timer event relies on src_brick and dst_brick objects to be 'alive' when it 'happens'. In the case of abort/commit/commit force it is very likely that src_brick and/or dst_brick objects could have been destroyed. Change-Id: Ib8b8a4d690fbdd6f99b8aff306490eb59c54a437 BUG: 772845 Signed-off-by: Krishnan Parthasarathi <kp@gluster.com> Reviewed-on: http://review.gluster.com/2620 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amarts@redhat.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
- commit force subcommand of replace-brick (rb) should be allowed
  even if source brick is (irrecoverably) offline.
- modified rb_timer to be active only for start subcommand. This is
  important since, the rb timer event relies on src_brick and dst_brick
  objects to be 'alive' when it 'happens'. In the case of
  abort/commit/commit force it is very likely that src_brick and/or
  dst_brick objects could have been destroyed.

Change-Id: Ib8b8a4d690fbdd6f99b8aff306490eb59c54a437
BUG: 772845
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Reviewed-on: http://review.gluster.com/2620
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
glusterd: bring back the 'non-synctask' behavior 2012-03-22T11:30:36+00:00 Amar Tumballi amarts@redhat.com 2012-03-22T11:07:42+00:00 afe542eca18888463798747d2a95e5a9d239a4a0 revert back to non synctask behavior Change-Id: Icfc9cbdeaf8dd6735df8366a6121c6598c56fade Signed-off-by: Amar Tumballi <amarts@redhat.com> BUG: 805802 Reviewed-on: http://review.gluster.com/3002 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
revert back to non synctask behavior

Change-Id: Icfc9cbdeaf8dd6735df8366a6121c6598c56fade
Signed-off-by: Amar Tumballi <amarts@redhat.com>
BUG: 805802
Reviewed-on: http://review.gluster.com/3002
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
glusterd: bring in feature to use syncop for mgmt ops 2012-03-21T18:58:11+00:00 Amar Tumballi amar@gluster.com 2011-12-20T09:24:35+00:00 c3bdb1d4c6c4491afdf1ba26bb0d6204270cc058 * new sycnop routines added to mgmt program * one should not use 'glusterd_op_begin()', instead can use the synctask framework, 'glusterd_op_begin_synctask()' * currently using for below operations: 'volume start', 'volume rebalance', 'volume quota', 'volume replace-brick' and 'volume add-brick' Change-Id: I0bee76d06790d5c5bb5db15d443b44af0e21f1c0 BUG: 762935 Signed-off-by: Amar Tumballi <amar@gluster.com> Reviewed-on: http://review.gluster.com/479 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
* new sycnop routines added to mgmt program
* one should not use 'glusterd_op_begin()', instead can use the
  synctask framework, 'glusterd_op_begin_synctask()'
* currently using for below operations:
  'volume start', 'volume rebalance', 'volume quota',
  'volume replace-brick' and 'volume add-brick'

Change-Id: I0bee76d06790d5c5bb5db15d443b44af0e21f1c0
BUG: 762935
Signed-off-by: Amar Tumballi <amar@gluster.com>
Reviewed-on: http://review.gluster.com/479
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
core: bring a cmdline option to set memory-accounting 2012-03-15T10:33:18+00:00 Amar Tumballi amarts@redhat.com 2012-03-15T08:30:13+00:00 5e50175f56d05ab6c1295b0e0f0c11695e49c277 currently this is implemented as a command line option, and not as an easier translator option. this is because as of now, before even the volume files are parsed, we would need memory accounting enabled. there is scope for improving this behavior, but for now, this approach solves the problem. Also, this feature's major consumers are the testers who are looking for leaks, hence option is hidden from usage output. Change-Id: I09a5b13743ae43ff42c251989f921319e94cabe3 Signed-off-by: Amar Tumballi <amarts@redhat.com> BUG: 799199 Reviewed-on: http://review.gluster.com/2856 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
currently this is implemented as a command line option, and not
as an easier translator option. this is because as of now, before
even the volume files are parsed, we would need memory accounting
enabled. there is scope for improving this behavior, but for now,
this approach solves the problem.

Also, this feature's major consumers are the testers who are
looking for leaks, hence option is hidden from usage output.

Change-Id: I09a5b13743ae43ff42c251989f921319e94cabe3
Signed-off-by: Amar Tumballi <amarts@redhat.com>
BUG: 799199
Reviewed-on: http://review.gluster.com/2856
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
glusterd: auth allow enhancements 2012-02-20T08:30:54+00:00 Rajesh Amaravathi rajesh@redhat.com 2012-02-20T07:01:10+00:00 975933a25d14cbac861e809b40c6edd01acaa28d * PROBLEM: When address-based authentication is enabled on a volume, the gNfs server, self-heal daemon (shd), and other operations such as quota, rebalance, replace-brick and geo-replication either stop working or the services are not started if all the peers' ipv{4,6} addresses or hostnames are not added in the "set auth.allow" operation, breaking the functionality of several operations. E.g: volume vol in a cluster of two peers: /mnt/brick1 in 192.168.1.4 /mnt/brick2 in 192.168.1.5 option auth.allow 192.168.1.6 (allow connection requests only from 192.168.1.6) This will disrupt the nfs servers on 192.168.1.{4,5}. brick server processes reject connection requests from both nfs servers (on 4,5), because the peer addresses are not in the auth.allow list. Same holds true for local mounts (on peer machines), self-heal daemon, and other operations which perform a glusterfs mount on one of the peers. * SOLUTION: Login-based authentication (username/password pairs, henceforth referred to as "keys") for gluster services and operations. These *per-volume* keys can be used to by-pass the addr-based authentication, provided none of the peers' addresses are put in the auth.reject list, to enable gluster services like gNfs, self-heal daemon and internal operations on volumes when auth.allow option is exercised. * IMPLEMENTATION: 1. Glusterd generates keys for each volume and stores it in memory as well as in respective volfiles. A new TRUSTED-FUSE volfile is generated which is fuse volfile + keys in protocol/client, and is named trusted-<volname>-fuse.vol. This is used by all local mounts. ANY local mount (on any peer) is granted the trusted-fuse volfile instead of fuse volfile via getspec. non-local mounts are NOT granted the trusted fuse volfile. 2. The keys generated for the volume is written to each server volfile telling servers to allow users with these keys. 3. NFS, self-heal daemon and replace-brick volfiles are updated with the volume's authentication keys. 4. The keys are NOT written to fuse volfiles for obvious reasons. 5. The ownership of volfiles and logfiles is restricted to root users. 6. Merging two identical definitions of peer_info_t in auth/addr and rpc-lib, throwing away the one in auth/addr. 7. Code cleanup in numerous places as appropriate. * IMPORTANT NOTES: 1. One SHOULD NOT put any of the peer addresses in the auth.reject list if one wants any of the glusterd services and features such as gNfs, self-heal, rebalance, geo-rep and quota. 2. If one wants to use username/password based authentication to volumes, one shall append to the server, nfs and shd volfiles, the keys one wants to use for authentication, *while_retaining those_generated_by_glusterd*. See doc/authentication.txt file for details. Change-Id: Ie0331d625ad000d63090e2d622fe1728fbfcc453 BUG: 789942 Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com> Reviewed-on: http://review.gluster.com/2733 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
* PROBLEM:

  When address-based authentication is enabled on a volume,
  the gNfs server, self-heal daemon (shd), and other operations
  such as quota, rebalance, replace-brick and geo-replication
  either stop working or the services are not started if all
  the peers' ipv{4,6} addresses or hostnames are not added in
  the "set auth.allow" operation, breaking the functionality
  of several operations.

  E.g:
    volume vol in a cluster of two peers:
    /mnt/brick1 in 192.168.1.4
    /mnt/brick2 in 192.168.1.5

    option auth.allow 192.168.1.6
    (allow connection requests only from 192.168.1.6)

    This will disrupt the nfs servers on 192.168.1.{4,5}.
    brick server processes reject connection requests from both
    nfs servers (on 4,5), because the peer addresses are not in
    the auth.allow list.

    Same holds true for local mounts (on peer machines),
    self-heal daemon, and other operations which perform
    a glusterfs mount on one of the peers.

* SOLUTION:

  Login-based authentication (username/password pairs,
  henceforth referred to as "keys") for gluster services and
  operations.

  These *per-volume* keys can be used to by-pass the addr-based
  authentication, provided none of the peers' addresses are put
  in the auth.reject list, to enable gluster services like gNfs,
  self-heal daemon and internal operations on volumes when
  auth.allow option is exercised.

* IMPLEMENTATION:

  1. Glusterd generates keys for each volume and stores it in
     memory as well as in respective volfiles.
     A new TRUSTED-FUSE volfile is generated which is
     fuse volfile + keys in protocol/client,
     and is named trusted-<volname>-fuse.vol.
     This is used by all local mounts. ANY local mount (on any peer)
     is granted the trusted-fuse volfile instead of fuse volfile
     via getspec. non-local mounts are NOT granted the trusted fuse
     volfile.

  2. The keys generated for the volume is written to each server
     volfile telling servers to allow users with these keys.

  3. NFS, self-heal daemon and replace-brick volfiles are updated
     with the volume's authentication keys.

  4. The keys are NOT written to fuse volfiles for obvious reasons.

  5. The ownership of volfiles and logfiles is restricted to root users.

  6. Merging two identical definitions of peer_info_t in auth/addr
     and rpc-lib, throwing away the one in auth/addr.

  7. Code cleanup in numerous places as appropriate.

* IMPORTANT NOTES:

  1. One SHOULD NOT put any of the peer addresses in the auth.reject
     list if one wants any of the glusterd services and features
     such as gNfs, self-heal, rebalance, geo-rep and quota.

  2. If one wants to use username/password based authentication
     to volumes, one shall append to the server, nfs and shd volfiles,
     the keys one wants to use for authentication, *while_retaining
     those_generated_by_glusterd*.
     See doc/authentication.txt file for details.

Change-Id: Ie0331d625ad000d63090e2d622fe1728fbfcc453
BUG: 789942
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.com/2733
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
glusterd: Fail volume 'modify' operations when rb is ongoing 2012-02-14T18:22:09+00:00 Krishnan Parthasarathi kp@gluster.com 2012-02-13T11:03:32+00:00 38d73bdfc659dde4a2632da2da01c785b642c728 * add-brick, stop-volume, remove-brick are the operations that are explicitly 'failed' when attempted while replace-brick is in progress. * we attach the volume-id to the dst_brick volfile ensuring that the replace-brick operation holds 'claim' on it. Change-Id: If60b2af566ca940b2add600b473c99730e06ab47 BUG: 765470 Signed-off-by: Krishnan Parthasarathi <kp@gluster.com> Reviewed-on: http://review.gluster.com/2740 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amarts@redhat.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
* add-brick, stop-volume, remove-brick are the operations that are explicitly
 'failed' when attempted while replace-brick is in progress.
* we attach the volume-id to the dst_brick volfile ensuring that the replace-brick
  operation holds 'claim' on it.

Change-Id: If60b2af566ca940b2add600b473c99730e06ab47
BUG: 765470
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Reviewed-on: http://review.gluster.com/2740
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>