diff --git a/.gitignore b/.gitignore index 01e5d42..2e2cf84 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/sbd-7f33d1a409d0a4e2cd69946688c48eaa8f3c5d26.tar.gz +SOURCES/sbd-25fce8a7d5e8cd5abc2379077381b10bd6cec183.tar.gz diff --git a/.sbd.metadata b/.sbd.metadata index 4341adc..7513edf 100644 --- a/.sbd.metadata +++ b/.sbd.metadata @@ -1 +1 @@ -7bf4ad26875cafa743ca96aec9dae1739bd6281b SOURCES/sbd-7f33d1a409d0a4e2cd69946688c48eaa8f3c5d26.tar.gz +4b2d6feee6235758e2e3000bcad71ff059246b13 SOURCES/sbd-25fce8a7d5e8cd5abc2379077381b10bd6cec183.tar.gz diff --git a/SOURCES/0001-Fix-regressions.sh-make-parameter-passing-consistent.patch b/SOURCES/0001-Fix-regressions.sh-make-parameter-passing-consistent.patch new file mode 100644 index 0000000..6f17a5a --- /dev/null +++ b/SOURCES/0001-Fix-regressions.sh-make-parameter-passing-consistent.patch @@ -0,0 +1,82 @@ +From 1d2a7b8d059d4f090b351b8decca0ddf274c82a0 Mon Sep 17 00:00:00 2001 +From: Klaus Wenninger +Date: Wed, 20 Nov 2019 15:20:19 +0100 +Subject: [PATCH] Fix: regressions.sh: make parameter passing consistent + +--- + tests/regressions.sh | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/tests/regressions.sh b/tests/regressions.sh +index 6cfb303..7ab80be 100755 +--- a/tests/regressions.sh ++++ b/tests/regressions.sh +@@ -32,7 +32,7 @@ + : ${SBD_USE_DM:="yes"} + + sbd() { +- LD_PRELOAD=${SBD_PRELOAD} SBD_WATCHDOG_TIMEOUT=5 SBD_DEVICE="${SBD_DEVICE}" SBD_PRELOAD_LOG=${SBD_PRELOAD_LOG} SBD_WATCHDOG_DEV=/dev/watchdog setsid ${SBD_BINARY} -p ${SBD_PIDFILE} $* ++ LD_PRELOAD=${SBD_PRELOAD} SBD_WATCHDOG_TIMEOUT=5 SBD_DEVICE="${SBD_DEVICE}" SBD_PRELOAD_LOG=${SBD_PRELOAD_LOG} SBD_WATCHDOG_DEV=/dev/watchdog setsid ${SBD_BINARY} -p ${SBD_PIDFILE} "$@" + } + + sbd_wipe_disk() { +@@ -98,26 +98,26 @@ sbd_daemon_cleanup() { + pkill -TERM --pidfile ${SBD_PIDFILE} 2>/dev/null + sleep 5 + pkill -KILL --pidfile ${SBD_PIDFILE} 2>/dev/null +- pkill -KILL --parent $(cat ${SBD_PIDFILE} 2>/dev/null) 2>/dev/null ++ pkill -KILL --parent "$(cat ${SBD_PIDFILE} 2>/dev/null)" 2>/dev/null + echo > ${SBD_PIDFILE} + } + + _ok() { +- echo -- $@ +- $@ ++ echo "-- $*" ++ "$@" + rc=$? + if [ $rc -ne 0 ]; then +- echo "$@ failed with $rc" ++ echo "$* failed with $rc" + exit $rc + fi + } + + _no() { +- echo -- $@ +- $@ ++ echo "-- $*" ++ "$@" + rc=$? + if [ $rc -eq 0 ]; then +- echo "$@ did NOT fail ($rc)" ++ echo "$* did NOT fail ($rc)" + exit $rc + fi + return 0 +@@ -126,7 +126,7 @@ _no() { + _in_log() { + grep "$@" ${SBD_PRELOAD_LOG} >/dev/null + if [ $? -ne 0 ]; then +- echo "didn't find '$@' in log:" ++ echo "didn't find '$*' in log:" + cat ${SBD_PRELOAD_LOG} + sbd_daemon_cleanup + exit 1 +@@ -227,10 +227,10 @@ test_stall_inquisitor() { + sbd_daemon_cleanup + sbd -d ${D[1]} -d ${D[2]} -d ${D[3]} -n test-1 watch + sleep 10 +- _ok kill -0 $(cat ${SBD_PIDFILE}) +- kill -STOP $(cat ${SBD_PIDFILE}) ++ _ok kill -0 "$(cat ${SBD_PIDFILE})" ++ kill -STOP "$(cat ${SBD_PIDFILE})" + sleep 10 +- kill -CONT $(cat ${SBD_PIDFILE}) 2>/dev/null ++ kill -CONT "$(cat ${SBD_PIDFILE})" 2>/dev/null + _in_log "watchdog fired" + } + +-- +1.8.3.1 + diff --git a/SOURCES/0001-Fix-sbd-cluster-finalize-cmap-connection-if-disconne.patch b/SOURCES/0001-Fix-sbd-cluster-finalize-cmap-connection-if-disconne.patch deleted file mode 100644 index a2cc41a..0000000 --- a/SOURCES/0001-Fix-sbd-cluster-finalize-cmap-connection-if-disconne.patch +++ /dev/null @@ -1,79 +0,0 @@ -From f8f980340256ab5bef5385cd3bc082fdfb7613ed Mon Sep 17 00:00:00 2001 -From: "Gao,Yan" -Date: Thu, 7 Mar 2019 15:01:26 +0100 -Subject: [PATCH] Fix: sbd-cluster: finalize cmap connection if disconnected - from cluster - -Previously if sbd cluster servant anyhow got dis-/reconnected from the -cluster, it'd start hogging CPU keeping polling the main loop source -from the old cmap connection. ---- - src/sbd-cluster.c | 38 ++++++++++++++++++++++++++------------ - 1 file changed, 26 insertions(+), 12 deletions(-) - -diff --git a/src/sbd-cluster.c b/src/sbd-cluster.c -index 51bb456..541212f 100644 ---- a/src/sbd-cluster.c -+++ b/src/sbd-cluster.c -@@ -174,6 +174,25 @@ cmap_dispatch_callback (gpointer user_data) - return TRUE; - } - -+static void -+cmap_destroy(void) -+{ -+ if (cmap_source) { -+ g_source_destroy(cmap_source); -+ cmap_source = NULL; -+ } -+ -+ if (track_handle) { -+ cmap_track_delete(cmap_handle, track_handle); -+ track_handle = 0; -+ } -+ -+ if (cmap_handle) { -+ cmap_finalize(cmap_handle); -+ cmap_handle = 0; -+ } -+} -+ - static gboolean - sbd_get_two_node(void) - { -@@ -217,18 +236,7 @@ sbd_get_two_node(void) - return TRUE; - - out: -- if (cmap_source) { -- g_source_destroy(cmap_source); -- cmap_source = NULL; -- } -- if (track_handle) { -- cmap_track_delete(cmap_handle, track_handle); -- track_handle = 0; -- } -- if (cmap_handle) { -- cmap_finalize(cmap_handle); -- cmap_handle = 0; -- } -+ cmap_destroy(); - - return FALSE; - } -@@ -327,6 +335,12 @@ sbd_membership_destroy(gpointer user_data) - { - cl_log(LOG_WARNING, "Lost connection to %s", name_for_cluster_type(get_cluster_type())); - -+ if (get_cluster_type() != pcmk_cluster_unknown) { -+#if SUPPORT_COROSYNC && CHECK_TWO_NODE -+ cmap_destroy(); -+#endif -+ } -+ - set_servant_health(pcmk_health_unclean, LOG_ERR, "Cluster connection terminated"); - notify_parent(); - --- -1.8.3.1 - diff --git a/SOURCES/0002-Doc-add-environment-section-to-man-page.patch b/SOURCES/0002-Doc-add-environment-section-to-man-page.patch new file mode 100644 index 0000000..2ad9556 --- /dev/null +++ b/SOURCES/0002-Doc-add-environment-section-to-man-page.patch @@ -0,0 +1,1459 @@ +From 9dd82a8b4daa5a7bd8ab3afa43b081f212efb1ac Mon Sep 17 00:00:00 2001 +From: Klaus Wenninger +Date: Wed, 29 Jan 2020 20:34:18 +0100 +Subject: [PATCH] Doc: add environment section to man-page + +Environment section is auto-generated from sbd.sysconfig. +--- + .gitignore | 1 + + Makefile.am | 6 +- + README.md | 3 +- + man/Makefile.am | 8 +- + man/sbd.8.pod | 668 ----------------------------------------------------- + man/sbd.8.pod.in | 675 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + src/sbd.sysconfig | 3 +- + 7 files changed, 690 insertions(+), 674 deletions(-) + delete mode 100644 man/sbd.8.pod + create mode 100644 man/sbd.8.pod.in + +diff --git a/Makefile.am b/Makefile.am +index 1c29f75..bd4346d 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -9,8 +9,8 @@ TARFILE = $(distdir).tar.gz + DIST_ARCHIVES = $(TARFILE) + KEEP_EXISTING_TAR = no + INJECT_GIT_COMMIT = yes +-DISTCLEANFILES = sbd-* sbd-*/ + CLEANFILES = *.rpm *.tar.* sbd-* ++DISTCLEANFILES = sbd-* sbd-*/ + + RPM_ROOT = $(shell pwd) + RPM_OPTS = --define "_sourcedir $(RPM_ROOT)" \ +@@ -31,7 +31,7 @@ export SBD_BINARY := src/sbd + export SBD_PRELOAD := tests/.libs/libsbdtestbed.so + export SBD_USE_DM := no + +-EXTRA_DIST = sbd.spec tests/regressions.sh ++EXTRA_DIST = sbd.spec tests/regressions.sh man/sbd.8.pod.in + + export: + rm -f $(PACKAGE)-HEAD.tar.* +@@ -43,7 +43,7 @@ export: + echo `date`: Using existing tarball: $(TARFILE); \ + else \ + rm -f $(PACKAGE).tar.*; \ +- (git archive --prefix=$(distdir)/ $(shell echo $(TAG)|cut -f1 -d-) || tar -c --transform="s,^,$(distdir)/," --exclude="*.tar.*" --exclude="$(distdir)" --exclude="*.o" --exclude="*.8" --exclude="config.*" --exclude="libtool" --exclusive="ltmain.sh*" --exclude="Makefile" --exclude="Makefile.in" --exclude="stamp-*" --exclude="*.service" --exclude="sbd" --exclude="*.m4" --exclude="*.cache" --exclude="configure" --exclude="*.list" --exclude="depcomp" --exclude="install-sh" --exclude="missing" --exclude="compile" --exclude="sbd.sh" --exclude="~" --exclude="*.swp" --exclude="*.patch" --exclude="*.diff" --exclude="*.orig" --exclude="*.rej" --exclude="*.rpm" --exclude=".deps" --exclude="test-driver" *) | gzip > $(TARFILE); \ ++ (git archive --prefix=$(distdir)/ $(shell echo $(TAG)|cut -f1 -d-) || tar -c --transform="s,^,$(distdir)/," --exclude="*.tar.*" --exclude="$(distdir)" --exclude="*.o" --exclude="*.8" --exclude="config.*" --exclude="libtool" --exclude="ltmain.sh*" --exclude="Makefile" --exclude="Makefile.in" --exclude="stamp-*" --exclude="*.service" --exclude="sbd" --exclude="*.m4" --exclude="*.cache" --exclude="configure" --exclude="*.list" --exclude="depcomp" --exclude="install-sh" --exclude="missing" --exclude="compile" --exclude="sbd.sh" --exclude="~" --exclude="*.swp" --exclude="*.patch" --exclude="*.diff" --exclude="*.orig" --exclude="*.rej" --exclude="*.rpm" --exclude="*.pod" --exclude=".deps" --exclude="test-driver" *) | gzip > $(TARFILE); \ + if test -n "$$(git status -s)" || test "$(INJECT_GIT_COMMIT)" = "yes"; then \ + if test -n "$$(git status -s)"; then git diff HEAD --name-only|grep -v "^\."|xargs -n1 git diff HEAD > uncommitted.diff; fi; \ + rm -rf $(distdir); tar -xzf $(TARFILE); rm $(TARFILE); \ +diff --git a/README.md b/README.md +index d02a8bd..42a3fde 100644 +--- a/README.md ++++ b/README.md +@@ -5,5 +5,6 @@ A highly reliable fencing or Shoot-the-other-node-in-the-head (STONITH) mechanis + The component works with Pacemaker clusters, and is currently known to + compile and function on Pacemaker 1.1.7+ and corosync 1.4.x or 2.3.x. + +-Please see https://github.com/l-mb/sbd/blob/master/man/sbd.8.pod for the full documentation. ++Please see https://github.com/clusterlabs/sbd/blob/master/man/sbd.8.pod.in & ++https://github.com/clusterlabs/sbd/blob/master/src/sbd.sysconfig for the full documentation. + +diff --git a/man/Makefile.am b/man/Makefile.am +index 3f89085..995712d 100644 +--- a/man/Makefile.am ++++ b/man/Makefile.am +@@ -1,6 +1,12 @@ + dist_man_MANS = sbd.8 + +-EXTRA_DIST = sbd.8.pod ++DISTCLEANFILES = sbd.8.pod sbd.8 sbd.sysconfig.pod ++ ++sbd.sysconfig.pod: ../src/sbd.sysconfig ++ sed -r -n -e "s/^## Type: (.*)/Allows C<\1>/;t type;s/^## Default: (.*)/ defaulting to C<\1>/;t default;s/^#*(.*)=.*/=item B<\1>\n/;t variable;s/^#*//;s/^ *//;H;d;:type;h;d;:default;H;x;s/\n//;x;d;:variable;G;p" $< > $@ ++ ++sbd.8.pod: sbd.8.pod.in sbd.sysconfig.pod ++ sed -e "s/@environment_section@//;t insert;p;d;:insert;rsbd.sysconfig.pod" $< > $@ + + sbd.8: sbd.8.pod + @POD2MAN@ -s 8 -c "STONITH Block Device" -r "SBD" -n "SBD" $< $@ +diff --git a/man/sbd.8.pod b/man/sbd.8.pod +deleted file mode 100644 +index 377c579..0000000 +--- a/man/sbd.8.pod ++++ /dev/null +@@ -1,668 +0,0 @@ +-=head1 NAME +- +-sbd - STONITH Block Device daemon +- +-=head1 SYNOPSIS +- +-sbd <-d F> [options] C +- +-=head1 SUMMARY +- +-SBD provides a node fencing mechanism (Shoot the other node in the head, +-STONITH) for Pacemaker-based clusters through the exchange of messages +-via shared block storage such as for example a SAN, iSCSI, FCoE. This +-isolates the fencing mechanism from changes in firmware version or +-dependencies on specific firmware controllers, and it can be used as a +-STONITH mechanism in all configurations that have reliable shared +-storage. +- +-SBD can also be used without any shared storage. In this mode, the +-watchdog device will be used to reset the node if it loses quorum, if +-any monitored daemon is lost and not recovered or if Pacemaker decides +-that the node requires fencing. +- +-The F binary implements both the daemon that watches the message +-slots as well as the management tool for interacting with the block +-storage device(s). This mode of operation is specified via the +-C parameter; some of these modes take additional parameters. +- +-To use SBD with shared storage, you must first C the messaging +-layout on one to three block devices. Second, configure +-F to list those devices (and possibly adjust other +-options), and restart the cluster stack on each node to ensure that +-C is started. Third, configure the C fencing +-resource in the Pacemaker CIB. +- +-Each of these steps is documented in more detail below the description +-of the command options. +- +-C can only be used as root. +- +-=head2 GENERAL OPTIONS +- +-=over +- +-=item B<-d> F +- +-Specify the block device(s) to be used. If you have more than one, +-specify this option up to three times. This parameter is mandatory for +-all modes, since SBD always needs a block device to interact with. +- +-This man page uses F, F, and F as +-example device names for brevity. However, in your production +-environment, you should instead always refer to them by using the long, +-stable device name (e.g., +-F). +- +-=item B<-v|-vv|-vvv> +- +-Enable verbose|debug|debug-library logging (optional) +- +-=item B<-h> +- +-Display a concise summary of C options. +- +-=item B<-n> I +- +-Set local node name; defaults to C. This should not need to be +-set. +- +-=item B<-R> +- +-Do B enable realtime priority. By default, C runs at realtime +-priority, locks itself into memory, and also acquires highest IO +-priority to protect itself against interference from other processes on +-the system. This is a debugging-only option. +- +-=item B<-I> I +- +-Async IO timeout (defaults to 3 seconds, optional). You should not need +-to adjust this unless your IO setup is really very slow. +- +-(In daemon mode, the watchdog is refreshed when the majority of devices +-could be read within this time.) +- +-=back +- +-=head2 create +- +-Example usage: +- +- sbd -d /dev/sdc2 -d /dev/sdd3 create +- +-If you specify the I command, sbd will write a metadata header +-to the device(s) specified and also initialize the messaging slots for +-up to 255 nodes. +- +-B: This command will not prompt for confirmation. Roughly the +-first megabyte of the specified block device(s) will be overwritten +-immediately and without backup. +- +-This command accepts a few options to adjust the default timings that +-are written to the metadata (to ensure they are identical across all +-nodes accessing the device). +- +-=over +- +-=item B<-1> I +- +-Set watchdog timeout to N seconds. This depends mostly on your storage +-latency; the majority of devices must be successfully read within this +-time, or else the node will self-fence. +- +-If your sbd device(s) reside on a multipath setup or iSCSI, this should +-be the time required to detect a path failure. You may be able to reduce +-this if your device outages are independent, or if you are using the +-Pacemaker integration. +- +-=item B<-2> I +- +-Set slot allocation timeout to N seconds. You should not need to tune +-this. +- +-=item B<-3> I +- +-Set daemon loop timeout to N seconds. You should not need to tune this. +- +-=item B<-4> I +- +-Set I timeout to N seconds. This should be twice the I +-timeout. This is the time after which a message written to a node's slot +-will be considered delivered. (Or long enough for the node to detect +-that it needed to self-fence.) +- +-This also affects the I in Pacemaker's CIB; see below. +- +-=back +- +-=head2 list +- +-Example usage: +- +- # sbd -d /dev/sda1 list +- 0 hex-0 clear +- 1 hex-7 clear +- 2 hex-9 clear +- +-List all allocated slots on device, and messages. You should see all +-cluster nodes that have ever been started against this device. Nodes +-that are currently running should have a I state; nodes that have +-been fenced, but not yet restarted, will show the appropriate fencing +-message. +- +-=head2 dump +- +-Example usage: +- +- # sbd -d /dev/sda1 dump +- ==Dumping header on disk /dev/sda1 +- Header version : 2 +- Number of slots : 255 +- Sector size : 512 +- Timeout (watchdog) : 15 +- Timeout (allocate) : 2 +- Timeout (loop) : 1 +- Timeout (msgwait) : 30 +- ==Header on disk /dev/sda1 is dumped +- +-Dump meta-data header from device. +- +-=head2 watch +- +-Example usage: +- +- sbd -d /dev/sdc2 -d /dev/sdd3 -P watch +- +-This command will make C start in daemon mode. It will constantly monitor +-the message slot of the local node for incoming messages, reachability, and +-optionally take Pacemaker's state into account. +- +-C B be started on boot before the cluster stack! See below +-for enabling this according to your boot environment. +- +-The options for this mode are rarely specified directly on the +-commandline directly, but most frequently set via F. +- +-It also constantly monitors connectivity to the storage device, and +-self-fences in case the partition becomes unreachable, guaranteeing that it +-does not disconnect from fencing messages. +- +-A node slot is automatically allocated on the device(s) the first time +-the daemon starts watching the device; hence, manual allocation is not +-usually required. +- +-If a watchdog is used together with the C as is strongly +-recommended, the watchdog is activated at initial start of the sbd +-daemon. The watchdog is refreshed every time the majority of SBD devices +-has been successfully read. Using a watchdog provides additional +-protection against C crashing. +- +-If the Pacemaker integration is activated, C will B self-fence +-if device majority is lost, if: +- +-=over +- +-=item 1. +- +-The partition the node is in is still quorate according to the CIB; +- +-=item 2. +- +-it is still quorate according to Corosync's node count; +- +-=item 3. +- +-the node itself is considered online and healthy by Pacemaker. +- +-=back +- +-This allows C to survive temporary outages of the majority of +-devices. However, while the cluster is in such a degraded state, it can +-neither successfully fence nor be shutdown cleanly (as taking the +-cluster below the quorum threshold will immediately cause all remaining +-nodes to self-fence). In short, it will not tolerate any further faults. +-Please repair the system before continuing. +- +-There is one C process that acts as a master to which all watchers +-report; one per device to monitor the node's slot; and, optionally, one +-that handles the Pacemaker integration. +- +-=over +- +-=item B<-W> +- +-Enable or disable use of the system watchdog to protect against the sbd +-processes failing and the node being left in an undefined state. Specify +-this once to enable, twice to disable. +- +-Defaults to I. +- +-=item B<-w> F +- +-This can be used to override the default watchdog device used and should not +-usually be necessary. +- +-=item B<-p> F +- +-This option can be used to specify a pidfile for the main sbd process. +- +-=item B<-F> I +- +-Number of failures before a failing servant process will not be restarted +-immediately until the dampening delay has expired. If set to zero, servants +-will be restarted immediately and indefinitely. If set to one, a failed +-servant will be restarted once every B<-t> seconds. If set to a different +-value, the servant will be restarted that many times within the dampening +-period and then delay. +- +-Defaults to I<1>. +- +-=item B<-t> I +- +-Dampening delay before faulty servants are restarted. Combined with C<-F 1>, +-the most logical way to tune the restart frequency of servant processes. +-Default is 5 seconds. +- +-If set to zero, processes will be restarted indefinitely and immediately. +- +-=item B<-P> +- +-Enable Pacemaker integration which checks Pacemaker quorum and node health. +-Specify this once to enable, twice to disable. +- +-Defaults to I. +- +-=item B<-S> I +- +-Set the start mode. (Defaults to I<0>.) +- +-If this is set to zero, sbd will always start up unconditionally, +-regardless of whether the node was previously fenced or not. +- +-If set to one, sbd will only start if the node was previously shutdown +-cleanly (as indicated by an exit request message in the slot), or if the +-slot is empty. A reset, crashdump, or power-off request in any slot will +-halt the start up. +- +-This is useful to prevent nodes from rejoining if they were faulty. The +-node must be manually "unfenced" by sending an empty message to it: +- +- sbd -d /dev/sda1 message node1 clear +- +-=item B<-s> I +- +-Set the start-up wait time for devices. (Defaults to I<120>.) +- +-Dynamic block devices such as iSCSI might not be fully initialized and +-present yet. This allows one to set a timeout for waiting for devices to +-appear on start-up. If set to 0, start-up will be aborted immediately if +-no devices are available. +- +-=item B<-Z> +- +-Enable trace mode. B Specifying this once will turn all reboots or power-offs, be +-they caused by self-fence decisions or messages, into a crashdump. +-Specifying this twice will just log them but not continue running. +- +-=item B<-T> +- +-By default, the daemon will set the watchdog timeout as specified in the +-device metadata. However, this does not work for every watchdog device. +-In this case, you must manually ensure that the watchdog timeout used by +-the system correctly matches the SBD settings, and then specify this +-option to allow C to continue with start-up. +- +-=item B<-5> I +- +-Warn if the time interval for tickling the watchdog exceeds this many seconds. +-Since the node is unable to log the watchdog expiry (it reboots immediately +-without a chance to write its logs to disk), this is very useful for getting +-an indication that the watchdog timeout is too short for the IO load of the +-system. +- +-Default is 3 seconds, set to zero to disable. +- +-=item B<-C> I +- +-Watchdog timeout to set before crashdumping. If SBD is set to crashdump +-instead of reboot - either via the trace mode settings or the I +-fencing agent's parameter -, SBD will adjust the watchdog timeout to this +-setting before triggering the dump. Otherwise, the watchdog might trigger and +-prevent a successful crashdump from ever being written. +- +-Set to zero (= default) to disable. +- +-=item B<-r> I +- +-Actions to be executed when the watchers don't timely report to the sbd +-master process or one of the watchers detects that the master process +-has died. +- +-Set timeout-action to comma-separated combination of +-noflush|flush plus reboot|crashdump|off. +-If just one of both is given the other stays at the default. +- +-This doesn't affect actions like off, crashdump, reboot explicitly +-triggered via message slots. +-And it does as well not configure the action a watchdog would +-trigger should it run off (there is no generic interface). +- +-Defaults to flush,reboot. +- +-=back +- +-=head2 allocate +- +-Example usage: +- +- sbd -d /dev/sda1 allocate node1 +- +-Explicitly allocates a slot for the specified node name. This should +-rarely be necessary, as every node will automatically allocate itself a +-slot the first time it starts up on watch mode. +- +-=head2 message +- +-Example usage: +- +- sbd -d /dev/sda1 message node1 test +- +-Writes the specified message to node's slot. This is rarely done +-directly, but rather abstracted via the C fencing agent +-configured as a cluster resource. +- +-Supported message types are: +- +-=over +- +-=item test +- +-This only generates a log message on the receiving node and can be used +-to check if SBD is seeing the device. Note that this could overwrite a +-fencing request send by the cluster, so should not be used during +-production. +- +-=item reset +- +-Reset the target upon receipt of this message. +- +-=item off +- +-Power-off the target. +- +-=item crashdump +- +-Cause the target node to crashdump. +- +-=item exit +- +-This will make the C daemon exit cleanly on the target. You should +-B send this message manually; this is handled properly during +-shutdown of the cluster stack. Manually stopping the daemon means the +-node is unprotected! +- +-=item clear +- +-This message indicates that no real message has been sent to the node. +-You should not set this manually; C will clear the message slot +-automatically during start-up, and setting this manually could overwrite +-a fencing message by the cluster. +- +-=back +- +-=head2 query-watchdog +- +-Example usage: +- +- sbd query-watchdog +- +-Check for available watchdog devices and print some info. +- +-B: This command will arm the watchdog during query, and if your +-watchdog refuses disarming (for example, if its kernel module has the +-'nowayout' parameter set) this will reset your system. +- +-=head2 test-watchdog +- +-Example usage: +- +- sbd test-watchdog [-w /dev/watchdog3] +- +-Test specified watchdog device (/dev/watchdog by default). +- +-B: This command will arm the watchdog and have your system reset +-in case your watchdog is working properly! If issued from an interactive +-session, it will prompt for confirmation. +- +-=head1 Base system configuration +- +-=head2 Configure a watchdog +- +-It is highly recommended that you configure your Linux system to load a +-watchdog driver with hardware assistance (as is available on most modern +-systems), such as I, I, or others. As a fall-back, you +-can use the I module. +- +-No other software must access the watchdog timer; it can only be +-accessed by one process at any given time. Some hardware vendors ship +-systems management software that use the watchdog for system resets +-(f.e. HP ASR daemon). Such software has to be disabled if the watchdog +-is to be used by SBD. +- +-=head2 Choosing and initializing the block device(s) +- +-First, you have to decide if you want to use one, two, or three devices. +- +-If you are using multiple ones, they should reside on independent +-storage setups. Putting all three of them on the same logical unit for +-example would not provide any additional redundancy. +- +-The SBD device can be connected via Fibre Channel, Fibre Channel over +-Ethernet, or even iSCSI. Thus, an iSCSI target can become a sort-of +-network-based quorum server; the advantage is that it does not require +-a smart host at your third location, just block storage. +- +-The SBD partitions themselves B be mirrored (via MD, +-DRBD, or the storage layer itself), since this could result in a +-split-mirror scenario. Nor can they reside on cLVM2 volume groups, since +-they must be accessed by the cluster stack before it has started the +-cLVM2 daemons; hence, these should be either raw partitions or logical +-units on (multipath) storage. +- +-The block device(s) must be accessible from all nodes. (While it is not +-necessary that they share the same path name on all nodes, this is +-considered a very good idea.) +- +-SBD will only use about one megabyte per device, so you can easily +-create a small partition, or very small logical units. (The size of the +-SBD device depends on the block size of the underlying device. Thus, 1MB +-is fine on plain SCSI devices and SAN storage with 512 byte blocks. On +-the IBM s390x architecture in particular, disks default to 4k blocks, +-and thus require roughly 4MB.) +- +-The number of devices will affect the operation of SBD as follows: +- +-=over +- +-=item One device +- +-In its most simple implementation, you use one device only. This is +-appropriate for clusters where all your data is on the same shared +-storage (with internal redundancy) anyway; the SBD device does not +-introduce an additional single point of failure then. +- +-If the SBD device is not accessible, the daemon will fail to start and +-inhibit startup of cluster services. +- +-=item Two devices +- +-This configuration is a trade-off, primarily aimed at environments where +-host-based mirroring is used, but no third storage device is available. +- +-SBD will not commit suicide if it loses access to one mirror leg; this +-allows the cluster to continue to function even in the face of one outage. +- +-However, SBD will not fence the other side while only one mirror leg is +-available, since it does not have enough knowledge to detect an asymmetric +-split of the storage. So it will not be able to automatically tolerate a +-second failure while one of the storage arrays is down. (Though you +-can use the appropriate crm command to acknowledge the fence manually.) +- +-It will not start unless both devices are accessible on boot. +- +-=item Three devices +- +-In this most reliable and recommended configuration, SBD will only +-self-fence if more than one device is lost; hence, this configuration is +-resilient against temporary single device outages (be it due to failures +-or maintenance). Fencing messages can still be successfully relayed if +-at least two devices remain accessible. +- +-This configuration is appropriate for more complex scenarios where +-storage is not confined to a single array. For example, host-based +-mirroring solutions could have one SBD per mirror leg (not mirrored +-itself), and an additional tie-breaker on iSCSI. +- +-It will only start if at least two devices are accessible on boot. +- +-=back +- +-After you have chosen the devices and created the appropriate partitions +-and perhaps multipath alias names to ease management, use the C +-command described above to initialize the SBD metadata on them. +- +-=head3 Sharing the block device(s) between multiple clusters +- +-It is possible to share the block devices between multiple clusters, +-provided the total number of nodes accessing them does not exceed I<255> +-nodes, and they all must share the same SBD timeouts (since these are +-part of the metadata). +- +-If you are using multiple devices this can reduce the setup overhead +-required. However, you should B share devices between clusters in +-different security domains. +- +-=head2 Configure SBD to start on boot +- +-On systems using C, the C or C system +-start-up scripts must handle starting or stopping C as required +-before starting the rest of the cluster stack. +- +-For C, sbd simply has to be enabled using +- +- systemctl enable sbd.service +- +-The daemon is brought online on each node before corosync and Pacemaker +-are started, and terminated only after all other cluster components have +-been shut down - ensuring that cluster resources are never activated +-without SBD supervision. +- +-=head2 Configuration via sysconfig +- +-The system instance of C is configured via F. +-In this file, you must specify the device(s) used, as well as any +-options to pass to the daemon: +- +- SBD_DEVICE="/dev/sda1;/dev/sdb1;/dev/sdc1" +- SBD_PACEMAKER="true" +- +-C will fail to start if no C is specified. See the +-installed template for more options that can be configured here. +-In general configuration done via parameters takes precedence over +-the configuration from the configuration file. +- +-=head2 Testing the sbd installation +- +-After a restart of the cluster stack on this node, you can now try +-sending a test message to it as root, from this or any other node: +- +- sbd -d /dev/sda1 message node1 test +- +-The node will acknowledge the receipt of the message in the system logs: +- +- Aug 29 14:10:00 node1 sbd: [13412]: info: Received command test from node2 +- +-This confirms that SBD is indeed up and running on the node, and that it +-is ready to receive messages. +- +-Make B that F is identical on all cluster +-nodes, and that all cluster nodes are running the daemon. +- +-=head1 Pacemaker CIB integration +- +-=head2 Fencing resource +- +-Pacemaker can only interact with SBD to issue a node fence if there is a +-configure fencing resource. This should be a primitive, not a clone, as +-follows: +- +- primitive fencing-sbd stonith:external/sbd \ +- params pcmk_delay_max=30 +- +-This will automatically use the same devices as configured in +-F. +- +-While you should not configure this as a clone (as Pacemaker will register +-the fencing device on each node automatically), the I +-setting enables random fencing delay which ensures, in a scenario where a +-split-brain scenario did occur in a two node cluster, that one of the nodes +-has a better chance to survive to avoid double fencing. +- +-SBD also supports turning the reset request into a crash request, which +-may be helpful for debugging if you have kernel crashdumping configured; +-then, every fence request will cause the node to dump core. You can +-enable this via the C parameter on the fencing +-resource. This is B recommended for production use, but only for +-debugging phases. +- +-=head2 General cluster properties +- +-You must also enable STONITH in general, and set the STONITH timeout to +-be at least twice the I timeout you have configured, to allow +-enough time for the fencing message to be delivered. If your I +-timeout is 60 seconds, this is a possible configuration: +- +- property stonith-enabled="true" +- property stonith-timeout="120s" +- +-B: if I is too low for I and the +-system overhead, sbd will never be able to successfully complete a fence +-request. This will create a fencing loop. +- +-Note that the sbd fencing agent will try to detect this and +-automatically extend the I setting to a reasonable +-value, on the assumption that sbd modifying your configuration is +-preferable to not fencing. +- +-=head1 Management tasks +- +-=head2 Recovering from temporary SBD device outage +- +-If you have multiple devices, failure of a single device is not immediately +-fatal. C will retry to restart the monitor for the device every 5 +-seconds by default. However, you can tune this via the options to the +-I command. +- +-In case you wish the immediately force a restart of all currently +-disabled monitor processes, you can send a I to the SBD +-I process. +- +- +-=head1 LICENSE +- +-Copyright (C) 2008-2013 Lars Marowsky-Bree +- +-This program is free software; you can redistribute it and/or +-modify it under the terms of the GNU General Public +-License as published by the Free Software Foundation; either +-version 2 of the License, or (at your option) any later version. +- +-This software is distributed in the hope that it will be useful, +-but WITHOUT ANY WARRANTY; without even the implied warranty of +-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +-General Public License for more details. +- +-For details see the GNU General Public License at +-http://www.gnu.org/licenses/gpl-2.0.html (version 2) and/or +-http://www.gnu.org/licenses/gpl.html (the newest as per "any later"). +diff --git a/man/sbd.8.pod.in b/man/sbd.8.pod.in +new file mode 100644 +index 0000000..ff89c82 +--- /dev/null ++++ b/man/sbd.8.pod.in +@@ -0,0 +1,675 @@ ++=head1 NAME ++ ++sbd - STONITH Block Device daemon ++ ++=head1 SYNOPSIS ++ ++sbd <-d F> [options] C ++ ++=head1 SUMMARY ++ ++SBD provides a node fencing mechanism (Shoot the other node in the head, ++STONITH) for Pacemaker-based clusters through the exchange of messages ++via shared block storage such as for example a SAN, iSCSI, FCoE. This ++isolates the fencing mechanism from changes in firmware version or ++dependencies on specific firmware controllers, and it can be used as a ++STONITH mechanism in all configurations that have reliable shared ++storage. ++ ++SBD can also be used without any shared storage. In this mode, the ++watchdog device will be used to reset the node if it loses quorum, if ++any monitored daemon is lost and not recovered or if Pacemaker decides ++that the node requires fencing. ++ ++The F binary implements both the daemon that watches the message ++slots as well as the management tool for interacting with the block ++storage device(s). This mode of operation is specified via the ++C parameter; some of these modes take additional parameters. ++ ++To use SBD with shared storage, you must first C the messaging ++layout on one to three block devices. Second, configure ++F to list those devices (and possibly adjust other ++options), and restart the cluster stack on each node to ensure that ++C is started. Third, configure the C fencing ++resource in the Pacemaker CIB. ++ ++Each of these steps is documented in more detail below the description ++of the command options. ++ ++C can only be used as root. ++ ++=head2 GENERAL OPTIONS ++ ++=over ++ ++=item B<-d> F ++ ++Specify the block device(s) to be used. If you have more than one, ++specify this option up to three times. This parameter is mandatory for ++all modes, since SBD always needs a block device to interact with. ++ ++This man page uses F, F, and F as ++example device names for brevity. However, in your production ++environment, you should instead always refer to them by using the long, ++stable device name (e.g., ++F). ++ ++=item B<-v|-vv|-vvv> ++ ++Enable verbose|debug|debug-library logging (optional) ++ ++=item B<-h> ++ ++Display a concise summary of C options. ++ ++=item B<-n> I ++ ++Set local node name; defaults to C. This should not need to be ++set. ++ ++=item B<-R> ++ ++Do B enable realtime priority. By default, C runs at realtime ++priority, locks itself into memory, and also acquires highest IO ++priority to protect itself against interference from other processes on ++the system. This is a debugging-only option. ++ ++=item B<-I> I ++ ++Async IO timeout (defaults to 3 seconds, optional). You should not need ++to adjust this unless your IO setup is really very slow. ++ ++(In daemon mode, the watchdog is refreshed when the majority of devices ++could be read within this time.) ++ ++=back ++ ++=head2 create ++ ++Example usage: ++ ++ sbd -d /dev/sdc2 -d /dev/sdd3 create ++ ++If you specify the I command, sbd will write a metadata header ++to the device(s) specified and also initialize the messaging slots for ++up to 255 nodes. ++ ++B: This command will not prompt for confirmation. Roughly the ++first megabyte of the specified block device(s) will be overwritten ++immediately and without backup. ++ ++This command accepts a few options to adjust the default timings that ++are written to the metadata (to ensure they are identical across all ++nodes accessing the device). ++ ++=over ++ ++=item B<-1> I ++ ++Set watchdog timeout to N seconds. This depends mostly on your storage ++latency; the majority of devices must be successfully read within this ++time, or else the node will self-fence. ++ ++If your sbd device(s) reside on a multipath setup or iSCSI, this should ++be the time required to detect a path failure. You may be able to reduce ++this if your device outages are independent, or if you are using the ++Pacemaker integration. ++ ++=item B<-2> I ++ ++Set slot allocation timeout to N seconds. You should not need to tune ++this. ++ ++=item B<-3> I ++ ++Set daemon loop timeout to N seconds. You should not need to tune this. ++ ++=item B<-4> I ++ ++Set I timeout to N seconds. This should be twice the I ++timeout. This is the time after which a message written to a node's slot ++will be considered delivered. (Or long enough for the node to detect ++that it needed to self-fence.) ++ ++This also affects the I in Pacemaker's CIB; see below. ++ ++=back ++ ++=head2 list ++ ++Example usage: ++ ++ # sbd -d /dev/sda1 list ++ 0 hex-0 clear ++ 1 hex-7 clear ++ 2 hex-9 clear ++ ++List all allocated slots on device, and messages. You should see all ++cluster nodes that have ever been started against this device. Nodes ++that are currently running should have a I state; nodes that have ++been fenced, but not yet restarted, will show the appropriate fencing ++message. ++ ++=head2 dump ++ ++Example usage: ++ ++ # sbd -d /dev/sda1 dump ++ ==Dumping header on disk /dev/sda1 ++ Header version : 2 ++ Number of slots : 255 ++ Sector size : 512 ++ Timeout (watchdog) : 15 ++ Timeout (allocate) : 2 ++ Timeout (loop) : 1 ++ Timeout (msgwait) : 30 ++ ==Header on disk /dev/sda1 is dumped ++ ++Dump meta-data header from device. ++ ++=head2 watch ++ ++Example usage: ++ ++ sbd -d /dev/sdc2 -d /dev/sdd3 -P watch ++ ++This command will make C start in daemon mode. It will constantly monitor ++the message slot of the local node for incoming messages, reachability, and ++optionally take Pacemaker's state into account. ++ ++C B be started on boot before the cluster stack! See below ++for enabling this according to your boot environment. ++ ++The options for this mode are rarely specified directly on the ++commandline directly, but most frequently set via F. ++ ++It also constantly monitors connectivity to the storage device, and ++self-fences in case the partition becomes unreachable, guaranteeing that it ++does not disconnect from fencing messages. ++ ++A node slot is automatically allocated on the device(s) the first time ++the daemon starts watching the device; hence, manual allocation is not ++usually required. ++ ++If a watchdog is used together with the C as is strongly ++recommended, the watchdog is activated at initial start of the sbd ++daemon. The watchdog is refreshed every time the majority of SBD devices ++has been successfully read. Using a watchdog provides additional ++protection against C crashing. ++ ++If the Pacemaker integration is activated, C will B self-fence ++if device majority is lost, if: ++ ++=over ++ ++=item 1. ++ ++The partition the node is in is still quorate according to the CIB; ++ ++=item 2. ++ ++it is still quorate according to Corosync's node count; ++ ++=item 3. ++ ++the node itself is considered online and healthy by Pacemaker. ++ ++=back ++ ++This allows C to survive temporary outages of the majority of ++devices. However, while the cluster is in such a degraded state, it can ++neither successfully fence nor be shutdown cleanly (as taking the ++cluster below the quorum threshold will immediately cause all remaining ++nodes to self-fence). In short, it will not tolerate any further faults. ++Please repair the system before continuing. ++ ++There is one C process that acts as a master to which all watchers ++report; one per device to monitor the node's slot; and, optionally, one ++that handles the Pacemaker integration. ++ ++=over ++ ++=item B<-W> ++ ++Enable or disable use of the system watchdog to protect against the sbd ++processes failing and the node being left in an undefined state. Specify ++this once to enable, twice to disable. ++ ++Defaults to I. ++ ++=item B<-w> F ++ ++This can be used to override the default watchdog device used and should not ++usually be necessary. ++ ++=item B<-p> F ++ ++This option can be used to specify a pidfile for the main sbd process. ++ ++=item B<-F> I ++ ++Number of failures before a failing servant process will not be restarted ++immediately until the dampening delay has expired. If set to zero, servants ++will be restarted immediately and indefinitely. If set to one, a failed ++servant will be restarted once every B<-t> seconds. If set to a different ++value, the servant will be restarted that many times within the dampening ++period and then delay. ++ ++Defaults to I<1>. ++ ++=item B<-t> I ++ ++Dampening delay before faulty servants are restarted. Combined with C<-F 1>, ++the most logical way to tune the restart frequency of servant processes. ++Default is 5 seconds. ++ ++If set to zero, processes will be restarted indefinitely and immediately. ++ ++=item B<-P> ++ ++Enable Pacemaker integration which checks Pacemaker quorum and node health. ++Specify this once to enable, twice to disable. ++ ++Defaults to I. ++ ++=item B<-S> I ++ ++Set the start mode. (Defaults to I<0>.) ++ ++If this is set to zero, sbd will always start up unconditionally, ++regardless of whether the node was previously fenced or not. ++ ++If set to one, sbd will only start if the node was previously shutdown ++cleanly (as indicated by an exit request message in the slot), or if the ++slot is empty. A reset, crashdump, or power-off request in any slot will ++halt the start up. ++ ++This is useful to prevent nodes from rejoining if they were faulty. The ++node must be manually "unfenced" by sending an empty message to it: ++ ++ sbd -d /dev/sda1 message node1 clear ++ ++=item B<-s> I ++ ++Set the start-up wait time for devices. (Defaults to I<120>.) ++ ++Dynamic block devices such as iSCSI might not be fully initialized and ++present yet. This allows one to set a timeout for waiting for devices to ++appear on start-up. If set to 0, start-up will be aborted immediately if ++no devices are available. ++ ++=item B<-Z> ++ ++Enable trace mode. B Specifying this once will turn all reboots or power-offs, be ++they caused by self-fence decisions or messages, into a crashdump. ++Specifying this twice will just log them but not continue running. ++ ++=item B<-T> ++ ++By default, the daemon will set the watchdog timeout as specified in the ++device metadata. However, this does not work for every watchdog device. ++In this case, you must manually ensure that the watchdog timeout used by ++the system correctly matches the SBD settings, and then specify this ++option to allow C to continue with start-up. ++ ++=item B<-5> I ++ ++Warn if the time interval for tickling the watchdog exceeds this many seconds. ++Since the node is unable to log the watchdog expiry (it reboots immediately ++without a chance to write its logs to disk), this is very useful for getting ++an indication that the watchdog timeout is too short for the IO load of the ++system. ++ ++Default is 3 seconds, set to zero to disable. ++ ++=item B<-C> I ++ ++Watchdog timeout to set before crashdumping. If SBD is set to crashdump ++instead of reboot - either via the trace mode settings or the I ++fencing agent's parameter -, SBD will adjust the watchdog timeout to this ++setting before triggering the dump. Otherwise, the watchdog might trigger and ++prevent a successful crashdump from ever being written. ++ ++Set to zero (= default) to disable. ++ ++=item B<-r> I ++ ++Actions to be executed when the watchers don't timely report to the sbd ++master process or one of the watchers detects that the master process ++has died. ++ ++Set timeout-action to comma-separated combination of ++noflush|flush plus reboot|crashdump|off. ++If just one of both is given the other stays at the default. ++ ++This doesn't affect actions like off, crashdump, reboot explicitly ++triggered via message slots. ++And it does as well not configure the action a watchdog would ++trigger should it run off (there is no generic interface). ++ ++Defaults to flush,reboot. ++ ++=back ++ ++=head2 allocate ++ ++Example usage: ++ ++ sbd -d /dev/sda1 allocate node1 ++ ++Explicitly allocates a slot for the specified node name. This should ++rarely be necessary, as every node will automatically allocate itself a ++slot the first time it starts up on watch mode. ++ ++=head2 message ++ ++Example usage: ++ ++ sbd -d /dev/sda1 message node1 test ++ ++Writes the specified message to node's slot. This is rarely done ++directly, but rather abstracted via the C fencing agent ++configured as a cluster resource. ++ ++Supported message types are: ++ ++=over ++ ++=item test ++ ++This only generates a log message on the receiving node and can be used ++to check if SBD is seeing the device. Note that this could overwrite a ++fencing request send by the cluster, so should not be used during ++production. ++ ++=item reset ++ ++Reset the target upon receipt of this message. ++ ++=item off ++ ++Power-off the target. ++ ++=item crashdump ++ ++Cause the target node to crashdump. ++ ++=item exit ++ ++This will make the C daemon exit cleanly on the target. You should ++B send this message manually; this is handled properly during ++shutdown of the cluster stack. Manually stopping the daemon means the ++node is unprotected! ++ ++=item clear ++ ++This message indicates that no real message has been sent to the node. ++You should not set this manually; C will clear the message slot ++automatically during start-up, and setting this manually could overwrite ++a fencing message by the cluster. ++ ++=back ++ ++=head2 query-watchdog ++ ++Example usage: ++ ++ sbd query-watchdog ++ ++Check for available watchdog devices and print some info. ++ ++B: This command will arm the watchdog during query, and if your ++watchdog refuses disarming (for example, if its kernel module has the ++'nowayout' parameter set) this will reset your system. ++ ++=head2 test-watchdog ++ ++Example usage: ++ ++ sbd test-watchdog [-w /dev/watchdog3] ++ ++Test specified watchdog device (/dev/watchdog by default). ++ ++B: This command will arm the watchdog and have your system reset ++in case your watchdog is working properly! If issued from an interactive ++session, it will prompt for confirmation. ++ ++=head1 Base system configuration ++ ++=head2 Configure a watchdog ++ ++It is highly recommended that you configure your Linux system to load a ++watchdog driver with hardware assistance (as is available on most modern ++systems), such as I, I, or others. As a fall-back, you ++can use the I module. ++ ++No other software must access the watchdog timer; it can only be ++accessed by one process at any given time. Some hardware vendors ship ++systems management software that use the watchdog for system resets ++(f.e. HP ASR daemon). Such software has to be disabled if the watchdog ++is to be used by SBD. ++ ++=head2 Choosing and initializing the block device(s) ++ ++First, you have to decide if you want to use one, two, or three devices. ++ ++If you are using multiple ones, they should reside on independent ++storage setups. Putting all three of them on the same logical unit for ++example would not provide any additional redundancy. ++ ++The SBD device can be connected via Fibre Channel, Fibre Channel over ++Ethernet, or even iSCSI. Thus, an iSCSI target can become a sort-of ++network-based quorum server; the advantage is that it does not require ++a smart host at your third location, just block storage. ++ ++The SBD partitions themselves B be mirrored (via MD, ++DRBD, or the storage layer itself), since this could result in a ++split-mirror scenario. Nor can they reside on cLVM2 volume groups, since ++they must be accessed by the cluster stack before it has started the ++cLVM2 daemons; hence, these should be either raw partitions or logical ++units on (multipath) storage. ++ ++The block device(s) must be accessible from all nodes. (While it is not ++necessary that they share the same path name on all nodes, this is ++considered a very good idea.) ++ ++SBD will only use about one megabyte per device, so you can easily ++create a small partition, or very small logical units. (The size of the ++SBD device depends on the block size of the underlying device. Thus, 1MB ++is fine on plain SCSI devices and SAN storage with 512 byte blocks. On ++the IBM s390x architecture in particular, disks default to 4k blocks, ++and thus require roughly 4MB.) ++ ++The number of devices will affect the operation of SBD as follows: ++ ++=over ++ ++=item One device ++ ++In its most simple implementation, you use one device only. This is ++appropriate for clusters where all your data is on the same shared ++storage (with internal redundancy) anyway; the SBD device does not ++introduce an additional single point of failure then. ++ ++If the SBD device is not accessible, the daemon will fail to start and ++inhibit startup of cluster services. ++ ++=item Two devices ++ ++This configuration is a trade-off, primarily aimed at environments where ++host-based mirroring is used, but no third storage device is available. ++ ++SBD will not commit suicide if it loses access to one mirror leg; this ++allows the cluster to continue to function even in the face of one outage. ++ ++However, SBD will not fence the other side while only one mirror leg is ++available, since it does not have enough knowledge to detect an asymmetric ++split of the storage. So it will not be able to automatically tolerate a ++second failure while one of the storage arrays is down. (Though you ++can use the appropriate crm command to acknowledge the fence manually.) ++ ++It will not start unless both devices are accessible on boot. ++ ++=item Three devices ++ ++In this most reliable and recommended configuration, SBD will only ++self-fence if more than one device is lost; hence, this configuration is ++resilient against temporary single device outages (be it due to failures ++or maintenance). Fencing messages can still be successfully relayed if ++at least two devices remain accessible. ++ ++This configuration is appropriate for more complex scenarios where ++storage is not confined to a single array. For example, host-based ++mirroring solutions could have one SBD per mirror leg (not mirrored ++itself), and an additional tie-breaker on iSCSI. ++ ++It will only start if at least two devices are accessible on boot. ++ ++=back ++ ++After you have chosen the devices and created the appropriate partitions ++and perhaps multipath alias names to ease management, use the C ++command described above to initialize the SBD metadata on them. ++ ++=head3 Sharing the block device(s) between multiple clusters ++ ++It is possible to share the block devices between multiple clusters, ++provided the total number of nodes accessing them does not exceed I<255> ++nodes, and they all must share the same SBD timeouts (since these are ++part of the metadata). ++ ++If you are using multiple devices this can reduce the setup overhead ++required. However, you should B share devices between clusters in ++different security domains. ++ ++=head2 Configure SBD to start on boot ++ ++On systems using C, the C or C system ++start-up scripts must handle starting or stopping C as required ++before starting the rest of the cluster stack. ++ ++For C, sbd simply has to be enabled using ++ ++ systemctl enable sbd.service ++ ++The daemon is brought online on each node before corosync and Pacemaker ++are started, and terminated only after all other cluster components have ++been shut down - ensuring that cluster resources are never activated ++without SBD supervision. ++ ++=head2 Configuration via sysconfig ++ ++The system instance of C is configured via F. ++In this file, you must specify the device(s) used, as well as any ++options to pass to the daemon: ++ ++ SBD_DEVICE="/dev/sda1;/dev/sdb1;/dev/sdc1" ++ SBD_PACEMAKER="true" ++ ++C will fail to start if no C is specified. See the ++installed template or section for configuration via environment ++for more options that can be configured here. ++In general configuration done via parameters takes precedence over ++the configuration from the configuration file. ++ ++=head2 Configuration via environment ++ ++=over ++@environment_section@ ++=back ++ ++=head2 Testing the sbd installation ++ ++After a restart of the cluster stack on this node, you can now try ++sending a test message to it as root, from this or any other node: ++ ++ sbd -d /dev/sda1 message node1 test ++ ++The node will acknowledge the receipt of the message in the system logs: ++ ++ Aug 29 14:10:00 node1 sbd: [13412]: info: Received command test from node2 ++ ++This confirms that SBD is indeed up and running on the node, and that it ++is ready to receive messages. ++ ++Make B that F is identical on all cluster ++nodes, and that all cluster nodes are running the daemon. ++ ++=head1 Pacemaker CIB integration ++ ++=head2 Fencing resource ++ ++Pacemaker can only interact with SBD to issue a node fence if there is a ++configure fencing resource. This should be a primitive, not a clone, as ++follows: ++ ++ primitive fencing-sbd stonith:external/sbd \ ++ params pcmk_delay_max=30 ++ ++This will automatically use the same devices as configured in ++F. ++ ++While you should not configure this as a clone (as Pacemaker will register ++the fencing device on each node automatically), the I ++setting enables random fencing delay which ensures, in a scenario where a ++split-brain scenario did occur in a two node cluster, that one of the nodes ++has a better chance to survive to avoid double fencing. ++ ++SBD also supports turning the reset request into a crash request, which ++may be helpful for debugging if you have kernel crashdumping configured; ++then, every fence request will cause the node to dump core. You can ++enable this via the C parameter on the fencing ++resource. This is B recommended for production use, but only for ++debugging phases. ++ ++=head2 General cluster properties ++ ++You must also enable STONITH in general, and set the STONITH timeout to ++be at least twice the I timeout you have configured, to allow ++enough time for the fencing message to be delivered. If your I ++timeout is 60 seconds, this is a possible configuration: ++ ++ property stonith-enabled="true" ++ property stonith-timeout="120s" ++ ++B: if I is too low for I and the ++system overhead, sbd will never be able to successfully complete a fence ++request. This will create a fencing loop. ++ ++Note that the sbd fencing agent will try to detect this and ++automatically extend the I setting to a reasonable ++value, on the assumption that sbd modifying your configuration is ++preferable to not fencing. ++ ++=head1 Management tasks ++ ++=head2 Recovering from temporary SBD device outage ++ ++If you have multiple devices, failure of a single device is not immediately ++fatal. C will retry to restart the monitor for the device every 5 ++seconds by default. However, you can tune this via the options to the ++I command. ++ ++In case you wish the immediately force a restart of all currently ++disabled monitor processes, you can send a I to the SBD ++I process. ++ ++ ++=head1 LICENSE ++ ++Copyright (C) 2008-2013 Lars Marowsky-Bree ++ ++This program is free software; you can redistribute it and/or ++modify it under the terms of the GNU General Public ++License as published by the Free Software Foundation; either ++version 2 of the License, or (at your option) any later version. ++ ++This software is distributed in the hope that it will be useful, ++but WITHOUT ANY WARRANTY; without even the implied warranty of ++MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++General Public License for more details. ++ ++For details see the GNU General Public License at ++http://www.gnu.org/licenses/gpl-2.0.html (version 2) and/or ++http://www.gnu.org/licenses/gpl.html (the newest as per "any later"). +diff --git a/src/sbd.sysconfig b/src/sbd.sysconfig +index e1a60ed..33b50d0 100644 +--- a/src/sbd.sysconfig ++++ b/src/sbd.sysconfig +@@ -14,7 +14,7 @@ + # + SBD_PACEMAKER=yes + +-## Type: list(always,clean) ++## Type: always / clean + ## Default: always + # + # Specify the start mode for sbd. Setting this to "clean" will only +@@ -103,6 +103,7 @@ SBD_TIMEOUT_ACTION=flush,reboot + # Thus in auto-mode sbd will check if the slice has RT-budget assigned. + # If that is the case sbd will stay in that slice while it will + # be moved to root-slice otherwise. ++# + SBD_MOVE_TO_ROOT_CGROUP=auto + + ## Type: string +-- +1.8.3.1 + diff --git a/SOURCES/0002-Fix-sbd-pacemaker-make-handling-of-cib-connection-lo.patch b/SOURCES/0002-Fix-sbd-pacemaker-make-handling-of-cib-connection-lo.patch deleted file mode 100644 index 0d70c92..0000000 --- a/SOURCES/0002-Fix-sbd-pacemaker-make-handling-of-cib-connection-lo.patch +++ /dev/null @@ -1,302 +0,0 @@ -From a716a8ddd3df615009bcff3bd96dd9ae64cb5f68 Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Tue, 19 Mar 2019 21:36:15 +0100 -Subject: [PATCH] Fix: sbd-pacemaker: make handling of cib-connection loss more - robust - -Exit pcmk-servant on graceful pacemaker shutdown and go back -to state before pacemaker was detected initially. -Purge all cib-traces otherwise and try to reconnect within timeout. ---- - src/sbd-inquisitor.c | 24 ++++++++++++++++++++---- - src/sbd-md.c | 30 +++++++++++++++--------------- - src/sbd-pacemaker.c | 38 +++++++++++++++++++++++++++++--------- - src/sbd.h | 11 +++++++---- - 4 files changed, 71 insertions(+), 32 deletions(-) - -diff --git a/src/sbd-inquisitor.c b/src/sbd-inquisitor.c -index 9be6c99..77c6e4f 100644 ---- a/src/sbd-inquisitor.c -+++ b/src/sbd-inquisitor.c -@@ -490,19 +490,19 @@ void inquisitor_child(void) - if (sbd_is_disk(s)) { - if (WIFEXITED(status)) { - switch(WEXITSTATUS(status)) { -- case EXIT_MD_IO_FAIL: -+ case EXIT_MD_SERVANT_IO_FAIL: - DBGLOG(LOG_INFO, "Servant for %s requests to be disowned", - s->devname); - break; -- case EXIT_MD_REQUEST_RESET: -+ case EXIT_MD_SERVANT_REQUEST_RESET: - cl_log(LOG_WARNING, "%s requested a reset", s->devname); - do_reset(); - break; -- case EXIT_MD_REQUEST_SHUTOFF: -+ case EXIT_MD_SERVANT_REQUEST_SHUTOFF: - cl_log(LOG_WARNING, "%s requested a shutoff", s->devname); - do_off(); - break; -- case EXIT_MD_REQUEST_CRASHDUMP: -+ case EXIT_MD_SERVANT_REQUEST_CRASHDUMP: - cl_log(LOG_WARNING, "%s requested a crashdump", s->devname); - do_crashdump(); - break; -@@ -510,6 +510,22 @@ void inquisitor_child(void) - break; - } - } -+ } else if (sbd_is_pcmk(s)) { -+ if (WIFEXITED(status)) { -+ switch(WEXITSTATUS(status)) { -+ case EXIT_PCMK_SERVANT_GRACEFUL_SHUTDOWN: -+ DBGLOG(LOG_INFO, "PCMK-Servant has exited gracefully"); -+ /* revert to state prior to pacemaker-detection */ -+ s->restarts = 0; -+ s->restart_blocked = 0; -+ cluster_appeared = 0; -+ s->outdated = 1; -+ s->t_last.tv_sec = 0; -+ break; -+ default: -+ break; -+ } -+ } - } - cleanup_servant_by_pid(pid); - } -diff --git a/src/sbd-md.c b/src/sbd-md.c -index ba2c34d..c51d381 100644 ---- a/src/sbd-md.c -+++ b/src/sbd-md.c -@@ -1061,19 +1061,19 @@ int servant_md(const char *diskname, int mode, const void* argp) - - st = open_device(diskname, LOG_WARNING); - if (!st) { -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - - s_header = header_get(st); - if (!s_header) { - cl_log(LOG_ERR, "Not a valid header on %s", diskname); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - - if (servant_check_timeout_inconsistent(s_header) < 0) { - cl_log(LOG_ERR, "Timeouts on %s do not match first device", - diskname); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - - if (s_header->minor_version > 0) { -@@ -1086,14 +1086,14 @@ int servant_md(const char *diskname, int mode, const void* argp) - cl_log(LOG_ERR, - "No slot allocated, and automatic allocation failed for disk %s.", - diskname); -- rc = EXIT_MD_IO_FAIL; -+ rc = EXIT_MD_SERVANT_IO_FAIL; - goto out; - } - s_node = sector_alloc(); - if (slot_read(st, mbox, s_node) < 0) { - cl_log(LOG_ERR, "Unable to read node entry on %s", - diskname); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - - cl_log(LOG_NOTICE, "Monitoring slot %d on disk %s", mbox, diskname); -@@ -1109,7 +1109,7 @@ int servant_md(const char *diskname, int mode, const void* argp) - if (mode > 0) { - if (mbox_read(st, mbox, s_mbox) < 0) { - cl_log(LOG_ERR, "mbox read failed during start-up in servant."); -- rc = EXIT_MD_IO_FAIL; -+ rc = EXIT_MD_SERVANT_IO_FAIL; - goto out; - } - if (s_mbox->cmd != SBD_MSG_EXIT && -@@ -1125,7 +1125,7 @@ int servant_md(const char *diskname, int mode, const void* argp) - DBGLOG(LOG_INFO, "First servant start - zeroing inbox"); - memset(s_mbox, 0, sizeof(*s_mbox)); - if (mbox_write(st, mbox, s_mbox) < 0) { -- rc = EXIT_MD_IO_FAIL; -+ rc = EXIT_MD_SERVANT_IO_FAIL; - goto out; - } - } -@@ -1154,28 +1154,28 @@ int servant_md(const char *diskname, int mode, const void* argp) - s_header_retry = header_get(st); - if (!s_header_retry) { - cl_log(LOG_ERR, "No longer found a valid header on %s", diskname); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - if (memcmp(s_header, s_header_retry, sizeof(*s_header)) != 0) { - cl_log(LOG_ERR, "Header on %s changed since start-up!", diskname); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - free(s_header_retry); - - s_node_retry = sector_alloc(); - if (slot_read(st, mbox, s_node_retry) < 0) { - cl_log(LOG_ERR, "slot read failed in servant."); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - if (memcmp(s_node, s_node_retry, sizeof(*s_node)) != 0) { - cl_log(LOG_ERR, "Node entry on %s changed since start-up!", diskname); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - free(s_node_retry); - - if (mbox_read(st, mbox, s_mbox) < 0) { - cl_log(LOG_ERR, "mbox read failed in servant."); -- exit(EXIT_MD_IO_FAIL); -+ exit(EXIT_MD_SERVANT_IO_FAIL); - } - - if (s_mbox->cmd > 0) { -@@ -1190,14 +1190,14 @@ int servant_md(const char *diskname, int mode, const void* argp) - sigqueue(ppid, SIG_TEST, signal_value); - break; - case SBD_MSG_RESET: -- exit(EXIT_MD_REQUEST_RESET); -+ exit(EXIT_MD_SERVANT_REQUEST_RESET); - case SBD_MSG_OFF: -- exit(EXIT_MD_REQUEST_SHUTOFF); -+ exit(EXIT_MD_SERVANT_REQUEST_SHUTOFF); - case SBD_MSG_EXIT: - sigqueue(ppid, SIG_EXITREQ, signal_value); - break; - case SBD_MSG_CRASHDUMP: -- exit(EXIT_MD_REQUEST_CRASHDUMP); -+ exit(EXIT_MD_SERVANT_REQUEST_CRASHDUMP); - default: - /* FIXME: - An "unknown" message might result -diff --git a/src/sbd-pacemaker.c b/src/sbd-pacemaker.c -index aac355a..c69fc55 100644 ---- a/src/sbd-pacemaker.c -+++ b/src/sbd-pacemaker.c -@@ -103,6 +103,9 @@ static pe_working_set_t *data_set = NULL; - - static long last_refresh = 0; - -+static int pcmk_clean_shutdown = 0; -+static int pcmk_shutdown = 0; -+ - static gboolean - mon_timer_reconnect(gpointer data) - { -@@ -128,10 +131,26 @@ mon_cib_connection_destroy(gpointer user_data) - { - if (cib) { - cib->cmds->signoff(cib); -+ /* retrigger as last one might have been skipped */ -+ mon_refresh_state(NULL); -+ if (pcmk_clean_shutdown) { -+ /* assume a graceful pacemaker-shutdown */ -+ clean_up(EXIT_PCMK_SERVANT_GRACEFUL_SHUTDOWN); -+ } -+ /* getting here we aren't sure about the pacemaker-state -+ so try to use the timeout to reconnect and get -+ everything sorted out again -+ */ -+ pcmk_shutdown = 0; - set_servant_health(pcmk_health_transient, LOG_WARNING, "Disconnected from CIB"); - timer_id_reconnect = g_timeout_add(reconnect_msec, mon_timer_reconnect, NULL); - } - cib_connected = 0; -+ /* no sense in looking into outdated cib, trying to apply patch, ... */ -+ if (current_cib) { -+ free_xml(current_cib); -+ current_cib = NULL; -+ } - return; - } - -@@ -171,7 +190,7 @@ static gboolean - mon_timer_notify(gpointer data) - { - static int counter = 0; -- int counter_max = timeout_watchdog / timeout_loop; -+ int counter_max = timeout_watchdog / timeout_loop / 2; - - if (timer_id_notify > 0) { - g_source_remove(timer_id_notify); -@@ -280,11 +299,6 @@ compute_status(pe_working_set_t * data_set) - } else if (node->details->pending) { - set_servant_health(pcmk_health_pending, LOG_WARNING, "Node state: pending"); - --#if 0 -- } else if (node->details->shutdown) { -- set_servant_health(pcmk_health_shutdown, LOG_WARNING, "Node state: shutting down"); --#endif -- - } else if (data_set->flags & pe_flag_have_quorum) { - set_servant_health(pcmk_health_online, LOG_INFO, "Node state: online"); - ever_had_quorum = TRUE; -@@ -315,6 +329,12 @@ compute_status(pe_working_set_t * data_set) - } - } - -+ if (node->details->shutdown) { -+ pcmk_shutdown = 1; -+ } -+ if (pcmk_shutdown && !(node->details->running_rsc)) { -+ pcmk_clean_shutdown = 1; -+ } - notify_parent(); - return; - } -@@ -339,7 +359,7 @@ crm_diff_update(const char *event, xmlNode * msg) - static mainloop_timer_t *refresh_timer = NULL; - - if(refresh_timer == NULL) { -- refresh_timer = mainloop_timer_add("refresh", 2000, FALSE, mon_trigger_refresh, NULL); -+ refresh_timer = mainloop_timer_add("refresh", reconnect_msec, FALSE, mon_trigger_refresh, NULL); - refresh_trigger = mainloop_add_trigger(G_PRIORITY_LOW, mon_refresh_state, refresh_timer); - } - -@@ -369,9 +389,9 @@ crm_diff_update(const char *event, xmlNode * msg) - } - - /* Refresh -- * - immediately if the last update was more than 5s ago -+ * - immediately if the last update was more than 1s ago - * - every 10 updates -- * - at most 2s after the last update -+ * - at most 1s after the last update - */ - if (updates > 10 || (now - last_refresh) > (reconnect_msec / 1000)) { - mon_refresh_state(refresh_timer); -diff --git a/src/sbd.h b/src/sbd.h -index 6fe07f9..3b05a11 100644 ---- a/src/sbd.h -+++ b/src/sbd.h -@@ -54,10 +54,13 @@ - /* FIXME: should add dynamic check of SIG_XX >= SIGRTMAX */ - - /* exit status for disk-servant */ --#define EXIT_MD_IO_FAIL 20 --#define EXIT_MD_REQUEST_RESET 21 --#define EXIT_MD_REQUEST_SHUTOFF 22 --#define EXIT_MD_REQUEST_CRASHDUMP 23 -+#define EXIT_MD_SERVANT_IO_FAIL 20 -+#define EXIT_MD_SERVANT_REQUEST_RESET 21 -+#define EXIT_MD_SERVANT_REQUEST_SHUTOFF 22 -+#define EXIT_MD_SERVANT_REQUEST_CRASHDUMP 23 -+ -+/* exit status for pcmk-servant */ -+#define EXIT_PCMK_SERVANT_GRACEFUL_SHUTDOWN 30 - - #define HOG_CHAR 0xff - #define SECTOR_NAME_MAX 63 --- -1.8.3.1 - diff --git a/SOURCES/0003-Fix-sbd-pacemaker-bail-out-of-status-earlier.patch b/SOURCES/0003-Fix-sbd-pacemaker-bail-out-of-status-earlier.patch deleted file mode 100644 index 776edea..0000000 --- a/SOURCES/0003-Fix-sbd-pacemaker-bail-out-of-status-earlier.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 79b778debfee5b4ab2d099b2bfc7385f45597f70 Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Tue, 26 Mar 2019 11:17:45 +0100 -Subject: [PATCH] Fix: sbd-pacemaker: bail out of status earlier - -Prevents possible subsequent null-pointer access and avoids -unnecessary search for node. ---- - src/sbd-pacemaker.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/sbd-pacemaker.c b/src/sbd-pacemaker.c -index c69fc55..9a8b95f 100644 ---- a/src/sbd-pacemaker.c -+++ b/src/sbd-pacemaker.c -@@ -276,7 +276,7 @@ compute_status(pe_working_set_t * data_set) - static int updates = 0; - static int ever_had_quorum = FALSE; - -- node_t *node = pe_find_node(data_set->nodes, local_uname); -+ node_t *node = NULL; - - updates++; - -@@ -286,11 +286,15 @@ compute_status(pe_working_set_t * data_set) - return; - } - -+ node = pe_find_node(data_set->nodes, local_uname); - -- if (node == NULL) { -+ if ((node == NULL) || (node->details == NULL)) { - set_servant_health(pcmk_health_unknown, LOG_WARNING, "Node state: %s is UNKNOWN", local_uname); -+ notify_parent(); -+ return; -+ } - -- } else if (node->details->online == FALSE) { -+ if (node->details->online == FALSE) { - set_servant_health(pcmk_health_unknown, LOG_WARNING, "Node state: OFFLINE"); - - } else if (node->details->unclean) { --- -1.8.3.1 - diff --git a/SOURCES/0004-Doc-sbd.8.pod-use-the-generic-term-cluster-services-.patch b/SOURCES/0004-Doc-sbd.8.pod-use-the-generic-term-cluster-services-.patch deleted file mode 100644 index ce9d698..0000000 --- a/SOURCES/0004-Doc-sbd.8.pod-use-the-generic-term-cluster-services-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 6d4289655dacad4b72fb64373c37bd1ad33649e6 Mon Sep 17 00:00:00 2001 -From: "Gao,Yan" -Date: Tue, 22 Jan 2019 16:33:04 +0100 -Subject: [PATCH] Doc: sbd.8.pod: use the generic term "cluster services" - instead of the specific "openais" - ---- - man/sbd.8.pod | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/sbd.8.pod b/man/sbd.8.pod -index ffd01c2..fed6bd3 100644 ---- a/man/sbd.8.pod -+++ b/man/sbd.8.pod -@@ -476,7 +476,7 @@ storage (with internal redundancy) anyway; the SBD device does not - introduce an additional single point of failure then. - - If the SBD device is not accessible, the daemon will fail to start and --inhibit openais startup. -+inhibit startup of cluster services. - - =item Two devices - --- -1.8.3.1 - diff --git a/SOURCES/0005-Doc-sbd.sysconfig-watchdog-timeout-set-in-the-on-dis.patch b/SOURCES/0005-Doc-sbd.sysconfig-watchdog-timeout-set-in-the-on-dis.patch deleted file mode 100644 index 8c096e0..0000000 --- a/SOURCES/0005-Doc-sbd.sysconfig-watchdog-timeout-set-in-the-on-dis.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 091e10ae3f62239251b53bf7d81d47a57a9b82f2 Mon Sep 17 00:00:00 2001 -From: "Gao,Yan" -Date: Wed, 23 Jan 2019 17:21:15 +0100 -Subject: [PATCH] Doc: sbd.sysconfig: watchdog timeout set in the on-disk - metadata takes precedence - ---- - src/sbd.sysconfig | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/sbd.sysconfig b/src/sbd.sysconfig -index e661f96..f163f21 100644 ---- a/src/sbd.sysconfig -+++ b/src/sbd.sysconfig -@@ -68,6 +68,9 @@ SBD_WATCHDOG_DEV=/dev/watchdog - # If your sbd device(s) reside on a multipath setup or iSCSI, this - # should be the time required to detect a path failure. - # -+# Be aware that watchdog timeout set in the on-disk metadata takes -+# precedence. -+# - SBD_WATCHDOG_TIMEOUT=5 - - ## Type: string --- -1.8.3.1 - diff --git a/SOURCES/0006-Refactor-fail-earlier-on-invalid-servants.patch b/SOURCES/0006-Refactor-fail-earlier-on-invalid-servants.patch deleted file mode 100644 index cb71002..0000000 --- a/SOURCES/0006-Refactor-fail-earlier-on-invalid-servants.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 8301cbafed191f30656a22876941cc7c9189b623 Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Thu, 31 Jan 2019 14:42:01 +0100 -Subject: [PATCH] Refactor: fail earlier on invalid servants - ---- - src/sbd-inquisitor.c | 51 ++++++++++++++++++++++++++++++++------------------- - src/sbd-md.c | 7 +------ - src/sbd.h | 2 +- - 3 files changed, 34 insertions(+), 26 deletions(-) - -diff --git a/src/sbd-inquisitor.c b/src/sbd-inquisitor.c -index 8e0bc87..9be6c99 100644 ---- a/src/sbd-inquisitor.c -+++ b/src/sbd-inquisitor.c -@@ -42,19 +42,36 @@ void recruit_servant(const char *devname, pid_t pid) - struct servants_list_item *newbie; - - if (lookup_servant_by_dev(devname)) { -- cl_log(LOG_DEBUG, "Servant %s already exists", devname); -- return; -+ cl_log(LOG_DEBUG, "Servant %s already exists", devname); -+ return; - } - - newbie = malloc(sizeof(*newbie)); -- if (!newbie) { -- fprintf(stderr, "malloc failed in recruit_servant.\n"); -- exit(1); -+ if (newbie) { -+ memset(newbie, 0, sizeof(*newbie)); -+ newbie->devname = strdup(devname); -+ newbie->pid = pid; -+ newbie->first_start = 1; -+ } -+ if (!newbie || !newbie->devname) { -+ fprintf(stderr, "heap allocation failed in recruit_servant.\n"); -+ exit(1); -+ } -+ -+ /* some sanity-check on our newbie */ -+ if (sbd_is_disk(newbie)) { -+ cl_log(LOG_INFO, "Monitoring %s", devname); -+ disk_count++; -+ } else if (sbd_is_pcmk(newbie) || sbd_is_cluster(newbie)) { -+ /* alive just after pcmk and cluster servants have shown up */ -+ newbie->outdated = 1; -+ } else { -+ /* toss our newbie */ -+ cl_log(LOG_ERR, "Refusing to recruit unrecognized servant %s", devname); -+ free((void *) newbie->devname); -+ free(newbie); -+ return; - } -- memset(newbie, 0, sizeof(*newbie)); -- newbie->devname = strdup(devname); -- newbie->pid = pid; -- newbie->first_start = 1; - - if (!s) { - servants_leader = newbie; -@@ -65,12 +82,6 @@ void recruit_servant(const char *devname, pid_t pid) - } - - servant_count++; -- if(sbd_is_disk(newbie)) { -- cl_log(LOG_INFO, "Monitoring %s", devname); -- disk_count++; -- } else { -- newbie->outdated = 1; -- } - } - - int assign_servant(const char* devname, functionp_t functionp, int mode, const void* argp) -@@ -148,7 +159,7 @@ void servant_start(struct servants_list_item *s) - if (sbd_is_disk(s)) { - #if SUPPORT_SHARED_DISK - DBGLOG(LOG_INFO, "Starting servant for device %s", s->devname); -- s->pid = assign_servant(s->devname, servant, start_mode, s); -+ s->pid = assign_servant(s->devname, servant_md, start_mode, s); - #else - cl_log(LOG_ERR, "Shared disk functionality not supported"); - return; -@@ -785,12 +796,14 @@ parse_device_line(const char *line) - - if (lpc > last) { - entry = calloc(1, 1 + lpc - last); -+ if (!entry) { -+ fprintf(stderr, "heap allocation failed parsing device-line.\n"); -+ exit(1); -+ } - rc = sscanf(line + last, "%[^;]", entry); - } - -- if (entry == NULL) { -- /* Skip */ -- } else if (rc != 1) { -+ if (rc != 1) { - cl_log(LOG_WARNING, "Could not parse (%d %d): %s", last, lpc, line + last); - } else { - cl_log(LOG_DEBUG, "Adding '%s'", entry); -diff --git a/src/sbd-md.c b/src/sbd-md.c -index 579d273..ba2c34d 100644 ---- a/src/sbd-md.c -+++ b/src/sbd-md.c -@@ -1031,7 +1031,7 @@ static int servant_check_timeout_inconsistent(struct sector_header_s *hdr) - return 0; - } - --int servant(const char *diskname, int mode, const void* argp) -+int servant_md(const char *diskname, int mode, const void* argp) - { - struct sector_mbox_s *s_mbox = NULL; - struct sector_node_s *s_node = NULL; -@@ -1046,11 +1046,6 @@ int servant(const char *diskname, int mode, const void* argp) - char uuid[37]; - const struct servants_list_item *s = argp; - -- if (!diskname) { -- cl_log(LOG_ERR, "Empty disk name %s.", diskname); -- return -1; -- } -- - cl_log(LOG_INFO, "Servant starting for device %s", diskname); - - /* Block most of the signals */ -diff --git a/src/sbd.h b/src/sbd.h -index 386c85c..6fe07f9 100644 ---- a/src/sbd.h -+++ b/src/sbd.h -@@ -175,7 +175,7 @@ int ping_via_slots(const char *name, struct servants_list_item *servants); - int dump_headers(struct servants_list_item *servants); - unsigned long get_first_msgwait(struct servants_list_item *servants); - int messenger(const char *name, const char *msg, struct servants_list_item *servants); --int servant(const char *diskname, int mode, const void* argp); -+int servant_md(const char *diskname, int mode, const void* argp); - #endif - - int servant_pcmk(const char *diskname, int mode, const void* argp); --- -1.8.3.1 - diff --git a/SOURCES/0007-Fix-sbd-inquisitor-overhaul-device-list-parser.patch b/SOURCES/0007-Fix-sbd-inquisitor-overhaul-device-list-parser.patch deleted file mode 100644 index c0ccf3d..0000000 --- a/SOURCES/0007-Fix-sbd-inquisitor-overhaul-device-list-parser.patch +++ /dev/null @@ -1,112 +0,0 @@ -From d3be2caffb9edbb6bfe0e2658c66a1826f4e9c3a Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Mon, 15 Apr 2019 17:41:51 +0200 -Subject: [PATCH] Fix: sbd-inquisitor: overhaul device-list-parser - -for readability and robustness ---- - src/sbd-inquisitor.c | 60 ++++++++++++++++++++++++++-------------------------- - 1 file changed, 30 insertions(+), 30 deletions(-) - -diff --git a/src/sbd-inquisitor.c b/src/sbd-inquisitor.c -index 715e978..b4b5585 100644 ---- a/src/sbd-inquisitor.c -+++ b/src/sbd-inquisitor.c -@@ -780,56 +780,56 @@ int inquisitor(void) - int - parse_device_line(const char *line) - { -- int lpc = 0; -- int last = 0; -- int max = 0; -+ size_t lpc = 0; -+ size_t last = 0; -+ size_t max = 0; - int found = 0; -+ bool skip_space = true; -+ int space_run = 0; - -- if(line) { -- max = strlen(line); -+ if (!line) { -+ return 0; - } - -- if (max <= 0) { -- return found; -- } -+ max = strlen(line); - -- cl_log(LOG_DEBUG, "Processing %d bytes: [%s]", max, line); -- /* Skip initial whitespace */ -- for (lpc = 0; lpc <= max && isspace(line[lpc]); lpc++) { -- last = lpc + 1; -- } -+ cl_log(LOG_DEBUG, "Processing %d bytes: [%s]", (int) max, line); - -- /* Now the actual content */ - for (lpc = 0; lpc <= max; lpc++) { -- int a_space = isspace(line[lpc]); -- -- if (a_space && lpc < max && isspace(line[lpc + 1])) { -- /* fast-forward to the end of the spaces */ -- -- } else if (a_space || line[lpc] == ';' || line[lpc] == 0) { -- int rc = 1; -- char *entry = NULL; -+ if (isspace(line[lpc])) { -+ if (skip_space) { -+ last = lpc + 1; -+ } else { -+ space_run++; -+ } -+ continue; -+ } -+ skip_space = false; -+ if (line[lpc] == ';' || line[lpc] == 0) { -+ int rc = 0; -+ char *entry = calloc(1, 1 + lpc - last); - -- if (lpc > last) { -- entry = calloc(1, 1 + lpc - last); -- if (!entry) { -- fprintf(stderr, "heap allocation failed parsing device-line.\n"); -- exit(1); -- } -+ if (entry) { - rc = sscanf(line + last, "%[^;]", entry); -+ } else { -+ fprintf(stderr, "Heap allocation failed parsing device-line.\n"); -+ exit(1); - } - - if (rc != 1) { -- cl_log(LOG_WARNING, "Could not parse (%d %d): %s", last, lpc, line + last); -+ cl_log(LOG_WARNING, "Could not parse: '%s'", line + last); - } else { -+ entry[strlen(entry)-space_run] = '\0'; - cl_log(LOG_DEBUG, "Adding '%s'", entry); - recruit_servant(entry, 0); - found++; - } - - free(entry); -+ skip_space = true; - last = lpc + 1; - } -+ space_run = 0; - } - return found; - } -@@ -890,7 +890,7 @@ int main(int argc, char **argv, char **envp) - int devices = parse_device_line(value); - if(devices < 1) { - fprintf(stderr, "Invalid device line: %s\n", value); -- exit_status = -2; -+ exit_status = -2; - goto out; - } - #else --- -1.8.3.1 - diff --git a/SOURCES/0008-Refactor-sbd-common-no-reason-for-stack-hogger-havin.patch b/SOURCES/0008-Refactor-sbd-common-no-reason-for-stack-hogger-havin.patch deleted file mode 100644 index f0a6d44..0000000 --- a/SOURCES/0008-Refactor-sbd-common-no-reason-for-stack-hogger-havin.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8e94781169fc2f36eb49078de1978ceb53df6b6c Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Mon, 15 Apr 2019 17:40:26 +0200 -Subject: [PATCH] Refactor: sbd-common: no reason for stack-hogger having - retval - ---- - src/sbd-common.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/sbd-common.c b/src/sbd-common.c -index 3966f25..873a76e 100644 ---- a/src/sbd-common.c -+++ b/src/sbd-common.c -@@ -568,13 +568,13 @@ enum { - #define IOPRIO_PRIO_DATA(mask) ((mask) & IOPRIO_PRIO_MASK) - #define IOPRIO_PRIO_VALUE(class, data) (((class) << IOPRIO_CLASS_SHIFT) | data) - --static unsigned char -+static void - sbd_stack_hogger(unsigned char * inbuf, int kbytes) - { - unsigned char buf[1024]; - - if(kbytes <= 0) { -- return HOG_CHAR; -+ return; - } - - if (inbuf == NULL) { -@@ -584,10 +584,10 @@ sbd_stack_hogger(unsigned char * inbuf, int kbytes) - } - - if (kbytes > 0) { -- return sbd_stack_hogger(buf, kbytes-1); -- } else { -- return buf[sizeof(buf)-1]; -+ sbd_stack_hogger(buf, kbytes-1); - } -+ -+ return; - } - - static void --- -1.8.3.1 - diff --git a/SOURCES/0009-Sanity-sbd-inquisitor-free-timeout-action-on-bail-ou.patch b/SOURCES/0009-Sanity-sbd-inquisitor-free-timeout-action-on-bail-ou.patch deleted file mode 100644 index 9eae5d6..0000000 --- a/SOURCES/0009-Sanity-sbd-inquisitor-free-timeout-action-on-bail-ou.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 5c80753afb4abc2b5b024f4a5f2fc78669bda70b Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Mon, 15 Apr 2019 17:39:12 +0200 -Subject: [PATCH] Sanity: sbd-inquisitor: free timeout action on bail out - ---- - src/sbd-inquisitor.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/sbd-inquisitor.c b/src/sbd-inquisitor.c -index 77c6e4f..715e978 100644 ---- a/src/sbd-inquisitor.c -+++ b/src/sbd-inquisitor.c -@@ -1088,7 +1088,8 @@ int main(int argc, char **argv, char **envp) - break; - case 'h': - usage(); -- return (0); -+ goto out; -+ break; - default: - exit_status = -2; - goto out; -@@ -1241,6 +1242,9 @@ int main(int argc, char **argv, char **envp) - } - - out: -+ if (timeout_action) { -+ free(timeout_action); -+ } - if (exit_status < 0) { - if (exit_status == -2) { - usage(); --- -1.8.3.1 - diff --git a/SOURCES/0010-Sanity-sbd-md-prevent-unrealistic-overflow-on-sector.patch b/SOURCES/0010-Sanity-sbd-md-prevent-unrealistic-overflow-on-sector.patch deleted file mode 100644 index cc8c4ee..0000000 --- a/SOURCES/0010-Sanity-sbd-md-prevent-unrealistic-overflow-on-sector.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f6af36a0fb05b5a37b3dfb153677e28ca5cb3fd8 Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Mon, 15 Apr 2019 17:37:42 +0200 -Subject: [PATCH] Sanity: sbd-md: prevent unrealistic overflow on sector io - calc - ---- - src/sbd-md.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/sbd-md.c b/src/sbd-md.c -index 60a1873..f437c41 100644 ---- a/src/sbd-md.c -+++ b/src/sbd-md.c -@@ -162,9 +162,9 @@ sector_io(struct sbd_context *st, int sector, void *data, int rw) - - memset(&st->io, 0, sizeof(struct iocb)); - if (rw) { -- io_prep_pwrite(&st->io, st->devfd, data, sector_size, sector_size * sector); -+ io_prep_pwrite(&st->io, st->devfd, data, sector_size, (long long) sector_size * sector); - } else { -- io_prep_pread(&st->io, st->devfd, data, sector_size, sector_size * sector); -+ io_prep_pread(&st->io, st->devfd, data, sector_size, (long long) sector_size * sector); - } - - if (io_submit(st->ioctx, 1, ios) != 1) { --- -1.8.3.1 - diff --git a/SOURCES/0011-Sanity-sbd-md-remove-some-left-over-code.patch b/SOURCES/0011-Sanity-sbd-md-remove-some-left-over-code.patch deleted file mode 100644 index 64dd8cb..0000000 --- a/SOURCES/0011-Sanity-sbd-md-remove-some-left-over-code.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a80fe9392fd910074eccc4733ff2cd3e1625e48e Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Mon, 15 Apr 2019 17:36:12 +0200 -Subject: [PATCH] Sanity: sbd-md: remove some left over code - ---- - src/sbd-md.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/sbd-md.c b/src/sbd-md.c -index c51d381..60a1873 100644 ---- a/src/sbd-md.c -+++ b/src/sbd-md.c -@@ -373,7 +373,6 @@ init_device(struct sbd_context *st) - struct sector_header_s *s_header; - struct sector_node_s *s_node; - struct sector_mbox_s *s_mbox; -- struct stat s; - char uuid[37]; - int i; - int rc = 0; -@@ -394,10 +393,6 @@ init_device(struct sbd_context *st) - uuid_generate(s_header->uuid); - uuid_unparse_lower(s_header->uuid, uuid); - -- fstat(st->devfd, &s); -- /* printf("st_size = %ld, st_blksize = %ld, st_blocks = %ld\n", -- s.st_size, s.st_blksize, s.st_blocks); */ -- - cl_log(LOG_INFO, "Creating version %d.%d header on device %d (uuid: %s)", - s_header->version, s_header->minor_version, - st->devfd, uuid); --- -1.8.3.1 - diff --git a/SOURCES/0012-Fix-sbd-common-query-rt-budget-0-otherwise-try-movin.patch b/SOURCES/0012-Fix-sbd-common-query-rt-budget-0-otherwise-try-movin.patch deleted file mode 100644 index 41cf428..0000000 --- a/SOURCES/0012-Fix-sbd-common-query-rt-budget-0-otherwise-try-movin.patch +++ /dev/null @@ -1,215 +0,0 @@ -From eaeed6cca46a0223617ead834aaa576dd5ad07ff Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Fri, 31 May 2019 16:11:16 +0200 -Subject: [PATCH] Fix: sbd-common: query rt-budget > 0 otherwise try moving to - root-slice - ---- - src/sbd-common.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++ - src/sbd-inquisitor.c | 15 +++++++ - src/sbd.h | 2 + - src/sbd.sysconfig | 14 +++++++ - 4 files changed, 141 insertions(+) - -diff --git a/src/sbd-common.c b/src/sbd-common.c -index 873a76e..ebfdaa3 100644 ---- a/src/sbd-common.c -+++ b/src/sbd-common.c -@@ -662,6 +662,112 @@ static void sbd_memlock(int stackgrowK, int heapgrowK) - #endif - } - -+static int get_realtime_budget(void) -+{ -+ FILE *f; -+ char fname[PATH_MAX]; -+ int res = -1, lnum = 0; -+ char *cgroup = NULL, *namespecs = NULL; -+ -+ snprintf(fname, PATH_MAX, "/proc/%jd/cgroup", (intmax_t)getpid()); -+ f = fopen(fname, "rt"); -+ if (f == NULL) { -+ cl_log(LOG_WARNING, "Can't open cgroup file for pid=%jd", -+ (intmax_t)getpid()); -+ goto exit_res; -+ } -+ while( fscanf(f, "%d:%m[^:]:%m[^\n]", &lnum, &namespecs, &cgroup) !=EOF ) { -+ if (namespecs && strstr(namespecs, "cpuacct")) { -+ free(namespecs); -+ break; -+ } -+ if (cgroup) { -+ free(cgroup); -+ cgroup = NULL; -+ } -+ if (namespecs) { -+ free(namespecs); -+ namespecs = NULL; -+ } -+ } -+ fclose(f); -+ if (cgroup == NULL) { -+ cl_log(LOG_WARNING, "Failed getting cgroup for pid=%jd", -+ (intmax_t)getpid()); -+ goto exit_res; -+ } -+ snprintf(fname, PATH_MAX, "/sys/fs/cgroup/cpu%s/cpu.rt_runtime_us", -+ cgroup); -+ f = fopen(fname, "rt"); -+ if (f == NULL) { -+ cl_log(LOG_WARNING, "cpu.rt_runtime_us existed for root-slice but " -+ "doesn't for '%s'", cgroup); -+ goto exit_res; -+ } -+ if (fscanf(f, "%d", &res) != 1) { -+ cl_log(LOG_WARNING, "failed reading rt-budget from %s", fname); -+ } else { -+ cl_log(LOG_INFO, "slice='%s' has rt-budget=%d", cgroup, res); -+ } -+ fclose(f); -+ -+exit_res: -+ if (cgroup) { -+ free(cgroup); -+ } -+ return res; -+} -+ -+/* stolen from corosync */ -+static int sbd_move_to_root_cgroup(bool enforce_root_cgroup) { -+ FILE *f; -+ int res = -1; -+ -+ /* -+ * /sys/fs/cgroup is hardcoded, because most of Linux distributions are now -+ * using systemd and systemd uses hardcoded path of cgroup mount point. -+ * -+ * This feature is expected to be removed as soon as systemd gets support -+ * for managing RT configuration. -+ */ -+ f = fopen("/sys/fs/cgroup/cpu/cpu.rt_runtime_us", "rt"); -+ if (f == NULL) { -+ cl_log(LOG_DEBUG, "cpu.rt_runtime_us doesn't exist -> " -+ "system without cgroup or with disabled CONFIG_RT_GROUP_SCHED"); -+ res = 0; -+ goto exit_res; -+ } -+ fclose(f); -+ -+ if ((!enforce_root_cgroup) && (get_realtime_budget() > 0)) { -+ cl_log(LOG_DEBUG, "looks as if we have rt-budget in the slice we are " -+ "-> skip moving to root-slice"); -+ res = 0; -+ goto exit_res; -+ } -+ -+ f = fopen("/sys/fs/cgroup/cpu/tasks", "w"); -+ if (f == NULL) { -+ cl_log(LOG_WARNING, "Can't open cgroups tasks file for writing"); -+ -+ goto exit_res; -+ } -+ -+ if (fprintf(f, "%jd\n", (intmax_t)getpid()) <= 0) { -+ cl_log(LOG_WARNING, "Can't write sbd pid into cgroups tasks file"); -+ goto close_and_exit_res; -+ } -+ -+close_and_exit_res: -+ if (fclose(f) != 0) { -+ cl_log(LOG_WARNING, "Can't close cgroups tasks file"); -+ goto exit_res; -+ } -+ -+exit_res: -+ return (res); -+} -+ - void - sbd_make_realtime(int priority, int stackgrowK, int heapgrowK) - { -@@ -670,6 +776,10 @@ sbd_make_realtime(int priority, int stackgrowK, int heapgrowK) - } - - #ifdef SCHED_RR -+ if (move_to_root_cgroup) { -+ sbd_move_to_root_cgroup(enforce_moving_to_root_cgroup); -+ } -+ - { - int pcurrent = 0; - int pmin = sched_get_priority_min(SCHED_RR); -diff --git a/src/sbd-inquisitor.c b/src/sbd-inquisitor.c -index abde4e5..cef5cc7 100644 ---- a/src/sbd-inquisitor.c -+++ b/src/sbd-inquisitor.c -@@ -33,6 +33,8 @@ int start_mode = 0; - char* pidfile = NULL; - bool do_flush = true; - char timeout_sysrq_char = 'b'; -+bool move_to_root_cgroup = true; -+bool enforce_moving_to_root_cgroup = false; - - int parse_device_line(const char *line); - -@@ -965,6 +967,19 @@ int main(int argc, char **argv, char **envp) - timeout_action = strdup(value); - } - -+ value = getenv("SBD_MOVE_TO_ROOT_CGROUP"); -+ if(value) { -+ move_to_root_cgroup = crm_is_true(value); -+ -+ if (move_to_root_cgroup) { -+ enforce_moving_to_root_cgroup = true; -+ } else { -+ if (strcmp(value, "auto") == 0) { -+ move_to_root_cgroup = true; -+ } -+ } -+ } -+ - while ((c = getopt(argc, argv, "czC:DPRTWZhvw:d:n:p:1:2:3:4:5:t:I:F:S:s:r:")) != -1) { - switch (c) { - case 'D': -diff --git a/src/sbd.h b/src/sbd.h -index 3b05a11..ac30ec7 100644 ---- a/src/sbd.h -+++ b/src/sbd.h -@@ -159,6 +159,8 @@ extern bool watchdogdev_is_default; - extern char* local_uname; - extern bool do_flush; - extern char timeout_sysrq_char; -+extern bool move_to_root_cgroup; -+extern bool enforce_moving_to_root_cgroup; - - /* Global, non-tunable variables: */ - extern int sector_size; -diff --git a/src/sbd.sysconfig b/src/sbd.sysconfig -index f163f21..e1a60ed 100644 ---- a/src/sbd.sysconfig -+++ b/src/sbd.sysconfig -@@ -91,6 +91,20 @@ SBD_WATCHDOG_TIMEOUT=5 - # - SBD_TIMEOUT_ACTION=flush,reboot - -+## Type: yesno / auto -+## Default: auto -+# -+# If CPUAccounting is enabled default is not to assign any RT-budget -+# to the system.slice which prevents sbd from running RR-scheduled. -+# -+# One way to escape that issue is to move sbd-processes from the -+# slice they were originally started to root-slice. -+# Of course starting sbd in a certain slice might be intentional. -+# Thus in auto-mode sbd will check if the slice has RT-budget assigned. -+# If that is the case sbd will stay in that slice while it will -+# be moved to root-slice otherwise. -+SBD_MOVE_TO_ROOT_CGROUP=auto -+ - ## Type: string - ## Default: "" - # --- -1.8.3.1 - diff --git a/SOURCES/0013-Fix-sbd-pacemaker-assume-graceful-exit-if-leftovers-.patch b/SOURCES/0013-Fix-sbd-pacemaker-assume-graceful-exit-if-leftovers-.patch deleted file mode 100644 index 8c92df8..0000000 --- a/SOURCES/0013-Fix-sbd-pacemaker-assume-graceful-exit-if-leftovers-.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 824fe834c67fb7bae7feb87607381f9fa8fa2945 Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Fri, 7 Jun 2019 19:09:06 +0200 -Subject: [PATCH] Fix: sbd-pacemaker: assume graceful exit if leftovers are - unmanged - ---- - src/sbd-pacemaker.c | 32 +++++++++++++++++++++++++++++++- - 1 file changed, 31 insertions(+), 1 deletion(-) - -diff --git a/src/sbd-pacemaker.c b/src/sbd-pacemaker.c -index 9a8b95f..2b35ff6 100644 ---- a/src/sbd-pacemaker.c -+++ b/src/sbd-pacemaker.c -@@ -333,11 +333,41 @@ compute_status(pe_working_set_t * data_set) - } - } - -+ /* If we are in shutdown-state once this will go on till the end. -+ * If we've on top reached a state of 0 locally running resources -+ * we can assume a clean shutdown. -+ * Tricky are the situations where the node is in maintenance-mode -+ * or resources are unmanaged. So if the node is in maintenance or -+ * all left-over running resources are unmanaged we assume intention. -+ */ - if (node->details->shutdown) { - pcmk_shutdown = 1; - } -- if (pcmk_shutdown && !(node->details->running_rsc)) { -+ if (pcmk_shutdown) -+ { - pcmk_clean_shutdown = 1; -+ if (!(node->details->maintenance)) { -+ GListPtr iter; -+ -+ for (iter = node->details->running_rsc; -+ iter != NULL; iter = iter->next) { -+ resource_t *rsc = (resource_t *) iter->data; -+ -+ -+ if (is_set(rsc->flags, pe_rsc_managed)) { -+ pcmk_clean_shutdown = 0; -+ crm_debug("not clean as %s managed and still running", -+ rsc->id); -+ break; -+ } -+ } -+ if (pcmk_clean_shutdown) { -+ crm_debug("pcmk_clean_shutdown because " -+ "all managed resources down"); -+ } -+ } else { -+ crm_debug("pcmk_clean_shutdown because node is in maintenance"); -+ } - } - notify_parent(); - return; --- -1.8.3.1 - diff --git a/SOURCES/0014-Fix-sbd-cluster-periodically-check-corosync-daemon-l.patch b/SOURCES/0014-Fix-sbd-cluster-periodically-check-corosync-daemon-l.patch deleted file mode 100644 index 9f4de96..0000000 --- a/SOURCES/0014-Fix-sbd-cluster-periodically-check-corosync-daemon-l.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 1387ed890e3a9e246e9b9f780b2a7cb5379459ab Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Wed, 5 Jun 2019 11:32:49 +0200 -Subject: [PATCH] Fix: sbd-cluster: periodically check corosync-daemon liveness - -using votequorum_getinfo. ---- - configure.ac | 12 +++++++++++- - src/sbd-cluster.c | 36 ++++++++++++++++++++++++++++++++++-- - 2 files changed, 45 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index fac26a8..c44e747 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -33,6 +33,7 @@ PKG_CHECK_MODULES(glib, [glib-2.0]) - dnl PKG_CHECK_MODULES(libcoroipcc, [libcoroipcc]) - - PKG_CHECK_MODULES(cmap, [libcmap], HAVE_cmap=1, HAVE_cmap=0) -+PKG_CHECK_MODULES(votequorum, [libvotequorum], HAVE_votequorum=1, HAVE_votequorum=0) - - dnl pacemaker > 1.1.8 - PKG_CHECK_MODULES(pacemaker, [pacemaker, pacemaker-cib], HAVE_pacemaker=1, HAVE_pacemaker=0) -@@ -49,7 +50,12 @@ elif test $HAVE_pacemaker = 1; then - if test $HAVE_cmap = 0; then - AC_MSG_NOTICE(No package 'cmap' found) - else -- CPPFLAGS="$CPPFLAGS $cmap_CFLAGS" -+ CPPFLAGS="$CPPFLAGS $cmap_CFLAGS" -+ fi -+ if test $HAVE_votequorum = 0; then -+ AC_MSG_NOTICE(No library 'votequorum' found) -+ else -+ CPPFLAGS="$CPPFLAGS $votequorum_CFLAGS" - fi - fi - -@@ -66,6 +72,7 @@ AC_CHECK_LIB(pe_rules, test_rule, , missing="yes") - AC_CHECK_LIB(crmcluster, crm_peer_init, , missing="yes") - AC_CHECK_LIB(uuid, uuid_unparse, , missing="yes") - AC_CHECK_LIB(cmap, cmap_initialize, , HAVE_cmap=0) -+AC_CHECK_LIB(votequorum, votequorum_getinfo, , HAVE_votequorum=0) - - dnl pacemaker >= 1.1.8 - AC_CHECK_HEADERS(pacemaker/crm/cluster.h) -@@ -107,6 +114,9 @@ fi - AC_DEFINE_UNQUOTED(CHECK_TWO_NODE, $HAVE_cmap, Turn on checking for 2-node cluster) - AM_CONDITIONAL(CHECK_TWO_NODE, test "$HAVE_cmap" = "1") - -+AC_DEFINE_UNQUOTED(CHECK_VOTEQUORUM_HANDLE, $HAVE_votequorum, Turn on periodic checking of votequorum-handle) -+AM_CONDITIONAL(CHECK_VOTEQUORUM_HANDLE, test "$HAVE_votequorum" = "1") -+ - CONFIGDIR="" - AC_ARG_WITH(configdir, - [ --with-configdir=DIR -diff --git a/src/sbd-cluster.c b/src/sbd-cluster.c -index 541212f..9fb6224 100644 ---- a/src/sbd-cluster.c -+++ b/src/sbd-cluster.c -@@ -80,6 +80,12 @@ sbd_plugin_membership_dispatch(cpg_handle_t handle, - - #if SUPPORT_COROSYNC - -+#if CHECK_VOTEQUORUM_HANDLE -+#include -+ -+static votequorum_handle_t votequorum_handle = 0; -+#endif -+ - static bool two_node = false; - static bool ever_seen_both = false; - static int cpg_membership_entries = -1; -@@ -261,12 +267,32 @@ notify_timer_cb(gpointer data) - - #endif - case pcmk_cluster_corosync: -+ do { -+#if SUPPORT_COROSYNC && CHECK_VOTEQUORUM_HANDLE -+ struct votequorum_info info; -+ -+ if (votequorum_getinfo(votequorum_handle, 0, &info) != CS_OK) { -+ -+ votequorum_finalize(votequorum_handle); -+ if (votequorum_initialize(&votequorum_handle, NULL) != CS_OK) { -+ votequorum_handle = 0; -+ break; -+ } -+ if (votequorum_getinfo(votequorum_handle, 0, &info) != CS_OK) { -+ break; -+ } -+ } -+#endif -+ notify_parent(); -+ } while (0); -+ break; -+ - #if HAVE_DECL_PCMK_CLUSTER_CMAN - case pcmk_cluster_cman: --#endif -- /* TODO - Make a CPG call and only call notify_parent() when we get a reply */ -+ - notify_parent(); - break; -+#endif - - default: - break; -@@ -533,6 +559,12 @@ find_pacemaker_remote(void) - static void - clean_up(int rc) - { -+#if CHECK_VOTEQUORUM_HANDLE -+ votequorum_finalize(votequorum_handle); -+ votequorum_handle = 0; /* there isn't really an invalid handle value -+ * just to be back where we started -+ */ -+#endif - return; - } - --- -1.8.3.1 - diff --git a/SOURCES/0015-build-say-library-when-missing-cmap-not-package-to-a.patch b/SOURCES/0015-build-say-library-when-missing-cmap-not-package-to-a.patch deleted file mode 100644 index 231c77c..0000000 --- a/SOURCES/0015-build-say-library-when-missing-cmap-not-package-to-a.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0de14256fc873aee735117955662503b773bf71c Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Tue, 11 Jun 2019 08:05:33 +0200 -Subject: [PATCH] build: say library when missing cmap not package to avoid - confusion - ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index c44e747..1c55094 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -48,7 +48,7 @@ if test $HAVE_pacemaker = 0 -a $HAVE_pcmk = 0; then - elif test $HAVE_pacemaker = 1; then - CPPFLAGS="$CPPFLAGS $glib_CFLAGS $pacemaker_CFLAGS" - if test $HAVE_cmap = 0; then -- AC_MSG_NOTICE(No package 'cmap' found) -+ AC_MSG_NOTICE(No library 'cmap' found) - else - CPPFLAGS="$CPPFLAGS $cmap_CFLAGS" - fi --- -1.8.3.1 - diff --git a/SOURCES/0016-Fix-sbd-pacemaker-check-for-shutdown-attribute-on-ev.patch b/SOURCES/0016-Fix-sbd-pacemaker-check-for-shutdown-attribute-on-ev.patch deleted file mode 100644 index 16a50e0..0000000 --- a/SOURCES/0016-Fix-sbd-pacemaker-check-for-shutdown-attribute-on-ev.patch +++ /dev/null @@ -1,54 +0,0 @@ -From c8e3de2a7e98550ea9f27a0c59e13013ce02992d Mon Sep 17 00:00:00 2001 -From: Klaus Wenninger -Date: Fri, 16 Aug 2019 12:07:32 +0200 -Subject: [PATCH] Fix: sbd-pacemaker: check for shutdown attribute on every - cib-diff - ---- - src/sbd-pacemaker.c | 22 +++++++++++++++++++++- - 1 file changed, 21 insertions(+), 1 deletion(-) - -diff --git a/src/sbd-pacemaker.c b/src/sbd-pacemaker.c -index 2b35ff6..1217acf 100644 ---- a/src/sbd-pacemaker.c -+++ b/src/sbd-pacemaker.c -@@ -383,6 +383,24 @@ mon_trigger_refresh(gpointer user_data) - return FALSE; - } - -+#define XPATH_SHUTDOWN "//" XML_CIB_TAG_STATE "[@uname='%s']/" \ -+ XML_TAG_TRANSIENT_NODEATTRS "/" XML_TAG_ATTR_SETS "/" \ -+ XML_CIB_TAG_NVPAIR "[@name='" XML_CIB_ATTR_SHUTDOWN "']" -+ -+static gboolean -+shutdown_attr_in_cib(void) -+{ -+ xmlNode *match = NULL; -+ char *xpath_string; -+ -+ xpath_string = crm_strdup_printf(XPATH_SHUTDOWN, local_uname); -+ if (xpath_string) { -+ match = get_xpath_object(xpath_string, current_cib, LOG_TRACE); -+ free(xpath_string); -+ } -+ return (match != NULL); -+} -+ - static void - crm_diff_update(const char *event, xmlNode * msg) - { -@@ -426,8 +444,10 @@ crm_diff_update(const char *event, xmlNode * msg) - * - immediately if the last update was more than 1s ago - * - every 10 updates - * - at most 1s after the last update -+ * - shutdown attribute for our node set for the first time - */ -- if (updates > 10 || (now - last_refresh) > (reconnect_msec / 1000)) { -+ if ((!pcmk_shutdown && shutdown_attr_in_cib()) || -+ (updates > 10 || (now - last_refresh) > (reconnect_msec / 1000))) { - mon_refresh_state(refresh_timer); - updates = 0; - --- -1.8.3.1 - diff --git a/SPECS/sbd.spec b/SPECS/sbd.spec index e941480..eca754b 100644 --- a/SPECS/sbd.spec +++ b/SPECS/sbd.spec @@ -15,51 +15,39 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -%global commit 7f33d1a409d0a4e2cd69946688c48eaa8f3c5d26 +%global commit 25fce8a7d5e8cd5abc2379077381b10bd6cec183 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %global github_owner Clusterlabs -%global buildnum 15 +%global buildnum 3 Name: sbd Summary: Storage-based death License: GPLv2+ Group: System Environment/Daemons -Version: 1.4.0 +Version: 1.4.1 Release: %{buildnum}%{?dist} Url: https://github.com/%{github_owner}/%{name} Source0: https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz -Patch0: 0001-Fix-sbd-cluster-finalize-cmap-connection-if-disconne.patch -Patch1: 0002-Fix-sbd-pacemaker-make-handling-of-cib-connection-lo.patch -Patch2: 0003-Fix-sbd-pacemaker-bail-out-of-status-earlier.patch -Patch3: 0004-Doc-sbd.8.pod-use-the-generic-term-cluster-services-.patch -Patch4: 0005-Doc-sbd.sysconfig-watchdog-timeout-set-in-the-on-dis.patch -Patch5: 0006-Refactor-fail-earlier-on-invalid-servants.patch -Patch6: 0007-Fix-sbd-inquisitor-overhaul-device-list-parser.patch -Patch7: 0008-Refactor-sbd-common-no-reason-for-stack-hogger-havin.patch -Patch8: 0009-Sanity-sbd-inquisitor-free-timeout-action-on-bail-ou.patch -Patch9: 0010-Sanity-sbd-md-prevent-unrealistic-overflow-on-sector.patch -Patch10: 0011-Sanity-sbd-md-remove-some-left-over-code.patch -Patch11: 0012-Fix-sbd-common-query-rt-budget-0-otherwise-try-movin.patch -Patch12: 0013-Fix-sbd-pacemaker-assume-graceful-exit-if-leftovers-.patch -Patch13: 0014-Fix-sbd-cluster-periodically-check-corosync-daemon-l.patch -Patch14: 0015-build-say-library-when-missing-cmap-not-package-to-a.patch -Patch15: 0016-Fix-sbd-pacemaker-check-for-shutdown-attribute-on-ev.patch +Patch1: 0001-Fix-regressions.sh-make-parameter-passing-consistent.patch +Patch2: 0002-Doc-add-environment-section-to-man-page.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake BuildRequires: libuuid-devel BuildRequires: glib2-devel BuildRequires: libaio-devel -BuildRequires: corosynclib-devel +BuildRequires: corosync-devel BuildRequires: pacemaker-libs-devel > 1.1.12 BuildRequires: libtool BuildRequires: libuuid-devel BuildRequires: libxml2-devel BuildRequires: pkgconfig BuildRequires: systemd +BuildRequires: make +Conflicts: fence-agents-sbd < 4.2.1-38 %if 0%{?rhel} > 0 -ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 %{arm} +ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 %endif %if %{defined systemd_requires} @@ -70,15 +58,28 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 %{arm} This package contains the storage-based death functionality. +%package tests +Summary: Storage-based death environment for regression tests +License: GPLv2+ +Group: System Environment/Daemons + +%description tests +This package provides an environment + testscripts for +regression-testing sbd. + ########################################################### %prep %autosetup -n %{name}-%{commit} -p1 +%ifarch s390x s390 +sed -i src/sbd.sysconfig -e "s/Default: 5/Default: 15/" +sed -i src/sbd.sysconfig -e "s/SBD_WATCHDOG_TIMEOUT=5/SBD_WATCHDOG_TIMEOUT=15/" +%endif ########################################################### %build -autoreconf -i +./autogen.sh export CFLAGS="$RPM_OPT_FLAGS -Wall -Werror" %configure make %{?_smp_mflags} @@ -90,6 +91,7 @@ make %{?_smp_mflags} make DESTDIR=$RPM_BUILD_ROOT LIBDIR=%{_libdir} install rm -rf ${RPM_BUILD_ROOT}%{_libdir}/stonith +install -D -m 0755 tests/regressions.sh $RPM_BUILD_ROOT/usr/share/sbd/regressions.sh %if %{defined _unitdir} install -D -m 0644 src/sbd.service $RPM_BUILD_ROOT/%{_unitdir}/sbd.service install -D -m 0644 src/sbd_remote.service $RPM_BUILD_ROOT/%{_unitdir}/sbd_remote.service @@ -98,6 +100,10 @@ install -D -m 0644 src/sbd_remote.service $RPM_BUILD_ROOT/%{_unitdir}/sbd_remote mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig install -m 644 src/sbd.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/sbd +# Don't package static libs +find %{buildroot} -name '*.a' -type f -print0 | xargs -0 rm -f +find %{buildroot} -name '*.la' -type f -print0 | xargs -0 rm -f + ########################################################### %clean @@ -133,6 +139,7 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/sbd %{_sbindir}/sbd #%{_datadir}/sbd +%exclude %{_datadir}/sbd/regressions.sh %doc %{_mandir}/man8/sbd* %if %{defined _unitdir} %{_unitdir}/sbd.service @@ -140,7 +147,32 @@ fi %endif %doc COPYING +%files tests +########################################################### +%defattr(-,root,root) +%dir %{_datadir}/sbd +%{_datadir}/sbd/regressions.sh +%{_libdir}/libsbdtestbed* + %changelog +* Mon Feb 17 2020 Klaus Wenninger - 1.4.1-3 +- append the man-page by a section auto-generated from + sbd.sysconfig + + Resolves: rhbz#1803826 + +* Wed Nov 20 2019 Klaus Wenninger - 1.4.1-2 +- silence coverity regarding inconsistent parameter passing +- adapt fence-agents-dependency from upstream to distribution + + Resolves: rhbz#1769305 + +* Tue Nov 19 2019 Klaus Wenninger - 1.4.1-1 +- rebase to upstream v1.4.0 + + Resolves: rhbz#1769305 + Resolves: rhbz#1768906 + * Fri Aug 16 2019 Klaus Wenninger - 1.4.0-15 - check for shutdown attribute on every cib-diff