The request forwarding infrastructure is there for client requests.
However, we (ab)use it for mon's sending MLog messages: LogClient sends an
MLog message to itself, and that is either handled locally (if leader) or
forwarded to the leader.
If that races with an election, we were forwarding an MLog from another mon
to the leader. This is not necessary; the original MLog sender will resend
the request on election_finish() to the latest leader.
The fix is to adjust forward_request_leader() to only forward messages from
a mon if that mon is itself.
This was reproduced while testing the fix for #4748.
Signed-off-by: Sage Weil <sage@inktank.com>
There are intervals during bootstrap(*) during which we are part of the
monmap, but our name (mon->name) does not match the monmap's. This means
that calling monmap->get_inst(mon->name) is not a safe way to get our own
entity_inst_t.
Instead, use messenger->get_myinst(). This includes our addr (obviously)
and an up-to-date entity_name_t, too: in bootstrap we adjust the messenger
name at the same time as mon->rank, based on the contents of the monmap.
monmap->get_inst(mon->rank) would work too.
* During mkfs, the monmap may have noname-foo instead of the name if it was
generated from the mon_host lines or dns or whatever by
MonMap::build_initial(). This was the case for #4811.
Fixes: #4811
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Greg Farnum <greg@inktank.com>
This patch fixes a bug in radosgw swift compatibility code,
that is, if a not-owner but authorized user access a non-existing
object in a container, he wiil receive unexpected error code,
to repeat this bug, do the following steps,
1 User1 creates a container, and grants the read/write permission to user2
curl -X PUT -i -k -H "X-Auth-Token: $user1_token" $url/$container
curl -X POST -i -k -H "X-Auth-Token: $user1_token" -H "X-Container-Read:
$user2" -H "X-Container-Write: $user2" $url/$container
2 User2 queries the object 'obj' in the newly created container
by using HEAD instruction, note the container currently is empty
curl -X HEAD -i -k -H "X-Auth-Token: $user2_token" $url/$container/obj
3 The response received by user2 is '401 Authorization Required',
rather than the expected '404 Not Found', the details are as follows,
HTTP/1.1 401 Authorization Required
Date: Tue, 16 Apr 2013 01:52:49 GMT
Server: Apache/2.2.22 (Ubuntu)
Accept-Ranges: bytes
Content-Length: 12
Vary: Accept-Encoding
Signed-off-by: Yunchuan Wen <yunchuanwen@ubuntukylin.com>
Signed-off-by: Li Wang <liwang@ubuntukylin.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
If you use -a to start a remote daemon, assume the remote config is present
instead of pushing the local config. This makes more sense and simplifies
things.
Note that this means that -a in concert with -c foo means that foo must
also be present on the remote node in the same path. That, however, is a
use case that I don't particularly care about right now. :)
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Dan Mick <dan.mick@inktank.com>
Add new num_deep_scrub_errors and num_shallow_scrub_errors to object_stat_sum_t
Show deep-scrub error count when outputing regular scrub errors
Set invalid size in case of a stat error which sets read_error
For now do deep-scrub after repair (see #4783)
fixes: #4778
Signed-off-by: David Zafman <david.zafman@inktank.com>
Once we're sure an object doesn't exist, we retry all the waiters in
order, and they return -ENOENT immediately. If there were a bunch of
BufferHeads waiting for data (rx state), they would be left behind
while the reads that triggered them were complete from the cache
user's perspective. These extra rx BufferHeads would pin the object in
the lru, so they wouldn't be removed by release_set(). This meant that
the assert during shutdown of the cache would be triggered.
To fix this, remove any BufferHeads in this state immediately when we
find out the object doesn't exist. Use the same condition as readx for
determining whether this is safe - if we got -ENOENT and all
BufferHeads for the object are clean or rx.
Fixes: #3664
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
In general anybody participating in an election should be new enough to
lead thanks to the bootstrap process, but we've observed situations in
which a monitor is leader but gets so busy that it gets booted out
without noticing for a while, then processes the election messages
which were spawned, responds to them, and the other monitors kick those
up to a new election epoch. Then the old and behind monitor gets
elected as the new leader, which does bad things to our sync.
To deal with this, add the paxos first and last committed versions
to the MMonElection messages, and consider those values when deciding
whether to defer to a peer. Only defer to them if their newest value
is newer than our oldest, but also *do* defer to them if their oldest
value is newer than our newest even if we out-rank them otherwise.
Signed-off-by: Greg Farnum <greg@inktank.com>
We were looking at our own paxos_max_join_drift and using that to
calculate whether we were new enough to join without syncing, but
if those numbers don't match across monitors they might have trimmed. Use
the number they provide us as their first version and compare to that
as well.
Signed-off-by: Greg Farnum <greg@inktank.com>
If the collection is subsequently removed, the _split_collection
might get replayed and find either src or dest removed.
Fixes: #4806
Backport: bobtail
Signed-off-by: Samuel Just <sam.just@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
When calculating the [a,b] interval over which a given clone is valid, do
not assume that b == the clone id; that is *not* true when the original
end snap has been deleted/trimmed.
While we are here, make the code a bit cleaner to read.
Fixes: #4785
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Samuel Just <sam.just@inktank.com>
If we transition out of peering due to affected
prior set, we won't trigger start_peering_interval
and check_recovery_sources won't get called. This
will leave an entry in missing_loc_sources without
a matching missing set. We always want to
check_recovery_sources with remove_down_peer_info.
Fixes: 4805
Backport: bobtail
Signed-off-by: Samuel Just <sam.just@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
When we are out of quorum, we waitlist client messages or (eventually)
send them elsewhere. If we are synchronizing, do the same.
Signed-off-by: Sage Weil <sage@inktank.com>
This will ease the transition from mkcephfs to ceph-deploy by allowing
ceph-create-keys to use the mon. keyring file in $mon_data and get the
caps it needs.
Fixes: #4756
Signed-off-by: Sage Weil <sage@inktank.com>
Fixes: #4759
Add a new request param 'stats' for the swift list containers
request. If set to 'false' it disables stats retrieval, which
makes it go faster. Also, don't dump stats if format is plain,
as they're not going to be dumped.
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
We don't set the striping feature when we are using backward-compatible
(default) striping now; fix the test accordingly.
Signed-off-by: Sage Weil <sage@inktank.com>
This way a notify on an object with a single defunct watcher
won't necessarily have to wait the full timeout if the pg
has been active for a while.
Signed-off-by: Samuel Just <sam.just@inktank.com>
In 98e23980f4 is_readable() was changed to
call is_active(), but that has a check for is_bootstrapping(), so there is
a semantic change.
As a result, we may fail PaxosService::is_readable() (due to bootstrapping)
and then try to call Paxos::wait_for_readable(). That will assert that
Paxos::is_readable() is false, but it will be true and we will crash.
Revert that part of the change, since the semantic change was not
intentional.
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Greg Farnum <greg@inktank.com>
The existing read_iterate takes a size_t for the length, which is only 4GB
on 32-bit machines. Instead, take a uint64_t length for the new
read_iterate2().
Return 0 instead of the number of bytes read; this makes the user-facing
API a bit simpler.
Fixes: #4665
Signed-off-by: Sage Weil <sage@inktank.com>
keep bytes return from internal method
The read() method returns the bytes read, trimmed to the end of the image;
use the other read() variant to do this (which use aio_read()) instead of
read_iterate().
Signed-off-by: Sage Weil <sage@inktank.com>
On each election, we resend routed requests to the new leader (or
requeue for ourselves). Therefore, if we receive a forwarded request,
we should drop it on the floor if there is a new election. Add a field
in the PaxosServiceMessage struct to track which election epoch we
received the request in, and drop it in PaxosService::dispatch() if
that is in the past.
Signed-off-by: Sage Weil <sage@inktank.com>
If we have requests that we have forwarded, and are elected leader,
requeue those requests for ourself and queue them normally and clear out
the routed_requests map.
Signed-off-by: Sage Weil <sage@inktank.com>
Keep a reference to the source Connection* for forwarded requests. This
makes the reply path slightly cleaner, and will help us later.
Signed-off-by: Sage Weil <sage@inktank.com>
The journal no longer assumes corruption if it finds a valid entry
after an inavlid entry. Instead, these tests will exercise the
corruption detection via the header committed_up_to member.
Fixes: #4792
Signed-off-by: Samuel Just <sam.just@inktank.com>
Reviewed-by: Greg Farnum <greg@inktank.com>
Fixes: #4760
Instead of retrieving the entire list of buckets in one
chunk, streamline it. This makes it so that if the request
takes too long, client isn't going to timeout before getting
any data.
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
The old code would only do the push once per remote node (due to the
list in $pushed_to) but would reset $unique on each attempt. This would
break if a remote host was processed twice.
Fix by just skipping the $pushed_to optimization entirely.
Fixes: #4794
Reported-by: Andreas Friedrich <andreas.friedrich@ts.fujitsu.com>
Signed-off-by: Sage Weil <sage@inktank.com>
Two fixes for Centos 6.3 and other systems with udev versions
prior to 172. The disk peristant name using the GPT UUID does
not exist, so use the by_path persistent name instead for the
journal symlink.
The gpt label fields are not available for use in udev rules. Add
ceph-disk-udev wrapper script that extracts the partition
type guid from the label and calls ceph-disk-activate if it is
a ceph guid type. (Bug #4632)
Signed-off-by: Gary Lowell <gary.lowell@inktank.com>
