Setting res to -1 was not entirely following semantics of "equal"
operation. Set it to 0 and return it when families differs makes
compiler happy.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Compiler may have problem understanding relation between addr1p and
addrlen. Small change makes code a little more readable and compiler
happy.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
GDB_FLAGS (without C) is the correct name of variable
to print in the summary.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Passing -ggdb3 (or -g3) during compiler may result in corrupted
debuginfo files (bug in debugedit - for Fedora filed as a
https://bugzilla.redhat.com/show_bug.cgi?id=1708786). Until the bug is
fixed it's possible to ether change configure to add -ggdb2/-g2 or use
already existing --enable-user-flags option and rely on environment set
by rpmbuild.
Patch implements second option so RPM distros without broken debugedit
are not affected.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Thanks Christine Caulfield <ccaulfie@redhat.com> for
Englishify and refining the description.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Fix issues found by Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
instead of the nodeid, this displayed arbitrary values (usually '1')
from other cmap keys under nodelist.node.XX.
sscanf returns the number of conversions even on mismatch, e.g. it also
returns 1 for
nodelist.node.2.quorum_votes
nodelist.node.2.ring0_addr
nodelist.node.2.name
...
instead of just
nodelist.node.2.nodeid
which leads to the value of (at least) quorum_votes being stored in
nodeid_list in addition to the actual nodeid.
storing the returned int in a cs_error_t enum also potentially masks
errors, so just compare the result with the expectation directly.
Fixes: c0d14485c3
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
This feature allows corosync to block packets received from unknown
nodes (nodes with IP address which is not in the nodelist). This is
mainly for situations when "forgotten" node is booted and tries to join
cluster which already removed such node from configuration. Another use
case is to allow atomic reconfiguration and rejoin of two separate
clusters.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
It needs to be done at both reload and initialize time.
Also disable access lists if the config key is removed.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
currently knet acl are only available on master
but they might be backported
to stable1 as they don´t break onwire protocol.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Make sure the retransmit timeout have the lowest limit
`MINIMUM_TIMEOUT`. So, the lowest limit of hold should be
recalculated.
Also token timeout and retransmits count should
keep a relational expression.
Signed-off-by: yuan ren <yren@suse.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
1. Enable scripting of vqsim and add man page
I've added a 'sleep' command to help with scripting as well as
documentation on how to do it.
2. Make 'sync' operation much more robust and useful
Refactored a lot of code to make sure that in sync mode the
prompt appears at the 'right' time. What we do is wait for all
of the nodes in all partitions to have the same ring_id. If this
doesn't happen then the timeout will fire as before.
3. Rename binary to corosync-vqsim and add a sub-package for it
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
When adding a new link for the first time you will often see:
1) knet_link_set_ping_timers for nodeid 1, link 1 failed: Invalid
argument (22)
2) New config has different knet transport for link 1. Internal value
was NOT changed. To reconfigure an interface it must be deleted and
recreated. A working interface needs to be available to corosync at all
times
1) is caused by setting the ping timers twice, once in
totemknet_member_add() and once in totemknet_refresh_config().
The first time we don't know the value
so it's zero and thus display an error. For this we simply check
for the zero and skip the knet API call. It's not ideal, but
totemconfig needs a lot of reconfiguring itself before we can
make this more sane.
2) was caused by simply comparing an unconfigured link with
a configured one, so OF COURSE, they are going to be different!
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
When UDP is used as a transport, the error would occur
"Multicast address family does not match bind address family"
because there is no ipv6 in /etc/hosts specified but using the
totem.ip_version: ipv6-4. because
the mcastaddr generated (if not specified) only according to
the totem.ip_version.
Solution is to use bindnetaddr (configured or generated from
nodelist) addr family.
Signed-off-by: yuan ren <yren@suse.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
A couple of small internal changes in corosync 3.0 broke vqsim.
1) The way the custom config file is specified (no long an env variable)
2) votequorum now needs to know ouZ_node_pos
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Checking whole structure is fine for IPv4, but IPv6 contains also scope
id, what may be problem for local address. It's possible to use a zone
index, but because it's not required when host name is used, it
shouldn't be needed when IPv6 address is used.
Example configuration snip which fails without patch:
...
nodelist {
node {
nodeid: 1
ring0_addr: fe80:🔢5678:9abc:def1
}
}
...
(example succeed when %eth0 is used).
With patch, zone index is not needed.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Previously the reason field for the member_list items
in cpg_totem_confchg_fn was unset what may be little confusing.
Solution is to add a special value CPG_REASON_UNDEFINED and use it for
the member_list items.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
with the following semantics:
- default off
- implies crypto_hash SHA256 and crypto_cipher AES256
- crypto_* have higher precedence
- only applicable for knet, like crypto_*
this should make upgrading from Corosync 2.x less painful for users that
have an explicit secauth=on in their configuration.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Triple DES is considered as a "weak cipher" since 2016 so there is
really no need to support it in the corosync. Thanks to bug in
Corosync/Knet/NSS which caused 3des to not work at all,
no matter what library was used, we can just remove support for 3des
without braking the compatibility.
Also fix coroparse so:
- totem.crypto_type is removed (this is 1.x construct which was not used
even in 2.x)
- Add checking of totem.crypto_model.
- Enumarate possible values for crypto_model, crypto_cipher and
crypto_hash error messages
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Knet commit 1cb36f0cffd4559971826ca4774a88c5b05882fb reduced minimal
key length to 1024-bit. Keygen should keep compatibility with already
released 3.0.[0-1] so default key length should be 2048 bits. It's
possible to use -s argument to generate shorter key - keygen respects
minimum/maximum as defined by knet.
Also fix man page to reflect this change.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
so that we get the nice log message when attempting to modify them at
runtime, just like for totem.crypto_* and co.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
This reverts commit 03d9321bc8.
Reverted because when corosync service is not enabled and corosync
is executed by "systemctl start corosync" it is then immediately
shutdown because of "Unit not needed anymore. Stopping.".
This is really not expected behavior.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Nozzle is part of kronosnet but it is independent library. Enabling it
when detected without ability to turn it off is not in line with
other libraries.
Solution is to use same method as for other libraries - add
--enable-nozzle to configure script and add support for this option into
spec file.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
A nozzle device is a pseudo ethernet device that routes network
traffic through a channel on the corosync knet network (NOT cpg or any
corosync internal service) to other nodes in the cluster. It allows
applications to take advantage of knet features such as multipathing,
automatic failover, link switching etc.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
1. Use EXIT_SUCCESS and EXIT_FAILURE when possible
2. For -s option return EXIT_SUCCESS when no problem appeared and node
is quorate, EXIT_FAILURE if problem appeared and exit code 2
(EXIT_NOT_QUORATE) when no problem appeared but node is not quorate.
3. Document exit codes in the man page
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Previously it was required to use link id together with IP address (ex.
"0 127.0.0.1") as a -i parameter.
This was reported as not very user friendly. Solution is to split
returned interface name and try match link id and ip address
separately.
Also fix typo in description of parameter -s.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Now show the nodeids properly, rather than node indexes which were
annoying and unhelpful.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
- Add LibQB and Knet links
- Remove old (pre udpu) config file example
- Change corosync.conf man page to contain useful information about
token timeout
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
It shall be a rule of thumb not to combine "application stack"
components run under particular init/supervision mechanism and
run by whatever other means (without transitive relationships
like when corosync's client runs from other pacemaker that is
itself started through systemd) when there's a directed graph
of reliance between them (sans constrained corner cases like
when of such components is a kernel module).
And corosync on its own is just a service provider that only
appears useful when utilized as a basic building block for
application specific distributed environments.
Therefore, we may assume whenever corosync gets started by the
means of systemd, it's because of a mechanized attempt to satisfy
declared dependency of some such corosync's client that is about
to be started under the service manager realms (directly or, by
induction, through the same triggering mechanism indirectly).
Hence, when there's no such client around anymore (unless
this dependant is being restarted at the moment, see below)
corosync shall rather shutdown as well.
In the past, there was an issue with systemd regarding said
inflicted restart of the dependant/client, but that's resolved
as of v236:
https://github.com/systemd/systemd/commit/
deb4e7080db9dcd2a1d51ccf7c357f88ea863e54
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
AF_UNSPEC returns different results than AF_INET/AF_INET6, because of
nsswitch.conf search is in order and it stops asking other
modules once current module success.
Example of difference between previous and new code when ipv6-4 is used:
- /etc/hosts contains test_name with an ipv4
- previous code called AF_INET6 where /etc/hosts failed so other methods
were used which may return IPv6 addr -> result was ether fail or IPv6
address.
- new code calls AF_UNSPEC returning IPv4 defined in /etc/hosts ->
result is IPv4 address
New code behavior should solve problems caused by nss-myhostname.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
more changes are to be expected on this front as the API evolves in
knet master.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Here we're very far from entering the main loop, even farther from
sending the READY notification to systemd. This sounded awkward:
systemd[1]: Starting Corosync Cluster Engine...
corosync[827]: [MAIN ] Corosync Cluster Engine ('2.99.5'):
started and ready to provide service.
corosync[827]: [MAIN ] Corosync built-in features: dbus monitoring
watchdog augeas systemd xmlconf snmp pie relro bindnow
corosync[827]: [MAIN ] parse error in config: No interfaces defined
corosync[827]: [MAIN ] Corosync Cluster Engine exiting with status 8
at main.c:1378.
systemd[1]: corosync.service: Main process exited, code=exited,
status=8/n/a
systemd[1]: corosync.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Corosync Cluster Engine.
Signed-off-by: Ferenc Wágner <wferi@debian.org>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
system.run_dir was a little bit unfortunate and confusing name. Rename
to state_dir makes more evident what is content of this directory. To
keep setting consistent with code, get_run_dir is changed to
get_state_dir.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Originally totem.ip_version was used to force ip version used by totem.
With Knet this variable didn't make too much sense so it was not used.
Sadly rely only on DNS resolver order doesn't always work (RFC is quite
complicated, but if IPv6 is not configured then IPv4 is preferred), what
we tried to solve by forcing IPv6 and only if that fails, use IPv4.
Sadly this collides with nss_myhostname which is able to return every
local address and today system usually have at least one autogenerated
link-local IPv6 address so it is able to "overwrite" /etc/hosts.
Solution is to enhance totem.ip_version and use it also for Knet.
totem.ip_version is now just a flag for resolver and can have four
states: ipv4 (only IPv4 is used), ipv6 (only IPv6 is used), ipv4-6 (ask
IPv4 first and if it fails ask for IPv6) and ipv6-4 (ask IPv6 first and
if it fails ask for IPv4). Default for Knet and UDPU transports is
ipv6-4, for UDP it's ipv4, because autogenerated mcast addr doesn't play
too well with ipv6-4.
So everywhere where nss_myhostname becomes problem, it's just possible
to set totem.ip_version to ipv4-6.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
It's required to create TOTEM logsys subsys before totemip_parse is used
(so before totem_config_read). Logsys is not yet fully initialized, but
it's good enough.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
