[DRBD-cvs] r1594 - in trunk: . debian documentation drbd scripts
svn at svn.drbd.org
svn at svn.drbd.org
Fri Oct 15 20:11:17 CEST 2004
Author: lars
Date: 2004-10-15 20:11:14 +0200 (Fri, 15 Oct 2004)
New Revision: 1594
Added:
trunk/debian/drbd0.7.conffiles
Modified:
trunk/
trunk/ChangeLog
trunk/Makefile
trunk/ROADMAP
trunk/debian/changelog
trunk/debian/control
trunk/documentation/drbd.conf.sgml
trunk/drbd.spec.in
trunk/drbd/drbd_fs.c
trunk/scripts/drbd
trunk/scripts/drbddisk
Log:
add details to ROADMAP.
merge from branches/drbd-0.7 (no svnp run, just svn merge):
r1578 | phil | 2004-10-01 11:38:25 +0200 (Fri, 01 Oct 2004) | 2 lines
Changed paths:
M /branches/drbd-0.7/ChangeLog
M /branches/drbd-0.7/drbd/linux/drbd_config.h
M /branches/drbd-0.7/drbd.spec.in
Preparing the 0.7.5 release
r1580 | philhug | 2004-10-01 11:44:00 +0200 (Fri, 01 Oct 2004) | 4 lines
Changed paths:
M /branches/drbd-0.7/debian/changelog
M /branches/drbd-0.7/debian/control
A /branches/drbd-0.7/debian/drbd0.7.conffiles
* conflict with all drbd and drbd-source packages
* added conffiles again, they're needed even if lintian complains
r1581 | phil | 2004-10-05 19:51:18 +0200 (Tue, 05 Oct 2004) | 2 lines
Changed paths:
M /branches/drbd-0.7/Makefile
Need this for my build on rhas2.1 rhas3 sles8 and sles9 scipt.
r1584 | lars | 2004-10-06 11:23:30 +0200 (Wed, 06 Oct 2004) | 2 lines
Changed paths:
M /branches/drbd-0.7/scripts/drbd
don't run drbdadm down if there is no /proc/drbd
kick klogd, if we guess it is running
r1587 | phil | 2004-10-13 11:42:03 +0200 (Wed, 13 Oct 2004) | 4 lines
Changed paths:
M /branches/drbd-0.7/drbd/drbd_compat_types.h
M /branches/drbd-0.7/drbd/drbd_fs.c
* Backportet find_next_bit for the x86-64 architecture. For
use of drbd-0.7.x with Linux-2.4.x on AMD's processors.
* Made the warning in ppsize() on 64 architectures go away.
r1588 | lars | 2004-10-13 16:54:07 +0200 (Wed, 13 Oct 2004) | 1 line
Changed paths:
M /branches/drbd-0.7/scripts/drbddisk
improve drbddisk: 'start' failed if heartbeat deadtime is shorter than drbd ping time
r1589 | lars | 2004-10-13 17:03:28 +0200 (Wed, 13 Oct 2004) | 1 line
Changed paths:
M /branches/drbd-0.7/documentation/drbd.conf.sgml
no more negative values in wfc-timeout...
r1592 | lars | 2004-10-15 19:10:30 +0200 (Fri, 15 Oct 2004) | 1 line
Changed paths:
M /branches/drbd-0.7/drbd/drbd_fs.c
add sanity check in ioctl for Unconfigured case; verify CAP_SYS_ADMIN;
r1593 | lars | 2004-10-15 19:21:07 +0200 (Fri, 15 Oct 2004) | 1 line
Changed paths:
M /branches/drbd-0.7/drbd/drbd_fs.c
outch... moved it above the mutex, but still 'goto up(mutex)' in the error case...
Property changes on: trunk
___________________________________________________________________
Name: propagate:at
- 1576
+ 1594
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/ChangeLog 2004-10-15 18:11:14 UTC (rev 1594)
@@ -1,12 +1,34 @@
Latest:
------
- ChangeLog last updated: r1537 2004-09-09
+ ChangeLog last updated: r1594 2004-10-15
Cumulative changes since last tarball.
For even more detail, use "svn log" and "svn diff".
0.8_pre1
--------
* remove all kernel 2.4.x compatibility crap
+ * ioctl sanity checks about Unconfigured and CAP_SYS_ADMIN
+ * drbddisk start retries several times,
+ in case drbd ping timeout is longer than heartbeat deadtime.
+
+0.7.5 (api:76/proto:74)
+-----
+ * Fix a bug that could case read requests to return wrong data
+ on a node in Primary/SyncTaget state. (A very unlikely race,
+ it is not known that this ever triggered; It was found by an
+ ASSERTION in the code)
+ * Removed the 30MB/sec speeding limit for the syncer. (this was
+ intended as a debugging aid, but it was not removed in time)
+ * A fix to drbdsetup, to make drbdadm adjust work if a resource
+ is diskless.
+ * Got rid of the compiler warning when build on a kernel with
+ CONFIG_LBD not set.
+ * Now the device nodes are created with sane permissions.
+ * The debian package is now named "drbd0.7"
+ * set_fs() is now also done for sendpage()
+ * Better compatibility with early 2.4.x kernels (BH_Launder, min()/max())
+ * Touch /var/lock/subsys/drbd, needed for RedHat based distros.
+ * Improvements to the INSALL document
* Removed HOWTO, ja, pt_BR ... all hopelessly outdated.
disabled benchmark/run.sh
Modified: trunk/Makefile
===================================================================
--- trunk/Makefile 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/Makefile 2004-10-15 18:11:14 UTC (rev 1594)
@@ -194,6 +194,7 @@
--define "buildroot $(PWD)/dist/install" \
--define "kernelversion $(KVER)" \
--define "kdir $(KDIR)" \
+ $(RPMOPT) \
$(PWD)/dist/SPECS/drbd.spec
@echo "You have now:" ; ls -l dist/*RPMS/*/*.rpm
Modified: trunk/ROADMAP
===================================================================
--- trunk/ROADMAP 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/ROADMAP 2004-10-15 18:11:14 UTC (rev 1594)
@@ -10,6 +10,11 @@
Replace the Drbd_Parameter_Packet by a more general and
extensible mechanism.
+ Sanitize ioctls to inlcude a standard device information struct
+ at the beginning, including the expected API version.
+ Consider using DRBD ioctls with some char device similar to
+ /dev/mapper/control
+
3 Authenticate the peer upon connect by using a shared secret.
Configuration file syntax: net { auth-secret "secret-word" }
Using a challenge-response authentication within the new
@@ -319,7 +324,8 @@
1 wait-sync-target
-2 Implement the checksum based resync.
+2 Implement the checksum based resync
+ and online verification.
3 Have protocol version 74 available in drbd-0.8, to allow rolling
upgrades
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/debian/changelog 2004-10-15 18:11:14 UTC (rev 1594)
@@ -6,6 +6,7 @@
* Rewritten debian/rules using module-assistant
* Change binary package name to drbd0.7
* Added myself as Uploader
+ * Conflict with drbd and drbd-source
-- Philipp Hug <debian at hug.cx> Tue, 14 Sep 2004 23:25:12 +0200
Modified: trunk/debian/control
===================================================================
--- trunk/debian/control 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/debian/control 2004-10-15 18:11:14 UTC (rev 1594)
@@ -10,7 +10,7 @@
Architecture: any
Section: misc
Depends: debconf, ${misc:Depends}
-Conflicts: drbd (<< 0.7)
+Conflicts: drbd
Provides: drbd
Suggests: heartbeat
Description: RAID 1 over tcp/ip for Linux utilities
@@ -30,7 +30,7 @@
Architecture: all
Section: misc
Depends: module-assistant
-Conflicts: drbd-source (<< 0.7)
+Conflicts: drbd-source
Provides: drbd-source
Recommends: dpkg-dev, kernel-package, debhelper (>= 4), debconf-utils
Description: RAID 1 over tcp/ip for Linux module source
Copied: trunk/debian/drbd0.7.conffiles (from rev 1593, branches/drbd-0.7/debian/drbd0.7.conffiles)
Modified: trunk/documentation/drbd.conf.sgml
===================================================================
--- trunk/documentation/drbd.conf.sgml 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/documentation/drbd.conf.sgml 2004-10-15 18:11:14 UTC (rev 1594)
@@ -455,10 +455,9 @@
The init script <citerefentry><refentrytitle>drbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> blocks the boot process
until the DRBD resources are connected.
+ This is so when the cluster manager starts later,
+ it does not see a resource with internal split-brain.
In case you want to limit the wait time, do it here.
- The sign is important.
- Always use a negative value, positive will (try to) force primary status,
- which is not what you want, if it has outdated data.
Default is 0, which means unlimited. Unit is seconds.
</para></listitem>
</varlistentry>
@@ -468,7 +467,9 @@
<listitem><para>
Wait for connection timeout, if this node was a degraded cluster.
In case a degraded cluster (= cluster with only one node left)
- is rebooted, this timeout value is used instead of wfc-timeout.
+ is rebooted, this timeout value is used instead of wfc-timeout,
+ because the peer is less likely to show up in time,
+ if it had been dead before.
Default is 60, unit is seconds. Value 0 means unlimited.
</para>
</listitem>
Modified: trunk/drbd/drbd_fs.c
===================================================================
--- trunk/drbd/drbd_fs.c 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/drbd/drbd_fs.c 2004-10-15 18:11:14 UTC (rev 1594)
@@ -77,7 +77,7 @@
size = size >> 10;
base++;
}
- sprintf(buf,"%d %cB",size,units[base]);
+ sprintf(buf,"%ld %cB",(long)size,units[base]);
return buf;
}
@@ -892,6 +892,69 @@
D_ASSERT(MAJOR(inode->i_rdev) == MAJOR_NR);
+ /*
+ * check whether we can permit this ioctl, and whether is makes sense.
+ * we don't care for the BLK* ioctls, with 2.6 they never end up here.
+ *
+ * for non-sysadmins, we only allow GET_CONFIG (and GET_VERSION)
+ * all other things need CAP_SYS_ADMIN.
+ *
+ * on an Unconfigured device, only configure requests make sense.
+ * still we silently ignore requests to become secondary or to
+ * unconfigure. other requests are invalid.
+ *
+ * I chose to have an additional switch statement for it
+ * because I think this makes it more obvious.
+ *
+ * because we look at mdev->cstate, it should be inside the lock
+ * (once we serialize cstate changes, it has to be...)
+ *
+ */
+ if (!capable(CAP_SYS_ADMIN)
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {
+ err = -EPERM;
+ goto out_unlocked;
+ }
+
+ if (mdev->cstate == Unconfigured) {
+ switch (cmd) {
+ default:
+ /* oops, unknown IOCTL ?? */
+ err = -EINVAL;
+ goto out_unlocked;
+
+ case DRBD_IOCTL_GET_CONFIG:
+ case DRBD_IOCTL_GET_VERSION:
+ break; /* always allowed */
+
+ case DRBD_IOCTL_SET_DISK_CONFIG:
+ case DRBD_IOCTL_SET_NET_CONFIG:
+ break; /* no restriction here */
+
+ case DRBD_IOCTL_UNCONFIG_DISK:
+ case DRBD_IOCTL_UNCONFIG_NET:
+ /* no op, so "drbdadm down all" does not fail */
+ err = 0;
+ goto out_unlocked;
+
+ /* the rest of them don't make sense if Unconfigured.
+ * still, set an Unconfigured device Secondary
+ * is allowed, so "drbdadm down all" does not fail */
+ case DRBD_IOCTL_SET_STATE:
+ case DRBD_IOCTL_INVALIDATE:
+ case DRBD_IOCTL_INVALIDATE_REM:
+ case DRBD_IOCTL_SET_DISK_SIZE:
+ case DRBD_IOCTL_SET_STATE_FLAGS:
+ case DRBD_IOCTL_SET_SYNC_CONFIG:
+ case DRBD_IOCTL_WAIT_CONNECT:
+ case DRBD_IOCTL_WAIT_SYNC:
+ err = (cmd == DRBD_IOCTL_SET_STATE && arg == Secondary)
+ ? 0 : -ENXIO;
+ goto out_unlocked;
+ }
+ }
+
if (unlikely(drbd_did_panic == DRBD_MAGIC))
return -EBUSY;
@@ -1142,7 +1205,7 @@
default:
err = -EINVAL;
}
- //out:
+ /* out: */
up(&mdev->device_mutex);
out_unlocked:
return err;
Modified: trunk/drbd.spec.in
===================================================================
--- trunk/drbd.spec.in 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/drbd.spec.in 2004-10-15 18:11:14 UTC (rev 1594)
@@ -171,10 +171,32 @@
/sbin/depmod -a -F /boot/System.map-%{kernelversion} %{kernelversion} >/dev/null 2>&1 || true
%changelog
-* Tue Sep 21 2004 02:39:53 +0200 Lars Ellenberg <l.g.e at web.de>
+* Fri Oct 15 2004 19:53:21 +0200 Lars Ellenberg <l.g.e at web.de>
- drbd (0.8_pre1-1)
* remove all kernel 2.4.x compatibility crap
+ * ioctl sanity checks about Unconfigured and CAP_SYS_ADMIN
+* Fri Oct 1 2004 11:33:00 +0200 Philipp Reisner <phil at linbit.com>
+- drbd (0.7.5-1)
+ * Fix a bug that could case read requests to return wrong data
+ on a node in Primary/SyncTaget state. (A very unlikely race,
+ it is not known that this ever triggered; It was found by an
+ ASSERTION in the code)
+ * Removed the 30MB/sec speeding limit for the syncer. (this was
+ intended as a debugging aid, but it was not removed in time)
+ * A fix to drbdsetup, to make drbdadm adjust work if a resource
+ is diskless.
+ * Got rid of the compiler warning when build on a kernel with
+ CONFIG_LBD not set.
+ * Now the device nodes are created with sane permissions.
+ * The debian package is now named "drbd0.7"
+ * set_fs() is now also done for sendpage()
+ * Better compatibility with early 2.4.x kernels (BH_Launder, min()/max())
+ * Touch /var/lock/subsys/drbd, needed for RedHat based distros.
+ * Improvements to the INSALL document
+ * Removed HOWTO, ja, pt_BR ... all hopelessly outdated.
+ disabled benchmark/run.sh
+
* Thu Sep 9 2004 19:50:00 +0200 Philipp Reisner <phil at linbit.com>
- drbd (0.7.4-1)
* Fixed a critical bug with Linux-2.4.x and HIGHMEM!
Modified: trunk/scripts/drbd
===================================================================
--- trunk/scripts/drbd 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/scripts/drbd 2004-10-15 18:11:14 UTC (rev 1594)
@@ -37,6 +37,8 @@
$MODPROBE -s drbd `$DRBDADM sh-mod-parms` $ADD_MOD_PARAM || {
echo "Can not load the drbd module."$'\n'; exit 20
}
+ # tell klogd to reload module symbol information ...
+ [ -e /var/run/klogd.pid ] && [ -x /sbin/klogd ] && /sbin/klogd -i
# make sure udev has time to create the device files
RESOURCE=`$DRBDADM sh-resources` || exit 20
@@ -68,8 +70,10 @@
;;
stop)
echo -n "Stopping all DRBD resources"
- $DRBDADM down all
- $RMMOD drbd
+ if [ -e $PROC_DRBD ] ; then
+ $DRBDADM down all
+ $RMMOD drbd
+ fi
[ -f /var/lock/subsys/drbd ] && rm /var/lock/subsys/drbd
echo "."
;;
Modified: trunk/scripts/drbddisk
===================================================================
--- trunk/scripts/drbddisk 2004-10-15 17:21:07 UTC (rev 1593)
+++ trunk/scripts/drbddisk 2004-10-15 18:11:14 UTC (rev 1594)
@@ -23,10 +23,18 @@
case "$CMD" in
start)
- $DRBDADM primary $RES
+ # try several times, in case heartbeat deadtime
+ # was smaller than drbd ping time
+ try=6
+ while true; do
+ $DRBDADM primary $RES && break
+ let "--try" || exit 20
+ sleep 1
+ done
;;
stop)
- $DRBDADM secondary $RES
+ # exec, so the exit code of drbdadm propagates
+ exec $DRBDADM secondary $RES
;;
status)
if [ "$RES" = "all" ]; then
More information about the drbd-cvs
mailing list