glusterfs.git/rpc/rpc-transport/socket/src/socket.h, branch v3.8.4 socket: reduce rate of readv failure logs due to disconnect 2016-02-22T18:10:50+00:00 Krishnan Parthasarathi kparthas@redhat.com 2014-06-30T05:56:54+00:00 27c09b9357004e5fdb02fdf0c586f3402878db1f ... by using GF_LOG_OCCASIONALLY Change-Id: I779ff32ead13c8bb446a57b5baccf068ae992df1 BUG: 1114847 Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com> Reviewed-on: http://review.gluster.org/8210 Tested-by: Atin Mukherjee <amukherj@redhat.com> Smoke: Gluster Build System <jenkins@build.gluster.com> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> 
... by using GF_LOG_OCCASIONALLY

Change-Id: I779ff32ead13c8bb446a57b5baccf068ae992df1
BUG: 1114847
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-on: http://review.gluster.org/8210
Tested-by: Atin Mukherjee <amukherj@redhat.com>
Smoke: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
build: fix ecdh.h and dh.h deps 2015-11-16T15:40:43+00:00 Milind Changire mchangir@redhat.com 2015-11-05T14:27:51+00:00 caae86e6f8b8150ad8663c3173fcd6df3c2e260a openssl.ecdh.h and openssl/dh.h are not available on all platforms. This patch adds check to autoconf and updates relevant source files. Add missing #include "config.h" to socket.c to make HAVE_OPENSSL_DH_H and HAVE_OPENSSL_ECDH_H macros available. Definitions for UTIME_OMIT and UTIME_NOW in contrib/qemu/util/oslib-posix.c have been selected from /usr/include/bits/stat.h on Fedora 22 SSL context options SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION are now conditionally set by testing their presence. glusterfs.spec.in file now adds CFLAGS=-DUSE_INSECURE_OPENSSL for RHEL < 6 in the %build section. Change-Id: Ie32a950dad77bb0f09b4ba53edb3e1f3147056f3 BUG: 1258883 Signed-off-by: Milind Changire <mchangir@redhat.com> Reviewed-on: http://review.gluster.org/12517 Tested-by: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> 
openssl.ecdh.h and openssl/dh.h are not available on all platforms.
This patch adds check to autoconf and updates relevant source files.
Add missing #include "config.h" to socket.c to make HAVE_OPENSSL_DH_H
and HAVE_OPENSSL_ECDH_H macros available.

Definitions for UTIME_OMIT and UTIME_NOW in
contrib/qemu/util/oslib-posix.c have been selected from
/usr/include/bits/stat.h on Fedora 22

SSL context options SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION are now
conditionally set by testing their presence.

glusterfs.spec.in file now adds CFLAGS=-DUSE_INSECURE_OPENSSL for
RHEL < 6 in the %build section.

Change-Id: Ie32a950dad77bb0f09b4ba53edb3e1f3147056f3
BUG: 1258883
Signed-off-by: Milind Changire <mchangir@redhat.com>
Reviewed-on: http://review.gluster.org/12517
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
SSL improvements: do not fail if certificate purpose is set 2015-08-24T06:19:22+00:00 Emmanuel Dreyfus manu@netbsd.org 2015-08-05T15:19:29+00:00 036ef63536d749b47b1c719bd92ff382ad75fb8b Since glusterfs shares the same settings for client-side and server-side of SSL, we need to ignore any certificate usage specification (SSL client vs SSL server), otherwise SSL connexions will fail with 'unsupported cerritifcate" BUG: 1247152 Change-Id: I7ef60271718d2d894176515aa530ff106127bceb Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/11840 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> 
Since glusterfs shares the same settings for client-side
and server-side of SSL, we need to ignore any certificate
usage specification (SSL client vs SSL server), otherwise
SSL connexions will fail with 'unsupported cerritifcate"

BUG: 1247152
Change-Id: I7ef60271718d2d894176515aa530ff106127bceb
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/11840
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
build: do not #include "config.h" in each file 2015-05-29T12:43:17+00:00 Niels de Vos ndevos@redhat.com 2015-05-18T14:26:02+00:00 8a9328e37b8c63d60583184dc8dab12f85810682 Instead of including config.h in each file, and have the additional config.h included from the compiler commandline (-include option). When a .c file tests for a certain #define, and config.h was not included, incorrect assumtions were made. With this change, it can not happen again. BUG: 1222319 Change-Id: I4f9097b8740b81ecfe8b218d52ca50361f74cb64 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/10808 Tested-by: Gluster Build System <jenkins@build.gluster.com> Tested-by: NetBSD Build System Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com> 
Instead of including config.h in each file, and have the additional
config.h included from the compiler commandline (-include option).

When a .c file tests for a certain #define, and config.h was not
included, incorrect assumtions were made. With this change, it can not
happen again.

BUG: 1222319
Change-Id: I4f9097b8740b81ecfe8b218d52ca50361f74cb64
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/10808
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
socket: use TCP_USER_TIMEOUT to detect client failures quicker 2015-03-17T12:10:17+00:00 Niels de Vos ndevos@redhat.com 2015-02-17T11:12:11+00:00 6b3704990257643da54100d8581856a7d2c72f86 Use the network.ping-timeout to set the TCP_USER_TIMEOUT socket option (see 'man 7 tcp'). The option sets the transport.tcp-user-timeout option that is handled in the rpc/socket layer on the protocol/server side. This socket option makes detecting unclean disconnected clients more reliable. When the socket gets closed, any locks that the client held are been released. This makes it possible to reduce the fail-over time for applications that run on systems that became unreachable due to a network partition or general system error client-side (kernel panic, hang, ...). It is not trivial to create a test-case for this at the moment. We need a client that unclean disconnects and an other client that tries to take over the lock from the disconnected client. URL: http://supercolony.gluster.org/pipermail/gluster-devel/2014-May/040755.html Change-Id: I5e5f540a49abfb5f398291f1818583a63a5f4bb4 BUG: 1129787 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8065 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: soumya k <skoduri@redhat.com> Reviewed-by: Santosh Pradhan <santosh.pradhan@gmail.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> 
Use the network.ping-timeout to set the TCP_USER_TIMEOUT socket option
(see 'man 7 tcp'). The option sets the transport.tcp-user-timeout option
that is handled in the rpc/socket layer on the protocol/server side.
This socket option makes detecting unclean disconnected clients more
reliable.

When the socket gets closed, any locks that the client held are been
released. This makes it possible to reduce the fail-over time for
applications that run on systems that became unreachable due to
a network partition or general system error client-side (kernel panic,
hang, ...).

It is not trivial to create a test-case for this at the moment. We need
a client that unclean disconnects and an other client that tries to take
over the lock from the disconnected client.

URL: http://supercolony.gluster.org/pipermail/gluster-devel/2014-May/040755.html
Change-Id: I5e5f540a49abfb5f398291f1818583a63a5f4bb4
BUG: 1129787
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8065
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: soumya k <skoduri@redhat.com>
Reviewed-by: Santosh Pradhan <santosh.pradhan@gmail.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
socket: allow only one epoll thread to read msg fragments 2015-02-28T05:16:11+00:00 Krishnan Parthasarathi kparthas@redhat.com 2015-02-25T10:19:11+00:00 b117d4d84becd25ef79c049ebf9b8ec6c4abca88 __socket_read_reply function releases sock priv->lock briefly for notifying higher layers of message's xid. This could result in other epoll threads that are processing events on this socket to read further fragments of the same message. This may lead to incorrect fragment processing and result in a crash. Change-Id: I915665b2e54ca16f2ad65970e51bf76c65d954a4 BUG: 1197118 Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com> Signed-off-by: Shyam <srangana@redhat.com> Reviewed-on: http://review.gluster.org/9742 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> Tested-by: Raghavendra G <rgowdapp@redhat.com> 
__socket_read_reply function releases sock priv->lock briefly for
notifying higher layers of message's xid. This could result in other
epoll threads that are processing events on this socket to read further
fragments of the same message. This may lead to incorrect fragment
processing and result in a crash.

Change-Id: I915665b2e54ca16f2ad65970e51bf76c65d954a4
BUG: 1197118
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Signed-off-by: Shyam <srangana@redhat.com>
Reviewed-on: http://review.gluster.org/9742
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
socket/glusterd/client: enable SSL for management 2014-07-10T14:37:12+00:00 Jeff Darcy jdarcy@redhat.com 2014-07-03T14:01:20+00:00 b42688786f25420de671ea06030edf4371058433 The feature is controlled by presence of the following file: /var/lib/glusterd/secure-access See the comment near the definition of SECURE_ACCESS_FILE in glusterfs.h for the rationale. With this enabled, the following rules apply to connections: UNIX-domain sockets never have SSL. Management-port sockets (both connecting and accepting, in daemons and CLI) have SSL based on presence of the file. Other IP sockets have SSL based on the existing client.ssl and server.ssl volume options. Transport multi-threading is explicitly turned off in glusterd (it would otherwise be turned on when SSL is) due to multi-threading issues. Tests have been elided to avoid risk of leaving a file which will cause all subsequent tests to run with management SSL still enabled. IMPLEMENTATION NOTE The implementation is a bit messy, and consists of two stages. First we decide whether to set the relevant fields in our context structure, based on presence of the sentinel file OR a command-line override. Later we decide whether a particular connection should actually use SSL, based on the context flags plus what kind of connection we're making[1] and what kind of daemon we're in[2]. [1] inbound, outbound to glusterd port, other outbound [2] glusterd, glusterfsd, other TESTING NOTE Instead of just running one special test for this feature, the ideal would be to run all tests with management SSL enabled. However, it would be inappropriate or premature to set up an optional feature in the patch itself. Therefore, the method of choice is to submit a separate patch on top, which modifies "cleanup" in include.rc to recreate the secure-access file and associated SSL certificate/key files before each test. Change-Id: I0e04d6d08163893e24ec8c031748c5c447d7f780 BUG: 1114604 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/8094 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
The feature is controlled by presence of the following file:

	/var/lib/glusterd/secure-access

See the comment near the definition of SECURE_ACCESS_FILE in glusterfs.h
for the rationale.  With this enabled, the following rules apply to
connections:

	UNIX-domain sockets never have SSL.

	Management-port sockets (both connecting and accepting, in
	daemons and CLI) have SSL based on presence of the file.

	Other IP sockets have SSL based on the existing client.ssl and
	server.ssl volume options.

Transport multi-threading is explicitly turned off in glusterd (it would
otherwise be turned on when SSL is) due to multi-threading issues.
Tests have been elided to avoid risk of leaving a file which will cause
all subsequent tests to run with management SSL still enabled.

IMPLEMENTATION NOTE
The implementation is a bit messy, and consists of two stages.  First we
decide whether to set the relevant fields in our context structure, based
on presence of the sentinel file OR a command-line override.  Later we
decide whether a particular connection should actually use SSL, based on the
context flags plus what kind of connection we're making[1] and what kind of
daemon we're in[2].

[1] inbound, outbound to glusterd port, other outbound
[2] glusterd, glusterfsd, other

TESTING NOTE
Instead of just running one special test for this feature, the ideal
would be to run all tests with management SSL enabled.  However, it
would be inappropriate or premature to set up an optional feature in the
patch itself.  Therefore, the method of choice is to submit a separate
patch on top, which modifies "cleanup" in include.rc to recreate the
secure-access file and associated SSL certificate/key files before each
test.

Change-Id: I0e04d6d08163893e24ec8c031748c5c447d7f780
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8094
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
transport/socket: fix connect/disconnect races 2013-06-04T22:37:54+00:00 Jeff Darcy jdarcy@redhat.com 2013-06-04T19:20:45+00:00 5c1710ed60ccb151ccd7a2890b24bb99518d36da We might receive a connect request while a disconnect is still in progress, requiring more states and (the return of) poller generation numbers to avoid redundant pollers. We might also get either kind of request from within our own rpc_transport_notify upcall, so we have to avoid locking and use the PLEASE_DIE state instead. Change-Id: Icbaacf96c516b607a79ff62c90b74d42b241780f BUG: 970194 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/5137 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
We might receive a connect request while a disconnect is still in
progress, requiring more states and (the return of) poller generation
numbers to avoid redundant pollers.  We might also get either kind of
request from within our own rpc_transport_notify upcall, so we have to
avoid locking and use the PLEASE_DIE state instead.

Change-Id: Icbaacf96c516b607a79ff62c90b74d42b241780f
BUG: 970194
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/5137
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
socket: restructure disconnect/poll-thread interactions 2013-02-03T20:09:54+00:00 Jeff Darcy jdarcy@redhat.com 2013-01-31T19:23:36+00:00 26d9d2bd27dd9e6ed9a77789afea0944032223d8 Change-Id: I792c28f52068e4ed666069b740739662685160bc BUG: 906401 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/4456 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
Change-Id: I792c28f52068e4ed666069b740739662685160bc
BUG: 906401
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/4456
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
rpc-transport/socket: implement read-ahead of RPC headers 2012-12-04T22:46:04+00:00 Anand Avati avati@redhat.com 2012-09-06T00:20:05+00:00 98879ebdddd4ca77440defad6a73acf4fa1e75ab This reduces the number of read() system calls on the socket to complete the full RPC fragment reading. Change-Id: I421a53af195ead4aad70e09e0172a61ad7912d83 BUG: 821087 Signed-off-by: Anand Avati <avati@redhat.com> Reviewed-on: http://review.gluster.org/3855 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-by: Amar Tumballi <amarts@redhat.com> 
This reduces the number of read() system calls on the socket to
complete the full RPC fragment reading.

Change-Id: I421a53af195ead4aad70e09e0172a61ad7912d83
BUG: 821087
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/3855
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>