2 * Copyright (c) 2009-2010 The FreeBSD Foundation
3 * Copyright (c) 2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
6 * This software was developed by Pawel Jakub Dawidek under sponsorship from
7 * the FreeBSD Foundation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/linker.h>
36 #include <sys/module.h>
51 #include <activemap.h>
57 #include "hast_proto.h"
62 /* Path to configuration file. */
63 const char *cfgpath = HAST_CONFIG;
64 /* Hastd configuration. */
65 static struct hastd_config *cfg;
66 /* Was SIGINT or SIGTERM signal received? */
67 bool sigexit_received = false;
68 /* PID file handle. */
71 /* How often check for hooks running for too long. */
72 #define REPORT_INTERVAL 5
78 errx(EX_USAGE, "[-dFh] [-c config] [-P pidfile]");
85 if (modfind("g_gate") == -1) {
86 /* Not present in kernel, try loading it. */
87 if (kldload("geom_gate") == -1 || modfind("g_gate") == -1) {
88 if (errno != EEXIST) {
90 "Unable to load geom_gate module");
97 child_exit_log(unsigned int pid, int status)
100 if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
101 pjdlog_debug(1, "Worker process exited gracefully (pid=%u).",
103 } else if (WIFSIGNALED(status)) {
104 pjdlog_error("Worker process killed (pid=%u, signal=%d).",
105 pid, WTERMSIG(status));
107 pjdlog_error("Worker process exited ungracefully (pid=%u, exitcode=%d).",
108 pid, WIFEXITED(status) ? WEXITSTATUS(status) : -1);
115 struct hast_resource *res;
119 while ((pid = wait3(&status, WNOHANG, NULL)) > 0) {
120 /* Find resource related to the process that just exited. */
121 TAILQ_FOREACH(res, &cfg->hc_resources, hr_next) {
122 if (pid == res->hr_workerpid)
127 * This can happen when new connection arrives and we
128 * cancel child responsible for the old one or if this
129 * was hook which we executed.
131 hook_check_one(pid, status);
134 pjdlog_prefix_set("[%s] (%s) ", res->hr_name,
135 role2str(res->hr_role));
136 child_exit_log(pid, status);
138 if (res->hr_role == HAST_ROLE_PRIMARY) {
140 * Restart child process if it was killed by signal
141 * or exited because of temporary problem.
143 if (WIFSIGNALED(status) ||
144 (WIFEXITED(status) &&
145 WEXITSTATUS(status) == EX_TEMPFAIL)) {
147 pjdlog_info("Restarting worker process.");
150 res->hr_role = HAST_ROLE_INIT;
151 pjdlog_info("Changing resource role back to %s.",
152 role2str(res->hr_role));
155 pjdlog_prefix_set("%s", "");
160 resource_needs_restart(const struct hast_resource *res0,
161 const struct hast_resource *res1)
164 assert(strcmp(res0->hr_name, res1->hr_name) == 0);
166 if (strcmp(res0->hr_provname, res1->hr_provname) != 0)
168 if (strcmp(res0->hr_localpath, res1->hr_localpath) != 0)
170 if (res0->hr_role == HAST_ROLE_INIT ||
171 res0->hr_role == HAST_ROLE_SECONDARY) {
172 if (strcmp(res0->hr_remoteaddr, res1->hr_remoteaddr) != 0)
174 if (res0->hr_replication != res1->hr_replication)
176 if (res0->hr_timeout != res1->hr_timeout)
178 if (strcmp(res0->hr_exec, res1->hr_exec) != 0)
185 resource_needs_reload(const struct hast_resource *res0,
186 const struct hast_resource *res1)
189 assert(strcmp(res0->hr_name, res1->hr_name) == 0);
190 assert(strcmp(res0->hr_provname, res1->hr_provname) == 0);
191 assert(strcmp(res0->hr_localpath, res1->hr_localpath) == 0);
193 if (res0->hr_role != HAST_ROLE_PRIMARY)
196 if (strcmp(res0->hr_remoteaddr, res1->hr_remoteaddr) != 0)
198 if (res0->hr_replication != res1->hr_replication)
200 if (res0->hr_timeout != res1->hr_timeout)
202 if (strcmp(res0->hr_exec, res1->hr_exec) != 0)
210 struct hastd_config *newcfg;
211 struct hast_resource *nres, *cres, *tres;
214 pjdlog_info("Reloading configuration...");
216 newcfg = yy_config_parse(cfgpath, false);
221 * Check if control address has changed.
223 if (strcmp(cfg->hc_controladdr, newcfg->hc_controladdr) != 0) {
224 if (proto_server(newcfg->hc_controladdr,
225 &newcfg->hc_controlconn) < 0) {
226 pjdlog_errno(LOG_ERR,
227 "Unable to listen on control address %s",
228 newcfg->hc_controladdr);
233 * Check if listen address has changed.
235 if (strcmp(cfg->hc_listenaddr, newcfg->hc_listenaddr) != 0) {
236 if (proto_server(newcfg->hc_listenaddr,
237 &newcfg->hc_listenconn) < 0) {
238 pjdlog_errno(LOG_ERR, "Unable to listen on address %s",
239 newcfg->hc_listenaddr);
244 * Only when both control and listen sockets are successfully
245 * initialized switch them to new configuration.
247 if (newcfg->hc_controlconn != NULL) {
248 pjdlog_info("Control socket changed from %s to %s.",
249 cfg->hc_controladdr, newcfg->hc_controladdr);
250 proto_close(cfg->hc_controlconn);
251 cfg->hc_controlconn = newcfg->hc_controlconn;
252 newcfg->hc_controlconn = NULL;
253 strlcpy(cfg->hc_controladdr, newcfg->hc_controladdr,
254 sizeof(cfg->hc_controladdr));
256 if (newcfg->hc_listenconn != NULL) {
257 pjdlog_info("Listen socket changed from %s to %s.",
258 cfg->hc_listenaddr, newcfg->hc_listenaddr);
259 proto_close(cfg->hc_listenconn);
260 cfg->hc_listenconn = newcfg->hc_listenconn;
261 newcfg->hc_listenconn = NULL;
262 strlcpy(cfg->hc_listenaddr, newcfg->hc_listenaddr,
263 sizeof(cfg->hc_listenaddr));
267 * Stop and remove resources that were removed from the configuration.
269 TAILQ_FOREACH_SAFE(cres, &cfg->hc_resources, hr_next, tres) {
270 TAILQ_FOREACH(nres, &newcfg->hc_resources, hr_next) {
271 if (strcmp(cres->hr_name, nres->hr_name) == 0)
275 control_set_role(cres, HAST_ROLE_INIT);
276 TAILQ_REMOVE(&cfg->hc_resources, cres, hr_next);
277 pjdlog_info("Resource %s removed.", cres->hr_name);
282 * Move new resources to the current configuration.
284 TAILQ_FOREACH_SAFE(nres, &newcfg->hc_resources, hr_next, tres) {
285 TAILQ_FOREACH(cres, &cfg->hc_resources, hr_next) {
286 if (strcmp(cres->hr_name, nres->hr_name) == 0)
290 TAILQ_REMOVE(&newcfg->hc_resources, nres, hr_next);
291 TAILQ_INSERT_TAIL(&cfg->hc_resources, nres, hr_next);
292 pjdlog_info("Resource %s added.", nres->hr_name);
296 * Deal with modified resources.
297 * Depending on what has changed exactly we might want to perform
300 * We do full resource restart in the following situations:
301 * Resource role is INIT or SECONDARY.
302 * Resource role is PRIMARY and path to local component or provider
304 * In case of PRIMARY, the worker process will be killed and restarted,
305 * which also means removing /dev/hast/<name> provider and
308 * We do just reload (send SIGHUP to worker process) if we act as
309 * PRIMARY, but only remote address, replication mode and timeout
310 * has changed. For those, there is no need to restart worker process.
311 * If PRIMARY receives SIGHUP, it will reconnect if remote address or
312 * replication mode has changed or simply set new timeout if only
313 * timeout has changed.
315 TAILQ_FOREACH_SAFE(nres, &newcfg->hc_resources, hr_next, tres) {
316 TAILQ_FOREACH(cres, &cfg->hc_resources, hr_next) {
317 if (strcmp(cres->hr_name, nres->hr_name) == 0)
320 assert(cres != NULL);
321 if (resource_needs_restart(cres, nres)) {
322 pjdlog_info("Resource %s configuration was modified, restarting it.",
324 role = cres->hr_role;
325 control_set_role(cres, HAST_ROLE_INIT);
326 TAILQ_REMOVE(&cfg->hc_resources, cres, hr_next);
328 TAILQ_REMOVE(&newcfg->hc_resources, nres, hr_next);
329 TAILQ_INSERT_TAIL(&cfg->hc_resources, nres, hr_next);
330 control_set_role(nres, role);
331 } else if (resource_needs_reload(cres, nres)) {
332 pjdlog_info("Resource %s configuration was modified, reloading it.",
334 strlcpy(cres->hr_remoteaddr, nres->hr_remoteaddr,
335 sizeof(cres->hr_remoteaddr));
336 cres->hr_replication = nres->hr_replication;
337 cres->hr_timeout = nres->hr_timeout;
338 if (cres->hr_workerpid != 0) {
339 if (kill(cres->hr_workerpid, SIGHUP) < 0) {
340 pjdlog_errno(LOG_WARNING,
341 "Unable to send SIGHUP to worker process %u",
342 (unsigned int)cres->hr_workerpid);
348 yy_config_free(newcfg);
349 pjdlog_info("Configuration reloaded successfully.");
352 if (newcfg != NULL) {
353 if (newcfg->hc_controlconn != NULL)
354 proto_close(newcfg->hc_controlconn);
355 if (newcfg->hc_listenconn != NULL)
356 proto_close(newcfg->hc_listenconn);
357 yy_config_free(newcfg);
359 pjdlog_warning("Configuration not reloaded.");
363 terminate_workers(void)
365 struct hast_resource *res;
367 pjdlog_info("Termination signal received, exiting.");
368 TAILQ_FOREACH(res, &cfg->hc_resources, hr_next) {
369 if (res->hr_workerpid == 0)
371 pjdlog_info("Terminating worker process (resource=%s, role=%s, pid=%u).",
372 res->hr_name, role2str(res->hr_role), res->hr_workerpid);
373 if (kill(res->hr_workerpid, SIGTERM) == 0)
375 pjdlog_errno(LOG_WARNING,
376 "Unable to send signal to worker process (resource=%s, role=%s, pid=%u).",
377 res->hr_name, role2str(res->hr_role), res->hr_workerpid);
384 struct hast_resource *res;
385 struct proto_conn *conn;
386 struct nv *nvin, *nvout, *nverr;
388 const unsigned char *token;
389 char laddr[256], raddr[256];
394 proto_local_address(cfg->hc_listenconn, laddr, sizeof(laddr));
395 pjdlog_debug(1, "Accepting connection to %s.", laddr);
397 if (proto_accept(cfg->hc_listenconn, &conn) < 0) {
398 pjdlog_errno(LOG_ERR, "Unable to accept connection %s", laddr);
402 proto_local_address(conn, laddr, sizeof(laddr));
403 proto_remote_address(conn, raddr, sizeof(raddr));
404 pjdlog_info("Connection from %s to %s.", raddr, laddr);
406 /* Error in setting timeout is not critical, but why should it fail? */
407 if (proto_timeout(conn, HAST_TIMEOUT) < 0)
408 pjdlog_errno(LOG_WARNING, "Unable to set connection timeout");
410 nvin = nvout = nverr = NULL;
413 * Before receiving any data see if remote host have access to any
416 TAILQ_FOREACH(res, &cfg->hc_resources, hr_next) {
417 if (proto_address_match(conn, res->hr_remoteaddr))
421 pjdlog_error("Client %s isn't known.", raddr);
424 /* Ok, remote host can access at least one resource. */
426 if (hast_proto_recv_hdr(conn, &nvin) < 0) {
427 pjdlog_errno(LOG_ERR, "Unable to receive header from %s",
432 resname = nv_get_string(nvin, "resource");
433 if (resname == NULL) {
434 pjdlog_error("No 'resource' field in the header received from %s.",
438 pjdlog_debug(2, "%s: resource=%s", raddr, resname);
439 token = nv_get_uint8_array(nvin, &size, "token");
441 * NULL token means that this is first conection.
443 if (token != NULL && size != sizeof(res->hr_token)) {
444 pjdlog_error("Received token of invalid size from %s (expected %zu, got %zu).",
445 raddr, sizeof(res->hr_token), size);
450 * From now on we want to send errors to the remote node.
454 /* Find resource related to this connection. */
455 TAILQ_FOREACH(res, &cfg->hc_resources, hr_next) {
456 if (strcmp(resname, res->hr_name) == 0)
459 /* Have we found the resource? */
461 pjdlog_error("No resource '%s' as requested by %s.",
463 nv_add_stringf(nverr, "errmsg", "Resource not configured.");
467 /* Now that we know resource name setup log prefix. */
468 pjdlog_prefix_set("[%s] (%s) ", res->hr_name, role2str(res->hr_role));
470 /* Does the remote host have access to this resource? */
471 if (!proto_address_match(conn, res->hr_remoteaddr)) {
472 pjdlog_error("Client %s has no access to the resource.", raddr);
473 nv_add_stringf(nverr, "errmsg", "No access to the resource.");
476 /* Is the resource marked as secondary? */
477 if (res->hr_role != HAST_ROLE_SECONDARY) {
478 pjdlog_error("We act as %s for the resource and not as %s as requested by %s.",
479 role2str(res->hr_role), role2str(HAST_ROLE_SECONDARY),
481 nv_add_stringf(nverr, "errmsg",
482 "Remote node acts as %s for the resource and not as %s.",
483 role2str(res->hr_role), role2str(HAST_ROLE_SECONDARY));
486 /* Does token (if exists) match? */
487 if (token != NULL && memcmp(token, res->hr_token,
488 sizeof(res->hr_token)) != 0) {
489 pjdlog_error("Token received from %s doesn't match.", raddr);
490 nv_add_stringf(nverr, "errmsg", "Token doesn't match.");
494 * If there is no token, but we have half-open connection
495 * (only remotein) or full connection (worker process is running)
496 * we have to cancel those and accept the new connection.
499 assert(res->hr_remoteout == NULL);
500 pjdlog_debug(1, "Initial connection from %s.", raddr);
501 if (res->hr_workerpid != 0) {
502 assert(res->hr_remotein == NULL);
504 "Worker process exists (pid=%u), stopping it.",
505 (unsigned int)res->hr_workerpid);
506 /* Stop child process. */
507 if (kill(res->hr_workerpid, SIGINT) < 0) {
508 pjdlog_errno(LOG_ERR,
509 "Unable to stop worker process (pid=%u)",
510 (unsigned int)res->hr_workerpid);
512 * Other than logging the problem we
513 * ignore it - nothing smart to do.
516 /* Wait for it to exit. */
517 else if ((pid = waitpid(res->hr_workerpid,
518 &status, 0)) != res->hr_workerpid) {
519 /* We can only log the problem. */
520 pjdlog_errno(LOG_ERR,
521 "Waiting for worker process (pid=%u) failed",
522 (unsigned int)res->hr_workerpid);
524 child_exit_log(res->hr_workerpid, status);
527 } else if (res->hr_remotein != NULL) {
530 proto_remote_address(res->hr_remotein, oaddr,
533 "Canceling half-open connection from %s on connection from %s.",
535 proto_close(res->hr_remotein);
536 res->hr_remotein = NULL;
541 * Checks and cleanups are done.
545 arc4random_buf(res->hr_token, sizeof(res->hr_token));
547 nv_add_uint8_array(nvout, res->hr_token,
548 sizeof(res->hr_token), "token");
549 if (nv_error(nvout) != 0) {
550 pjdlog_common(LOG_ERR, 0, nv_error(nvout),
551 "Unable to prepare return header for %s", raddr);
552 nv_add_stringf(nverr, "errmsg",
553 "Remote node was unable to prepare return header: %s.",
554 strerror(nv_error(nvout)));
557 if (hast_proto_send(NULL, conn, nvout, NULL, 0) < 0) {
560 pjdlog_errno(LOG_ERR, "Unable to send response to %s",
562 nv_add_stringf(nverr, "errmsg",
563 "Remote node was unable to send response: %s.",
567 res->hr_remotein = conn;
568 pjdlog_debug(1, "Incoming connection from %s configured.",
571 res->hr_remoteout = conn;
572 pjdlog_debug(1, "Outgoing connection to %s configured.", raddr);
573 hastd_secondary(res, nvin);
578 pjdlog_prefix_set("%s", "");
581 if (nv_error(nverr) != 0) {
582 pjdlog_common(LOG_ERR, 0, nv_error(nverr),
583 "Unable to prepare error header for %s", raddr);
586 if (hast_proto_send(NULL, conn, nverr, NULL, 0) < 0) {
587 pjdlog_errno(LOG_ERR, "Unable to send error to %s", raddr);
598 pjdlog_prefix_set("%s", "");
604 struct hast_resource *res;
605 struct timeval seltimeout;
606 struct timespec sigtimeout;
607 int fd, maxfd, ret, signo;
611 seltimeout.tv_sec = REPORT_INTERVAL;
612 seltimeout.tv_usec = 0;
613 sigtimeout.tv_sec = 0;
614 sigtimeout.tv_nsec = 0;
616 PJDLOG_VERIFY(sigemptyset(&mask) == 0);
617 PJDLOG_VERIFY(sigaddset(&mask, SIGHUP) == 0);
618 PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0);
619 PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0);
620 PJDLOG_VERIFY(sigaddset(&mask, SIGCHLD) == 0);
623 while ((signo = sigtimedwait(&mask, NULL, &sigtimeout)) != -1) {
627 sigexit_received = true;
638 assert(!"invalid condition");
642 /* Setup descriptors for select(2). */
644 maxfd = fd = proto_descriptor(cfg->hc_controlconn);
647 fd = proto_descriptor(cfg->hc_listenconn);
650 maxfd = fd > maxfd ? fd : maxfd;
651 TAILQ_FOREACH(res, &cfg->hc_resources, hr_next) {
652 if (res->hr_event == NULL)
654 fd = proto_descriptor(res->hr_event);
657 maxfd = fd > maxfd ? fd : maxfd;
660 assert(maxfd + 1 <= (int)FD_SETSIZE);
661 ret = select(maxfd + 1, &rfds, NULL, NULL, &seltimeout);
664 else if (ret == -1) {
667 KEEP_ERRNO((void)pidfile_remove(pfh));
668 pjdlog_exit(EX_OSERR, "select() failed");
671 if (FD_ISSET(proto_descriptor(cfg->hc_controlconn), &rfds))
673 if (FD_ISSET(proto_descriptor(cfg->hc_listenconn), &rfds))
675 TAILQ_FOREACH(res, &cfg->hc_resources, hr_next) {
676 if (res->hr_event == NULL)
678 if (FD_ISSET(proto_descriptor(res->hr_event), &rfds)) {
679 if (event_recv(res) == 0)
681 /* The worker process exited? */
682 proto_close(res->hr_event);
683 res->hr_event = NULL;
690 dummy_sighandler(int sig __unused)
696 main(int argc, char *argv[])
706 pidfile = HASTD_PIDFILE;
711 ch = getopt(argc, argv, "c:dFhP:");
735 pjdlog_debug_set(debuglevel);
739 pfh = pidfile_open(pidfile, 0600, &otherpid);
741 if (errno == EEXIST) {
742 pjdlog_exitx(EX_TEMPFAIL,
743 "Another hastd is already running, pid: %jd.",
746 /* If we cannot create pidfile from other reasons, only warn. */
747 pjdlog_errno(LOG_WARNING, "Unable to open or create pidfile");
750 cfg = yy_config_parse(cfgpath, true);
754 * Because SIGCHLD is ignored by default, setup dummy handler for it,
757 PJDLOG_VERIFY(signal(SIGCHLD, dummy_sighandler) != SIG_ERR);
758 PJDLOG_VERIFY(sigemptyset(&mask) == 0);
759 PJDLOG_VERIFY(sigaddset(&mask, SIGHUP) == 0);
760 PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0);
761 PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0);
762 PJDLOG_VERIFY(sigaddset(&mask, SIGCHLD) == 0);
763 PJDLOG_VERIFY(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
765 /* Listen on control address. */
766 if (proto_server(cfg->hc_controladdr, &cfg->hc_controlconn) < 0) {
767 KEEP_ERRNO((void)pidfile_remove(pfh));
768 pjdlog_exit(EX_OSERR, "Unable to listen on control address %s",
769 cfg->hc_controladdr);
771 /* Listen for remote connections. */
772 if (proto_server(cfg->hc_listenaddr, &cfg->hc_listenconn) < 0) {
773 KEEP_ERRNO((void)pidfile_remove(pfh));
774 pjdlog_exit(EX_OSERR, "Unable to listen on address %s",
779 if (daemon(0, 0) < 0) {
780 KEEP_ERRNO((void)pidfile_remove(pfh));
781 pjdlog_exit(EX_OSERR, "Unable to daemonize");
784 /* Start logging to syslog. */
785 pjdlog_mode_set(PJDLOG_MODE_SYSLOG);
787 /* Write PID to a file. */
788 if (pidfile_write(pfh) < 0) {
789 pjdlog_errno(LOG_WARNING,
790 "Unable to write PID to a file");