#
aa27d9ef |
| 21-May-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Recognize HIO_FLUSH requests.
MFC after: 1 week
|
#
c02f1527 |
| 14-May-2011 |
Attilio Rao <attilio@FreeBSD.org> |
MFC
|
#
0cddb12f |
| 14-May-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Currently we are unable to use capsicum for the primary worker process, because we need to do ioctl(2)s, which are not permitted in the capability mode. What we do now is to chroot(2) to /var/empty,
Currently we are unable to use capsicum for the primary worker process, because we need to do ioctl(2)s, which are not permitted in the capability mode. What we do now is to chroot(2) to /var/empty, which restricts access to file system name space and we drop privileges to hast user and hast group.
This still allows to access to other name spaces, like list of processes, network and sysvipc.
To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict access to process table, network (we use ip-less jails) and sysvipc (if security.jail.sysvipc_allowed is turned off). This provides much better separation.
MFC after: 1 week
show more ...
|
#
06cbf549 |
| 19-Apr-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Scenario: - We have two nodes connected and synchronized (local counters on both sides are 0). - We take secondary down and recreate it. - Primary connects to it and starts synchronization (but loc
Scenario: - We have two nodes connected and synchronized (local counters on both sides are 0). - We take secondary down and recreate it. - Primary connects to it and starts synchronization (but local counters are still 0). - We switch the roles. - Synchronization restarts but data is synchronized now from new primary (because local counters are 0) that doesn't have new data yet.
This fix this issue we bump local counter on primary when we discover that connected secondary was recreated and has no data yet.
Reported by: trociny Discussed with: trociny Tested by: trociny MFC after: 1 week
show more ...
|
#
02dfe972 |
| 02-Apr-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Declare directions for sockets between primary and secondary. In HAST we use two sockets - one for only sending the data and one for only receiving the data.
MFC after: 1 month
|
#
54987cac |
| 25-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Add mapsize to the header just before sending the packet. Before it could change later and we were sending invalid mapsize. Some time ago I added optimization where when nodes are connected for the f
Add mapsize to the header just before sending the packet. Before it could change later and we were sending invalid mapsize. Some time ago I added optimization where when nodes are connected for the first time and there were no writes to them yet, there is no initial full synchronization. This bug prevented it from working.
MFC after: 1 week
show more ...
|
#
643080b7 |
| 25-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Use role2str() when setting process title.
MFC after: 1 week
|
#
640b7ee6 |
| 23-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Don't create socketpair for connection forwarding between parent and secondary. Secondary doesn't need to connect anywhere.
MFC after: 1 week
|
#
cd72d521 |
| 22-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
White space cleanups.
MFC after: 1 week
|
#
4d8dc3b8 |
| 21-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
When dropping privileges prefer capsicum over chroot+setgid+setuid. We can use capsicum for secondary worker processes and hastctl. When working as primary we drop privileges using chroot+setgid+setu
When dropping privileges prefer capsicum over chroot+setgid+setuid. We can use capsicum for secondary worker processes and hastctl. When working as primary we drop privileges using chroot+setgid+setuid still as we need to send ioctl(2)s to ggate device, for which capsicum doesn't allow (yet).
X-MFC after: capsicum is merged to stable/8
show more ...
|
#
756cb154 |
| 21-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Fix typo.
MFC after: 1 week
|
#
e208a185 |
| 21-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Be pedantic and free nvout before exiting.
MFC after: 1 week
|
#
38ea70ca |
| 21-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Detect situation where resource internal identifier differs. This means that both nodes have separately managed resources that don't have the same data.
MFC after: 1 week
|
#
0b626a28 |
| 21-Mar-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
In hast.conf we define the other node's address in 'remote' variable. This way we know how to connect to secondary node when we are primary. The same variable is used by the secondary node - it only
In hast.conf we define the other node's address in 'remote' variable. This way we know how to connect to secondary node when we are primary. The same variable is used by the secondary node - it only accepts connections from the address stored in 'remote' variable. In cluster configurations it is common that each node has its individual IP address and there is one addtional shared IP address which is assigned to primary node. It seems it is possible that if the shared IP address is from the same network as the individual IP address it might be choosen by the kernel as a source address for connection with the secondary node. Such connection will be rejected by secondary, as it doesn't come from primary node individual IP.
Add 'source' variable that allows to specify source IP address we want to bind to before connecting to the secondary node.
MFC after: 1 week
show more ...
|
#
8d7dcf14 |
| 17-Mar-2011 |
Mikolaj Golub <trociny@FreeBSD.org> |
For secondary, set 2 * HAST_KEEPALIVE seconds timeout for incoming connection so the worker will exit if it does not receive packets from the primary during this interval.
Reported by: Christian Vog
For secondary, set 2 * HAST_KEEPALIVE seconds timeout for incoming connection so the worker will exit if it does not receive packets from the primary during this interval.
Reported by: Christian Vogt <Christian.Vogt@haw-hamburg.de> Tested by: Christian Vogt <Christian.Vogt@haw-hamburg.de> Approved by: pjd (mentor) MFC after: 1 week
show more ...
|
#
bc7a916a |
| 11-Mar-2011 |
Mikolaj Golub <trociny@FreeBSD.org> |
Make workers inherit debug level from the main process.
Approved by: pjd (mentor) MFC after: 1 week
|
Revision tags: release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0 |
|
#
32ecf620 |
| 03-Feb-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Setup another socketpair between parent and child, so that primary sandboxed worker can ask the main privileged process to connect in worker's behalf and then we can migrate descriptor using this soc
Setup another socketpair between parent and child, so that primary sandboxed worker can ask the main privileged process to connect in worker's behalf and then we can migrate descriptor using this socketpair to worker. This is not really needed now, but will be needed once we start to use capsicum for sandboxing.
MFC after: 1 week
show more ...
|
#
f4c96f94 |
| 03-Feb-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Let the caller log info about successful privilege drop. We don't want to log this in hastctl.
MFC after: 1 week
|
#
2ec483c5 |
| 31-Jan-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
- Use pjdlog for assertions and aborts as this will log assert/abort message to syslog if we run in background. - Asserts in proto.c that method we want to call is implemented and remove dummy me
- Use pjdlog for assertions and aborts as this will log assert/abort message to syslog if we run in background. - Asserts in proto.c that method we want to call is implemented and remove dummy methods from protocols implementation that are only there to abort the program with nice message.
MFC after: 1 week
show more ...
|
#
6d7967de |
| 28-Jan-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Drop privileges in worker processes.
Accepting connections and handshaking in secondary is still done before dropping privileges. It should be implemented by only accepting connections in privileged
Drop privileges in worker processes.
Accepting connections and handshaking in secondary is still done before dropping privileges. It should be implemented by only accepting connections in privileged main process and passing connection descriptors to the worker, but is not implemented yet.
MFC after: 1 week
show more ...
|
#
f463896e |
| 28-Jan-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Use newly added descriptors_assert() function to ensure only expected descriptors are open.
MFC after: 1 week
|
#
da1783ea |
| 28-Jan-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Close all unneeded descriptors after fork(2).
MFC after: 1 week
|
#
51297f7d |
| 25-Oct-2010 |
Dimitry Andric <dim@FreeBSD.org> |
Sync: merge r214221 through r214352 from ^/head.
|
#
ce837469 |
| 24-Oct-2010 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Before this change on first connect between primary and secondary we initialize all the data. This is huge waste of time and resources if there were no writes yet, as there is no real data to synchro
Before this change on first connect between primary and secondary we initialize all the data. This is huge waste of time and resources if there were no writes yet, as there is no real data to synchronize.
Optimize this by sending "virgin" argument to secondary, which gives it a hint that synchronization is not needed.
In the common case (where noth nodes are configured at the same time) instead of synchronizing everything, we don't synchronize at all.
MFC after: 1 week
show more ...
|
#
1f39b279 |
| 24-Oct-2010 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Simplify code a bit.
MFC after: 3 days
|