|
OpenAFS
OpenAFS distributed network file system
|
|
OpenAFS
OpenAFS distributed network file system
|
This module is responsible for determining when the system has recovered to the point that it can handle new transactions. More...
#include <afsconfig.h>#include <afs/param.h>#include <roken.h>#include <afs/opr.h>#include <lock.h>#include <rx/xdr.h>#include <rx/rx.h>#include <afs/afsutil.h>#include <afs/cellconfig.h>#include "ubik.h"#include "ubik_int.h"Functions | |
| int | urecovery_ResetState (void) |
| int | urecovery_LostServer (struct ubik_server *ts) |
| sync site | |
| int | urecovery_AllBetter (struct ubik_dbase *adbase, int areadAny) |
| return true iff we have a current database (called by both sync sites and non-sync sites) How do we determine this? If we're the sync site, we wait until recovery has finished fetching and re-labelling its dbase (it may still be trying to propagate it out to everyone else; that's THEIR problem). | |
| int | urecovery_AbortAll (struct ubik_dbase *adbase) |
| abort all transactions on this database | |
| int | urecovery_CheckTid (struct ubik_tid *atid, int abortalways) |
| this routine aborts the current remote transaction, if any, if the tid is wrong | |
| int | urecovery_Initialize (struct ubik_dbase *adbase) |
| initialize the local ubik_dbase | |
| void * | urecovery_Interact (void *dummy) |
| Main interaction loop for the recovery manager. | |
| int | DoProbe (struct ubik_server *server) |
| send a Probe to all the network address of this server | |
Variables | |
| int | ubikPrimaryAddrOnly |
| if this flag is set, then ubik will use only the primary address (the address specified in the CellServDB) to contact other ubik servers. | |
This module is responsible for determining when the system has recovered to the point that it can handle new transactions.
It replays logs, polls to determine the current dbase after a crash, and distributes the new database to the others.
The sync site associates a version number with each database. It broadcasts the version associated with its current dbase in every one of its beacon messages. When the sync site send a dbase to a server, it also sends the db's version. A non-sync site server can tell if it has the right dbase version by simply comparing the version from the beacon message uvote_dbVersion with the version associated with the database ubik_dbase->version. The sync site itself simply has one counter to keep track of all of this (again ubik_dbase->version).
sync site: routine called when the sync site loses its quorum; this procedure is called "up" from the beacon package. It resyncs the dbase and nudges the recovery daemon to try to propagate out the changes. It also resets the recovery daemon's state, since recovery must potentially find a new dbase to propagate out. This routine should not do anything with variables used by non-sync site servers.
| int DoProbe | ( | struct ubik_server * | server | ) |
send a Probe to all the network address of this server
| int urecovery_AllBetter | ( | struct ubik_dbase * | adbase, |
| int | areadAny | ||
| ) |
return true iff we have a current database (called by both sync sites and non-sync sites) How do we determine this? If we're the sync site, we wait until recovery has finished fetching and re-labelling its dbase (it may still be trying to propagate it out to everyone else; that's THEIR problem).
If we're not the sync site, then we must have a dbase labelled with the right version, and we must have a currently-good sync site.
| int urecovery_Initialize | ( | struct ubik_dbase * | adbase | ) |
initialize the local ubik_dbase
We replay the logs and then read the resulting file to figure out what version we've really got.
| void* urecovery_Interact | ( | void * | dummy | ) |
Main interaction loop for the recovery manager.
The recovery light-weight process only runs when you're the synchronization site. It performs the following tasks, if and only if the prerequisite tasks have been performed successfully (it keeps track of which ones have been performed in its bit map, urecovery_state).
First, it is responsible for probing that all servers are up. This is the only operation that must be performed even if this is not yet the sync site, since otherwise this site may not notice that enough other machines are running to even elect this guy to be the sync site.
After that, the recovery process does nothing until the beacon and voting modules manage to get this site elected sync site.
After becoming sync site, recovery first attempts to find the best database available in the network (it must do this in order to ensure finding the latest committed data). After finding the right database, it must fetch this dbase to the sync site.
After fetching the dbase, it relabels it with a new version number, to ensure that everyone recognizes this dbase as the most recent dbase.
One the dbase has been relabelled, this machine can start handling requests. However, the recovery module still has one more task: propagating the dbase out to everyone who is up in the network.
| int urecovery_LostServer | ( | struct ubik_server * | ts | ) |
sync site
routine called when a non-sync site server goes down; restarts recovery process to send missing server the new db when it comes back up for non-sync site servers.
if this flag is set, then ubik will use only the primary address (the address specified in the CellServDB) to contact other ubik servers.
Ubik recovery will not try opening connections to the alternate interface addresses.
1.7.4