/*- * See the file LICENSE for redistribution information. * * Copyright (c) 2004,2008 Oracle. All rights reserved. * * $Id: rep_elect.c,v 12.78 2008/03/13 16:21:04 mbrey Exp $ */ #include "db_config.h" #include "db_int.h" #include "dbinc/db_page.h" #include "dbinc/db_am.h" #include "dbinc/log.h" /* * We need to check sites == nsites, not more than half * like we do in __rep_elect and the VOTE2 code. The * reason is that we want to process all the incoming votes * and not short-circuit once we reach more than half. The * real winner's vote may be in the last half. */ #define IS_PHASE1_DONE(rep) \ ((rep)->sites >= (rep)->nsites && (rep)->w_priority > 0) #define I_HAVE_WON(rep, winner) \ ((rep)->votes >= (rep)->nvotes && winner == (rep)->eid) static void __rep_cmp_vote __P((ENV *, REP *, int, DB_LSN *, u_int32_t, u_int32_t, u_int32_t, u_int32_t)); static int __rep_elect_init __P((ENV *, u_int32_t, u_int32_t, int *, u_int32_t *)); static int __rep_fire_elected __P((ENV *, REP *, u_int32_t)); static void __rep_elect_master __P((ENV *, REP *)); static int __rep_tally __P((ENV *, REP *, int, u_int32_t *, u_int32_t, roff_t)); static int __rep_wait __P((ENV *, db_timeout_t *, int *, int, u_int32_t)); /* * __rep_elect -- * Called after master failure to hold/participate in an election for * a new master. * * PUBLIC: int __rep_elect __P((DB_ENV *, u_int32_t, u_int32_t, u_int32_t)); */ int __rep_elect(dbenv, given_nsites, nvotes, flags) DB_ENV *dbenv; u_int32_t given_nsites, nvotes; u_int32_t flags; { DB_LOG *dblp; DB_LSN lsn; DB_REP *db_rep; DB_THREAD_INFO *ip; ENV *env; LOG *lp; REP *rep; int done, eid, elected, full_elect, locked, in_progress, need_req; int ret, send_vote, t_ret; u_int32_t ack, ctlflags, egen, nsites, orig_tally, priority, realpri; u_int32_t tiebreaker; db_timeout_t timeout, to; env = dbenv->env; COMPQUIET(flags, 0); COMPQUIET(egen, 0); ENV_REQUIRES_CONFIG_XX( env, rep_handle, "DB_ENV->rep_elect", DB_INIT_REP); /* Error checking. */ if (IS_USING_LEASES(env) && given_nsites != 0) { __db_errx(env, "DB_ENV->rep_elect: nsites must be zero if leases configured"); return (EINVAL); } db_rep = env->rep_handle; rep = db_rep->region; dblp = env->lg_handle; lp = dblp->reginfo.primary; elected = 0; /* * Specifying 0 for nsites signals us to use the value configured * previously via rep_set_nsites. Similarly, if the given nvotes is 0, * it asks us to compute the value representing a simple majority. */ nsites = given_nsites == 0 ? rep->config_nsites : given_nsites; ack = nvotes == 0 ? ELECTION_MAJORITY(nsites) : nvotes; locked = 0; /* * XXX * If users give us less than a majority, they run the risk of * having a network partition. However, this also allows the * scenario of master/1 client to elect the client. Allow * sub-majority values, but give a warning. */ if (ack <= (nsites / 2)) { __db_errx(env, "DB_ENV->rep_elect:WARNING: nvotes (%d) is sub-majority with nsites (%d)", nvotes, nsites); } if (nsites < ack) { __db_errx(env, "DB_ENV->rep_elect: nvotes (%d) is larger than nsites (%d)", ack, nsites); return (EINVAL); } /* * Default to the normal timeout unless the user configured * a full election timeout and we think we need a full election. */ full_elect = 0; timeout = rep->elect_timeout; if (!F_ISSET(rep, REP_F_GROUP_ESTD) && rep->full_elect_timeout != 0) { full_elect = 1; timeout = rep->full_elect_timeout; } realpri = rep->priority; RPRINT(env, DB_VERB_REP_ELECT, (env, "Start election nsites %d, ack %d, priority %d", nsites, ack, realpri)); /* * Special case when having an election while running with * sites of potentially mixed versions. We set a bit indicating * we're an electable site, but set our priority to 0. * Old sites will never elect us, with 0 priority, but if all * we have are new sites, then we can elect the best electable * site of the group. * Thus 'priority' is this special, possibly-fake, effective * priority that we'll use for this election, while 'realpri' is our * real, configured priority, as retrieved from REP region. */ ctlflags = realpri != 0 ? REPCTL_ELECTABLE : 0; ENV_ENTER(env, ip); orig_tally = 0; if ((ret = __rep_elect_init(env, nsites, ack, &in_progress, &orig_tally)) != 0) { if (ret == DB_REP_NEWMASTER) ret = 0; goto err; } /* * If another thread is in the middle of an election we * just quietly return and not interfere. */ if (in_progress) goto edone; priority = lp->persist.version != DB_LOGVERSION ? 0 : realpri; #ifdef CONFIG_TEST /* * This allows us to unit test the ELECTABLE flag simply by * using the priority values. */ if (priority > 0 && priority <= 5) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Artificially setting priority 0 (ELECTABLE) for CONFIG_TEST mode")); DB_ASSERT(env, ctlflags == REPCTL_ELECTABLE); priority = 0; } #endif __os_gettime(env, &rep->etime, 1); REP_SYSTEM_LOCK(env); /* * If leases are configured, wait for them to expire, and * see if we can discover the master while waiting. */ if (IS_USING_LEASES(env)) { to = __rep_lease_waittime(env); if (to != 0) { F_SET(rep, REP_F_EPHASE0); REP_SYSTEM_UNLOCK(env); (void)__rep_send_message(env, DB_EID_BROADCAST, REP_MASTER_REQ, NULL, NULL, 0, 0); ret = __rep_wait(env, &to, &eid, 0, REP_F_EPHASE0); REP_SYSTEM_LOCK(env); F_CLR(rep, REP_F_EPHASE0); switch (ret) { /* * If waiting is successful, our flag is cleared * and the master responded. We're done. */ case DB_REP_EGENCHG: case 0: REP_SYSTEM_UNLOCK(env); goto edone; /* * If we get a timeout, continue with the election. */ case DB_TIMEOUT: break; default: goto lockdone; } } } /* * We need to lockout applying incoming log records during * the election. We need to use a special rep_lockout_apply * instead of rep_lockout_msg because we do not want to * lockout all incoming messages, like other VOTEs! */ if ((ret = __rep_lockout_apply(env, rep, 0)) != 0) goto lockdone; locked = 1; to = timeout; REP_SYSTEM_UNLOCK(env); restart: /* Generate a randomized tiebreaker value. */ __os_unique_id(env, &tiebreaker); LOG_SYSTEM_LOCK(env); lsn = lp->lsn; LOG_SYSTEM_UNLOCK(env); REP_SYSTEM_LOCK(env); F_SET(rep, REP_F_EPHASE1 | REP_F_NOARCHIVE); F_CLR(rep, REP_F_TALLY); /* * We made sure that leases were expired before starting the * election, but an existing master may be slow in responding. * If, during lockout, acquiring mutexes, etc, the client has now * re-granted its lease, we're done - a master exists. */ if (IS_USING_LEASES(env) && __rep_islease_granted(env)) { ret = 0; goto lockdone; } /* * If we are in the middle of recovering or internal * init, we participate, but we set our priority to 0 * and turn off REPCTL_ELECTABLE. We *cannot* use the * REP_F_RECOVER_MASK macro because we must explicitly * exclude REP_F_RECOVER_VERIFY. If we are in verify * then that is okay, we can be elected (i.e. we are not * in an inconsistent state). */ if (F_ISSET(rep, REP_F_READY_API | REP_F_READY_OP | REP_F_RECOVER_LOG | REP_F_RECOVER_PAGE | REP_F_RECOVER_UPDATE)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Setting priority 0, unelectable, due to internal init/recovery")); priority = 0; ctlflags = 0; } /* * We are about to participate at this egen. We must * write out the next egen before participating in this one * so that if we crash we can never participate in this egen * again. */ if ((ret = __rep_write_egen(env, rep->egen + 1)) != 0) goto lockdone; /* Tally our own vote */ if (__rep_tally(env, rep, rep->eid, &rep->sites, rep->egen, rep->tally_off) != 0) { ret = EINVAL; goto lockdone; } __rep_cmp_vote(env, rep, rep->eid, &lsn, priority, rep->gen, tiebreaker, ctlflags); RPRINT(env, DB_VERB_REP_ELECT, (env, "Beginning an election")); /* Now send vote */ send_vote = DB_EID_INVALID; egen = rep->egen; done = IS_PHASE1_DONE(rep); REP_SYSTEM_UNLOCK(env); __rep_send_vote(env, &lsn, nsites, ack, priority, tiebreaker, egen, DB_EID_BROADCAST, REP_VOTE1, ctlflags); DB_ENV_TEST_RECOVERY(env, DB_TEST_ELECTVOTE1, ret, NULL); if (done) { REP_SYSTEM_LOCK(env); goto vote; } ret = __rep_wait(env, &to, &eid, full_elect, REP_F_EPHASE1); switch (ret) { case 0: /* Check if election complete or phase complete. */ if (eid != DB_EID_INVALID && !IN_ELECTION(rep)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Ended election phase 1")); goto edone; } goto phase2; case DB_REP_EGENCHG: if (to > timeout) to = timeout; to = (to * 8) / 10; RPRINT(env, DB_VERB_REP_ELECT, (env, "Egen changed while waiting. Now %lu. New timeout %lu, orig timeout %lu", (u_long)rep->egen, (u_long)to, (u_long)timeout)); /* * If the egen changed while we were sleeping, that * means we're probably late to the next election, * so we'll backoff our timeout so that we don't get * into an out-of-phase election scenario. * * Backoff to 80% of the current timeout. */ goto restart; case DB_TIMEOUT: break; default: goto err; } /* * If we got here, we haven't heard from everyone, but we've * run out of time, so it's time to decide if we have enough * votes to pick a winner and if so, to send out a vote to * the winner. */ REP_SYSTEM_LOCK(env); /* * If our egen changed while we were waiting. We need to * essentially reinitialize our election. */ if (egen != rep->egen) { REP_SYSTEM_UNLOCK(env); RPRINT(env, DB_VERB_REP_ELECT, (env, "Egen changed from %lu to %lu", (u_long)egen, (u_long)rep->egen)); goto restart; } if (rep->sites >= rep->nvotes) { vote: /* We think we've seen enough to cast a vote. */ send_vote = rep->winner; /* * See if we won. This will make sure we * don't count ourselves twice if we're racing * with incoming votes. */ if (rep->winner == rep->eid) { (void)__rep_tally(env, rep, rep->eid, &rep->votes, egen, rep->v2tally_off); RPRINT(env, DB_VERB_REP_ELECT, (env, "Counted my vote %d", rep->votes)); } F_SET(rep, REP_F_EPHASE2); F_CLR(rep, REP_F_EPHASE1); } REP_SYSTEM_UNLOCK(env); if (send_vote == DB_EID_INVALID) { /* We do not have enough votes to elect. */ if (rep->sites >= rep->nvotes) __db_errx(env, "No electable site found: recvd %d of %d votes from %d sites", rep->sites, rep->nvotes, rep->nsites); else __db_errx(env, "Not enough votes to elect: recvd %d of %d from %d sites", rep->sites, rep->nvotes, rep->nsites); ret = DB_REP_UNAVAIL; goto err; } /* * We have seen enough vote1's. Now we need to wait * for all the vote2's. */ if (send_vote != rep->eid) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Sending vote")); __rep_send_vote(env, NULL, 0, 0, 0, 0, egen, send_vote, REP_VOTE2, 0); /* * If we are NOT the new master we want to send * our vote to the winner, and wait longer. The * reason is that the winner may be "behind" us * in the election waiting and if the master is * down, the winner will wait the full timeout * and we want to give the winner enough time to * process all the votes. Otherwise we could * incorrectly return DB_REP_UNAVAIL and start a * new election before the winner can declare * itself. */ to = to * 2; } phase2: if (I_HAVE_WON(rep, rep->winner)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Skipping phase2 wait: already got %d votes", rep->votes)); REP_SYSTEM_LOCK(env); goto i_won; } ret = __rep_wait(env, &to, &eid, full_elect, REP_F_EPHASE2); RPRINT(env, DB_VERB_REP_ELECT, (env, "Ended election phase 2 %d", ret)); switch (ret) { case 0: if (eid != DB_EID_INVALID) goto edone; ret = DB_REP_UNAVAIL; break; case DB_REP_EGENCHG: if (to > timeout) to = timeout; to = (to * 8) / 10; RPRINT(env, DB_VERB_REP_ELECT, (env, "While waiting egen changed to %lu. Phase 2 New timeout %lu, orig timeout %lu", (u_long)rep->egen, (u_long)to, (u_long)timeout)); goto restart; case DB_TIMEOUT: ret = DB_REP_UNAVAIL; break; default: goto err; } REP_SYSTEM_LOCK(env); if (egen != rep->egen) { REP_SYSTEM_UNLOCK(env); RPRINT(env, DB_VERB_REP_ELECT, (env, "Egen ph2 changed from %lu to %lu", (u_long)egen, (u_long)rep->egen)); goto restart; } done = rep->votes >= rep->nvotes; RPRINT(env, DB_VERB_REP_ELECT, (env, "After phase 2: votes %d, nvotes %d, nsites %d", rep->votes, rep->nvotes, rep->nsites)); if (I_HAVE_WON(rep, rep->winner)) { i_won: __rep_elect_master(env, rep); ret = 0; elected = 1; } if (0) { err: REP_SYSTEM_LOCK(env); } lockdone: /* * If we get here because of a non-election error, then we * did not tally our vote. The only non-election error is * from elect_init where we were unable to grow_sites. In * that case we do not want to discard all known election info. */ if (ret == 0 || ret == DB_REP_UNAVAIL) __rep_elect_done(env, rep, 0); else if (orig_tally) F_SET(rep, orig_tally); /* * If the election finished elsewhere, we need to clear * the elect flag anyway. */ if (0) { edone: REP_SYSTEM_LOCK(env); } F_CLR(rep, REP_F_INREPELECT); if (locked) { need_req = F_ISSET(rep, REP_F_SKIPPED_APPLY); F_CLR(rep, REP_F_READY_APPLY | REP_F_SKIPPED_APPLY); REP_SYSTEM_UNLOCK(env); /* * If we skipped any log records, request them now. */ if (need_req && (t_ret = __rep_resend_req(env, 0)) != 0 && ret == 0) ret = t_ret; } else REP_SYSTEM_UNLOCK(env); if (elected) ret = __rep_fire_elected(env, rep, egen); RPRINT(env, DB_VERB_REP_ELECT, (env, "Ended election with %d, sites %d, egen %lu, flags 0x%lx", ret, rep->sites, (u_long)rep->egen, (u_long)rep->flags)); DB_TEST_RECOVERY_LABEL ENV_LEAVE(env, ip); return (ret); } /* * __rep_vote1 -- * Handle incoming vote1 message on a client. * * PUBLIC: int __rep_vote1 __P((ENV *, __rep_control_args *, DBT *, int)); */ int __rep_vote1(env, rp, rec, eid) ENV *env; __rep_control_args *rp; DBT *rec; int eid; { DBT data_dbt; DB_LOG *dblp; DB_LSN lsn; DB_REP *db_rep; LOG *lp; REP *rep; REP_OLD_VOTE_INFO *ovi; __rep_egen_args egen_arg; __rep_vote_info_args tmpvi, *vi; u_int32_t egen; int elected, master, ret; u_int8_t buf[__REP_MAXMSG_SIZE]; size_t len; COMPQUIET(egen, 0); elected = ret = 0; db_rep = env->rep_handle; rep = db_rep->region; dblp = env->lg_handle; lp = dblp->reginfo.primary; if (F_ISSET(rep, REP_F_MASTER)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Master received vote")); LOG_SYSTEM_LOCK(env); lsn = lp->lsn; LOG_SYSTEM_UNLOCK(env); (void)__rep_send_message(env, DB_EID_BROADCAST, REP_NEWMASTER, &lsn, NULL, 0, 0); if (IS_USING_LEASES(env)) ret = __rep_lease_refresh(env); return (ret); } /* * In 4.7 we changed to having fixed sized u_int32_t's from * non-fixed 'int' fields in the vote structure. */ if (rp->rep_version < DB_REPVERSION_47) { ovi = (REP_OLD_VOTE_INFO *)rec->data; tmpvi.egen = ovi->egen; tmpvi.nsites = (u_int32_t)ovi->nsites; tmpvi.nvotes = (u_int32_t)ovi->nvotes; tmpvi.priority = (u_int32_t)ovi->priority; tmpvi.tiebreaker = ovi->tiebreaker; } else if ((ret = __rep_vote_info_unmarshal(env, &tmpvi, rec->data, rec->size, NULL)) != 0) return (ret); vi = &tmpvi; REP_SYSTEM_LOCK(env); /* * If we get a vote from a later election gen, we * clear everything from the current one, and we'll * start over by tallying it. If we get an old vote, * send an ALIVE to the old participant. */ RPRINT(env, DB_VERB_REP_ELECT, (env, "Received vote1 egen %lu, egen %lu", (u_long)vi->egen, (u_long)rep->egen)); if (vi->egen < rep->egen) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Received old vote %lu, egen %lu, ignoring vote1", (u_long)vi->egen, (u_long)rep->egen)); egen_arg.egen = rep->egen; REP_SYSTEM_UNLOCK(env); if (rep->version < DB_REPVERSION_47) DB_INIT_DBT(data_dbt, &egen_arg.egen, sizeof(egen_arg.egen)); else { if ((ret = __rep_egen_marshal(env, &egen_arg, buf, __REP_EGEN_SIZE, &len)) != 0) return (ret); DB_INIT_DBT(data_dbt, buf, len); } (void)__rep_send_message(env, eid, REP_ALIVE, &rp->lsn, &data_dbt, 0, 0); return (ret); } if (vi->egen > rep->egen) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Received VOTE1 from egen %lu, my egen %lu; reset", (u_long)vi->egen, (u_long)rep->egen)); __rep_elect_done(env, rep, 0); rep->egen = vi->egen; F_SET(rep, REP_F_EGENUPDATE); } /* * If this site (sender of the VOTE1) is the first to the party, simply * initialize values from the message. Otherwise, see if the site knows * about more sites, and/or requires more votes, than we do. */ if (!IN_ELECTION_TALLY(rep)) { F_SET(rep, REP_F_TALLY); rep->nsites = vi->nsites; rep->nvotes = vi->nvotes; } else { if (vi->nsites > rep->nsites) rep->nsites = vi->nsites; if (vi->nvotes > rep->nvotes) rep->nvotes = vi->nvotes; } /* * We are keeping the vote, let's see if that changes our * count of the number of sites. */ if (rep->sites + 1 > rep->nsites) rep->nsites = rep->sites + 1; if (rep->nsites > rep->asites && (ret = __rep_grow_sites(env, rep->nsites)) != 0) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Grow sites returned error %d", ret)); goto err; } /* * Ignore vote1's if we're in phase 2. */ if (F_ISSET(rep, REP_F_EPHASE2)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "In phase 2, ignoring vote1")); goto err; } /* * Record this vote. If we get back non-zero, we * ignore the vote. */ if ((ret = __rep_tally(env, rep, eid, &rep->sites, vi->egen, rep->tally_off)) != 0) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Tally returned %d, sites %d", ret, rep->sites)); ret = 0; goto err; } RPRINT(env, DB_VERB_REP_ELECT, (env, "Incoming vote: (eid)%d (pri)%lu %s (gen)%lu (egen)%lu [%lu,%lu]", eid, (u_long)vi->priority, F_ISSET(rp, REPCTL_ELECTABLE) ? "ELECTABLE" : "", (u_long)rp->gen, (u_long)vi->egen, (u_long)rp->lsn.file, (u_long)rp->lsn.offset)); if (rep->sites > 1) RPRINT(env, DB_VERB_REP_ELECT, (env, "Existing vote: (eid)%d (pri)%lu (gen)%lu (sites)%d [%lu,%lu]", rep->winner, (u_long)rep->w_priority, (u_long)rep->w_gen, rep->sites, (u_long)rep->w_lsn.file, (u_long)rep->w_lsn.offset)); __rep_cmp_vote(env, rep, eid, &rp->lsn, vi->priority, rp->gen, vi->tiebreaker, rp->flags); /* * If you get a vote and you're not in an election, we've * already recorded this vote. But that is all we need * to do. */ if (!IN_ELECTION(rep)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Not in election, but received vote1 0x%x", rep->flags)); ret = DB_REP_HOLDELECTION; goto err; } master = rep->winner; lsn = rep->w_lsn; if (IS_PHASE1_DONE(rep)) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Phase1 election done")); RPRINT(env, DB_VERB_REP_ELECT, (env, "Voting for %d%s", master, master == rep->eid ? "(self)" : "")); egen = rep->egen; F_SET(rep, REP_F_EPHASE2); F_CLR(rep, REP_F_EPHASE1); if (master == rep->eid) { (void)__rep_tally(env, rep, rep->eid, &rep->votes, egen, rep->v2tally_off); RPRINT(env, DB_VERB_REP_ELECT, (env, "After phase 1 done: counted vote %d of %d", rep->votes, rep->nvotes)); if (I_HAVE_WON(rep, rep->winner)) { __rep_elect_master(env, rep); elected = 1; } goto err; } REP_SYSTEM_UNLOCK(env); /* Vote for someone else. */ __rep_send_vote(env, NULL, 0, 0, 0, 0, egen, master, REP_VOTE2, 0); } else err: REP_SYSTEM_UNLOCK(env); if (elected) ret = __rep_fire_elected(env, rep, egen); return (ret); } /* * __rep_vote2 -- * Handle incoming vote2 message on a client. * * PUBLIC: int __rep_vote2 __P((ENV *, __rep_control_args *, DBT *, int)); */ int __rep_vote2(env, rp, rec, eid) ENV *env; __rep_control_args *rp; DBT *rec; int eid; { DB_LOG *dblp; DB_LSN lsn; DB_REP *db_rep; LOG *lp; REP *rep; REP_OLD_VOTE_INFO *ovi; __rep_vote_info_args tmpvi, *vi; u_int32_t egen; int ret; ret = 0; db_rep = env->rep_handle; rep = db_rep->region; dblp = env->lg_handle; lp = dblp->reginfo.primary; RPRINT(env, DB_VERB_REP_ELECT, (env, "We received a vote%s", F_ISSET(rep, REP_F_MASTER) ? " (master)" : "")); if (F_ISSET(rep, REP_F_MASTER)) { LOG_SYSTEM_LOCK(env); lsn = lp->lsn; LOG_SYSTEM_UNLOCK(env); STAT(rep->stat.st_elections_won++); (void)__rep_send_message(env, DB_EID_BROADCAST, REP_NEWMASTER, &lsn, NULL, 0, 0); if (IS_USING_LEASES(env)) ret = __rep_lease_refresh(env); return (ret); } REP_SYSTEM_LOCK(env); egen = rep->egen; /* If we have priority 0, we should never get a vote. */ DB_ASSERT(env, rep->priority != 0); /* * We might be the last to the party and we haven't had * time to tally all the vote1's, but others have and * decided we're the winner. So, if we're in the process * of tallying sites, keep the vote so that when our * election thread catches up we'll have the votes we * already received. */ /* * In 4.7 we changed to having fixed sized u_int32_t's from * non-fixed 'int' fields in the vote structure. */ if (rp->rep_version < DB_REPVERSION_47) { ovi = (REP_OLD_VOTE_INFO *)rec->data; tmpvi.egen = ovi->egen; tmpvi.nsites = (u_int32_t)ovi->nsites; tmpvi.nvotes = (u_int32_t)ovi->nvotes; tmpvi.priority = (u_int32_t)ovi->priority; tmpvi.tiebreaker = ovi->tiebreaker; } else if ((ret = __rep_vote_info_unmarshal(env, &tmpvi, rec->data, rec->size, NULL)) != 0) return (ret); vi = &tmpvi; if (!IN_ELECTION_TALLY(rep) && vi->egen >= rep->egen) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Not in election gen %lu, at %lu, got vote", (u_long)vi->egen, (u_long)rep->egen)); ret = DB_REP_HOLDELECTION; goto err; } /* * Record this vote. In a VOTE2, the only valid entry * in the vote information is the election generation. * * There are several things which can go wrong that we * need to account for: * 1. If we receive a latent VOTE2 from an earlier election, * we want to ignore it. * 2. If we receive a VOTE2 from a site from which we never * received a VOTE1, we want to record it, because we simply * may be processing messages out of order or its vote1 got lost, * but that site got all the votes it needed to send it. * 3. If we have received a duplicate VOTE2 from this election * from the same site we want to ignore it. * 4. If this is from the current election and someone is * really voting for us, then we finally get to record it. */ /* * Case 1. */ if (vi->egen != rep->egen) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Bad vote egen %lu. Mine %lu", (u_long)vi->egen, (u_long)rep->egen)); ret = 0; goto err; } /* * __rep_tally takes care of cases 2, 3 and 4. */ if ((ret = __rep_tally(env, rep, eid, &rep->votes, vi->egen, rep->v2tally_off)) != 0) { ret = 0; goto err; } RPRINT(env, DB_VERB_REP_ELECT, (env, "Counted vote %d of %d", rep->votes, rep->nvotes)); if (I_HAVE_WON(rep, rep->winner)) { __rep_elect_master(env, rep); ret = DB_REP_NEWMASTER; } err: REP_SYSTEM_UNLOCK(env); if (ret == DB_REP_NEWMASTER) ret = __rep_fire_elected(env, rep, egen); return (ret); } /* * __rep_tally -- * Handle incoming vote message on a client. Called with the db_rep * mutex held. This function will return 0 if we successfully tally * the vote and non-zero if the vote is ignored. This will record * both VOTE1 and VOTE2 records, depending on which region offset the * caller passed in. */ static int __rep_tally(env, rep, eid, countp, egen, vtoff) ENV *env; REP *rep; int eid; u_int32_t *countp; u_int32_t egen; roff_t vtoff; { REP_VTALLY *tally, *vtp; u_int32_t i; tally = R_ADDR(env->reginfo, vtoff); vtp = &tally[0]; for (i = 0; i < *countp;) { /* * Ignore votes from earlier elections (i.e. we've heard * from this site in this election, but its vote from an * earlier election got delayed and we received it now). * However, if we happened to hear from an earlier vote * and we recorded it and we're now hearing from a later * election we want to keep the updated one. Note that * updating the entry will not increase the count. * Also ignore votes that are duplicates. */ if (vtp->eid == eid) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Tally found[%d] (%d, %lu), this vote (%d, %lu)", i, vtp->eid, (u_long)vtp->egen, eid, (u_long)egen)); if (vtp->egen >= egen) return (1); else { vtp->egen = egen; return (0); } } i++; vtp = &tally[i]; } /* * If we get here, we have a new voter we haven't seen before. Tally * this vote. */ RPRINT(env, DB_VERB_REP_ELECT, (env, "Tallying VOTE%c[%d] (%d, %lu)", vtoff == rep->tally_off ? '1' : '2', i, eid, (u_long)egen)); vtp->eid = eid; vtp->egen = egen; (*countp)++; return (0); } /* * __rep_cmp_vote -- * Compare incoming vote1 message on a client. Called with the db_rep * mutex held. * */ static void __rep_cmp_vote(env, rep, eid, lsnp, priority, gen, tiebreaker, flags) ENV *env; REP *rep; int eid; DB_LSN *lsnp; u_int32_t priority; u_int32_t flags, gen, tiebreaker; { int cmp; cmp = LOG_COMPARE(lsnp, &rep->w_lsn); /* * If we've seen more than one, compare us to the best so far. * If we're the first, make ourselves the winner to start. */ if (rep->sites > 1 && (priority != 0 || LF_ISSET(REPCTL_ELECTABLE))) { /* * Special case, if we have a mixed version group of sites, * we set priority to 0, but set the ELECTABLE flag so that * all sites talking at lower versions can correctly elect. * If a non-zero priority comes in and current winner is * zero priority (but was electable), then the non-zero * site takes precedence no matter what its LSN is. * * Then LSN is determinant only if we're comparing * like-styled version/priorities. I.e. both with * 0/ELECTABLE priority or both with non-zero priority. * Then actual priority value if LSNs * are equal, then tiebreaker if both are equal. */ if ((priority != 0 && rep->w_priority == 0) || (((priority == 0 && rep->w_priority == 0) || (priority != 0 && rep->w_priority != 0)) && cmp > 0) || (cmp == 0 && (priority > rep->w_priority || (priority == rep->w_priority && (tiebreaker > rep->w_tiebreaker))))) { RPRINT(env, DB_VERB_REP_ELECT, (env, "Accepting new vote")); rep->winner = eid; rep->w_priority = priority; rep->w_lsn = *lsnp; rep->w_gen = gen; rep->w_tiebreaker = tiebreaker; } } else if (rep->sites == 1) { if (priority != 0 || LF_ISSET(REPCTL_ELECTABLE)) { /* Make ourselves the winner to start. */ rep->winner = eid; rep->w_priority = priority; rep->w_gen = gen; rep->w_lsn = *lsnp; rep->w_tiebreaker = tiebreaker; } else { rep->winner = DB_EID_INVALID; rep->w_priority = 0; rep->w_gen = 0; ZERO_LSN(rep->w_lsn); rep->w_tiebreaker = 0; } } } /* * __rep_elect_init * Initialize an election. Sets beginp non-zero if the election is * already in progress; makes it 0 otherwise. */ static int __rep_elect_init(env, nsites, nvotes, beginp, otally) ENV *env; u_int32_t nsites, nvotes; int *beginp; u_int32_t *otally; { DB_LOG *dblp; DB_LSN lsn; DB_REP *db_rep; LOG *lp; REP *rep; int ret; db_rep = env->rep_handle; rep = db_rep->region; ret = 0; /* We may miscount, as we don't hold the replication mutex here. */ STAT(rep->stat.st_elections++); /* If we are already master; simply broadcast that fact and return. */ if (F_ISSET(rep, REP_F_MASTER)) { dblp = env->lg_handle; lp = dblp->reginfo.primary; LOG_SYSTEM_LOCK(env); lsn = lp->lsn; LOG_SYSTEM_UNLOCK(env); (void)__rep_send_message(env, DB_EID_BROADCAST, REP_NEWMASTER, &lsn, NULL, 0, 0); if (IS_USING_LEASES(env)) ret = __rep_lease_refresh(env); STAT(rep->stat.st_elections_won++); return (DB_REP_NEWMASTER); } REP_SYSTEM_LOCK(env); if (otally != NULL) *otally = F_ISSET(rep, REP_F_TALLY); *beginp = IN_ELECTION(rep) || F_ISSET(rep, REP_F_INREPELECT); if (!*beginp) { /* * Make sure that we always initialize all the election fields * before putting ourselves in an election state. That means * issuing calls that can fail (allocation) before setting all * the variables. */ if (nsites > rep->asites && (ret = __rep_grow_sites(env, nsites)) != 0) goto err; DB_ENV_TEST_RECOVERY(env, DB_TEST_ELECTINIT, ret, NULL); F_SET(rep, REP_F_INREPELECT); F_CLR(rep, REP_F_EGENUPDATE); /* * If we're the first to the party, we simply set initial * values: pre-existing values would be left over from previous * election. */ if (!IN_ELECTION_TALLY(rep)) { rep->nsites = nsites; rep->nvotes = nvotes; } else { if (nsites > rep->nsites) rep->nsites = nsites; if (nvotes > rep->nvotes) rep->nvotes = nvotes; } } DB_TEST_RECOVERY_LABEL err: REP_SYSTEM_UNLOCK(env); return (ret); } /* * __rep_elect_master * Set up for new master from election. Must be called with * the replication region mutex held. */ static void __rep_elect_master(env, rep) ENV *env; REP *rep; { /* * We often come through here twice, sometimes even more. We mustn't * let the redundant calls affect stats counting. But rep_elect relies * on this first part for setting eidp. */ rep->master_id = rep->eid; if (F_ISSET(rep, REP_F_MASTERELECT | REP_F_MASTER)) { /* We've been through here already; avoid double counting. */ return; } F_SET(rep, REP_F_MASTERELECT); STAT(rep->stat.st_elections_won++); RPRINT(env, DB_VERB_REP_ELECT, (env, "Got enough votes to win; election done; winner is %d, gen %lu", rep->master_id, (u_long)rep->gen)); } static int __rep_fire_elected(env, rep, egen) ENV *env; REP *rep; u_int32_t egen; { REP_EVENT_LOCK(env); if (rep->notified_egen < egen) { __rep_fire_event(env, DB_EVENT_REP_ELECTED, NULL); rep->notified_egen = egen; } REP_EVENT_UNLOCK(env); return (0); } /* * Compute a sleep interval. Set it to the smaller of .5s or * timeout/10, making sure we sleep at least 1usec if timeout < 10. */ #define SLEEPTIME(timeout) \ (timeout > 5000000) ? 500000 : ((timeout >= 10) ? timeout / 10 : 1); static int __rep_wait(env, timeoutp, eidp, full_elect, flags) ENV *env; db_timeout_t *timeoutp; int *eidp, full_elect; u_int32_t flags; { DB_REP *db_rep; REP *rep; int done, echg, phase_over, ret; u_int32_t egen, sleeptime, sleeptotal, timeout; db_rep = env->rep_handle; rep = db_rep->region; egen = rep->egen; done = echg = phase_over = ret = 0; timeout = *timeoutp; /* * The user specifies an overall timeout function, but checking * is cheap and the timeout may be a generous upper bound. * Sleep repeatedly for the smaller of .5s and timeout/10. */ sleeptime = SLEEPTIME(timeout); sleeptotal = 0; while (sleeptotal < timeout) { __os_yield(env, 0, sleeptime); sleeptotal += sleeptime; REP_SYSTEM_LOCK(env); /* * Check if group membership changed while we were * sleeping. Specifically we're trying for a full * election and someone is telling us we're joining * a previously established replication group. */ if (full_elect && F_ISSET(rep, REP_F_GROUP_ESTD)) { *timeoutp = rep->elect_timeout; timeout = *timeoutp; /* * We adjusted timeout, if we've already waited * that long, then return as though this phase * timed out. However, we want to give other * changes a chance to return, so if we both * found a group and found a new egen, we * override this return with the egen information. * If we found a group and our election finished * then we want to return the election completion. */ if (sleeptotal >= timeout) { done = 1; ret = DB_TIMEOUT; } else sleeptime = SLEEPTIME(timeout); } echg = egen != rep->egen; phase_over = !F_ISSET(rep, flags); /* * Since we're not clearing out master_id any more, * we need to do more to detect the difference between * a new master getting elected and egen changing, * or a new election starting because the old one * timed out at another site (which easily happens * when sites have very different timeout settings). * * Detect this by: * If my phase was over, egen has changed but * there are still election flags set, or we're * told our egen was out of date and updated * then return DB_REP_EGENCHG. * * Otherwise, if my phase is over I want to * set my idea of the master and return. */ if (phase_over && echg && (IN_ELECTION_TALLY(rep) || F_ISSET(rep, REP_F_EGENUPDATE))) { done = 1; F_CLR(rep, REP_F_EGENUPDATE); ret = DB_REP_EGENCHG; } else if (phase_over) { *eidp = rep->master_id; done = 1; ret = 0; } REP_SYSTEM_UNLOCK(env); if (done) return (ret); } return (DB_TIMEOUT); }