Univention Bugzilla – Full Text Bug Listing |
Summary: | Improve reliability of sysvol-sync | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Samba4 | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Troubleshooting | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 40346, 42097 |
Description
Arvid Requate
2015-12-07 19:10:24 CET
Regarding locking: We already create a local exclusive (write) lock in the sysvol-sync script. Using this lock file to coordinate locking remotely could possibly be done this way: ================================================ LOCKFILE="/var/lock/sysvol-sync" SYSVOL_SYNCDIR='/var/cache/univention-samba4/sysvol-sync' importdir="${SYSVOL_SYNCDIR}/.$remote_hostname" chgrp 'DC Slave Hosts' /var/loc /sysvol-sync chmod g+w /var/lock/sysvol-sync ## create local write lock (This step is already done in the current script) ( flock -n 9 || exit 0 ## add a trap to release the shared (read) lock created in the next step below trap "ssh -S '~/.ssh/control-%r@%h:%p' -O exit '$hostname\$@$remote_hostname'" ## try to create remote shared (read) lock, background multiplex ssh and wait { univention-ssh --no-split /etc/machine.secret \ -M -S '~/.ssh/control-%r@%h:%p' \ "$hostname\$@$remote_hostname" \ "sh -c '(flock -s -n 8 || exit 1; echo GO; read WAIT;) 8>\"$LOCKFILE\"'" & } | read GO ## rsync if multiplex master is established if ssh -S '~/.ssh/control-%r@%h:%p' -O check "$hostname\$@$remote_hostname"; then rsync /etc/machine.secret -aAX --delete \ -e 'ssh -S "~/.ssh/control-%r@%h:%p"' \ "$hostname\$@$remote_hostname:/var/lib/samba/sysvol" "$importdir" fi ## release local write lock ) 9>"$LOCKFILE" ================================================ I'm just unsure about concurrency behaviour with this kind of locking. Maybe when attempting to acquire the read lock we should block until we get it. Unfortunately ssh multiplexing currently doesn't work with the univention-ssh wrapper, so the code above needed a bit of modification.
The sysvol-sync script has been adjusted to
> a) Lock the sysvol while operating on it (e.g. man flock)
> b) First check with "rsync -au --dry-run" if copying is required at all
Advisory: univention-samba4.yaml
OK - check if there are changes before the sync OK - exclusive lock while writing into local sysvol OK - remote read lock while reading remote sysvol OK - remote lock gets removed on destination if source becomes unavailable OK - sshd/config/ClientAliveInterval (60s, sshd reload) OK - univention-samba4.yaml |