facebook/sapling
1
1
Fork 0
mirror of https://github.com/facebook/sapling.git synced 2024-10-11 01:07:15 +03:00
Code Issues Projects Releases Wiki Activity
c52f1faba0
sapling/eden/fs/takeover/TakeoverData.h

224 lines
6.3 KiB
C
Raw Normal View History

initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/*
update license headers in C++ files Summary: Update the copyright & license headers in C++ files to reflect the relicensing to GPLv2 Reviewed By: wez Differential Revision: D15487078 fbshipit-source-id: 19f24c933a64ecad0d3a692d0f8d2a38b4194b1d
2019-06-20 02:58:25 +03:00
* Copyright (c) Facebook, Inc. and its affiliates.
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
*
update license headers in C++ files Summary: Update the copyright & license headers in C++ files to reflect the relicensing to GPLv2 Reviewed By: wez Differential Revision: D15487078 fbshipit-source-id: 19f24c933a64ecad0d3a692d0f8d2a38b4194b1d
2019-06-20 02:58:25 +03:00
* This software may be used and distributed according to the terms of the
* GNU General Public License version 2.
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
*/
Tidy up license headers Reviewed By: chadaustin Differential Revision: D17872966 fbshipit-source-id: cd60a364a2146f0dadbeca693b1d4a5d7c97ff63
2019-10-11 15:26:59 +03:00
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
#pragma once
#include <folly/File.h>
#include <folly/futures/Promise.h>
#include <memory>
folly::Optional -> std::optional Summary: Eden's on C++17 so fully cross the rubicon! Reviewed By: strager Differential Revision: D10498169 fbshipit-source-id: 90ef7e575db7b9a6f80f818cc9a8e2988bbdca7a
2018-10-24 04:48:38 +03:00
#include <optional>
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
#include <vector>
build: compile takeover/ on Windows Summary: While the code isn't compiled, this makes the thrift definition available to the rest of the code, eliminating the need for having a stub for SerializedInodeMap on Windows. Reviewed By: genevievehelsel Differential Revision: D23696242 fbshipit-source-id: 8a42dd2ed16887f3b7d161511e07aaa35fd1b968
2020-09-16 22:29:25 +03:00
#include "eden/fs/takeover/gen-cpp2/takeover_types.h"
mount: unify EdenMount::initialize Summary: Next step in unifying the mount path, let's make the initialize the same in Windows and unices. The only difference is now limited to the .eden directory which we will be able to implement once regular users can create symlinks. For the takeover code, the #ifdef is pushed down to the actual code that does it, this allows the rest of the code to not have to bother about Windows vs other platforms. Reviewed By: wez Differential Revision: D21517478 fbshipit-source-id: d40ca2694d23031ff98e319071e610efa306008f
2020-05-15 23:12:55 +03:00
#include "eden/fs/utils/PathFuncs.h"
#ifndef _WIN32
connect the fuse device information to the takeover data Summary: This adds some plumbing to thread the fuse device descriptor and negotiated capabilities through to the takeover code. I initially wanted to just make the unmount future yield the device descriptor, but since that uses `SharedPromise` it is not compatible with a move-only type like `folly:File`, so I added an optional promise to deal with just that. I'm also populating the takeover mount information (path, bind mounts) for each mount point. Reviewed By: simpkins Differential Revision: D6494509 fbshipit-source-id: a90684292dc1d8e06ce2c0721eadd8d393377f33
2018-01-10 09:00:50 +03:00
#include "eden/fs/fuse/FuseTypes.h"
mount: unify EdenMount::initialize Summary: Next step in unifying the mount path, let's make the initialize the same in Windows and unices. The only difference is now limited to the .eden directory which we will be able to implement once regular users can create symlinks. For the takeover code, the #ifdef is pushed down to the actual code that does it, this allows the rest of the code to not have to bother about Windows vs other platforms. Reviewed By: wez Differential Revision: D21517478 fbshipit-source-id: d40ca2694d23031ff98e319071e610efa306008f
2020-05-15 23:12:55 +03:00
#endif
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
namespace folly {
class IOBuf;
class exception_wrapper;
} // namespace folly
namespace facebook {
namespace eden {
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
// Holds the versions supported by this build.
extern const std::set<int32_t> kSupportedTakeoverVersions;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
* TakeoverData contains the data exchanged between processes during
* graceful mount point takeover.
*/
class TakeoverData {
public:
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
enum : int32_t {
// The list of possible versions supported by the client
// and server in this build of the code. If/when we
// bump the version we will retain support for the prior
// version in both the client and server in order to
// allow rolling back a new build.
// This is a protocol version that we will never support.
// It is included in this enum to reserve it and so that
// we can use it in tests
kTakeoverProtocolVersionNeverSupported = 0,
// This is the protocol version supported by eden just prior
// to this protocol versioning code being written
kTakeoverProtocolVersionOne = 1,
add thrift takeover serialization Summary: This adds version 3 nee 2 of the takeover serialization, which uses thrift to represent the data. Even though it is logically version 2 I'm naming it version 3 because we're taking advantage of the MessageType values from Version 1 which allowed numerical values 1 or 2 to represent different data types. In this diff we now formalize that first word as the protocol version and to avoid ambiguity are starting the new version value at 3. I did briefly consider using the name Version2 to refer to this and setting the value in the enum to 3, but I didn't want to become known for API hate crimes against my fellow engineers. Reviewed By: simpkins Differential Revision: D6733406 fbshipit-source-id: e2067365e4e8b388490440fd73ab504544011846
2018-01-31 01:16:06 +03:00
// This version introduced thrift encoding of the takeover structures.
// It is nominally version 2 but named 3 here because VersionOne
// responses don't include a version header, but do always respond
// with either a word set to either 1 or 2. To disambiguate things
// we want to use word value 3 to indicate this new protocol, but
// naming the symbol Version3 and assigning it the value 3 seemed
// like too much of a headache, so we simply skip over using
// version 2 to describe this next one.
kTakeoverProtocolVersionThree = 3,
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
// This version introduced an additonal handshake before taking over
// that is sent after the TakeoverData is ready but before actually
// sending it. This is in order to make sure we only send the data if
// the new process is healthy and able to receive, because otherwise
// we would want to recover ourselves. While this does not change
// the actual data format of the TakeoverData, it does change the
// number of sends/receives, and this additional handshake would
// break a server with this extra handshake talking to a client
// without it
kTakeoverProtocolVersionFour = 4,
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
};
// Given a set of versions provided by a client, find the largest
// version that is also present in the provided set of supported
// versions.
folly::Optional -> std::optional Summary: Eden's on C++17 so fully cross the rubicon! Reviewed By: strager Differential Revision: D10498169 fbshipit-source-id: 90ef7e575db7b9a6f80f818cc9a8e2988bbdca7a
2018-10-24 04:48:38 +03:00
static std::optional<int32_t> computeCompatibleVersion(
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
const std::set<int32_t>& versions,
const std::set<int32_t>& supported = kSupportedTakeoverVersions);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
struct MountInfo {
MountInfo(
add client configuration path to TakeoverData Summary: This fulfils a TODO but doesn't do anything useful with that data at this time. Reviewed By: simpkins Differential Revision: D6552750 fbshipit-source-id: 0c441fd0c2ab43785b4d98c4ca6ff643a20629e0
2018-01-10 09:00:52 +03:00
AbsolutePathPiece mountPath,
AbsolutePathPiece stateDirectory,
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
const std::vector<AbsolutePath>& bindMountPaths,
connect the fuse device information to the takeover data Summary: This adds some plumbing to thread the fuse device descriptor and negotiated capabilities through to the takeover code. I initially wanted to just make the unmount future yield the device descriptor, but since that uses `SharedPromise` it is not compatible with a move-only type like `folly:File`, so I added an optional promise to deal with just that. I'm also populating the takeover mount information (path, bind mounts) for each mount point. Reviewed By: simpkins Differential Revision: D6494509 fbshipit-source-id: a90684292dc1d8e06ce2c0721eadd8d393377f33
2018-01-10 09:00:50 +03:00
folly::File fd,
win: remove fuse_init_out from Stub.h Summary: With this gone, we will be able to rename and move Stub.h outside of the win directory. Reviewed By: genevievehelsel Differential Revision: D23696243 fbshipit-source-id: ea05b10951fa38a77ce38cd6a09a293364dbeec9
2020-09-16 22:29:25 +03:00
#ifndef _WIN32
serialize FileHandleMap into TakeoverData Summary: This puts the data into the takeover information during takeover shutdown, but doesn't do anything to pull it out again (that will be in a follow on diff). The serialization stuff could be done a little bit more efficiently (since we will perform an extra thrift serialization step just to compute the length, and repeat it again later), but we're planning on replacing this with thrift serializing soon, once simpkins diff stack lands, so I'm not losing sleep over it. Reviewed By: simpkins Differential Revision: D6668846 fbshipit-source-id: e6d01428bd506a9e93b427db499770fce0a0983a
2018-01-10 09:00:53 +03:00
fuse_init_out connInfo,
win: remove fuse_init_out from Stub.h Summary: With this gone, we will be able to rename and move Stub.h outside of the win directory. Reviewed By: genevievehelsel Differential Revision: D23696243 fbshipit-source-id: ea05b10951fa38a77ce38cd6a09a293364dbeec9
2020-09-16 22:29:25 +03:00
#endif
serialize the InodeMap Summary: this isn't how we really want to do this long term, it's just the most expedient short term implementation. This diff provides an implementation of the `InodeMap::save()` which was previously a stub method; the new implementation returns a thrift structure that encompasses the unloaded inodes in the map, and adds a corresponding load() method that performs the reverse transformation. The struct is serialized into the Takeover data. This diff doesn't hook up the real serialized data to EdenServer; that will happen in a follow-on diff. The way that we actually want to handle this longer term is to store the `numFuseReferences` field into the overlay file on disk, but to do so we will need to add a mountGeneration field alongside it and ensure that we always write out the correct information at the correct times. In addition, we'd need to add equivalent data to TreeInode::Entry and add accessors that safely return the correct values in the correct situations. In the interest of getting something working, I've just dumped this code in here. I've also placed the thrift structure for this in `fuse/handlemap.thrift`; this is a slight layering violation but one that feels "OK" in light of the imminent refactor of the Takeover data struct to be its own thrift struct anyway. Reviewed By: simpkins Differential Revision: D6670904 fbshipit-source-id: 11a0918954c741935c587e46fcb0e38849010de1
2018-01-10 09:00:56 +03:00
SerializedInodeMap&& inodeMap)
add client configuration path to TakeoverData Summary: This fulfils a TODO but doesn't do anything useful with that data at this time. Reviewed By: simpkins Differential Revision: D6552750 fbshipit-source-id: 0c441fd0c2ab43785b4d98c4ca6ff643a20629e0
2018-01-10 09:00:52 +03:00
: mountPath{mountPath},
stateDirectory{stateDirectory},
connect the fuse device information to the takeover data Summary: This adds some plumbing to thread the fuse device descriptor and negotiated capabilities through to the takeover code. I initially wanted to just make the unmount future yield the device descriptor, but since that uses `SharedPromise` it is not compatible with a move-only type like `folly:File`, so I added an optional promise to deal with just that. I'm also populating the takeover mount information (path, bind mounts) for each mount point. Reviewed By: simpkins Differential Revision: D6494509 fbshipit-source-id: a90684292dc1d8e06ce2c0721eadd8d393377f33
2018-01-10 09:00:50 +03:00
bindMounts{bindMountPaths},
fuseFD{std::move(fd)},
win: remove fuse_init_out from Stub.h Summary: With this gone, we will be able to rename and move Stub.h outside of the win directory. Reviewed By: genevievehelsel Differential Revision: D23696243 fbshipit-source-id: ea05b10951fa38a77ce38cd6a09a293364dbeec9
2020-09-16 22:29:25 +03:00
#ifndef _WIN32
serialize FileHandleMap into TakeoverData Summary: This puts the data into the takeover information during takeover shutdown, but doesn't do anything to pull it out again (that will be in a follow on diff). The serialization stuff could be done a little bit more efficiently (since we will perform an extra thrift serialization step just to compute the length, and repeat it again later), but we're planning on replacing this with thrift serializing soon, once simpkins diff stack lands, so I'm not losing sleep over it. Reviewed By: simpkins Differential Revision: D6668846 fbshipit-source-id: e6d01428bd506a9e93b427db499770fce0a0983a
2018-01-10 09:00:53 +03:00
connInfo{connInfo},
win: remove fuse_init_out from Stub.h Summary: With this gone, we will be able to rename and move Stub.h outside of the win directory. Reviewed By: genevievehelsel Differential Revision: D23696243 fbshipit-source-id: ea05b10951fa38a77ce38cd6a09a293364dbeec9
2020-09-16 22:29:25 +03:00
#endif
inodeMap{std::move(inodeMap)} {
}
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
add client configuration path to TakeoverData Summary: This fulfils a TODO but doesn't do anything useful with that data at this time. Reviewed By: simpkins Differential Revision: D6552750 fbshipit-source-id: 0c441fd0c2ab43785b4d98c4ca6ff643a20629e0
2018-01-10 09:00:52 +03:00
AbsolutePath mountPath;
AbsolutePath stateDirectory;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
std::vector<AbsolutePath> bindMounts;
folly::File fuseFD;
win: remove fuse_init_out from Stub.h Summary: With this gone, we will be able to rename and move Stub.h outside of the win directory. Reviewed By: genevievehelsel Differential Revision: D23696243 fbshipit-source-id: ea05b10951fa38a77ce38cd6a09a293364dbeec9
2020-09-16 22:29:25 +03:00
#ifndef _WIN32
connect the fuse device information to the takeover data Summary: This adds some plumbing to thread the fuse device descriptor and negotiated capabilities through to the takeover code. I initially wanted to just make the unmount future yield the device descriptor, but since that uses `SharedPromise` it is not compatible with a move-only type like `folly:File`, so I added an optional promise to deal with just that. I'm also populating the takeover mount information (path, bind mounts) for each mount point. Reviewed By: simpkins Differential Revision: D6494509 fbshipit-source-id: a90684292dc1d8e06ce2c0721eadd8d393377f33
2018-01-10 09:00:50 +03:00
fuse_init_out connInfo;
win: remove fuse_init_out from Stub.h Summary: With this gone, we will be able to rename and move Stub.h outside of the win directory. Reviewed By: genevievehelsel Differential Revision: D23696243 fbshipit-source-id: ea05b10951fa38a77ce38cd6a09a293364dbeec9
2020-09-16 22:29:25 +03:00
#endif
serialize the InodeMap Summary: this isn't how we really want to do this long term, it's just the most expedient short term implementation. This diff provides an implementation of the `InodeMap::save()` which was previously a stub method; the new implementation returns a thrift structure that encompasses the unloaded inodes in the map, and adds a corresponding load() method that performs the reverse transformation. The struct is serialized into the Takeover data. This diff doesn't hook up the real serialized data to EdenServer; that will happen in a follow-on diff. The way that we actually want to handle this longer term is to store the `numFuseReferences` field into the overlay file on disk, but to do so we will need to add a mountGeneration field alongside it and ensure that we always write out the correct information at the correct times. In addition, we'd need to add equivalent data to TreeInode::Entry and add accessors that safely return the correct values in the correct situations. In the interest of getting something working, I've just dumped this code in here. I've also placed the thrift structure for this in `fuse/handlemap.thrift`; this is a slight layering violation but one that feels "OK" in light of the imminent refactor of the Takeover data struct to be its own thrift struct anyway. Reviewed By: simpkins Differential Revision: D6670904 fbshipit-source-id: 11a0918954c741935c587e46fcb0e38849010de1
2018-01-10 09:00:56 +03:00
SerializedInodeMap inodeMap;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
};
/**
* Serialize the TakeoverData into a buffer that can be sent to a remote
* process.
*
* This includes all data except for file descriptors. The file descriptors
* must be sent separately.
*/
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
folly::IOBuf serialize(int32_t protocolVersion);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
* Serialize an exception.
*/
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
static folly::IOBuf serializeError(
int32_t protocolVersion,
const folly::exception_wrapper& ew);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
/**
* Create a ping to send.
*/
static folly::IOBuf serializePing();
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
* Deserialize the TakeoverData from a buffer.
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
*/
add thrift takeover serialization Summary: This adds version 3 nee 2 of the takeover serialization, which uses thrift to represent the data. Even though it is logically version 2 I'm naming it version 3 because we're taking advantage of the MessageType values from Version 1 which allowed numerical values 1 or 2 to represent different data types. In this diff we now formalize that first word as the protocol version and to avoid ambiguity are starting the new version value at 3. I did briefly consider using the name Version2 to refer to this and setting the value in the enum to 3, but I didn't want to become known for API hate crimes against my fellow engineers. Reviewed By: simpkins Differential Revision: D6733406 fbshipit-source-id: e2067365e4e8b388490440fd73ab504544011846
2018-01-31 01:16:06 +03:00
static TakeoverData deserialize(folly::IOBuf* buf);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
/**
* Checks to see if a message is of type PING
*/
static bool isPing(const folly::IOBuf* buf);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
* The main eden lock file that prevents two edenfs processes from running at
* the same time.
*/
folly::File lockFile;
send the thrift server socket during graceful takeover Summary: Update the TakeoverData to also include the thrift server socket. Also update EdenServer to set this field when performing a takeover shutdown. Reviewed By: bolinfest Differential Revision: D6038945 fbshipit-source-id: 725faa431b3b55d617ef645c8a7eae080e4fe066
2017-11-20 02:18:31 +03:00
/**
* The thrift server socket.
*/
folly::File thriftSocket;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
* The list of mount points.
*/
std::vector<MountInfo> mountPoints;
/**
* The takeoverComplete promise will be fulfilled by the TakeoverServer code
* once the TakeoverData has been sent to the remote process.
*/
add EdenServer recovery step and recover after failed takeover data send handshake Summary: * This adds a `EdenServer::recover()` method to start back up on unsuccessful takeover data send. * On an unsuccessful ping, filfill the `shutdownPromise` with a `TakeoverSendError` continaing the constructed `TakeoverData`. After this `recover` function is called, `takeoverPromise_` is reset, `takeoverShutdown` is set to `false`, and the `runningState_` is set to `RUNNING`. With taking over from the returned `TakeoverData`, the user will not encounter `Transport not connected` errors on recovery. * This adds a `EdenServer::closeStorage()` method to defer closing the `backingStore_` and `localStore_` until after our ready handshake is successful. * This defers the shutdown of the `PrivHelper` until a successful ready handshake. I also update the takeover documentation here with the new logic (and fix some formatting issues) Reviewed By: simpkins Differential Revision: D20433433 fbshipit-source-id: f59e660922674d281957e80aee5049735b901a2c
2020-04-07 19:50:06 +03:00
folly::Promise<std::optional<TakeoverData>> takeoverComplete;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
private:
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
/**
* Serialize data using version 1 of the takeover protocol.
*/
add thrift takeover serialization Summary: This adds version 3 nee 2 of the takeover serialization, which uses thrift to represent the data. Even though it is logically version 2 I'm naming it version 3 because we're taking advantage of the MessageType values from Version 1 which allowed numerical values 1 or 2 to represent different data types. In this diff we now formalize that first word as the protocol version and to avoid ambiguity are starting the new version value at 3. I did briefly consider using the name Version2 to refer to this and setting the value in the enum to 3, but I didn't want to become known for API hate crimes against my fellow engineers. Reviewed By: simpkins Differential Revision: D6733406 fbshipit-source-id: e2067365e4e8b388490440fd73ab504544011846
2018-01-31 01:16:06 +03:00
folly::IOBuf serializeVersion1();
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
/**
* Serialize an exception using version 1 of the takeover protocol.
*/
add thrift takeover serialization Summary: This adds version 3 nee 2 of the takeover serialization, which uses thrift to represent the data. Even though it is logically version 2 I'm naming it version 3 because we're taking advantage of the MessageType values from Version 1 which allowed numerical values 1 or 2 to represent different data types. In this diff we now formalize that first word as the protocol version and to avoid ambiguity are starting the new version value at 3. I did briefly consider using the name Version2 to refer to this and setting the value in the enum to 3, but I didn't want to become known for API hate crimes against my fellow engineers. Reviewed By: simpkins Differential Revision: D6733406 fbshipit-source-id: e2067365e4e8b388490440fd73ab504544011846
2018-01-31 01:16:06 +03:00
static folly::IOBuf serializeErrorVersion1(
const folly::exception_wrapper& ew);
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
/**
* Deserialize the TakeoverData from a buffer using version 1 of the takeover
* protocol.
*/
add thrift takeover serialization Summary: This adds version 3 nee 2 of the takeover serialization, which uses thrift to represent the data. Even though it is logically version 2 I'm naming it version 3 because we're taking advantage of the MessageType values from Version 1 which allowed numerical values 1 or 2 to represent different data types. In this diff we now formalize that first word as the protocol version and to avoid ambiguity are starting the new version value at 3. I did briefly consider using the name Version2 to refer to this and setting the value in the enum to 3, but I didn't want to become known for API hate crimes against my fellow engineers. Reviewed By: simpkins Differential Revision: D6733406 fbshipit-source-id: e2067365e4e8b388490440fd73ab504544011846
2018-01-31 01:16:06 +03:00
static TakeoverData deserializeVersion1(folly::IOBuf* buf);
/**
* Serialize data using version 2 of the takeover protocol.
*/
folly::IOBuf serializeVersion3();
/**
* Serialize an exception using version 2 of the takeover protocol.
*/
static folly::IOBuf serializeErrorVersion3(
const folly::exception_wrapper& ew);
/**
* Deserialize the TakeoverData from a buffer using version 2 of the takeover
* protocol.
*/
static TakeoverData deserializeVersion3(folly::IOBuf* buf);
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
* Message type values.
* If we ever need to include more information in the takeover data in the
* future we can do so by adding new message types here, and deprecating the
* older formats once we have upgraded all servers to use the new format.
*/
enum MessageType : uint32_t {
ERROR = 1,
MOUNTS = 2,
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
PING = 3,
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
};
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
/**
* The length of the serialized header.
* This is just a 4-byte message type field.
*/
static constexpr uint32_t kHeaderLength = sizeof(uint32_t);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
};
} // namespace eden
} // namespace facebook
Reference in New Issue Copy Permalink