ctdb-scripts: Avoid connecting to ctdbd in add-client/del-client

rpc.statd runs statd-callout as a non-root user, which is currently
hacked around using some sudo logic that fails to work in some
contexts (e.g. in a container).

Use $CTDB_MY_PUBLIC_IPS_CACHE to access the node's currently assigned
public IPs, for add-client/del-client.  This avoids connecting to
ctdbd when called from rpc.statd.

Also, use $CTDB_MY_PUBLIC_IPS_CACHE in other places where it makes
sense.

Connections to ctdbd are still made in the "notify" action, but this
is always run as root.

In the test code, set the PNN after public addresses setup so that the
cache of assigned IPs correctly initialised.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout
index d23d123e177b81ce9372a5329086811b33b08a6c..cf03eeee801072e41251b7cc8466dd601045df29 100755 (executable)
--- a/ctdb/config/statd-callout
+++ b/ctdb/config/statd-callout
@@ -57,8 +57,6 @@ statd_callout_state_dir="${script_state_dir}/statd-callout"
 statd_callout_db="ctdb.tdb"
 statd_callout_queue_dir="${statd_callout_state_dir}/queue"
 
-pnn=$(ctdb_get_pnn)
-
 ############################################################
 
 send_notifies()
@@ -136,32 +134,22 @@ add-client)
        # we must add it to all the IPs that we serve
        cip="$2"
        date=$(date '+%s')
-       # x is intentionally ignored
-       # shellcheck disable=SC2034
-       $CTDB ip -X |
-               tail -n +2 |
-               while IFS="|" read -r x sip node x; do
-                       [ "$node" = "$pnn" ] || continue # not us
-                       key="statd-state@${sip}@${cip}"
-                       file="${statd_callout_queue_dir}/${key}"
-                       echo "\"${key}\" \"${date}\"" >"$file"
-               done
+       while read -r sip; do
+               key="statd-state@${sip}@${cip}"
+               file="${statd_callout_queue_dir}/${key}"
+               echo "\"${key}\" \"${date}\"" >"$file"
+       done <"$CTDB_MY_PUBLIC_IPS_CACHE"
        ;;
 
 del-client)
        # statd does not tell us from which IP the client disconnected
        # so we must add it to all the IPs that we serve
        cip="$2"
-       # x is intentionally ignored
-       # shellcheck disable=SC2034
-       $CTDB ip -X |
-               tail -n +2 |
-               while IFS="|" read -r x sip node x; do
-                       [ "$node" = "$pnn" ] || continue # not us
-                       key="statd-state@${sip}@${cip}"
-                       file="${statd_callout_queue_dir}/${key}"
-                       echo "\"${key}\" \"\"" >"$file"
-               done
+       while read -r sip; do
+               key="statd-state@${sip}@${cip}"
+               file="${statd_callout_queue_dir}/${key}"
+               echo "\"${key}\" \"\"" >"$file"
+       done <"$CTDB_MY_PUBLIC_IPS_CACHE"
        ;;
 
 update)
@@ -172,13 +160,9 @@ update)
                # No files!
                exit 0
        fi
-       # Filter out lines for any IP addresses that are not currently
-       # hosted public IP addresses.
-       ctdb_ips=$($CTDB ip | tail -n +2)
-       sed_expr=$(echo "$ctdb_ips" |
-               awk -v pnn="$pnn" 'pnn == $2 {
-                ip = $1; gsub(/\./, "\\.", ip);
-                printf "/statd-state@%s@/p\n", ip }')
+       sed_expr=$(awk '{
+               ip = $1; gsub(/\./, "\\.", ip);
+               printf "/statd-state@%s@/p\n", ip }' "$CTDB_MY_PUBLIC_IPS_CACHE")
        # Intentional multi-word expansion for multiple files
        # shellcheck disable=SC2086
        items=$(sed -n "$sed_expr" $files)
@@ -250,11 +234,10 @@ notify)
        # Construct a sed expression to take catdb output and produce pairs of:
        #   server-IP client-IP
        # but only for the server-IPs that are hosted on this node.
-       ctdb_all_ips=$($CTDB ip all | tail -n +2)
-       sed_expr=$(echo "$ctdb_all_ips" |
-               awk -v pnn="$pnn" 'pnn == $2 {
-                ip = $1; gsub(/\./, "\\.", ip);
-                printf "s/^key.*=.*statd-state@\\(%s\\)@\\([^\"]*\\).*/\\1 \\2/p\n", ip }')
+       sed_expr=$(awk '{
+                      ip = $1; gsub(/\./, "\\.", ip);
+                      printf "s/^key.*=.*statd-state@\\(%s\\)@\\([^\"]*\\).*/\\1 \\2/p\n", ip }' \
+                              "$CTDB_MY_PUBLIC_IPS_CACHE")
 
        statd_state=$($CTDB catdb "$statd_callout_db" |
                sed -n "$sed_expr" |
@@ -267,7 +250,9 @@ notify)
        # Remove any stale touch files (i.e. for IPs not currently
        # hosted on this node and created since the last "update").
        # There's nothing else we can do with them at this stage.
-       echo "$ctdb_all_ips" |
+       pnn=$(ctdb_get_pnn)
+       $CTDB ip all |
+               tail -n +2 |
                awk -v pnn="$pnn" 'pnn != $2 { print $1 }' |
                while read -r sip; do
                        rm -f "${statd_callout_queue_dir}/statd-state@${sip}@"*

diff --git a/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh b/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
index e966cb4bf58ee10cf1898ccf44d020364a19c576..1c65c2f98accb9d6cb6bb8032383ff26c2208370 100644 (file)
--- a/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
+++ b/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
@@ -1,7 +1,7 @@
 setup()
 {
-       ctdb_set_pnn
        setup_public_addresses
+       ctdb_set_pnn
        setup_date "123456789"
 }