diff --git a/extra/dist/tarantoolctl b/extra/dist/tarantoolctl
index 0011525a0c02788d581887d80fc58f36fad962ac..0fd78576b89c76808a4f17c446e34634bc173fae 100755
--- a/extra/dist/tarantoolctl
+++ b/extra/dist/tarantoolctl
@@ -103,6 +103,8 @@ local socket = require 'socket'
local ffi = require 'ffi'
local os = require 'os'
local fiber = require 'fiber'
+local digest = require 'digest'
+local urilib = require 'uri'
ffi.cdef[[ int kill(int pid, int sig); ]]
@@ -291,6 +293,21 @@ local function mkdir(dirname)
end
end
+local function read_file(filename)
+ local file = fio.open(filename, {'O_RDONLY'})
+ local buf = {}
+ local i = 1
+
+ while true do
+ buf[i] = file:read(1024)
+ if buf[i] == '' then
+ break
+ end
+ i = i + 1
+ end
+ return table.concat(buf)
+end
+
function mk_default_dirs(cfg)
-- create pid_dir
pid_dir = fio.dirname(cfg.pid_file)
@@ -495,17 +512,35 @@ elseif cmd == 'status' then
print(instance_name .. ' is running (pid:' .. default_cfg.pid_file .. ')')
os.exit(0)
elseif cmd == 'reload' then
- if arg[1] == nil then
+ local filename = arg[1]
+ if filename == nil then
log.error("Usage: tarantoolctl reload instance_name file.lua")
os.exit(1)
end
- if fio.stat(arg[1]) == nil then
+ if fio.stat(filename) == nil then
if errno() == errno.ENOENT then
- print(arg[1] .. ': file not found')
+ print(filename .. ': file not found')
os.exit(1)
end
end
- dofile(arg[1])
+ content = digest.base64_encode(read_file(filename))
+
+ if fio.stat(console_sock) == nil then
+ log.warn("pid file exists, but the control socket (%s) doesn't",
+ console_sock)
+ os.exit(2)
+ end
+
+ local u = urilib.parse(console_sock)
+ local remote = require('net.box'):new(u.host, u.service,
+ { user = u.login, password = u.password })
+ local code = string.format(
+ 'loadstring(require("digest").base64_decode([[%s]]))()',
+ content
+ )
+ remote:console(code)
+
+ os.exit(0)
else
log.error("Unknown command '%s'", cmd)
os.exit(-1)
diff --git a/src/box/box.cc b/src/box/box.cc
index d151548230abd90ea208bcd90a7333794f5c90aa..fb83de3f3bb0c4da41aa466f17bc86dc9db40989 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -456,14 +456,14 @@ box_init(void)
/* Initialize a new replica */
engine_begin_join();
replica_bootstrap(recovery);
- int64_t checkpoint_id = vclock_signature(&recovery->vclock);
+ int64_t checkpoint_id = vclock_sum(&recovery->vclock);
engine_checkpoint(checkpoint_id);
} else {
/* Initialize the first server of a new cluster */
recovery_bootstrap(recovery);
box_set_cluster_uuid();
box_set_server_uuid();
- int64_t checkpoint_id = vclock_signature(&recovery->vclock);
+ int64_t checkpoint_id = vclock_sum(&recovery->vclock);
engine_checkpoint(checkpoint_id);
}
fiber_gc();
@@ -518,7 +518,7 @@ int
box_snapshot()
{
/* create snapshot file */
- int64_t checkpoint_id = vclock_signature(&recovery->vclock);
+ int64_t checkpoint_id = vclock_sum(&recovery->vclock);
return engine_checkpoint(checkpoint_id);
}
diff --git a/src/box/errcode.h b/src/box/errcode.h
index fc4966ca936779b8a32110ce807c0279afd75dc1..68f770db0715b47ceec4e50ba4909223b34a2bd3 100644
--- a/src/box/errcode.h
+++ b/src/box/errcode.h
@@ -149,6 +149,7 @@ struct errcode_record {
/* 95 */_(ER_UPDATE_INTEGER_OVERFLOW, 2, "Integer overflow when performing '%c' operation on field %u") \
/* 96 */_(ER_GUEST_USER_PASSWORD, 2, "Setting password for guest user has no effect") \
/* 97 */_(ER_TRANSACTION_CONFLICT, 2, "Transaction has been aborted by conflict") \
+ /* 98 */_(ER_UNSUPPORTED_ROLE_PRIV, 2, "Unsupported role privilege '%s'") \
/*
* !IMPORTANT! Please follow instructions at start of the file
diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index d083db824187029bfa35ab08bf712a90af8f75d2..73da4e7e312d1bca6872a2c86015a3a05f8d2000 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -891,6 +891,14 @@ local function privilege_resolve(privilege)
return numeric
end
+local function checked_privilege(privilege, object_type)
+ local priv_hex = privilege_resolve(privilege)
+ if object_type == 'role' and priv_hex ~= 4 then
+ box.error(box.error.UNSUPPORTED_ROLE_PRIV, privilege)
+ end
+ return priv_hex
+end
+
local function privilege_name(privilege)
local names = {}
if bit.band(privilege, 1) ~= 0 then
@@ -1092,13 +1100,10 @@ local function grant(uid, name, privilege, object_type,
-- named 'execute'
object_type = 'role'
object_name = privilege
- end
- -- sanitize privilege type for role object type
- if object_type == 'role' then
privilege = 'execute'
end
+ local privilege_hex = checked_privilege(privilege, object_type)
- privilege_hex = privilege_resolve(privilege)
local oid = object_resolve(object_type, object_name)
if options == nil then
options = {}
@@ -1142,10 +1147,10 @@ local function revoke(uid, name, privilege, object_type, object_name, options)
if object_name == nil and object_type == nil then
object_type = 'role'
object_name = privilege
- -- revoke everything possible from role,
- -- to prevent stupid mistakes with privilege name
- privilege = 'read,write,execute'
+ privilege = 'execute'
end
+ local privilege_hex = checked_privilege(privilege, object_type)
+
if options == nil then
options = {}
end
@@ -1166,16 +1171,15 @@ local function revoke(uid, name, privilege, object_type, object_name, options)
object_type, object_name)
end
end
- privilege = privilege_resolve(privilege)
local old_privilege = tuple[5]
local grantor = tuple[1]
-- sic:
-- a user may revoke more than he/she granted
-- (erroneous user input)
--
- privilege = bit.band(old_privilege, bit.bnot(privilege))
- if privilege ~= 0 then
- _priv:replace{grantor, uid, object_type, oid, privilege}
+ privilege_hex = bit.band(old_privilege, bit.bnot(privilege_hex))
+ if privilege_hex ~= 0 then
+ _priv:replace{grantor, uid, object_type, oid, privilege_hex}
else
_priv:delete{uid, object_type, oid}
end
diff --git a/src/box/memtx_engine.cc b/src/box/memtx_engine.cc
index bd905a1ee0e5f00ea96509a5175af850e4e6ee68..8647dadd432dec12f366249e0c13b2e262705215 100644
--- a/src/box/memtx_engine.cc
+++ b/src/box/memtx_engine.cc
@@ -267,7 +267,7 @@ recover_snap(struct recovery_state *r)
*/
if (res == NULL)
tnt_raise(ClientError, ER_MISSING_SNAPSHOT);
- int64_t signature = vclock_signature(res);
+ int64_t signature = vclock_sum(res);
struct xlog *snap = xlog_open(&r->snap_dir, signature);
auto guard = make_scoped_guard([=]{
diff --git a/src/box/recovery.cc b/src/box/recovery.cc
index 1333f19d681c5ca397b4523dd790be6bafcfc39f..95c2bcaf1c062c22ef43a72fecab7e596219c564 100644
--- a/src/box/recovery.cc
+++ b/src/box/recovery.cc
@@ -169,7 +169,6 @@ recovery_new(const char *snap_dirname, const char *wal_dirname,
r->apply_row = apply_row;
r->apply_row_param = apply_row_param;
- r->signature = -1;
r->snap_io_rate_limit = UINT64_MAX;
xdir_create(&r->snap_dir, snap_dirname, SNAP, &r->server_uuid);
@@ -221,6 +220,14 @@ recovery_setup_panic(struct recovery_state *r, bool on_snap_error,
static inline void
recovery_close_log(struct recovery_state *r)
{
+ if (r->current_wal == NULL)
+ return;
+ if (r->current_wal->eof_read) {
+ say_info("done `%s'", r->current_wal->filename);
+ } else {
+ say_warn("file `%s` wasn't correctly closed",
+ r->current_wal->filename);
+ }
xlog_close(r->current_wal);
r->current_wal = NULL;
}
@@ -263,13 +270,12 @@ recovery_apply_row(struct recovery_state *r, struct xrow_header *row)
r->apply_row(r, r->apply_row_param, row);
}
-#define LOG_EOF 0
-
/**
- * @retval 0 OK, read full xlog.
- * @retval 1 OK, read some but not all rows, or no EOF marker
+ * Read all rows in a file starting from the last position.
+ * Advance the position. If end of file is reached,
+ * set l.eof_read.
*/
-int
+void
recover_xlog(struct recovery_state *r, struct xlog *l)
{
struct xlog_cursor i;
@@ -281,6 +287,12 @@ recover_xlog(struct recovery_state *r, struct xlog *l)
});
struct xrow_header row;
+ /*
+ * xlog_cursor_next() returns 1 when
+ * it can not read more rows. This doesn't mean
+ * the file is fully read: it's fully read only
+ * when EOF marker has been read, see i.eof_read
+ */
while (xlog_cursor_next(&i, &row) == 0) {
try {
recovery_apply_row(r, &row);
@@ -301,15 +313,6 @@ recover_xlog(struct recovery_state *r, struct xlog *l)
panic("snapshot `%s' has no EOF marker", l->filename);
}
- /*
- * xlog_cursor_next() returns 1 when
- * it can not read more rows. This doesn't mean
- * the file is fully read: it's fully read only
- * when EOF marker has been read. This is
- * why eof_read is used here to indicate the
- * end of log.
- */
- return !i.eof_read;
}
void
@@ -331,7 +334,8 @@ recovery_bootstrap(struct recovery_state *r)
recover_xlog(r, snap);
}
-/** Find out if there are new .xlog files since the current
+/**
+ * Find out if there are new .xlog files since the current
* LSN, and read them all up.
*
* This function will not close r->current_wal if
@@ -342,75 +346,65 @@ recover_remaining_wals(struct recovery_state *r)
{
xdir_scan(&r->wal_dir);
- struct vclock *last_vclock = vclockset_last(&r->wal_dir.index);
- int64_t last_signature = last_vclock != NULL ?
- vclock_signature(last_vclock) : -1;
+ struct vclock *last = vclockset_last(&r->wal_dir.index);
+ if (last == NULL) {
+ assert(r->current_wal == NULL);
+ /** Nothing to do. */
+ return;
+ }
+ assert(vclockset_next(&r->wal_dir.index, last) == NULL);
+
/* If the caller already opened WAL for us, recover from it first */
- struct vclock *current_vclock;
+ struct vclock *clock;
if (r->current_wal != NULL) {
- current_vclock = &r->current_wal->vclock;
- goto recover_current_wal;
+ clock = vclockset_match(&r->wal_dir.index,
+ &r->current_wal->vclock);
+ if (clock != NULL &&
+ vclock_compare(clock, &r->current_wal->vclock) == 0)
+ goto recover_current_wal;
+ /*
+ * The current WAL has disappeared under our feet -
+ * assume anything can happen in production and go
+ * on.
+ */
+ assert(false);
}
- while (1) {
- current_vclock =
- vclockset_match(&r->wal_dir.index, &r->vclock,
- r->wal_dir.panic_if_error);
- if (current_vclock == NULL)
- break; /* No more WALs */
-
- if (vclock_signature(current_vclock) <= r->signature) {
- if (r->signature == last_signature)
- break;
- say_error("missing xlog between %020lld and %020lld",
- (long long) vclock_signature(current_vclock),
- (long long) last_signature);
- if (r->wal_dir.panic_if_error)
- break;
+ for (clock = vclockset_match(&r->wal_dir.index, &r->vclock);
+ clock != NULL;
+ clock = vclockset_next(&r->wal_dir.index, clock)) {
- /* Ignore missing WALs */
- say_warn("ignoring missing WALs");
- current_vclock = vclockset_next(&r->wal_dir.index,
- current_vclock);
- assert(current_vclock != NULL);
- }
- assert(r->current_wal == NULL);
- try {
- r->current_wal = xlog_open(&r->wal_dir,
- vclock_signature(current_vclock));
- } catch (XlogError *e) {
+ if (vclock_compare(clock, &r->vclock) > 0) {
+ /**
+ * The best clock we could find is
+ * greater or is incomparable with the
+ * current state of recovery.
+ */
+ XlogGapError *e =
+ tnt_error(XlogGapError, &r->vclock, clock);
+
+ if (r->wal_dir.panic_if_error)
+ throw e;
e->log();
- break;
+ /* Ignore missing WALs */
+ say_warn("ignoring a gap in LSN");
}
+ recovery_close_log(r);
+
+ r->current_wal = xlog_open(&r->wal_dir, vclock_sum(clock));
+
say_info("recover from `%s'", r->current_wal->filename);
recover_current_wal:
- r->signature = vclock_signature(current_vclock);
- int result = recover_xlog(r, r->current_wal);
-
- if (result == LOG_EOF) {
- say_info("done `%s'", r->current_wal->filename);
- recovery_close_log(r);
- /* goto find_next_wal; */
- } else if (r->signature == last_signature) {
- /* last file is not finished */
- break;
- } else {
- say_warn("WAL `%s` wasn't correctly closed",
- r->current_wal->filename);
- recovery_close_log(r);
- }
- }
-
- /*
- * It's not a fatal error when last WAL is empty, but if
- * we lose some logs it is a fatal error.
- */
- if (last_signature > r->signature) {
- tnt_raise(XlogError,
- "not all WALs have been successfully read");
+ if (r->current_wal->eof_read == false)
+ recover_xlog(r, r->current_wal);
+ /**
+ * Keep the last log open to remember recovery
+ * position. This speeds up recovery in local hot
+ * standby mode, since we don't have to re-open
+ * and re-scan the last log in recovery_finalize().
+ */
}
-
region_free(&fiber()->gc);
}
@@ -422,15 +416,11 @@ recovery_finalize(struct recovery_state *r, enum wal_mode wal_mode,
recover_remaining_wals(r);
- if (r->current_wal != NULL) {
- say_warn("WAL `%s' wasn't correctly closed",
- r->current_wal->filename);
- recovery_close_log(r);
- }
+ recovery_close_log(r);
if (vclockset_last(&r->wal_dir.index) != NULL &&
- vclock_signature(&r->vclock) ==
- vclock_signature(vclockset_last(&r->wal_dir.index))) {
+ vclock_sum(&r->vclock) ==
+ vclock_sum(vclockset_last(&r->wal_dir.index))) {
/**
* The last log file had zero rows -> bump
* LSN so that we don't stumble over this
@@ -957,8 +947,10 @@ wal_writer_thread(void *worker_args)
ev_async_send(writer->txn_loop, &writer->write_event);
}
(void) tt_pthread_mutex_unlock(&writer->mutex);
- if (r->current_wal != NULL)
- recovery_close_log(r);
+ if (r->current_wal != NULL) {
+ xlog_close(r->current_wal);
+ r->current_wal = NULL;
+ }
return NULL;
}
@@ -975,7 +967,7 @@ wal_write(struct recovery_state *r, struct xrow_header *row)
*/
fill_lsn(r, row);
if (r->wal_mode == WAL_NONE)
- return vclock_signature(&r->vclock);
+ return vclock_sum(&r->vclock);
ERROR_INJECT_RETURN(ERRINJ_WAL_IO);
@@ -1011,7 +1003,7 @@ wal_write(struct recovery_state *r, struct xrow_header *row)
fiber_set_cancellable(cancellable);
if (req->res == -1)
return -1;
- return vclock_signature(&r->vclock);
+ return vclock_sum(&r->vclock);
}
/* }}} */
@@ -1023,7 +1015,7 @@ recovery_last_checkpoint(struct recovery_state *r)
{
/* recover last snapshot lsn */
struct vclock *vclock = vclockset_last(&r->snap_dir.index);
- return vclock ? vclock_signature(vclock) : -1;
+ return vclock ? vclock_sum(vclock) : -1;
}
/* }}} */
diff --git a/src/box/recovery.h b/src/box/recovery.h
index 93c5c2eb7e942d83b1960260965d0c7a89e7792e..9aae1746b39b3d230102869f77f8fdc222936587 100644
--- a/src/box/recovery.h
+++ b/src/box/recovery.h
@@ -85,8 +85,6 @@ struct recovery_state {
struct xlog *current_wal;
struct xdir snap_dir;
struct xdir wal_dir;
- /** Used to find missing xlog files */
- int64_t signature;
struct wal_writer *writer;
/**
* This is used in local hot standby or replication
@@ -132,7 +130,7 @@ recovery_has_data(struct recovery_state *r)
vclockset_first(&r->wal_dir.index) != NULL;
}
void recovery_bootstrap(struct recovery_state *r);
-int
+void
recover_xlog(struct recovery_state *r, struct xlog *l);
void recovery_follow_local(struct recovery_state *r,
const char *name,
diff --git a/src/box/sophia_engine.cc b/src/box/sophia_engine.cc
index dac9e99ab48a9157b26a40e954f92c52801926d8..6bccf5578505147d0a1a289b0d11bbf6cd50bbe1 100644
--- a/src/box/sophia_engine.cc
+++ b/src/box/sophia_engine.cc
@@ -165,7 +165,7 @@ SophiaEngine::join(Relay *relay)
struct vclock *res = vclockset_last(&relay->r->snap_dir.index);
if (res == NULL)
tnt_raise(ClientError, ER_MISSING_SNAPSHOT);
- int64_t signt = vclock_signature(res);
+ int64_t signt = vclock_sum(res);
/* get snapshot object */
char id[128];
diff --git a/src/box/vclock.c b/src/box/vclock.c
index 2d0cfbe08e7e82b853754eec307a67fe2eff9c83..49d62e0d532086e3588cb82a4e0b8a2e8a858212 100644
--- a/src/box/vclock.c
+++ b/src/box/vclock.c
@@ -181,7 +181,7 @@ vclock_from_string(struct vclock *vclock, const char *str)
goto error;
end:
if (*p == '\0') {
- vclock->signature = vclock_sum(vclock);
+ vclock->signature = vclock_calc_sum(vclock);
return 0;
} else if (isblank(*p)) {
++p;
diff --git a/src/box/vclock.h b/src/box/vclock.h
index 6c1eb35f8b5d648b7d4f5f0451ccd5ebd8f046e2..e0cbe1952b93b588afca81195d6fcfd1967da40b 100644
--- a/src/box/vclock.h
+++ b/src/box/vclock.h
@@ -131,7 +131,7 @@ vclock_size(const struct vclock *vclock)
}
static inline int64_t
-vclock_sum(const struct vclock *vclock)
+vclock_calc_sum(const struct vclock *vclock)
{
int64_t sum = 0;
struct vclock_iterator it;
@@ -142,7 +142,7 @@ vclock_sum(const struct vclock *vclock)
}
static inline int64_t
-vclock_signature(const struct vclock *vclock)
+vclock_sum(const struct vclock *vclock)
{
return vclock->signature;
}
@@ -229,17 +229,16 @@ rb_proto(, vclockset_, vclockset_t, struct vclock);
* @return a vclock that <= than \a key
*/
static inline struct vclock *
-vclockset_match(vclockset_t *set, struct vclock *key,
- bool panic_if_error)
+vclockset_match(vclockset_t *set, struct vclock *key)
{
struct vclock *match = vclockset_psearch(set, key);
/**
* vclockset comparator returns 0 for
- * incomparable keys. So the match doesn't have to be
+ * incomparable keys, rendering them equal.
+ * So the match, even when found, is not necessarily
* strictly preceding the search key, it may be
- * incomparable. If this is the case, unwind until
- * we get to a key which is strictly below the search
- * pattern.
+ * incomparable. If this is the case, unwind until we get
+ * to a key which is strictly below the search pattern.
*/
while (match != NULL) {
if (vclock_compare(match, key) <= 0)
@@ -249,10 +248,10 @@ vclockset_match(vclockset_t *set, struct vclock *key,
}
/*
* There is no xlog which is strictly less than the search
- * pattern. Return the fist successor log - it is either
+ * pattern. Return the first log - it is either
* strictly greater, or incomparable with the key.
*/
- return panic_if_error ? NULL: vclockset_first(set);
+ return vclockset_first(set);
}
#if defined(__cplusplus)
@@ -293,7 +292,7 @@ vclock_del_server(struct vclock *vclock, uint32_t server_id)
assert(vclock_has(vclock, server_id));
vclock->lsn[server_id] = 0;
vclock->map &= ~(1 << server_id);
- vclock->signature = vclock_sum(vclock);
+ vclock->signature = vclock_calc_sum(vclock);
}
#endif /* defined(__cplusplus) */
diff --git a/src/box/xlog.cc b/src/box/xlog.cc
index dbe5cc6418d653a7858b4b50bd080f370d400371..2b804114267371b48184f0eb7aaf7379d4dfced4 100644
--- a/src/box/xlog.cc
+++ b/src/box/xlog.cc
@@ -64,6 +64,21 @@ XlogError::XlogError(const char *file, unsigned line,
va_end(ap);
}
+XlogGapError::XlogGapError(const char *file, unsigned line,
+ const struct vclock *from,
+ const struct vclock *to)
+ :XlogError(file, line, "")
+{
+ char *s_from = vclock_to_string(from);
+ char *s_to = vclock_to_string(to);
+ snprintf(m_errmsg, sizeof(m_errmsg),
+ "Missing .xlog file between LSN %lld %s and %lld %s",
+ (long long) vclock_sum(from), s_from ? s_from : "",
+ (long long) vclock_sum(to), s_to ? s_to : "");
+ free(s_from);
+ free(s_to);
+}
+
/* {{{ struct xdir */
void
@@ -290,7 +305,7 @@ xdir_scan(struct xdir *dir)
struct vclock *vclock = vclockset_first(&dir->index);
int i = 0;
while (i < s_count || vclock != NULL) {
- int64_t s_old = vclock ? vclock_signature(vclock) : LLONG_MAX;
+ int64_t s_old = vclock ? vclock_sum(vclock) : LLONG_MAX;
int64_t s_new = i < s_count ? signatures[i] : LLONG_MAX;
if (s_old < s_new) {
/** Remove a deleted file from the index */
@@ -465,6 +480,7 @@ xlog_cursor_close(struct xlog_cursor *i)
{
struct xlog *l = i->log;
l->rows += i->row_count;
+ l->eof_read = i->eof_read;
/*
* Since we don't close the xlog
* we must rewind it to the last known
@@ -764,7 +780,7 @@ xlog_read_meta(struct xlog *l, int64_t signature)
* the sum of vector clock coordinates must be the same
* as the name of the file.
*/
- int64_t signature_check = vclock_signature(&l->vclock);
+ int64_t signature_check = vclock_sum(&l->vclock);
if (signature_check != signature) {
tnt_raise(XlogError, "%s: signature check failed",
l->filename);
@@ -796,6 +812,7 @@ xlog_open_stream(struct xdir *dir, int64_t signature, FILE *file, const char *fi
l->mode = LOG_READ;
l->dir = dir;
l->is_inprogress = false;
+ l->eof_read = false;
vclock_create(&l->vclock);
xlog_read_meta(l, signature);
@@ -847,7 +864,7 @@ xlog_create(struct xdir *dir, const struct vclock *vclock)
FILE *f = NULL;
struct xlog *l = NULL;
- int64_t signature = vclock_signature(vclock);
+ int64_t signature = vclock_sum(vclock);
assert(signature >= 0);
assert(!tt_uuid_is_nil(dir->server_uuid));
@@ -884,6 +901,8 @@ xlog_create(struct xdir *dir, const struct vclock *vclock)
l->mode = LOG_WRITE;
l->dir = dir;
l->is_inprogress = true;
+ /* Makes no sense, but well. */
+ l->eof_read = false;
vclock_copy(&l->vclock, vclock);
setvbuf(l->f, NULL, _IONBF, 0);
if (xlog_write_meta(l) != 0)
diff --git a/src/box/xlog.h b/src/box/xlog.h
index 56b7a5200fdedaaf8b35bf260981e67a53a945ae..8ddea5574212dbf01c4c3799d007188ec1d1ae15 100644
--- a/src/box/xlog.h
+++ b/src/box/xlog.h
@@ -45,6 +45,13 @@ struct XlogError: public Exception
const char *format, ...);
};
+struct XlogGapError: public XlogError
+{
+ XlogGapError(const char *file, unsigned line,
+ const struct vclock *from,
+ const struct vclock *to);
+};
+
/* {{{ log dir */
/**
@@ -182,6 +189,8 @@ struct xlog {
char filename[PATH_MAX + 1];
/** Whether this file has .inprogress suffix. */
bool is_inprogress;
+ /** True if eof has been read when reading the log. */
+ bool eof_read;
/**
* Text file header: server uuid. We read
* only logs with our own uuid, to avoid situations
diff --git a/src/fiber.cc b/src/fiber.cc
index 22c0d12d68924e04711f68779f76e23f46363eb1..f83ce7ac1ab36240c74e100ed2b950be0eb4edaf 100644
--- a/src/fiber.cc
+++ b/src/fiber.cc
@@ -410,7 +410,12 @@ fiber_loop(void *data __attribute__((unused)))
fiber_name(fiber));
say_info("fiber `%s': exiting", fiber_name(fiber));
} catch (Exception *e) {
- e->log();
+ /*
+ * For joinable fibers, it's the business
+ * of the caller to deal with the error.
+ */
+ if (! (fiber->flags & FIBER_IS_JOINABLE))
+ e->log();
} catch (...) {
/* This can only happen in case of a server bug. */
say_error("fiber `%s': unknown exception",
diff --git a/test/box/misc.result b/test/box/misc.result
index e9478633bcce95481d2546de82437c0f11a995f3..a1d7c595988c68d674142099c8f743f89793c585 100644
--- a/test/box/misc.result
+++ b/test/box/misc.result
@@ -253,10 +253,11 @@ t;
- 'box.error.CROSS_ENGINE_TRANSACTION : 81'
- 'box.error.MODIFY_INDEX : 14'
- 'box.error.TUPLE_FOUND : 3'
+ - 'box.error.FIELD_TYPE : 23'
- 'box.error.PASSWORD_MISMATCH : 47'
- 'box.error.TRANSACTION_CONFLICT : 97'
- 'box.error.NO_SUCH_ENGINE : 57'
- - 'box.error.FIELD_TYPE : 23'
+ - 'box.error.UNSUPPORTED_ROLE_PRIV : 98'
- 'box.error.ACCESS_DENIED : 42'
- 'box.error.UPDATE_INTEGER_OVERFLOW : 95'
- 'box.error.LAST_DROP : 15'
diff --git a/test/box/role.result b/test/box/role.result
index fb57098b0d9bf9d1bdccdf307a9a2cc5879ea95b..22ca8e0e2f3b891356707024bde6f4d452f949d1 100644
--- a/test/box/role.result
+++ b/test/box/role.result
@@ -67,11 +67,11 @@ box.schema.user.grant('tester', 'execute', 'role', 'tester')
-- test granting a non-execute grant on a role - error
box.schema.user.grant('tester', 'write', 'role', 'iddqd')
---
-- error: User 'tester' already has role 'iddqd'
+- error: Unsupported role privilege 'write'
...
box.schema.user.grant('tester', 'read', 'role', 'iddqd')
---
-- error: User 'tester' already has role 'iddqd'
+- error: Unsupported role privilege 'read'
...
-- test granting role to a role
box.schema.role.grant('iddqd', 'execute', 'role', 'iddqd')
@@ -869,3 +869,30 @@ box.schema.role.drop('role', 'role')
box.schema.user.drop('test', { if_exists = true})
---
...
+-- gh-663: inconsistent roles grant/revoke
+box.schema.role.create('X1')
+---
+...
+box.schema.role.create('X2')
+---
+...
+box.schema.role.info('X1')
+---
+- []
+...
+box.schema.role.grant('X1','read','role','X2')
+---
+- error: Unsupported role privilege 'read'
+...
+box.schema.role.info('X1')
+---
+- []
+...
+box.schema.role.revoke('X1','read','role','X2')
+---
+- error: Unsupported role privilege 'read'
+...
+box.schema.role.info('X1')
+---
+- []
+...
diff --git a/test/box/role.test.lua b/test/box/role.test.lua
index d157ab0545096d4df581e0ffcc72396875909f45..86cc146c8923d00f4b4b86b35c4160ad97afa0a1 100644
--- a/test/box/role.test.lua
+++ b/test/box/role.test.lua
@@ -343,3 +343,12 @@ box.schema.user.drop('test', { if_not_exists = true})
box.schema.role.create('role', 'role')
box.schema.role.drop('role', 'role')
box.schema.user.drop('test', { if_exists = true})
+
+-- gh-663: inconsistent roles grant/revoke
+box.schema.role.create('X1')
+box.schema.role.create('X2')
+box.schema.role.info('X1')
+box.schema.role.grant('X1','read','role','X2')
+box.schema.role.info('X1')
+box.schema.role.revoke('X1','read','role','X2')
+box.schema.role.info('X1')
diff --git a/test/unit/fiber.result b/test/unit/fiber.result
index 66e6d3e914e846b7c4dbd64c856fd4d3add22e5f..e0a1605f8c6ac393cc9920b3fc771cc0d60c74d0 100644
--- a/test/unit/fiber.result
+++ b/test/unit/fiber.result
@@ -1,7 +1,5 @@
(null): fiber `cancel' has been cancelled
(null): fiber `cancel': exiting
-(null): SystemError Failed to allocate 42 bytes in allocator for exception: Cannot allocate memory
-(null): SystemError Failed to allocate 42 bytes in allocator for exception: Cannot allocate memory
*** fiber_join_test ***
# exception propagated
# cancel dead has started
diff --git a/test/unit/vclock.cc b/test/unit/vclock.cc
index a73d6abb374346046d276b98ae7376a8338a17b2..913f5dcbd0e0cf264995d6a6472229ba812e97db 100644
--- a/test/unit/vclock.cc
+++ b/test/unit/vclock.cc
@@ -156,9 +156,9 @@ test_isearch()
int64_t queries[][NODE_N + 1] = {
/* not found (lsns are too old) */
- { 0, 0, 0, 0, /* => */ INT64_MAX},
- { 1, 0, 0, 0, /* => */ INT64_MAX},
- { 5, 0, 0, 0, /* => */ INT64_MAX},
+ { 0, 0, 0, 0, /* => */ 10},
+ { 1, 0, 0, 0, /* => */ 10},
+ { 5, 0, 0, 0, /* => */ 10},
/* =10.xlog (left bound) */
{ 10, 0, 0, 0, /* => */ 10},
@@ -230,8 +230,8 @@ test_isearch()
}
int64_t check = *(query + NODE_N);
- struct vclock *res = vclockset_match(&set, &vclock, true);
- int64_t value = res != NULL ? vclock_signature(res) : INT64_MAX;
+ struct vclock *res = vclockset_match(&set, &vclock);
+ int64_t value = res != NULL ? vclock_sum(res) : INT64_MAX;
is(value, check, "query #%d", q + 1);
}
diff --git a/test/xlog/errinj.result b/test/xlog/errinj.result
index 84ac4d54f193a8bb938094d464364181621f28ab..28e4ad5f4364976286e46e8fb1d779761f8c9dfc 100644
--- a/test/xlog/errinj.result
+++ b/test/xlog/errinj.result
@@ -34,6 +34,7 @@ box.space._schema:delete{"key"}
---
- ['key']
...
+-- list all the logs
require('fio').glob("*.xlog")
---
- - 00000000000000000000.xlog
diff --git a/test/xlog/errinj.test.lua b/test/xlog/errinj.test.lua
index 81e17ec91b0f5cdac9b71d1b34b732e3a8aed69b..8666ae3207e76d72616f37963d81661f612c217a 100644
--- a/test/xlog/errinj.test.lua
+++ b/test/xlog/errinj.test.lua
@@ -19,6 +19,7 @@ box.space._schema:insert{"key"}
--# start server dont_panic
box.space._schema:get{"key"}
box.space._schema:delete{"key"}
+-- list all the logs
require('fio').glob("*.xlog")
--# stop server dont_panic
--# cleanup server dont_panic
diff --git a/test/xlog/lsn_gap.result b/test/xlog/lsn_gap.result
index 69d1de749e3474a4c68a5a5a9844d6dc6c305d9d..685fc1efa85aa2d0b44b3f778daf06eca18d799c 100644
--- a/test/xlog/lsn_gap.result
+++ b/test/xlog/lsn_gap.result
@@ -20,9 +20,9 @@ box.space.test:insert{4, 'fourth tuple'}
---
- [4, 'fourth tuple']
...
-check log line for 'ignoring missing WAL'
+check log line for 'ignoring a gap in LSN'
-'ignoring missing WAL' exists in server log
+'ignoring a gap in LSN' exists in server log
box.space.test:select{}
---
diff --git a/test/xlog/lsn_gap.test.py b/test/xlog/lsn_gap.test.py
index 3409ba3c0bb96ec3c3089bec0f6534c3a2976b5a..4ba266446820e1163ab4feddcbe2668bc6c12fc1 100644
--- a/test/xlog/lsn_gap.test.py
+++ b/test/xlog/lsn_gap.test.py
@@ -26,7 +26,7 @@ server.stop()
os.unlink(wal)
server.start()
-line="ignoring missing WAL"
+line="ignoring a gap in LSN"
print "check log line for '%s'" % line
print
if server.logfile_pos.seek_once(line) >= 0:
diff --git a/test/xlog/missing.result b/test/xlog/missing.result
index 546519abd8b1f5224a945c83808d7942219acad6..c52f75c68d739c0643757f1ff535464777c33eda 100644
--- a/test/xlog/missing.result
+++ b/test/xlog/missing.result
@@ -28,9 +28,9 @@ box.space.test:delete{3}
---
- [3, 'third tuple']
...
-check log line for 'ignoring missing WAL'
+check log line for 'ignoring a gap in LSN'
-'ignoring missing WAL' exists in server log
+'ignoring a gap in LSN' exists in server log
box.space.test:select{}
---
diff --git a/test/xlog/missing.test.py b/test/xlog/missing.test.py
index 2b47f510c31dbb762d35efb5d932fa23165a84dc..50c97df4cf1cbe806fd6f7a7877f2c5e74580613 100644
--- a/test/xlog/missing.test.py
+++ b/test/xlog/missing.test.py
@@ -32,7 +32,7 @@ os.unlink(wal)
# tarantool doesn't issue an LSN for deletes which delete nothing
# this may lead to infinite recursion at start
server.start()
-line="ignoring missing WAL"
+line="ignoring a gap in LSN"
print "check log line for '%s'" % line
print
if server.logfile_pos.seek_once(line) >= 0:
diff --git a/test/xlog/panic.lua b/test/xlog/panic.lua
new file mode 100644
index 0000000000000000000000000000000000000000..7b47126940b94d90ca4590ca88fbb83add48ccd8
--- /dev/null
+++ b/test/xlog/panic.lua
@@ -0,0 +1,12 @@
+#!/usr/bin/env tarantool
+os = require('os')
+
+box.cfg{
+ listen = os.getenv("LISTEN"),
+ slab_alloc_arena = 0.1,
+ pid_file = "tarantool.pid",
+ panic_on_wal_error = true,
+ rows_per_wal = 10
+}
+
+require('console').listen(os.getenv('ADMIN'))
diff --git a/test/xlog/panic_on_lsn_gap.result b/test/xlog/panic_on_lsn_gap.result
new file mode 100644
index 0000000000000000000000000000000000000000..aacd7086a9fac96987376db34b6cecb4b277aa46
--- /dev/null
+++ b/test/xlog/panic_on_lsn_gap.result
@@ -0,0 +1,249 @@
+--
+-- we actually need to know what xlogs the server creates,
+-- so start from a clean state
+--
+--
+-- Check how the server is able to find the next
+-- xlog if there are failed writes (lsn gaps).
+--
+--# create server panic with script='xlog/panic.lua'
+--# start server panic
+--# set connection panic
+box.info.vclock
+---
+- - 0
+...
+s = box.space._schema
+---
+...
+-- we need to have at least one record in the
+-- xlog otherwise the server believes that there
+-- is an lsn gap during recovery.
+--
+s:replace{"key", 'test 1'}
+---
+- ['key', 'test 1']
+...
+box.info.vclock
+---
+- - 1
+...
+box.error.injection.set("ERRINJ_WAL_WRITE", true)
+---
+- ok
+...
+t = {}
+---
+...
+--
+-- Try to insert rows, so that it's time to
+-- switch WALs. No switch will happen though,
+-- since no writes were made.
+--
+--# setopt delimiter ';'
+for i=1,box.cfg.rows_per_wal do
+ status, msg = pcall(s.replace, s, {"key"})
+ table.insert(t, msg)
+end;
+---
+...
+--# setopt delimiter ''
+t
+---
+- - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+...
+--
+-- Before restart: oops, our LSN is 11,
+-- even though we didn't insert anything.
+--
+box.info.vclock
+---
+- - 11
+...
+require('fio').glob("*.xlog")
+---
+- - 00000000000000000000.xlog
+...
+--# stop server panic
+--# start server panic
+--
+-- after restart: our LSN is the LSN of the
+-- last *written* row, all the failed
+-- rows are gone from lsn counter.
+--
+box.info.vclock
+---
+- - 1
+...
+box.space._schema:select{'key'}
+---
+- - ['key', 'test 1']
+...
+box.error.injection.set("ERRINJ_WAL_WRITE", true)
+---
+- ok
+...
+t = {}
+---
+...
+s = box.space._schema
+---
+...
+--
+-- now do the same
+--
+--# setopt delimiter ';'
+for i=1,box.cfg.rows_per_wal do
+ status, msg = pcall(s.replace, s, {"key"})
+ table.insert(t, msg)
+end;
+---
+...
+--# setopt delimiter ''
+t
+---
+- - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+ - Failed to write to disk
+...
+box.info.vclock
+---
+- - 11
+...
+box.error.injection.set("ERRINJ_WAL_WRITE", false)
+---
+- ok
+...
+--
+-- Write a good row after a series of failed
+-- rows. There is a gap in LSN, correct,
+-- but it's *inside* a single WAL, so doesn't
+-- affect WAL search in recover_remaining_wals()
+--
+s:replace{'key', 'test 2'}
+---
+- ['key', 'test 2']
+...
+--
+-- notice that vclock before and after
+-- server stop is the same -- because it's
+-- recorded in the last row
+--
+box.info.vclock
+---
+- - 12
+...
+--# stop server panic
+--# start server panic
+box.info.vclock
+---
+- - 12
+...
+box.space._schema:select{'key'}
+---
+- - ['key', 'test 2']
+...
+-- list all the logs
+require('fio').glob("*.xlog")
+---
+- - 00000000000000000000.xlog
+ - 00000000000000000001.xlog
+...
+-- now insert 10 rows - so that the next
+-- row will need to switch the WAL
+--# setopt delimiter ';'
+for i=1,box.cfg.rows_per_wal do
+ box.space._schema:replace{"key", 'test 3'}
+end;
+---
+...
+--# setopt delimiter ''
+-- the next insert should switch xlog, but aha - it fails
+-- a new xlog file is created but has 0 rows
+require('fio').glob("*.xlog")
+---
+- - 00000000000000000000.xlog
+ - 00000000000000000001.xlog
+ - 00000000000000000012.xlog
+...
+box.error.injection.set("ERRINJ_WAL_WRITE", true)
+---
+- ok
+...
+box.space._schema:replace{"key", 'test 3'}
+---
+- error: Failed to write to disk
+...
+box.info.vclock
+---
+- - 23
+...
+require('fio').glob("*.xlog")
+---
+- - 00000000000000000000.xlog
+ - 00000000000000000001.xlog
+ - 00000000000000000012.xlog
+ - 00000000000000000022.xlog
+...
+-- and the next one (just to be sure
+box.space._schema:replace{"key", 'test 3'}
+---
+- error: Failed to write to disk
+...
+box.info.vclock
+---
+- - 24
+...
+require('fio').glob("*.xlog")
+---
+- - 00000000000000000000.xlog
+ - 00000000000000000001.xlog
+ - 00000000000000000012.xlog
+ - 00000000000000000022.xlog
+...
+box.error.injection.set("ERRINJ_WAL_WRITE", false)
+---
+- ok
+...
+-- then a success
+box.space._schema:replace{"key", 'test 4'}
+---
+- ['key', 'test 4']
+...
+box.info.vclock
+---
+- - 25
+...
+require('fio').glob("*.xlog")
+---
+- - 00000000000000000000.xlog
+ - 00000000000000000001.xlog
+ - 00000000000000000012.xlog
+ - 00000000000000000022.xlog
+...
+-- restart is ok
+--# stop server panic
+--# start server panic
+box.space._schema:select{'key'}
+---
+- - ['key', 'test 4']
+...
+--# stop server panic
+--# cleanup server panic
+--# set connection default
diff --git a/test/xlog/panic_on_lsn_gap.test.lua b/test/xlog/panic_on_lsn_gap.test.lua
new file mode 100644
index 0000000000000000000000000000000000000000..bf40d0834650ffb2f09aa0296e4e4cf1b17d37e1
--- /dev/null
+++ b/test/xlog/panic_on_lsn_gap.test.lua
@@ -0,0 +1,112 @@
+--
+-- we actually need to know what xlogs the server creates,
+-- so start from a clean state
+--
+--
+-- Check how the server is able to find the next
+-- xlog if there are failed writes (lsn gaps).
+--
+--# create server panic with script='xlog/panic.lua'
+--# start server panic
+--# set connection panic
+box.info.vclock
+s = box.space._schema
+-- we need to have at least one record in the
+-- xlog otherwise the server believes that there
+-- is an lsn gap during recovery.
+--
+s:replace{"key", 'test 1'}
+box.info.vclock
+box.error.injection.set("ERRINJ_WAL_WRITE", true)
+t = {}
+--
+-- Try to insert rows, so that it's time to
+-- switch WALs. No switch will happen though,
+-- since no writes were made.
+--
+--# setopt delimiter ';'
+for i=1,box.cfg.rows_per_wal do
+ status, msg = pcall(s.replace, s, {"key"})
+ table.insert(t, msg)
+end;
+--# setopt delimiter ''
+t
+--
+-- Before restart: oops, our LSN is 11,
+-- even though we didn't insert anything.
+--
+box.info.vclock
+require('fio').glob("*.xlog")
+--# stop server panic
+--# start server panic
+--
+-- after restart: our LSN is the LSN of the
+-- last *written* row, all the failed
+-- rows are gone from lsn counter.
+--
+box.info.vclock
+box.space._schema:select{'key'}
+box.error.injection.set("ERRINJ_WAL_WRITE", true)
+t = {}
+s = box.space._schema
+--
+-- now do the same
+--
+--# setopt delimiter ';'
+for i=1,box.cfg.rows_per_wal do
+ status, msg = pcall(s.replace, s, {"key"})
+ table.insert(t, msg)
+end;
+--# setopt delimiter ''
+t
+box.info.vclock
+box.error.injection.set("ERRINJ_WAL_WRITE", false)
+--
+-- Write a good row after a series of failed
+-- rows. There is a gap in LSN, correct,
+-- but it's *inside* a single WAL, so doesn't
+-- affect WAL search in recover_remaining_wals()
+--
+s:replace{'key', 'test 2'}
+--
+-- notice that vclock before and after
+-- server stop is the same -- because it's
+-- recorded in the last row
+--
+box.info.vclock
+--# stop server panic
+--# start server panic
+box.info.vclock
+box.space._schema:select{'key'}
+-- list all the logs
+require('fio').glob("*.xlog")
+-- now insert 10 rows - so that the next
+-- row will need to switch the WAL
+--# setopt delimiter ';'
+for i=1,box.cfg.rows_per_wal do
+ box.space._schema:replace{"key", 'test 3'}
+end;
+--# setopt delimiter ''
+-- the next insert should switch xlog, but aha - it fails
+-- a new xlog file is created but has 0 rows
+require('fio').glob("*.xlog")
+box.error.injection.set("ERRINJ_WAL_WRITE", true)
+box.space._schema:replace{"key", 'test 3'}
+box.info.vclock
+require('fio').glob("*.xlog")
+-- and the next one (just to be sure
+box.space._schema:replace{"key", 'test 3'}
+box.info.vclock
+require('fio').glob("*.xlog")
+box.error.injection.set("ERRINJ_WAL_WRITE", false)
+-- then a success
+box.space._schema:replace{"key", 'test 4'}
+box.info.vclock
+require('fio').glob("*.xlog")
+-- restart is ok
+--# stop server panic
+--# start server panic
+box.space._schema:select{'key'}
+--# stop server panic
+--# cleanup server panic
+--# set connection default
diff --git a/test/xlog/panic_on_wal_error.result b/test/xlog/panic_on_wal_error.result
index fe3b84ab47310bbb8f6505eae230e3dc9622b041..a54e6c6587b9cdad81c3e3b26a1964de57c51182 100644
--- a/test/xlog/panic_on_wal_error.result
+++ b/test/xlog/panic_on_wal_error.result
@@ -1,4 +1,21 @@
-- preparatory stuff
+fio = require('fio')
+---
+...
+glob = fio.pathjoin(box.cfg.wal_dir, '*.xlog')
+---
+...
+for _, file in pairs(fio.glob(glob)) do fio.unlink(file) end
+---
+...
+glob = fio.pathjoin(box.cfg.wal_dir, '*.snap')
+---
+...
+for _, file in pairs(fio.glob(glob)) do fio.unlink(file) end
+---
+...
+--# stop server default
+--# start server default
box.schema.user.grant('guest', 'replication')
---
...
@@ -116,7 +133,7 @@ box.info.replication.status
...
box.info.replication.message
---
-- not all WALs have been successfully read
+- 'Missing .xlog file between LSN 6 {1: 6, 2: 0} and 8 {1: 8, 2: 0}'
...
box.space.test:select{}
---
@@ -126,6 +143,7 @@ box.space.test:select{}
--
--# set connection default
--# stop server replica
+--# cleanup server replica
--
-- cleanup
box.space.test:drop()
diff --git a/test/xlog/panic_on_wal_error.test.lua b/test/xlog/panic_on_wal_error.test.lua
index c2a4ab28c429162596f50dba3e9d1b869e4c4f8b..243c06465eefd556886fbc109f2b29dbfadf4ea4 100644
--- a/test/xlog/panic_on_wal_error.test.lua
+++ b/test/xlog/panic_on_wal_error.test.lua
@@ -1,4 +1,11 @@
-- preparatory stuff
+fio = require('fio')
+glob = fio.pathjoin(box.cfg.wal_dir, '*.xlog')
+for _, file in pairs(fio.glob(glob)) do fio.unlink(file) end
+glob = fio.pathjoin(box.cfg.wal_dir, '*.snap')
+for _, file in pairs(fio.glob(glob)) do fio.unlink(file) end
+--# stop server default
+--# start server default
box.schema.user.grant('guest', 'replication')
_ = box.schema.space.create('test')
_ = box.space.test:create_index('pk')
@@ -67,6 +74,7 @@ box.space.test:select{}
--
--# set connection default
--# stop server replica
+--# cleanup server replica
--
-- cleanup
box.space.test:drop()
diff --git a/test/xlog/suite.ini b/test/xlog/suite.ini
index f49b38ac4e8410b373b606f995e79f7fdceb7f28..e76c7fc0f0cc4135446f886e68070237a14f4a16 100644
--- a/test/xlog/suite.ini
+++ b/test/xlog/suite.ini
@@ -4,6 +4,6 @@ description = tarantool write ahead log tests
script = xlog.lua
disabled =
valgrind_disabled =
-release_disabled = errinj.test.lua
+release_disabled = errinj.test.lua, panic_on_lsn_gap.test.lua
lua_libs =
use_unix_sockets = True
diff --git a/test/xlog/xlog.lua b/test/xlog/xlog.lua
index 2041feb7c85ce43556df8351f065df579c9fcdf3..3bd8968c20ce6457143be36e51d0231302846692 100644
--- a/test/xlog/xlog.lua
+++ b/test/xlog/xlog.lua
@@ -6,7 +6,7 @@ box.cfg{
slab_alloc_arena = 0.1,
pid_file = "tarantool.pid",
panic_on_wal_error = false,
- rows_per_wal = 50
+ rows_per_wal = 10
}
require('console').listen(os.getenv('ADMIN'))