diff options
Diffstat (limited to '')
-rw-r--r-- | src/replication.c | 4092 |
1 files changed, 4092 insertions, 0 deletions
diff --git a/src/replication.c b/src/replication.c new file mode 100644 index 0000000..ec5cadf --- /dev/null +++ b/src/replication.c @@ -0,0 +1,4092 @@ +/* Asynchronous replication implementation. + * + * Copyright (c) 2009-2012, Salvatore Sanfilippo <antirez at gmail dot com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of Redis nor the names of its contributors may be used + * to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + + +#include "server.h" +#include "cluster.h" +#include "bio.h" +#include "functions.h" + +#include <memory.h> +#include <sys/time.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/socket.h> +#include <sys/stat.h> + +void replicationDiscardCachedMaster(void); +void replicationResurrectCachedMaster(connection *conn); +void replicationSendAck(void); +int replicaPutOnline(client *slave); +void replicaStartCommandStream(client *slave); +int cancelReplicationHandshake(int reconnect); + +/* We take a global flag to remember if this instance generated an RDB + * because of replication, so that we can remove the RDB file in case + * the instance is configured to have no persistence. */ +int RDBGeneratedByReplication = 0; + +/* --------------------------- Utility functions ---------------------------- */ + +/* Return the pointer to a string representing the slave ip:listening_port + * pair. Mostly useful for logging, since we want to log a slave using its + * IP address and its listening port which is more clear for the user, for + * example: "Closing connection with replica 10.1.2.3:6380". */ +char *replicationGetSlaveName(client *c) { + static char buf[NET_HOST_PORT_STR_LEN]; + char ip[NET_IP_STR_LEN]; + + ip[0] = '\0'; + buf[0] = '\0'; + if (c->slave_addr || + connPeerToString(c->conn,ip,sizeof(ip),NULL) != -1) + { + char *addr = c->slave_addr ? c->slave_addr : ip; + if (c->slave_listening_port) + anetFormatAddr(buf,sizeof(buf),addr,c->slave_listening_port); + else + snprintf(buf,sizeof(buf),"%s:<unknown-replica-port>",addr); + } else { + snprintf(buf,sizeof(buf),"client id #%llu", + (unsigned long long) c->id); + } + return buf; +} + +/* Plain unlink() can block for quite some time in order to actually apply + * the file deletion to the filesystem. This call removes the file in a + * background thread instead. We actually just do close() in the thread, + * by using the fact that if there is another instance of the same file open, + * the foreground unlink() will only remove the fs name, and deleting the + * file's storage space will only happen once the last reference is lost. */ +int bg_unlink(const char *filename) { + int fd = open(filename,O_RDONLY|O_NONBLOCK); + if (fd == -1) { + /* Can't open the file? Fall back to unlinking in the main thread. */ + return unlink(filename); + } else { + /* The following unlink() removes the name but doesn't free the + * file contents because a process still has it open. */ + int retval = unlink(filename); + if (retval == -1) { + /* If we got an unlink error, we just return it, closing the + * new reference we have to the file. */ + int old_errno = errno; + close(fd); /* This would overwrite our errno. So we saved it. */ + errno = old_errno; + return -1; + } + bioCreateCloseJob(fd, 0); + return 0; /* Success. */ + } +} + +/* ---------------------------------- MASTER -------------------------------- */ + +void createReplicationBacklog(void) { + serverAssert(server.repl_backlog == NULL); + server.repl_backlog = zmalloc(sizeof(replBacklog)); + server.repl_backlog->ref_repl_buf_node = NULL; + server.repl_backlog->unindexed_count = 0; + server.repl_backlog->blocks_index = raxNew(); + server.repl_backlog->histlen = 0; + /* We don't have any data inside our buffer, but virtually the first + * byte we have is the next byte that will be generated for the + * replication stream. */ + server.repl_backlog->offset = server.master_repl_offset+1; +} + +/* This function is called when the user modifies the replication backlog + * size at runtime. It is up to the function to resize the buffer and setup it + * so that it contains the same data as the previous one (possibly less data, + * but the most recent bytes, or the same data and more free space in case the + * buffer is enlarged). */ +void resizeReplicationBacklog(void) { + if (server.repl_backlog_size < CONFIG_REPL_BACKLOG_MIN_SIZE) + server.repl_backlog_size = CONFIG_REPL_BACKLOG_MIN_SIZE; + if (server.repl_backlog) + incrementalTrimReplicationBacklog(REPL_BACKLOG_TRIM_BLOCKS_PER_CALL); +} + +void freeReplicationBacklog(void) { + serverAssert(listLength(server.slaves) == 0); + if (server.repl_backlog == NULL) return; + + /* Decrease the start buffer node reference count. */ + if (server.repl_backlog->ref_repl_buf_node) { + replBufBlock *o = listNodeValue( + server.repl_backlog->ref_repl_buf_node); + serverAssert(o->refcount == 1); /* Last reference. */ + o->refcount--; + } + + /* Replication buffer blocks are completely released when we free the + * backlog, since the backlog is released only when there are no replicas + * and the backlog keeps the last reference of all blocks. */ + freeReplicationBacklogRefMemAsync(server.repl_buffer_blocks, + server.repl_backlog->blocks_index); + resetReplicationBuffer(); + zfree(server.repl_backlog); + server.repl_backlog = NULL; +} + +/* To make search offset from replication buffer blocks quickly + * when replicas ask partial resynchronization, we create one index + * block every REPL_BACKLOG_INDEX_PER_BLOCKS blocks. */ +void createReplicationBacklogIndex(listNode *ln) { + server.repl_backlog->unindexed_count++; + if (server.repl_backlog->unindexed_count >= REPL_BACKLOG_INDEX_PER_BLOCKS) { + replBufBlock *o = listNodeValue(ln); + uint64_t encoded_offset = htonu64(o->repl_offset); + raxInsert(server.repl_backlog->blocks_index, + (unsigned char*)&encoded_offset, sizeof(uint64_t), + ln, NULL); + server.repl_backlog->unindexed_count = 0; + } +} + +/* Rebase replication buffer blocks' offset since the initial + * setting offset starts from 0 when master restart. */ +void rebaseReplicationBuffer(long long base_repl_offset) { + raxFree(server.repl_backlog->blocks_index); + server.repl_backlog->blocks_index = raxNew(); + server.repl_backlog->unindexed_count = 0; + + listIter li; + listNode *ln; + listRewind(server.repl_buffer_blocks, &li); + while ((ln = listNext(&li))) { + replBufBlock *o = listNodeValue(ln); + o->repl_offset += base_repl_offset; + createReplicationBacklogIndex(ln); + } +} + +void resetReplicationBuffer(void) { + server.repl_buffer_mem = 0; + server.repl_buffer_blocks = listCreate(); + listSetFreeMethod(server.repl_buffer_blocks, (void (*)(void*))zfree); +} + +int canFeedReplicaReplBuffer(client *replica) { + /* Don't feed replicas that only want the RDB. */ + if (replica->flags & CLIENT_REPL_RDBONLY) return 0; + + /* Don't feed replicas that are still waiting for BGSAVE to start. */ + if (replica->replstate == SLAVE_STATE_WAIT_BGSAVE_START) return 0; + + return 1; +} + +/* Similar with 'prepareClientToWrite', note that we must call this function + * before feeding replication stream into global replication buffer, since + * clientHasPendingReplies in prepareClientToWrite will access the global + * replication buffer to make judgements. */ +int prepareReplicasToWrite(void) { + listIter li; + listNode *ln; + int prepared = 0; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + if (!canFeedReplicaReplBuffer(slave)) continue; + if (prepareClientToWrite(slave) == C_ERR) continue; + prepared++; + } + + return prepared; +} + +/* Wrapper for feedReplicationBuffer() that takes Redis string objects + * as input. */ +void feedReplicationBufferWithObject(robj *o) { + char llstr[LONG_STR_SIZE]; + void *p; + size_t len; + + if (o->encoding == OBJ_ENCODING_INT) { + len = ll2string(llstr,sizeof(llstr),(long)o->ptr); + p = llstr; + } else { + len = sdslen(o->ptr); + p = o->ptr; + } + feedReplicationBuffer(p,len); +} + +/* Generally, we only have one replication buffer block to trim when replication + * backlog size exceeds our setting and no replica reference it. But if replica + * clients disconnect, we need to free many replication buffer blocks that are + * referenced. It would cost much time if there are a lots blocks to free, that + * will freeze server, so we trim replication backlog incrementally. */ +void incrementalTrimReplicationBacklog(size_t max_blocks) { + serverAssert(server.repl_backlog != NULL); + + size_t trimmed_blocks = 0; + while (server.repl_backlog->histlen > server.repl_backlog_size && + trimmed_blocks < max_blocks) + { + /* We never trim backlog to less than one block. */ + if (listLength(server.repl_buffer_blocks) <= 1) break; + + /* Replicas increment the refcount of the first replication buffer block + * they refer to, in that case, we don't trim the backlog even if + * backlog_histlen exceeds backlog_size. This implicitly makes backlog + * bigger than our setting, but makes the master accept partial resync as + * much as possible. So that backlog must be the last reference of + * replication buffer blocks. */ + listNode *first = listFirst(server.repl_buffer_blocks); + serverAssert(first == server.repl_backlog->ref_repl_buf_node); + replBufBlock *fo = listNodeValue(first); + if (fo->refcount != 1) break; + + /* We don't try trim backlog if backlog valid size will be lessen than + * setting backlog size once we release the first repl buffer block. */ + if (server.repl_backlog->histlen - (long long)fo->size <= + server.repl_backlog_size) break; + + /* Decr refcount and release the first block later. */ + fo->refcount--; + trimmed_blocks++; + server.repl_backlog->histlen -= fo->size; + + /* Go to use next replication buffer block node. */ + listNode *next = listNextNode(first); + server.repl_backlog->ref_repl_buf_node = next; + serverAssert(server.repl_backlog->ref_repl_buf_node != NULL); + /* Incr reference count to keep the new head node. */ + ((replBufBlock *)listNodeValue(next))->refcount++; + + /* Remove the node in recorded blocks. */ + uint64_t encoded_offset = htonu64(fo->repl_offset); + raxRemove(server.repl_backlog->blocks_index, + (unsigned char*)&encoded_offset, sizeof(uint64_t), NULL); + + /* Delete the first node from global replication buffer. */ + serverAssert(fo->refcount == 0 && fo->used == fo->size); + server.repl_buffer_mem -= (fo->size + + sizeof(listNode) + sizeof(replBufBlock)); + listDelNode(server.repl_buffer_blocks, first); + } + + /* Set the offset of the first byte we have in the backlog. */ + server.repl_backlog->offset = server.master_repl_offset - + server.repl_backlog->histlen + 1; +} + +/* Free replication buffer blocks that are referenced by this client. */ +void freeReplicaReferencedReplBuffer(client *replica) { + if (replica->ref_repl_buf_node != NULL) { + /* Decrease the start buffer node reference count. */ + replBufBlock *o = listNodeValue(replica->ref_repl_buf_node); + serverAssert(o->refcount > 0); + o->refcount--; + incrementalTrimReplicationBacklog(REPL_BACKLOG_TRIM_BLOCKS_PER_CALL); + } + replica->ref_repl_buf_node = NULL; + replica->ref_block_pos = 0; +} + +/* Append bytes into the global replication buffer list, replication backlog and + * all replica clients use replication buffers collectively, this function replace + * 'addReply*', 'feedReplicationBacklog' for replicas and replication backlog, + * First we add buffer into global replication buffer block list, and then + * update replica / replication-backlog referenced node and block position. */ +void feedReplicationBuffer(char *s, size_t len) { + static long long repl_block_id = 0; + + if (server.repl_backlog == NULL) return; + + while(len > 0) { + size_t start_pos = 0; /* The position of referenced block to start sending. */ + listNode *start_node = NULL; /* Replica/backlog starts referenced node. */ + int add_new_block = 0; /* Create new block if current block is total used. */ + listNode *ln = listLast(server.repl_buffer_blocks); + replBufBlock *tail = ln ? listNodeValue(ln) : NULL; + + /* Append to tail string when possible. */ + if (tail && tail->size > tail->used) { + start_node = listLast(server.repl_buffer_blocks); + start_pos = tail->used; + /* Copy the part we can fit into the tail, and leave the rest for a + * new node */ + size_t avail = tail->size - tail->used; + size_t copy = (avail >= len) ? len : avail; + memcpy(tail->buf + tail->used, s, copy); + tail->used += copy; + s += copy; + len -= copy; + server.master_repl_offset += copy; + server.repl_backlog->histlen += copy; + } + if (len) { + /* Create a new node, make sure it is allocated to at + * least PROTO_REPLY_CHUNK_BYTES */ + size_t usable_size; + /* Avoid creating nodes smaller than PROTO_REPLY_CHUNK_BYTES, so that we can append more data into them, + * and also avoid creating nodes bigger than repl_backlog_size / 16, so that we won't have huge nodes that can't + * trim when we only still need to hold a small portion from them. */ + size_t limit = max((size_t)server.repl_backlog_size / 16, (size_t)PROTO_REPLY_CHUNK_BYTES); + size_t size = min(max(len, (size_t)PROTO_REPLY_CHUNK_BYTES), limit); + tail = zmalloc_usable(size + sizeof(replBufBlock), &usable_size); + /* Take over the allocation's internal fragmentation */ + tail->size = usable_size - sizeof(replBufBlock); + size_t copy = (tail->size >= len) ? len : tail->size; + tail->used = copy; + tail->refcount = 0; + tail->repl_offset = server.master_repl_offset + 1; + tail->id = repl_block_id++; + memcpy(tail->buf, s, copy); + listAddNodeTail(server.repl_buffer_blocks, tail); + /* We also count the list node memory into replication buffer memory. */ + server.repl_buffer_mem += (usable_size + sizeof(listNode)); + add_new_block = 1; + if (start_node == NULL) { + start_node = listLast(server.repl_buffer_blocks); + start_pos = 0; + } + s += copy; + len -= copy; + server.master_repl_offset += copy; + server.repl_backlog->histlen += copy; + } + + /* For output buffer of replicas. */ + listIter li; + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + if (!canFeedReplicaReplBuffer(slave)) continue; + + /* Update shared replication buffer start position. */ + if (slave->ref_repl_buf_node == NULL) { + slave->ref_repl_buf_node = start_node; + slave->ref_block_pos = start_pos; + /* Only increase the start block reference count. */ + ((replBufBlock *)listNodeValue(start_node))->refcount++; + } + + /* Check output buffer limit only when add new block. */ + if (add_new_block) closeClientOnOutputBufferLimitReached(slave, 1); + } + + /* For replication backlog */ + if (server.repl_backlog->ref_repl_buf_node == NULL) { + server.repl_backlog->ref_repl_buf_node = start_node; + /* Only increase the start block reference count. */ + ((replBufBlock *)listNodeValue(start_node))->refcount++; + + /* Replication buffer must be empty before adding replication stream + * into replication backlog. */ + serverAssert(add_new_block == 1 && start_pos == 0); + } + if (add_new_block) { + createReplicationBacklogIndex(listLast(server.repl_buffer_blocks)); + + /* It is important to trim after adding replication data to keep the backlog size close to + * repl_backlog_size in the common case. We wait until we add a new block to avoid repeated + * unnecessary trimming attempts when small amounts of data are added. See comments in + * freeMemoryGetNotCountedMemory() for details on replication backlog memory tracking. */ + incrementalTrimReplicationBacklog(REPL_BACKLOG_TRIM_BLOCKS_PER_CALL); + } + } +} + +/* Propagate write commands to replication stream. + * + * This function is used if the instance is a master: we use the commands + * received by our clients in order to create the replication stream. + * Instead if the instance is a replica and has sub-replicas attached, we use + * replicationFeedStreamFromMasterStream() */ +void replicationFeedSlaves(list *slaves, int dictid, robj **argv, int argc) { + int j, len; + char llstr[LONG_STR_SIZE]; + + /* In case we propagate a command that doesn't touch keys (PING, REPLCONF) we + * pass dbid=server.slaveseldb which may be -1. */ + serverAssert(dictid == -1 || (dictid >= 0 && dictid < server.dbnum)); + + /* If the instance is not a top level master, return ASAP: we'll just proxy + * the stream of data we receive from our master instead, in order to + * propagate *identical* replication stream. In this way this slave can + * advertise the same replication ID as the master (since it shares the + * master replication history and has the same backlog and offsets). */ + if (server.masterhost != NULL) return; + + /* If there aren't slaves, and there is no backlog buffer to populate, + * we can return ASAP. */ + if (server.repl_backlog == NULL && listLength(slaves) == 0) return; + + /* We can't have slaves attached and no backlog. */ + serverAssert(!(listLength(slaves) != 0 && server.repl_backlog == NULL)); + + /* Must install write handler for all replicas first before feeding + * replication stream. */ + prepareReplicasToWrite(); + + /* Send SELECT command to every slave if needed. */ + if (server.slaveseldb != dictid) { + robj *selectcmd; + + /* For a few DBs we have pre-computed SELECT command. */ + if (dictid >= 0 && dictid < PROTO_SHARED_SELECT_CMDS) { + selectcmd = shared.select[dictid]; + } else { + int dictid_len; + + dictid_len = ll2string(llstr,sizeof(llstr),dictid); + selectcmd = createObject(OBJ_STRING, + sdscatprintf(sdsempty(), + "*2\r\n$6\r\nSELECT\r\n$%d\r\n%s\r\n", + dictid_len, llstr)); + } + + feedReplicationBufferWithObject(selectcmd); + + if (dictid < 0 || dictid >= PROTO_SHARED_SELECT_CMDS) + decrRefCount(selectcmd); + + server.slaveseldb = dictid; + } + + /* Write the command to the replication buffer if any. */ + char aux[LONG_STR_SIZE+3]; + + /* Add the multi bulk reply length. */ + aux[0] = '*'; + len = ll2string(aux+1,sizeof(aux)-1,argc); + aux[len+1] = '\r'; + aux[len+2] = '\n'; + feedReplicationBuffer(aux,len+3); + + for (j = 0; j < argc; j++) { + long objlen = stringObjectLen(argv[j]); + + /* We need to feed the buffer with the object as a bulk reply + * not just as a plain string, so create the $..CRLF payload len + * and add the final CRLF */ + aux[0] = '$'; + len = ll2string(aux+1,sizeof(aux)-1,objlen); + aux[len+1] = '\r'; + aux[len+2] = '\n'; + feedReplicationBuffer(aux,len+3); + feedReplicationBufferWithObject(argv[j]); + feedReplicationBuffer(aux+len+1,2); + } +} + +/* This is a debugging function that gets called when we detect something + * wrong with the replication protocol: the goal is to peek into the + * replication backlog and show a few final bytes to make simpler to + * guess what kind of bug it could be. */ +void showLatestBacklog(void) { + if (server.repl_backlog == NULL) return; + if (listLength(server.repl_buffer_blocks) == 0) return; + + size_t dumplen = 256; + if (server.repl_backlog->histlen < (long long)dumplen) + dumplen = server.repl_backlog->histlen; + + sds dump = sdsempty(); + listNode *node = listLast(server.repl_buffer_blocks); + while(dumplen) { + if (node == NULL) break; + replBufBlock *o = listNodeValue(node); + size_t thislen = o->used >= dumplen ? dumplen : o->used; + sds head = sdscatrepr(sdsempty(), o->buf+o->used-thislen, thislen); + sds tmp = sdscatsds(head, dump); + sdsfree(dump); + dump = tmp; + dumplen -= thislen; + node = listPrevNode(node); + } + + /* Finally log such bytes: this is vital debugging info to + * understand what happened. */ + serverLog(LL_WARNING,"Latest backlog is: '%s'", dump); + sdsfree(dump); +} + +/* This function is used in order to proxy what we receive from our master + * to our sub-slaves. */ +#include <ctype.h> +void replicationFeedStreamFromMasterStream(char *buf, size_t buflen) { + /* Debugging: this is handy to see the stream sent from master + * to slaves. Disabled with if(0). */ + if (0) { + printf("%zu:",buflen); + for (size_t j = 0; j < buflen; j++) { + printf("%c", isprint(buf[j]) ? buf[j] : '.'); + } + printf("\n"); + } + + /* There must be replication backlog if having attached slaves. */ + if (listLength(server.slaves)) serverAssert(server.repl_backlog != NULL); + if (server.repl_backlog) { + /* Must install write handler for all replicas first before feeding + * replication stream. */ + prepareReplicasToWrite(); + feedReplicationBuffer(buf,buflen); + } +} + +void replicationFeedMonitors(client *c, list *monitors, int dictid, robj **argv, int argc) { + /* Fast path to return if the monitors list is empty or the server is in loading. */ + if (monitors == NULL || listLength(monitors) == 0 || server.loading) return; + listNode *ln; + listIter li; + int j; + sds cmdrepr = sdsnew("+"); + robj *cmdobj; + struct timeval tv; + + gettimeofday(&tv,NULL); + cmdrepr = sdscatprintf(cmdrepr,"%ld.%06ld ",(long)tv.tv_sec,(long)tv.tv_usec); + if (c->flags & CLIENT_SCRIPT) { + cmdrepr = sdscatprintf(cmdrepr,"[%d lua] ",dictid); + } else if (c->flags & CLIENT_UNIX_SOCKET) { + cmdrepr = sdscatprintf(cmdrepr,"[%d unix:%s] ",dictid,server.unixsocket); + } else { + cmdrepr = sdscatprintf(cmdrepr,"[%d %s] ",dictid,getClientPeerId(c)); + } + + for (j = 0; j < argc; j++) { + if (argv[j]->encoding == OBJ_ENCODING_INT) { + cmdrepr = sdscatprintf(cmdrepr, "\"%ld\"", (long)argv[j]->ptr); + } else { + cmdrepr = sdscatrepr(cmdrepr,(char*)argv[j]->ptr, + sdslen(argv[j]->ptr)); + } + if (j != argc-1) + cmdrepr = sdscatlen(cmdrepr," ",1); + } + cmdrepr = sdscatlen(cmdrepr,"\r\n",2); + cmdobj = createObject(OBJ_STRING,cmdrepr); + + listRewind(monitors,&li); + while((ln = listNext(&li))) { + client *monitor = ln->value; + addReply(monitor,cmdobj); + } + decrRefCount(cmdobj); +} + +/* Feed the slave 'c' with the replication backlog starting from the + * specified 'offset' up to the end of the backlog. */ +long long addReplyReplicationBacklog(client *c, long long offset) { + long long skip; + + serverLog(LL_DEBUG, "[PSYNC] Replica request offset: %lld", offset); + + if (server.repl_backlog->histlen == 0) { + serverLog(LL_DEBUG, "[PSYNC] Backlog history len is zero"); + return 0; + } + + serverLog(LL_DEBUG, "[PSYNC] Backlog size: %lld", + server.repl_backlog_size); + serverLog(LL_DEBUG, "[PSYNC] First byte: %lld", + server.repl_backlog->offset); + serverLog(LL_DEBUG, "[PSYNC] History len: %lld", + server.repl_backlog->histlen); + + /* Compute the amount of bytes we need to discard. */ + skip = offset - server.repl_backlog->offset; + serverLog(LL_DEBUG, "[PSYNC] Skipping: %lld", skip); + + /* Iterate recorded blocks, quickly search the approximate node. */ + listNode *node = NULL; + if (raxSize(server.repl_backlog->blocks_index) > 0) { + uint64_t encoded_offset = htonu64(offset); + raxIterator ri; + raxStart(&ri, server.repl_backlog->blocks_index); + raxSeek(&ri, ">", (unsigned char*)&encoded_offset, sizeof(uint64_t)); + if (raxEOF(&ri)) { + /* No found, so search from the last recorded node. */ + raxSeek(&ri, "$", NULL, 0); + raxPrev(&ri); + node = (listNode *)ri.data; + } else { + raxPrev(&ri); /* Skip the sought node. */ + /* We should search from the prev node since the offset of current + * sought node exceeds searching offset. */ + if (raxPrev(&ri)) + node = (listNode *)ri.data; + else + node = server.repl_backlog->ref_repl_buf_node; + } + raxStop(&ri); + } else { + /* No recorded blocks, just from the start node to search. */ + node = server.repl_backlog->ref_repl_buf_node; + } + + /* Search the exact node. */ + while (node != NULL) { + replBufBlock *o = listNodeValue(node); + if (o->repl_offset + (long long)o->used >= offset) break; + node = listNextNode(node); + } + serverAssert(node != NULL); + + /* Install a writer handler first.*/ + prepareClientToWrite(c); + /* Setting output buffer of the replica. */ + replBufBlock *o = listNodeValue(node); + o->refcount++; + c->ref_repl_buf_node = node; + c->ref_block_pos = offset - o->repl_offset; + + return server.repl_backlog->histlen - skip; +} + +/* Return the offset to provide as reply to the PSYNC command received + * from the slave. The returned value is only valid immediately after + * the BGSAVE process started and before executing any other command + * from clients. */ +long long getPsyncInitialOffset(void) { + return server.master_repl_offset; +} + +/* Send a FULLRESYNC reply in the specific case of a full resynchronization, + * as a side effect setup the slave for a full sync in different ways: + * + * 1) Remember, into the slave client structure, the replication offset + * we sent here, so that if new slaves will later attach to the same + * background RDB saving process (by duplicating this client output + * buffer), we can get the right offset from this slave. + * 2) Set the replication state of the slave to WAIT_BGSAVE_END so that + * we start accumulating differences from this point. + * 3) Force the replication stream to re-emit a SELECT statement so + * the new slave incremental differences will start selecting the + * right database number. + * + * Normally this function should be called immediately after a successful + * BGSAVE for replication was started, or when there is one already in + * progress that we attached our slave to. */ +int replicationSetupSlaveForFullResync(client *slave, long long offset) { + char buf[128]; + int buflen; + + slave->psync_initial_offset = offset; + slave->replstate = SLAVE_STATE_WAIT_BGSAVE_END; + /* We are going to accumulate the incremental changes for this + * slave as well. Set slaveseldb to -1 in order to force to re-emit + * a SELECT statement in the replication stream. */ + server.slaveseldb = -1; + + /* Don't send this reply to slaves that approached us with + * the old SYNC command. */ + if (!(slave->flags & CLIENT_PRE_PSYNC)) { + buflen = snprintf(buf,sizeof(buf),"+FULLRESYNC %s %lld\r\n", + server.replid,offset); + if (connWrite(slave->conn,buf,buflen) != buflen) { + freeClientAsync(slave); + return C_ERR; + } + } + return C_OK; +} + +/* This function handles the PSYNC command from the point of view of a + * master receiving a request for partial resynchronization. + * + * On success return C_OK, otherwise C_ERR is returned and we proceed + * with the usual full resync. */ +int masterTryPartialResynchronization(client *c, long long psync_offset) { + long long psync_len; + char *master_replid = c->argv[1]->ptr; + char buf[128]; + int buflen; + + /* Is the replication ID of this master the same advertised by the wannabe + * slave via PSYNC? If the replication ID changed this master has a + * different replication history, and there is no way to continue. + * + * Note that there are two potentially valid replication IDs: the ID1 + * and the ID2. The ID2 however is only valid up to a specific offset. */ + if (strcasecmp(master_replid, server.replid) && + (strcasecmp(master_replid, server.replid2) || + psync_offset > server.second_replid_offset)) + { + /* Replid "?" is used by slaves that want to force a full resync. */ + if (master_replid[0] != '?') { + if (strcasecmp(master_replid, server.replid) && + strcasecmp(master_replid, server.replid2)) + { + serverLog(LL_NOTICE,"Partial resynchronization not accepted: " + "Replication ID mismatch (Replica asked for '%s', my " + "replication IDs are '%s' and '%s')", + master_replid, server.replid, server.replid2); + } else { + serverLog(LL_NOTICE,"Partial resynchronization not accepted: " + "Requested offset for second ID was %lld, but I can reply " + "up to %lld", psync_offset, server.second_replid_offset); + } + } else { + serverLog(LL_NOTICE,"Full resync requested by replica %s", + replicationGetSlaveName(c)); + } + goto need_full_resync; + } + + /* We still have the data our slave is asking for? */ + if (!server.repl_backlog || + psync_offset < server.repl_backlog->offset || + psync_offset > (server.repl_backlog->offset + server.repl_backlog->histlen)) + { + serverLog(LL_NOTICE, + "Unable to partial resync with replica %s for lack of backlog (Replica request was: %lld).", replicationGetSlaveName(c), psync_offset); + if (psync_offset > server.master_repl_offset) { + serverLog(LL_WARNING, + "Warning: replica %s tried to PSYNC with an offset that is greater than the master replication offset.", replicationGetSlaveName(c)); + } + goto need_full_resync; + } + + /* If we reached this point, we are able to perform a partial resync: + * 1) Set client state to make it a slave. + * 2) Inform the client we can continue with +CONTINUE + * 3) Send the backlog data (from the offset to the end) to the slave. */ + c->flags |= CLIENT_SLAVE; + c->replstate = SLAVE_STATE_ONLINE; + c->repl_ack_time = server.unixtime; + c->repl_start_cmd_stream_on_ack = 0; + listAddNodeTail(server.slaves,c); + /* We can't use the connection buffers since they are used to accumulate + * new commands at this stage. But we are sure the socket send buffer is + * empty so this write will never fail actually. */ + if (c->slave_capa & SLAVE_CAPA_PSYNC2) { + buflen = snprintf(buf,sizeof(buf),"+CONTINUE %s\r\n", server.replid); + } else { + buflen = snprintf(buf,sizeof(buf),"+CONTINUE\r\n"); + } + if (connWrite(c->conn,buf,buflen) != buflen) { + freeClientAsync(c); + return C_OK; + } + psync_len = addReplyReplicationBacklog(c,psync_offset); + serverLog(LL_NOTICE, + "Partial resynchronization request from %s accepted. Sending %lld bytes of backlog starting from offset %lld.", + replicationGetSlaveName(c), + psync_len, psync_offset); + /* Note that we don't need to set the selected DB at server.slaveseldb + * to -1 to force the master to emit SELECT, since the slave already + * has this state from the previous connection with the master. */ + + refreshGoodSlavesCount(); + + /* Fire the replica change modules event. */ + moduleFireServerEvent(REDISMODULE_EVENT_REPLICA_CHANGE, + REDISMODULE_SUBEVENT_REPLICA_CHANGE_ONLINE, + NULL); + + return C_OK; /* The caller can return, no full resync needed. */ + +need_full_resync: + /* We need a full resync for some reason... Note that we can't + * reply to PSYNC right now if a full SYNC is needed. The reply + * must include the master offset at the time the RDB file we transfer + * is generated, so we need to delay the reply to that moment. */ + return C_ERR; +} + +/* Start a BGSAVE for replication goals, which is, selecting the disk or + * socket target depending on the configuration, and making sure that + * the script cache is flushed before to start. + * + * The mincapa argument is the bitwise AND among all the slaves capabilities + * of the slaves waiting for this BGSAVE, so represents the slave capabilities + * all the slaves support. Can be tested via SLAVE_CAPA_* macros. + * + * Side effects, other than starting a BGSAVE: + * + * 1) Handle the slaves in WAIT_START state, by preparing them for a full + * sync if the BGSAVE was successfully started, or sending them an error + * and dropping them from the list of slaves. + * + * 2) Flush the Lua scripting script cache if the BGSAVE was actually + * started. + * + * Returns C_OK on success or C_ERR otherwise. */ +int startBgsaveForReplication(int mincapa, int req) { + int retval; + int socket_target = 0; + listIter li; + listNode *ln; + + /* We use a socket target if slave can handle the EOF marker and we're configured to do diskless syncs. + * Note that in case we're creating a "filtered" RDB (functions-only, for example) we also force socket replication + * to avoid overwriting the snapshot RDB file with filtered data. */ + socket_target = (server.repl_diskless_sync || req & SLAVE_REQ_RDB_MASK) && (mincapa & SLAVE_CAPA_EOF); + /* `SYNC` should have failed with error if we don't support socket and require a filter, assert this here */ + serverAssert(socket_target || !(req & SLAVE_REQ_RDB_MASK)); + + serverLog(LL_NOTICE,"Starting BGSAVE for SYNC with target: %s", + socket_target ? "replicas sockets" : "disk"); + + rdbSaveInfo rsi, *rsiptr; + rsiptr = rdbPopulateSaveInfo(&rsi); + /* Only do rdbSave* when rsiptr is not NULL, + * otherwise slave will miss repl-stream-db. */ + if (rsiptr) { + if (socket_target) + retval = rdbSaveToSlavesSockets(req,rsiptr); + else + retval = rdbSaveBackground(req,server.rdb_filename,rsiptr); + } else { + serverLog(LL_WARNING,"BGSAVE for replication: replication information not available, can't generate the RDB file right now. Try later."); + retval = C_ERR; + } + + /* If we succeeded to start a BGSAVE with disk target, let's remember + * this fact, so that we can later delete the file if needed. Note + * that we don't set the flag to 1 if the feature is disabled, otherwise + * it would never be cleared: the file is not deleted. This way if + * the user enables it later with CONFIG SET, we are fine. */ + if (retval == C_OK && !socket_target && server.rdb_del_sync_files) + RDBGeneratedByReplication = 1; + + /* If we failed to BGSAVE, remove the slaves waiting for a full + * resynchronization from the list of slaves, inform them with + * an error about what happened, close the connection ASAP. */ + if (retval == C_ERR) { + serverLog(LL_WARNING,"BGSAVE for replication failed"); + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_START) { + slave->replstate = REPL_STATE_NONE; + slave->flags &= ~CLIENT_SLAVE; + listDelNode(server.slaves,ln); + addReplyError(slave, + "BGSAVE failed, replication can't continue"); + slave->flags |= CLIENT_CLOSE_AFTER_REPLY; + } + } + return retval; + } + + /* If the target is socket, rdbSaveToSlavesSockets() already setup + * the slaves for a full resync. Otherwise for disk target do it now.*/ + if (!socket_target) { + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_START) { + /* Check slave has the exact requirements */ + if (slave->slave_req != req) + continue; + replicationSetupSlaveForFullResync(slave, getPsyncInitialOffset()); + } + } + } + + return retval; +} + +/* SYNC and PSYNC command implementation. */ +void syncCommand(client *c) { + /* ignore SYNC if already slave or in monitor mode */ + if (c->flags & CLIENT_SLAVE) return; + + /* Check if this is a failover request to a replica with the same replid and + * become a master if so. */ + if (c->argc > 3 && !strcasecmp(c->argv[0]->ptr,"psync") && + !strcasecmp(c->argv[3]->ptr,"failover")) + { + serverLog(LL_WARNING, "Failover request received for replid %s.", + (unsigned char *)c->argv[1]->ptr); + if (!server.masterhost) { + addReplyError(c, "PSYNC FAILOVER can't be sent to a master."); + return; + } + + if (!strcasecmp(c->argv[1]->ptr,server.replid)) { + replicationUnsetMaster(); + sds client = catClientInfoString(sdsempty(),c); + serverLog(LL_NOTICE, + "MASTER MODE enabled (failover request from '%s')",client); + sdsfree(client); + } else { + addReplyError(c, "PSYNC FAILOVER replid must match my replid."); + return; + } + } + + /* Don't let replicas sync with us while we're failing over */ + if (server.failover_state != NO_FAILOVER) { + addReplyError(c,"-NOMASTERLINK Can't SYNC while failing over"); + return; + } + + /* Refuse SYNC requests if we are a slave but the link with our master + * is not ok... */ + if (server.masterhost && server.repl_state != REPL_STATE_CONNECTED) { + addReplyError(c,"-NOMASTERLINK Can't SYNC while not connected with my master"); + return; + } + + /* SYNC can't be issued when the server has pending data to send to + * the client about already issued commands. We need a fresh reply + * buffer registering the differences between the BGSAVE and the current + * dataset, so that we can copy to other slaves if needed. */ + if (clientHasPendingReplies(c)) { + addReplyError(c,"SYNC and PSYNC are invalid with pending output"); + return; + } + + /* Fail sync if slave doesn't support EOF capability but wants a filtered RDB. This is because we force filtered + * RDB's to be generated over a socket and not through a file to avoid conflicts with the snapshot files. Forcing + * use of a socket is handled, if needed, in `startBgsaveForReplication`. */ + if (c->slave_req & SLAVE_REQ_RDB_MASK && !(c->slave_capa & SLAVE_CAPA_EOF)) { + addReplyError(c,"Filtered replica requires EOF capability"); + return; + } + + serverLog(LL_NOTICE,"Replica %s asks for synchronization", + replicationGetSlaveName(c)); + + /* Try a partial resynchronization if this is a PSYNC command. + * If it fails, we continue with usual full resynchronization, however + * when this happens replicationSetupSlaveForFullResync will replied + * with: + * + * +FULLRESYNC <replid> <offset> + * + * So the slave knows the new replid and offset to try a PSYNC later + * if the connection with the master is lost. */ + if (!strcasecmp(c->argv[0]->ptr,"psync")) { + long long psync_offset; + if (getLongLongFromObjectOrReply(c, c->argv[2], &psync_offset, NULL) != C_OK) { + serverLog(LL_WARNING, "Replica %s asks for synchronization but with a wrong offset", + replicationGetSlaveName(c)); + return; + } + + if (masterTryPartialResynchronization(c, psync_offset) == C_OK) { + server.stat_sync_partial_ok++; + return; /* No full resync needed, return. */ + } else { + char *master_replid = c->argv[1]->ptr; + + /* Increment stats for failed PSYNCs, but only if the + * replid is not "?", as this is used by slaves to force a full + * resync on purpose when they are not able to partially + * resync. */ + if (master_replid[0] != '?') server.stat_sync_partial_err++; + } + } else { + /* If a slave uses SYNC, we are dealing with an old implementation + * of the replication protocol (like redis-cli --slave). Flag the client + * so that we don't expect to receive REPLCONF ACK feedbacks. */ + c->flags |= CLIENT_PRE_PSYNC; + } + + /* Full resynchronization. */ + server.stat_sync_full++; + + /* Setup the slave as one waiting for BGSAVE to start. The following code + * paths will change the state if we handle the slave differently. */ + c->replstate = SLAVE_STATE_WAIT_BGSAVE_START; + if (server.repl_disable_tcp_nodelay) + connDisableTcpNoDelay(c->conn); /* Non critical if it fails. */ + c->repldbfd = -1; + c->flags |= CLIENT_SLAVE; + listAddNodeTail(server.slaves,c); + + /* Create the replication backlog if needed. */ + if (listLength(server.slaves) == 1 && server.repl_backlog == NULL) { + /* When we create the backlog from scratch, we always use a new + * replication ID and clear the ID2, since there is no valid + * past history. */ + changeReplicationId(); + clearReplicationId2(); + createReplicationBacklog(); + serverLog(LL_NOTICE,"Replication backlog created, my new " + "replication IDs are '%s' and '%s'", + server.replid, server.replid2); + } + + /* CASE 1: BGSAVE is in progress, with disk target. */ + if (server.child_type == CHILD_TYPE_RDB && + server.rdb_child_type == RDB_CHILD_TYPE_DISK) + { + /* Ok a background save is in progress. Let's check if it is a good + * one for replication, i.e. if there is another slave that is + * registering differences since the server forked to save. */ + client *slave; + listNode *ln; + listIter li; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + slave = ln->value; + /* If the client needs a buffer of commands, we can't use + * a replica without replication buffer. */ + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_END && + (!(slave->flags & CLIENT_REPL_RDBONLY) || + (c->flags & CLIENT_REPL_RDBONLY))) + break; + } + /* To attach this slave, we check that it has at least all the + * capabilities of the slave that triggered the current BGSAVE + * and its exact requirements. */ + if (ln && ((c->slave_capa & slave->slave_capa) == slave->slave_capa) && + c->slave_req == slave->slave_req) { + /* Perfect, the server is already registering differences for + * another slave. Set the right state, and copy the buffer. + * We don't copy buffer if clients don't want. */ + if (!(c->flags & CLIENT_REPL_RDBONLY)) + copyReplicaOutputBuffer(c,slave); + replicationSetupSlaveForFullResync(c,slave->psync_initial_offset); + serverLog(LL_NOTICE,"Waiting for end of BGSAVE for SYNC"); + } else { + /* No way, we need to wait for the next BGSAVE in order to + * register differences. */ + serverLog(LL_NOTICE,"Can't attach the replica to the current BGSAVE. Waiting for next BGSAVE for SYNC"); + } + + /* CASE 2: BGSAVE is in progress, with socket target. */ + } else if (server.child_type == CHILD_TYPE_RDB && + server.rdb_child_type == RDB_CHILD_TYPE_SOCKET) + { + /* There is an RDB child process but it is writing directly to + * children sockets. We need to wait for the next BGSAVE + * in order to synchronize. */ + serverLog(LL_NOTICE,"Current BGSAVE has socket target. Waiting for next BGSAVE for SYNC"); + + /* CASE 3: There is no BGSAVE is in progress. */ + } else { + if (server.repl_diskless_sync && (c->slave_capa & SLAVE_CAPA_EOF) && + server.repl_diskless_sync_delay) + { + /* Diskless replication RDB child is created inside + * replicationCron() since we want to delay its start a + * few seconds to wait for more slaves to arrive. */ + serverLog(LL_NOTICE,"Delay next BGSAVE for diskless SYNC"); + } else { + /* We don't have a BGSAVE in progress, let's start one. Diskless + * or disk-based mode is determined by replica's capacity. */ + if (!hasActiveChildProcess()) { + startBgsaveForReplication(c->slave_capa, c->slave_req); + } else { + serverLog(LL_NOTICE, + "No BGSAVE in progress, but another BG operation is active. " + "BGSAVE for replication delayed"); + } + } + } + return; +} + +/* REPLCONF <option> <value> <option> <value> ... + * This command is used by a replica in order to configure the replication + * process before starting it with the SYNC command. + * This command is also used by a master in order to get the replication + * offset from a replica. + * + * Currently we support these options: + * + * - listening-port <port> + * - ip-address <ip> + * What is the listening ip and port of the Replica redis instance, so that + * the master can accurately lists replicas and their listening ports in the + * INFO output. + * + * - capa <eof|psync2> + * What is the capabilities of this instance. + * eof: supports EOF-style RDB transfer for diskless replication. + * psync2: supports PSYNC v2, so understands +CONTINUE <new repl ID>. + * + * - ack <offset> + * Replica informs the master the amount of replication stream that it + * processed so far. + * + * - getack + * Unlike other subcommands, this is used by master to get the replication + * offset from a replica. + * + * - rdb-only <0|1> + * Only wants RDB snapshot without replication buffer. + * + * - rdb-filter-only <include-filters> + * Define "include" filters for the RDB snapshot. Currently we only support + * a single include filter: "functions". Passing an empty string "" will + * result in an empty RDB. */ +void replconfCommand(client *c) { + int j; + + if ((c->argc % 2) == 0) { + /* Number of arguments must be odd to make sure that every + * option has a corresponding value. */ + addReplyErrorObject(c,shared.syntaxerr); + return; + } + + /* Process every option-value pair. */ + for (j = 1; j < c->argc; j+=2) { + if (!strcasecmp(c->argv[j]->ptr,"listening-port")) { + long port; + + if ((getLongFromObjectOrReply(c,c->argv[j+1], + &port,NULL) != C_OK)) + return; + c->slave_listening_port = port; + } else if (!strcasecmp(c->argv[j]->ptr,"ip-address")) { + sds addr = c->argv[j+1]->ptr; + if (sdslen(addr) < NET_HOST_STR_LEN) { + if (c->slave_addr) sdsfree(c->slave_addr); + c->slave_addr = sdsdup(addr); + } else { + addReplyErrorFormat(c,"REPLCONF ip-address provided by " + "replica instance is too long: %zd bytes", sdslen(addr)); + return; + } + } else if (!strcasecmp(c->argv[j]->ptr,"capa")) { + /* Ignore capabilities not understood by this master. */ + if (!strcasecmp(c->argv[j+1]->ptr,"eof")) + c->slave_capa |= SLAVE_CAPA_EOF; + else if (!strcasecmp(c->argv[j+1]->ptr,"psync2")) + c->slave_capa |= SLAVE_CAPA_PSYNC2; + } else if (!strcasecmp(c->argv[j]->ptr,"ack")) { + /* REPLCONF ACK is used by slave to inform the master the amount + * of replication stream that it processed so far. It is an + * internal only command that normal clients should never use. */ + long long offset; + + if (!(c->flags & CLIENT_SLAVE)) return; + if ((getLongLongFromObject(c->argv[j+1], &offset) != C_OK)) + return; + if (offset > c->repl_ack_off) + c->repl_ack_off = offset; + c->repl_ack_time = server.unixtime; + /* If this was a diskless replication, we need to really put + * the slave online when the first ACK is received (which + * confirms slave is online and ready to get more data). This + * allows for simpler and less CPU intensive EOF detection + * when streaming RDB files. + * There's a chance the ACK got to us before we detected that the + * bgsave is done (since that depends on cron ticks), so run a + * quick check first (instead of waiting for the next ACK. */ + if (server.child_type == CHILD_TYPE_RDB && c->replstate == SLAVE_STATE_WAIT_BGSAVE_END) + checkChildrenDone(); + if (c->repl_start_cmd_stream_on_ack && c->replstate == SLAVE_STATE_ONLINE) + replicaStartCommandStream(c); + /* Note: this command does not reply anything! */ + return; + } else if (!strcasecmp(c->argv[j]->ptr,"getack")) { + /* REPLCONF GETACK is used in order to request an ACK ASAP + * to the slave. */ + if (server.masterhost && server.master) replicationSendAck(); + return; + } else if (!strcasecmp(c->argv[j]->ptr,"rdb-only")) { + /* REPLCONF RDB-ONLY is used to identify the client only wants + * RDB snapshot without replication buffer. */ + long rdb_only = 0; + if (getRangeLongFromObjectOrReply(c,c->argv[j+1], + 0,1,&rdb_only,NULL) != C_OK) + return; + if (rdb_only == 1) c->flags |= CLIENT_REPL_RDBONLY; + else c->flags &= ~CLIENT_REPL_RDBONLY; + } else if (!strcasecmp(c->argv[j]->ptr,"rdb-filter-only")) { + /* REPLCONFG RDB-FILTER-ONLY is used to define "include" filters + * for the RDB snapshot. Currently we only support a single + * include filter: "functions". In the future we may want to add + * other filters like key patterns, key types, non-volatile, module + * aux fields, ... + * We might want to add the complementing "RDB-FILTER-EXCLUDE" to + * filter out certain data. */ + int filter_count, i; + sds *filters; + if (!(filters = sdssplitargs(c->argv[j+1]->ptr, &filter_count))) { + addReplyErrorFormat(c, "Missing rdb-filter-only values"); + return; + } + /* By default filter out all parts of the rdb */ + c->slave_req |= SLAVE_REQ_RDB_EXCLUDE_DATA; + c->slave_req |= SLAVE_REQ_RDB_EXCLUDE_FUNCTIONS; + for (i = 0; i < filter_count; i++) { + if (!strcasecmp(filters[i], "functions")) + c->slave_req &= ~SLAVE_REQ_RDB_EXCLUDE_FUNCTIONS; + else { + addReplyErrorFormat(c, "Unsupported rdb-filter-only option: %s", (char*)filters[i]); + sdsfreesplitres(filters, filter_count); + return; + } + } + sdsfreesplitres(filters, filter_count); + } else { + addReplyErrorFormat(c,"Unrecognized REPLCONF option: %s", + (char*)c->argv[j]->ptr); + return; + } + } + addReply(c,shared.ok); +} + +/* This function puts a replica in the online state, and should be called just + * after a replica received the RDB file for the initial synchronization. + * + * It does a few things: + * 1) Put the slave in ONLINE state. + * 2) Update the count of "good replicas". + * 3) Trigger the module event. + * + * the return value indicates that the replica should be disconnected. + * */ +int replicaPutOnline(client *slave) { + if (slave->flags & CLIENT_REPL_RDBONLY) { + slave->replstate = SLAVE_STATE_RDB_TRANSMITTED; + /* The client asked for RDB only so we should close it ASAP */ + serverLog(LL_NOTICE, + "RDB transfer completed, rdb only replica (%s) should be disconnected asap", + replicationGetSlaveName(slave)); + return 0; + } + slave->replstate = SLAVE_STATE_ONLINE; + slave->repl_ack_time = server.unixtime; /* Prevent false timeout. */ + + refreshGoodSlavesCount(); + /* Fire the replica change modules event. */ + moduleFireServerEvent(REDISMODULE_EVENT_REPLICA_CHANGE, + REDISMODULE_SUBEVENT_REPLICA_CHANGE_ONLINE, + NULL); + serverLog(LL_NOTICE,"Synchronization with replica %s succeeded", + replicationGetSlaveName(slave)); + return 1; +} + +/* This function should be called just after a replica received the RDB file + * for the initial synchronization, and we are finally ready to send the + * incremental stream of commands. + * + * It does a few things: + * 1) Close the replica's connection async if it doesn't need replication + * commands buffer stream, since it actually isn't a valid replica. + * 2) Make sure the writable event is re-installed, since when calling the SYNC + * command we had no replies and it was disabled, and then we could + * accumulate output buffer data without sending it to the replica so it + * won't get mixed with the RDB stream. */ +void replicaStartCommandStream(client *slave) { + serverAssert(!(slave->flags & CLIENT_REPL_RDBONLY)); + slave->repl_start_cmd_stream_on_ack = 0; + + putClientInPendingWriteQueue(slave); +} + +/* We call this function periodically to remove an RDB file that was + * generated because of replication, in an instance that is otherwise + * without any persistence. We don't want instances without persistence + * to take RDB files around, this violates certain policies in certain + * environments. */ +void removeRDBUsedToSyncReplicas(void) { + /* If the feature is disabled, return ASAP but also clear the + * RDBGeneratedByReplication flag in case it was set. Otherwise if the + * feature was enabled, but gets disabled later with CONFIG SET, the + * flag may remain set to one: then next time the feature is re-enabled + * via CONFIG SET we have it set even if no RDB was generated + * because of replication recently. */ + if (!server.rdb_del_sync_files) { + RDBGeneratedByReplication = 0; + return; + } + + if (allPersistenceDisabled() && RDBGeneratedByReplication) { + client *slave; + listNode *ln; + listIter li; + + int delrdb = 1; + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + slave = ln->value; + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_START || + slave->replstate == SLAVE_STATE_WAIT_BGSAVE_END || + slave->replstate == SLAVE_STATE_SEND_BULK) + { + delrdb = 0; + break; /* No need to check the other replicas. */ + } + } + if (delrdb) { + struct stat sb; + if (lstat(server.rdb_filename,&sb) != -1) { + RDBGeneratedByReplication = 0; + serverLog(LL_NOTICE, + "Removing the RDB file used to feed replicas " + "in a persistence-less instance"); + bg_unlink(server.rdb_filename); + } + } + } +} + +void sendBulkToSlave(connection *conn) { + client *slave = connGetPrivateData(conn); + char buf[PROTO_IOBUF_LEN]; + ssize_t nwritten, buflen; + + /* Before sending the RDB file, we send the preamble as configured by the + * replication process. Currently the preamble is just the bulk count of + * the file in the form "$<length>\r\n". */ + if (slave->replpreamble) { + nwritten = connWrite(conn,slave->replpreamble,sdslen(slave->replpreamble)); + if (nwritten == -1) { + serverLog(LL_WARNING, + "Write error sending RDB preamble to replica: %s", + connGetLastError(conn)); + freeClient(slave); + return; + } + atomicIncr(server.stat_net_repl_output_bytes, nwritten); + sdsrange(slave->replpreamble,nwritten,-1); + if (sdslen(slave->replpreamble) == 0) { + sdsfree(slave->replpreamble); + slave->replpreamble = NULL; + /* fall through sending data. */ + } else { + return; + } + } + + /* If the preamble was already transferred, send the RDB bulk data. */ + lseek(slave->repldbfd,slave->repldboff,SEEK_SET); + buflen = read(slave->repldbfd,buf,PROTO_IOBUF_LEN); + if (buflen <= 0) { + serverLog(LL_WARNING,"Read error sending DB to replica: %s", + (buflen == 0) ? "premature EOF" : strerror(errno)); + freeClient(slave); + return; + } + if ((nwritten = connWrite(conn,buf,buflen)) == -1) { + if (connGetState(conn) != CONN_STATE_CONNECTED) { + serverLog(LL_WARNING,"Write error sending DB to replica: %s", + connGetLastError(conn)); + freeClient(slave); + } + return; + } + slave->repldboff += nwritten; + atomicIncr(server.stat_net_repl_output_bytes, nwritten); + if (slave->repldboff == slave->repldbsize) { + close(slave->repldbfd); + slave->repldbfd = -1; + connSetWriteHandler(slave->conn,NULL); + if (!replicaPutOnline(slave)) { + freeClient(slave); + return; + } + replicaStartCommandStream(slave); + } +} + +/* Remove one write handler from the list of connections waiting to be writable + * during rdb pipe transfer. */ +void rdbPipeWriteHandlerConnRemoved(struct connection *conn) { + if (!connHasWriteHandler(conn)) + return; + connSetWriteHandler(conn, NULL); + client *slave = connGetPrivateData(conn); + slave->repl_last_partial_write = 0; + server.rdb_pipe_numconns_writing--; + /* if there are no more writes for now for this conn, or write error: */ + if (server.rdb_pipe_numconns_writing == 0) { + if (aeCreateFileEvent(server.el, server.rdb_pipe_read, AE_READABLE, rdbPipeReadHandler,NULL) == AE_ERR) { + serverPanic("Unrecoverable error creating server.rdb_pipe_read file event."); + } + } +} + +/* Called in diskless master during transfer of data from the rdb pipe, when + * the replica becomes writable again. */ +void rdbPipeWriteHandler(struct connection *conn) { + serverAssert(server.rdb_pipe_bufflen>0); + client *slave = connGetPrivateData(conn); + ssize_t nwritten; + if ((nwritten = connWrite(conn, server.rdb_pipe_buff + slave->repldboff, + server.rdb_pipe_bufflen - slave->repldboff)) == -1) + { + if (connGetState(conn) == CONN_STATE_CONNECTED) + return; /* equivalent to EAGAIN */ + serverLog(LL_WARNING,"Write error sending DB to replica: %s", + connGetLastError(conn)); + freeClient(slave); + return; + } else { + slave->repldboff += nwritten; + atomicIncr(server.stat_net_repl_output_bytes, nwritten); + if (slave->repldboff < server.rdb_pipe_bufflen) { + slave->repl_last_partial_write = server.unixtime; + return; /* more data to write.. */ + } + } + rdbPipeWriteHandlerConnRemoved(conn); +} + +/* Called in diskless master, when there's data to read from the child's rdb pipe */ +void rdbPipeReadHandler(struct aeEventLoop *eventLoop, int fd, void *clientData, int mask) { + UNUSED(mask); + UNUSED(clientData); + UNUSED(eventLoop); + int i; + if (!server.rdb_pipe_buff) + server.rdb_pipe_buff = zmalloc(PROTO_IOBUF_LEN); + serverAssert(server.rdb_pipe_numconns_writing==0); + + while (1) { + server.rdb_pipe_bufflen = read(fd, server.rdb_pipe_buff, PROTO_IOBUF_LEN); + if (server.rdb_pipe_bufflen < 0) { + if (errno == EAGAIN || errno == EWOULDBLOCK) + return; + serverLog(LL_WARNING,"Diskless rdb transfer, read error sending DB to replicas: %s", strerror(errno)); + for (i=0; i < server.rdb_pipe_numconns; i++) { + connection *conn = server.rdb_pipe_conns[i]; + if (!conn) + continue; + client *slave = connGetPrivateData(conn); + freeClient(slave); + server.rdb_pipe_conns[i] = NULL; + } + killRDBChild(); + return; + } + + if (server.rdb_pipe_bufflen == 0) { + /* EOF - write end was closed. */ + int stillUp = 0; + aeDeleteFileEvent(server.el, server.rdb_pipe_read, AE_READABLE); + for (i=0; i < server.rdb_pipe_numconns; i++) + { + connection *conn = server.rdb_pipe_conns[i]; + if (!conn) + continue; + stillUp++; + } + serverLog(LL_WARNING,"Diskless rdb transfer, done reading from pipe, %d replicas still up.", stillUp); + /* Now that the replicas have finished reading, notify the child that it's safe to exit. + * When the server detects the child has exited, it can mark the replica as online, and + * start streaming the replication buffers. */ + close(server.rdb_child_exit_pipe); + server.rdb_child_exit_pipe = -1; + return; + } + + int stillAlive = 0; + for (i=0; i < server.rdb_pipe_numconns; i++) + { + ssize_t nwritten; + connection *conn = server.rdb_pipe_conns[i]; + if (!conn) + continue; + + client *slave = connGetPrivateData(conn); + if ((nwritten = connWrite(conn, server.rdb_pipe_buff, server.rdb_pipe_bufflen)) == -1) { + if (connGetState(conn) != CONN_STATE_CONNECTED) { + serverLog(LL_WARNING,"Diskless rdb transfer, write error sending DB to replica: %s", + connGetLastError(conn)); + freeClient(slave); + server.rdb_pipe_conns[i] = NULL; + continue; + } + /* An error and still in connected state, is equivalent to EAGAIN */ + slave->repldboff = 0; + } else { + /* Note: when use diskless replication, 'repldboff' is the offset + * of 'rdb_pipe_buff' sent rather than the offset of entire RDB. */ + slave->repldboff = nwritten; + atomicIncr(server.stat_net_repl_output_bytes, nwritten); + } + /* If we were unable to write all the data to one of the replicas, + * setup write handler (and disable pipe read handler, below) */ + if (nwritten != server.rdb_pipe_bufflen) { + slave->repl_last_partial_write = server.unixtime; + server.rdb_pipe_numconns_writing++; + connSetWriteHandler(conn, rdbPipeWriteHandler); + } + stillAlive++; + } + + if (stillAlive == 0) { + serverLog(LL_WARNING,"Diskless rdb transfer, last replica dropped, killing fork child."); + killRDBChild(); + } + /* Remove the pipe read handler if at least one write handler was set. */ + if (server.rdb_pipe_numconns_writing || stillAlive == 0) { + aeDeleteFileEvent(server.el, server.rdb_pipe_read, AE_READABLE); + break; + } + } +} + +/* This function is called at the end of every background saving. + * + * The argument bgsaveerr is C_OK if the background saving succeeded + * otherwise C_ERR is passed to the function. + * The 'type' argument is the type of the child that terminated + * (if it had a disk or socket target). */ +void updateSlavesWaitingBgsave(int bgsaveerr, int type) { + listNode *ln; + listIter li; + + /* Note: there's a chance we got here from within the REPLCONF ACK command + * so we must avoid using freeClient, otherwise we'll crash on our way up. */ + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_END) { + struct redis_stat buf; + + if (bgsaveerr != C_OK) { + freeClientAsync(slave); + serverLog(LL_WARNING,"SYNC failed. BGSAVE child returned an error"); + continue; + } + + /* If this was an RDB on disk save, we have to prepare to send + * the RDB from disk to the slave socket. Otherwise if this was + * already an RDB -> Slaves socket transfer, used in the case of + * diskless replication, our work is trivial, we can just put + * the slave online. */ + if (type == RDB_CHILD_TYPE_SOCKET) { + serverLog(LL_NOTICE, + "Streamed RDB transfer with replica %s succeeded (socket). Waiting for REPLCONF ACK from slave to enable streaming", + replicationGetSlaveName(slave)); + /* Note: we wait for a REPLCONF ACK message from the replica in + * order to really put it online (install the write handler + * so that the accumulated data can be transferred). However + * we change the replication state ASAP, since our slave + * is technically online now. + * + * So things work like that: + * + * 1. We end transferring the RDB file via socket. + * 2. The replica is put ONLINE but the write handler + * is not installed. + * 3. The replica however goes really online, and pings us + * back via REPLCONF ACK commands. + * 4. Now we finally install the write handler, and send + * the buffers accumulated so far to the replica. + * + * But why we do that? Because the replica, when we stream + * the RDB directly via the socket, must detect the RDB + * EOF (end of file), that is a special random string at the + * end of the RDB (for streamed RDBs we don't know the length + * in advance). Detecting such final EOF string is much + * simpler and less CPU intensive if no more data is sent + * after such final EOF. So we don't want to glue the end of + * the RDB transfer with the start of the other replication + * data. */ + if (!replicaPutOnline(slave)) { + freeClientAsync(slave); + continue; + } + slave->repl_start_cmd_stream_on_ack = 1; + } else { + if ((slave->repldbfd = open(server.rdb_filename,O_RDONLY)) == -1 || + redis_fstat(slave->repldbfd,&buf) == -1) { + freeClientAsync(slave); + serverLog(LL_WARNING,"SYNC failed. Can't open/stat DB after BGSAVE: %s", strerror(errno)); + continue; + } + slave->repldboff = 0; + slave->repldbsize = buf.st_size; + slave->replstate = SLAVE_STATE_SEND_BULK; + slave->replpreamble = sdscatprintf(sdsempty(),"$%lld\r\n", + (unsigned long long) slave->repldbsize); + + connSetWriteHandler(slave->conn,NULL); + if (connSetWriteHandler(slave->conn,sendBulkToSlave) == C_ERR) { + freeClientAsync(slave); + continue; + } + } + } + } +} + +/* Change the current instance replication ID with a new, random one. + * This will prevent successful PSYNCs between this master and other + * slaves, so the command should be called when something happens that + * alters the current story of the dataset. */ +void changeReplicationId(void) { + getRandomHexChars(server.replid,CONFIG_RUN_ID_SIZE); + server.replid[CONFIG_RUN_ID_SIZE] = '\0'; +} + +/* Clear (invalidate) the secondary replication ID. This happens, for + * example, after a full resynchronization, when we start a new replication + * history. */ +void clearReplicationId2(void) { + memset(server.replid2,'0',sizeof(server.replid)); + server.replid2[CONFIG_RUN_ID_SIZE] = '\0'; + server.second_replid_offset = -1; +} + +/* Use the current replication ID / offset as secondary replication + * ID, and change the current one in order to start a new history. + * This should be used when an instance is switched from slave to master + * so that it can serve PSYNC requests performed using the master + * replication ID. */ +void shiftReplicationId(void) { + memcpy(server.replid2,server.replid,sizeof(server.replid)); + /* We set the second replid offset to the master offset + 1, since + * the slave will ask for the first byte it has not yet received, so + * we need to add one to the offset: for example if, as a slave, we are + * sure we have the same history as the master for 50 bytes, after we + * are turned into a master, we can accept a PSYNC request with offset + * 51, since the slave asking has the same history up to the 50th + * byte, and is asking for the new bytes starting at offset 51. */ + server.second_replid_offset = server.master_repl_offset+1; + changeReplicationId(); + serverLog(LL_WARNING,"Setting secondary replication ID to %s, valid up to offset: %lld. New replication ID is %s", server.replid2, server.second_replid_offset, server.replid); +} + +/* ----------------------------------- SLAVE -------------------------------- */ + +/* Returns 1 if the given replication state is a handshake state, + * 0 otherwise. */ +int slaveIsInHandshakeState(void) { + return server.repl_state >= REPL_STATE_RECEIVE_PING_REPLY && + server.repl_state <= REPL_STATE_RECEIVE_PSYNC_REPLY; +} + +/* Avoid the master to detect the slave is timing out while loading the + * RDB file in initial synchronization. We send a single newline character + * that is valid protocol but is guaranteed to either be sent entirely or + * not, since the byte is indivisible. + * + * The function is called in two contexts: while we flush the current + * data with emptyDb(), and while we load the new data received as an + * RDB file from the master. */ +void replicationSendNewlineToMaster(void) { + static time_t newline_sent; + if (time(NULL) != newline_sent) { + newline_sent = time(NULL); + /* Pinging back in this stage is best-effort. */ + if (server.repl_transfer_s) connWrite(server.repl_transfer_s, "\n", 1); + } +} + +/* Callback used by emptyDb() while flushing away old data to load + * the new dataset received by the master and by discardTempDb() + * after loading succeeded or failed. */ +void replicationEmptyDbCallback(dict *d) { + UNUSED(d); + if (server.repl_state == REPL_STATE_TRANSFER) + replicationSendNewlineToMaster(); +} + +/* Once we have a link with the master and the synchronization was + * performed, this function materializes the master client we store + * at server.master, starting from the specified file descriptor. */ +void replicationCreateMasterClient(connection *conn, int dbid) { + server.master = createClient(conn); + if (conn) + connSetReadHandler(server.master->conn, readQueryFromClient); + + /** +   * Important note: +   * The CLIENT_DENY_BLOCKING flag is not, and should not, be set here. +   * For commands like BLPOP, it makes no sense to block the master +   * connection, and such blocking attempt will probably cause deadlock and +   * break the replication. We consider such a thing as a bug because +  * commands as BLPOP should never be sent on the replication link. +   * A possible use-case for blocking the replication link is if a module wants +   * to pass the execution to a background thread and unblock after the +   * execution is done. This is the reason why we allow blocking the replication +   * connection. */ + server.master->flags |= CLIENT_MASTER; + + server.master->authenticated = 1; + server.master->reploff = server.master_initial_offset; + server.master->read_reploff = server.master->reploff; + server.master->user = NULL; /* This client can do everything. */ + memcpy(server.master->replid, server.master_replid, + sizeof(server.master_replid)); + /* If master offset is set to -1, this master is old and is not + * PSYNC capable, so we flag it accordingly. */ + if (server.master->reploff == -1) + server.master->flags |= CLIENT_PRE_PSYNC; + if (dbid != -1) selectDb(server.master,dbid); +} + +/* This function will try to re-enable the AOF file after the + * master-replica synchronization: if it fails after multiple attempts + * the replica cannot be considered reliable and exists with an + * error. */ +void restartAOFAfterSYNC() { + unsigned int tries, max_tries = 10; + for (tries = 0; tries < max_tries; ++tries) { + if (startAppendOnly() == C_OK) break; + serverLog(LL_WARNING, + "Failed enabling the AOF after successful master synchronization! " + "Trying it again in one second."); + sleep(1); + } + if (tries == max_tries) { + serverLog(LL_WARNING, + "FATAL: this replica instance finished the synchronization with " + "its master, but the AOF can't be turned on. Exiting now."); + exit(1); + } +} + +static int useDisklessLoad() { + /* compute boolean decision to use diskless load */ + int enabled = server.repl_diskless_load == REPL_DISKLESS_LOAD_SWAPDB || + (server.repl_diskless_load == REPL_DISKLESS_LOAD_WHEN_DB_EMPTY && dbTotalServerKeyCount()==0); + + if (enabled) { + /* Check all modules handle read errors, otherwise it's not safe to use diskless load. */ + if (!moduleAllDatatypesHandleErrors()) { + serverLog(LL_WARNING, + "Skipping diskless-load because there are modules that don't handle read errors."); + enabled = 0; + } + /* Check all modules handle async replication, otherwise it's not safe to use diskless load. */ + else if (server.repl_diskless_load == REPL_DISKLESS_LOAD_SWAPDB && !moduleAllModulesHandleReplAsyncLoad()) { + serverLog(LL_WARNING, + "Skipping diskless-load because there are modules that are not aware of async replication."); + enabled = 0; + } + } + return enabled; +} + +/* Helper function for readSyncBulkPayload() to initialize tempDb + * before socket-loading the new db from master. The tempDb may be populated + * by swapMainDbWithTempDb or freed by disklessLoadDiscardTempDb later. */ +redisDb *disklessLoadInitTempDb(void) { + return initTempDb(); +} + +/* Helper function for readSyncBulkPayload() to discard our tempDb + * when the loading succeeded or failed. */ +void disklessLoadDiscardTempDb(redisDb *tempDb) { + discardTempDb(tempDb, replicationEmptyDbCallback); +} + +/* If we know we got an entirely different data set from our master + * we have no way to incrementally feed our replicas after that. + * We want our replicas to resync with us as well, if we have any sub-replicas. + * This is useful on readSyncBulkPayload in places where we just finished transferring db. */ +void replicationAttachToNewMaster() { + /* Replica starts to apply data from new master, we must discard the cached + * master structure. */ + serverAssert(server.master == NULL); + replicationDiscardCachedMaster(); + + disconnectSlaves(); /* Force our replicas to resync with us as well. */ + freeReplicationBacklog(); /* Don't allow our chained replicas to PSYNC. */ +} + +/* Asynchronously read the SYNC payload we receive from a master */ +#define REPL_MAX_WRITTEN_BEFORE_FSYNC (1024*1024*8) /* 8 MB */ +void readSyncBulkPayload(connection *conn) { + char buf[PROTO_IOBUF_LEN]; + ssize_t nread, readlen, nwritten; + int use_diskless_load = useDisklessLoad(); + redisDb *diskless_load_tempDb = NULL; + functionsLibCtx* temp_functions_lib_ctx = NULL; + int empty_db_flags = server.repl_slave_lazy_flush ? EMPTYDB_ASYNC : + EMPTYDB_NO_FLAGS; + off_t left; + + /* Static vars used to hold the EOF mark, and the last bytes received + * from the server: when they match, we reached the end of the transfer. */ + static char eofmark[CONFIG_RUN_ID_SIZE]; + static char lastbytes[CONFIG_RUN_ID_SIZE]; + static int usemark = 0; + + /* If repl_transfer_size == -1 we still have to read the bulk length + * from the master reply. */ + if (server.repl_transfer_size == -1) { + nread = connSyncReadLine(conn,buf,1024,server.repl_syncio_timeout*1000); + if (nread == -1) { + serverLog(LL_WARNING, + "I/O error reading bulk count from MASTER: %s", + connGetLastError(conn)); + goto error; + } else { + /* nread here is returned by connSyncReadLine(), which calls syncReadLine() and + * convert "\r\n" to '\0' so 1 byte is lost. */ + atomicIncr(server.stat_net_repl_input_bytes, nread+1); + } + + if (buf[0] == '-') { + serverLog(LL_WARNING, + "MASTER aborted replication with an error: %s", + buf+1); + goto error; + } else if (buf[0] == '\0') { + /* At this stage just a newline works as a PING in order to take + * the connection live. So we refresh our last interaction + * timestamp. */ + server.repl_transfer_lastio = server.unixtime; + return; + } else if (buf[0] != '$') { + serverLog(LL_WARNING,"Bad protocol from MASTER, the first byte is not '$' (we received '%s'), are you sure the host and port are right?", buf); + goto error; + } + + /* There are two possible forms for the bulk payload. One is the + * usual $<count> bulk format. The other is used for diskless transfers + * when the master does not know beforehand the size of the file to + * transfer. In the latter case, the following format is used: + * + * $EOF:<40 bytes delimiter> + * + * At the end of the file the announced delimiter is transmitted. The + * delimiter is long and random enough that the probability of a + * collision with the actual file content can be ignored. */ + if (strncmp(buf+1,"EOF:",4) == 0 && strlen(buf+5) >= CONFIG_RUN_ID_SIZE) { + usemark = 1; + memcpy(eofmark,buf+5,CONFIG_RUN_ID_SIZE); + memset(lastbytes,0,CONFIG_RUN_ID_SIZE); + /* Set any repl_transfer_size to avoid entering this code path + * at the next call. */ + server.repl_transfer_size = 0; + serverLog(LL_NOTICE, + "MASTER <-> REPLICA sync: receiving streamed RDB from master with EOF %s", + use_diskless_load? "to parser":"to disk"); + } else { + usemark = 0; + server.repl_transfer_size = strtol(buf+1,NULL,10); + serverLog(LL_NOTICE, + "MASTER <-> REPLICA sync: receiving %lld bytes from master %s", + (long long) server.repl_transfer_size, + use_diskless_load? "to parser":"to disk"); + } + return; + } + + if (!use_diskless_load) { + /* Read the data from the socket, store it to a file and search + * for the EOF. */ + if (usemark) { + readlen = sizeof(buf); + } else { + left = server.repl_transfer_size - server.repl_transfer_read; + readlen = (left < (signed)sizeof(buf)) ? left : (signed)sizeof(buf); + } + + nread = connRead(conn,buf,readlen); + if (nread <= 0) { + if (connGetState(conn) == CONN_STATE_CONNECTED) { + /* equivalent to EAGAIN */ + return; + } + serverLog(LL_WARNING,"I/O error trying to sync with MASTER: %s", + (nread == -1) ? connGetLastError(conn) : "connection lost"); + cancelReplicationHandshake(1); + return; + } + atomicIncr(server.stat_net_repl_input_bytes, nread); + + /* When a mark is used, we want to detect EOF asap in order to avoid + * writing the EOF mark into the file... */ + int eof_reached = 0; + + if (usemark) { + /* Update the last bytes array, and check if it matches our + * delimiter. */ + if (nread >= CONFIG_RUN_ID_SIZE) { + memcpy(lastbytes,buf+nread-CONFIG_RUN_ID_SIZE, + CONFIG_RUN_ID_SIZE); + } else { + int rem = CONFIG_RUN_ID_SIZE-nread; + memmove(lastbytes,lastbytes+nread,rem); + memcpy(lastbytes+rem,buf,nread); + } + if (memcmp(lastbytes,eofmark,CONFIG_RUN_ID_SIZE) == 0) + eof_reached = 1; + } + + /* Update the last I/O time for the replication transfer (used in + * order to detect timeouts during replication), and write what we + * got from the socket to the dump file on disk. */ + server.repl_transfer_lastio = server.unixtime; + if ((nwritten = write(server.repl_transfer_fd,buf,nread)) != nread) { + serverLog(LL_WARNING, + "Write error or short write writing to the DB dump file " + "needed for MASTER <-> REPLICA synchronization: %s", + (nwritten == -1) ? strerror(errno) : "short write"); + goto error; + } + server.repl_transfer_read += nread; + + /* Delete the last 40 bytes from the file if we reached EOF. */ + if (usemark && eof_reached) { + if (ftruncate(server.repl_transfer_fd, + server.repl_transfer_read - CONFIG_RUN_ID_SIZE) == -1) + { + serverLog(LL_WARNING, + "Error truncating the RDB file received from the master " + "for SYNC: %s", strerror(errno)); + goto error; + } + } + + /* Sync data on disk from time to time, otherwise at the end of the + * transfer we may suffer a big delay as the memory buffers are copied + * into the actual disk. */ + if (server.repl_transfer_read >= + server.repl_transfer_last_fsync_off + REPL_MAX_WRITTEN_BEFORE_FSYNC) + { + off_t sync_size = server.repl_transfer_read - + server.repl_transfer_last_fsync_off; + rdb_fsync_range(server.repl_transfer_fd, + server.repl_transfer_last_fsync_off, sync_size); + server.repl_transfer_last_fsync_off += sync_size; + } + + /* Check if the transfer is now complete */ + if (!usemark) { + if (server.repl_transfer_read == server.repl_transfer_size) + eof_reached = 1; + } + + /* If the transfer is yet not complete, we need to read more, so + * return ASAP and wait for the handler to be called again. */ + if (!eof_reached) return; + } + + /* We reach this point in one of the following cases: + * + * 1. The replica is using diskless replication, that is, it reads data + * directly from the socket to the Redis memory, without using + * a temporary RDB file on disk. In that case we just block and + * read everything from the socket. + * + * 2. Or when we are done reading from the socket to the RDB file, in + * such case we want just to read the RDB file in memory. */ + + /* We need to stop any AOF rewriting child before flushing and parsing + * the RDB, otherwise we'll create a copy-on-write disaster. */ + if (server.aof_state != AOF_OFF) stopAppendOnly(); + /* Also try to stop save RDB child before flushing and parsing the RDB: + * 1. Ensure background save doesn't overwrite synced data after being loaded. + * 2. Avoid copy-on-write disaster. */ + if (server.child_type == CHILD_TYPE_RDB) { + if (!use_diskless_load) { + serverLog(LL_NOTICE, + "Replica is about to load the RDB file received from the " + "master, but there is a pending RDB child running. " + "Killing process %ld and removing its temp file to avoid " + "any race", + (long) server.child_pid); + } + killRDBChild(); + } + + if (use_diskless_load && server.repl_diskless_load == REPL_DISKLESS_LOAD_SWAPDB) { + /* Initialize empty tempDb dictionaries. */ + diskless_load_tempDb = disklessLoadInitTempDb(); + temp_functions_lib_ctx = functionsLibCtxCreate(); + + moduleFireServerEvent(REDISMODULE_EVENT_REPL_ASYNC_LOAD, + REDISMODULE_SUBEVENT_REPL_ASYNC_LOAD_STARTED, + NULL); + } else { + replicationAttachToNewMaster(); + + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Flushing old data"); + emptyData(-1,empty_db_flags,replicationEmptyDbCallback); + } + + /* Before loading the DB into memory we need to delete the readable + * handler, otherwise it will get called recursively since + * rdbLoad() will call the event loop to process events from time to + * time for non blocking loading. */ + connSetReadHandler(conn, NULL); + + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Loading DB in memory"); + rdbSaveInfo rsi = RDB_SAVE_INFO_INIT; + if (use_diskless_load) { + rio rdb; + redisDb *dbarray; + functionsLibCtx* functions_lib_ctx; + int asyncLoading = 0; + + if (server.repl_diskless_load == REPL_DISKLESS_LOAD_SWAPDB) { + /* Async loading means we continue serving read commands during full resync, and + * "swap" the new db with the old db only when loading is done. + * It is enabled only on SWAPDB diskless replication when master replication ID hasn't changed, + * because in that state the old content of the db represents a different point in time of the same + * data set we're currently receiving from the master. */ + if (memcmp(server.replid, server.master_replid, CONFIG_RUN_ID_SIZE) == 0) { + asyncLoading = 1; + } + dbarray = diskless_load_tempDb; + functions_lib_ctx = temp_functions_lib_ctx; + } else { + dbarray = server.db; + functions_lib_ctx = functionsLibCtxGetCurrent(); + functionsLibCtxClear(functions_lib_ctx); + } + + rioInitWithConn(&rdb,conn,server.repl_transfer_size); + + /* Put the socket in blocking mode to simplify RDB transfer. + * We'll restore it when the RDB is received. */ + connBlock(conn); + connRecvTimeout(conn, server.repl_timeout*1000); + startLoading(server.repl_transfer_size, RDBFLAGS_REPLICATION, asyncLoading); + + int loadingFailed = 0; + rdbLoadingCtx loadingCtx = { .dbarray = dbarray, .functions_lib_ctx = functions_lib_ctx }; + if (rdbLoadRioWithLoadingCtx(&rdb,RDBFLAGS_REPLICATION,&rsi,&loadingCtx) != C_OK) { + /* RDB loading failed. */ + serverLog(LL_WARNING, + "Failed trying to load the MASTER synchronization DB " + "from socket: %s", strerror(errno)); + loadingFailed = 1; + } else if (usemark) { + /* Verify the end mark is correct. */ + if (!rioRead(&rdb, buf, CONFIG_RUN_ID_SIZE) || + memcmp(buf, eofmark, CONFIG_RUN_ID_SIZE) != 0) + { + serverLog(LL_WARNING, "Replication stream EOF marker is broken"); + loadingFailed = 1; + } + } + + if (loadingFailed) { + stopLoading(0); + cancelReplicationHandshake(1); + rioFreeConn(&rdb, NULL); + + if (server.repl_diskless_load == REPL_DISKLESS_LOAD_SWAPDB) { + /* Discard potentially partially loaded tempDb. */ + moduleFireServerEvent(REDISMODULE_EVENT_REPL_ASYNC_LOAD, + REDISMODULE_SUBEVENT_REPL_ASYNC_LOAD_ABORTED, + NULL); + + disklessLoadDiscardTempDb(diskless_load_tempDb); + functionsLibCtxFree(temp_functions_lib_ctx); + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Discarding temporary DB in background"); + } else { + /* Remove the half-loaded data in case we started with an empty replica. */ + emptyData(-1,empty_db_flags,replicationEmptyDbCallback); + } + + /* Note that there's no point in restarting the AOF on SYNC + * failure, it'll be restarted when sync succeeds or the replica + * gets promoted. */ + return; + } + + /* RDB loading succeeded if we reach this point. */ + if (server.repl_diskless_load == REPL_DISKLESS_LOAD_SWAPDB) { + /* We will soon swap main db with tempDb and replicas will start + * to apply data from new master, we must discard the cached + * master structure and force resync of sub-replicas. */ + replicationAttachToNewMaster(); + + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Swapping active DB with loaded DB"); + swapMainDbWithTempDb(diskless_load_tempDb); + + /* swap existing functions ctx with the temporary one */ + functionsLibCtxSwapWithCurrent(temp_functions_lib_ctx); + + moduleFireServerEvent(REDISMODULE_EVENT_REPL_ASYNC_LOAD, + REDISMODULE_SUBEVENT_REPL_ASYNC_LOAD_COMPLETED, + NULL); + + /* Delete the old db as it's useless now. */ + disklessLoadDiscardTempDb(diskless_load_tempDb); + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Discarding old DB in background"); + } + + /* Inform about db change, as replication was diskless and didn't cause a save. */ + server.dirty++; + + stopLoading(1); + + /* Cleanup and restore the socket to the original state to continue + * with the normal replication. */ + rioFreeConn(&rdb, NULL); + connNonBlock(conn); + connRecvTimeout(conn,0); + } else { + + /* Make sure the new file (also used for persistence) is fully synced + * (not covered by earlier calls to rdb_fsync_range). */ + if (fsync(server.repl_transfer_fd) == -1) { + serverLog(LL_WARNING, + "Failed trying to sync the temp DB to disk in " + "MASTER <-> REPLICA synchronization: %s", + strerror(errno)); + cancelReplicationHandshake(1); + return; + } + + /* Rename rdb like renaming rewrite aof asynchronously. */ + int old_rdb_fd = open(server.rdb_filename,O_RDONLY|O_NONBLOCK); + if (rename(server.repl_transfer_tmpfile,server.rdb_filename) == -1) { + serverLog(LL_WARNING, + "Failed trying to rename the temp DB into %s in " + "MASTER <-> REPLICA synchronization: %s", + server.rdb_filename, strerror(errno)); + cancelReplicationHandshake(1); + if (old_rdb_fd != -1) close(old_rdb_fd); + return; + } + /* Close old rdb asynchronously. */ + if (old_rdb_fd != -1) bioCreateCloseJob(old_rdb_fd, 0); + + /* Sync the directory to ensure rename is persisted */ + if (fsyncFileDir(server.rdb_filename) == -1) { + serverLog(LL_WARNING, + "Failed trying to sync DB directory %s in " + "MASTER <-> REPLICA synchronization: %s", + server.rdb_filename, strerror(errno)); + cancelReplicationHandshake(1); + return; + } + + if (rdbLoad(server.rdb_filename,&rsi,RDBFLAGS_REPLICATION) != C_OK) { + serverLog(LL_WARNING, + "Failed trying to load the MASTER synchronization " + "DB from disk: %s", strerror(errno)); + cancelReplicationHandshake(1); + if (server.rdb_del_sync_files && allPersistenceDisabled()) { + serverLog(LL_NOTICE,"Removing the RDB file obtained from " + "the master. This replica has persistence " + "disabled"); + bg_unlink(server.rdb_filename); + } + /* Note that there's no point in restarting the AOF on sync failure, + it'll be restarted when sync succeeds or replica promoted. */ + return; + } + + /* Cleanup. */ + if (server.rdb_del_sync_files && allPersistenceDisabled()) { + serverLog(LL_NOTICE,"Removing the RDB file obtained from " + "the master. This replica has persistence " + "disabled"); + bg_unlink(server.rdb_filename); + } + + zfree(server.repl_transfer_tmpfile); + close(server.repl_transfer_fd); + server.repl_transfer_fd = -1; + server.repl_transfer_tmpfile = NULL; + } + + /* Final setup of the connected slave <- master link */ + replicationCreateMasterClient(server.repl_transfer_s,rsi.repl_stream_db); + server.repl_state = REPL_STATE_CONNECTED; + server.repl_down_since = 0; + + /* Fire the master link modules event. */ + moduleFireServerEvent(REDISMODULE_EVENT_MASTER_LINK_CHANGE, + REDISMODULE_SUBEVENT_MASTER_LINK_UP, + NULL); + + /* After a full resynchronization we use the replication ID and + * offset of the master. The secondary ID / offset are cleared since + * we are starting a new history. */ + memcpy(server.replid,server.master->replid,sizeof(server.replid)); + server.master_repl_offset = server.master->reploff; + clearReplicationId2(); + + /* Let's create the replication backlog if needed. Slaves need to + * accumulate the backlog regardless of the fact they have sub-slaves + * or not, in order to behave correctly if they are promoted to + * masters after a failover. */ + if (server.repl_backlog == NULL) createReplicationBacklog(); + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Finished with success"); + + if (server.supervised_mode == SUPERVISED_SYSTEMD) { + redisCommunicateSystemd("STATUS=MASTER <-> REPLICA sync: Finished with success. Ready to accept connections in read-write mode.\n"); + } + + /* Send the initial ACK immediately to put this replica in online state. */ + if (usemark) replicationSendAck(); + + /* Restart the AOF subsystem now that we finished the sync. This + * will trigger an AOF rewrite, and when done will start appending + * to the new file. */ + if (server.aof_enabled) restartAOFAfterSYNC(); + return; + +error: + cancelReplicationHandshake(1); + return; +} + +char *receiveSynchronousResponse(connection *conn) { + char buf[256]; + /* Read the reply from the server. */ + if (connSyncReadLine(conn,buf,sizeof(buf),server.repl_syncio_timeout*1000) == -1) + { + serverLog(LL_WARNING, "Failed to read response from the server: %s", connGetLastError(conn)); + return NULL; + } + server.repl_transfer_lastio = server.unixtime; + return sdsnew(buf); +} + +/* Send a pre-formatted multi-bulk command to the connection. */ +char* sendCommandRaw(connection *conn, sds cmd) { + if (connSyncWrite(conn,cmd,sdslen(cmd),server.repl_syncio_timeout*1000) == -1) { + return sdscatprintf(sdsempty(),"-Writing to master: %s", + connGetLastError(conn)); + } + return NULL; +} + +/* Compose a multi-bulk command and send it to the connection. + * Used to send AUTH and REPLCONF commands to the master before starting the + * replication. + * + * Takes a list of char* arguments, terminated by a NULL argument. + * + * The command returns an sds string representing the result of the + * operation. On error the first byte is a "-". + */ +char *sendCommand(connection *conn, ...) { + va_list ap; + sds cmd = sdsempty(); + sds cmdargs = sdsempty(); + size_t argslen = 0; + char *arg; + + /* Create the command to send to the master, we use redis binary + * protocol to make sure correct arguments are sent. This function + * is not safe for all binary data. */ + va_start(ap,conn); + while(1) { + arg = va_arg(ap, char*); + if (arg == NULL) break; + cmdargs = sdscatprintf(cmdargs,"$%zu\r\n%s\r\n",strlen(arg),arg); + argslen++; + } + + cmd = sdscatprintf(cmd,"*%zu\r\n",argslen); + cmd = sdscatsds(cmd,cmdargs); + sdsfree(cmdargs); + + va_end(ap); + char* err = sendCommandRaw(conn, cmd); + sdsfree(cmd); + if(err) + return err; + return NULL; +} + +/* Compose a multi-bulk command and send it to the connection. + * Used to send AUTH and REPLCONF commands to the master before starting the + * replication. + * + * argv_lens is optional, when NULL, strlen is used. + * + * The command returns an sds string representing the result of the + * operation. On error the first byte is a "-". + */ +char *sendCommandArgv(connection *conn, int argc, char **argv, size_t *argv_lens) { + sds cmd = sdsempty(); + char *arg; + int i; + + /* Create the command to send to the master. */ + cmd = sdscatfmt(cmd,"*%i\r\n",argc); + for (i=0; i<argc; i++) { + int len; + arg = argv[i]; + len = argv_lens ? argv_lens[i] : strlen(arg); + cmd = sdscatfmt(cmd,"$%i\r\n",len); + cmd = sdscatlen(cmd,arg,len); + cmd = sdscatlen(cmd,"\r\n",2); + } + char* err = sendCommandRaw(conn, cmd); + sdsfree(cmd); + if (err) + return err; + return NULL; +} + +/* Try a partial resynchronization with the master if we are about to reconnect. + * If there is no cached master structure, at least try to issue a + * "PSYNC ? -1" command in order to trigger a full resync using the PSYNC + * command in order to obtain the master replid and the master replication + * global offset. + * + * This function is designed to be called from syncWithMaster(), so the + * following assumptions are made: + * + * 1) We pass the function an already connected socket "fd". + * 2) This function does not close the file descriptor "fd". However in case + * of successful partial resynchronization, the function will reuse + * 'fd' as file descriptor of the server.master client structure. + * + * The function is split in two halves: if read_reply is 0, the function + * writes the PSYNC command on the socket, and a new function call is + * needed, with read_reply set to 1, in order to read the reply of the + * command. This is useful in order to support non blocking operations, so + * that we write, return into the event loop, and read when there are data. + * + * When read_reply is 0 the function returns PSYNC_WRITE_ERR if there + * was a write error, or PSYNC_WAIT_REPLY to signal we need another call + * with read_reply set to 1. However even when read_reply is set to 1 + * the function may return PSYNC_WAIT_REPLY again to signal there were + * insufficient data to read to complete its work. We should re-enter + * into the event loop and wait in such a case. + * + * The function returns: + * + * PSYNC_CONTINUE: If the PSYNC command succeeded and we can continue. + * PSYNC_FULLRESYNC: If PSYNC is supported but a full resync is needed. + * In this case the master replid and global replication + * offset is saved. + * PSYNC_NOT_SUPPORTED: If the server does not understand PSYNC at all and + * the caller should fall back to SYNC. + * PSYNC_WRITE_ERROR: There was an error writing the command to the socket. + * PSYNC_WAIT_REPLY: Call again the function with read_reply set to 1. + * PSYNC_TRY_LATER: Master is currently in a transient error condition. + * + * Notable side effects: + * + * 1) As a side effect of the function call the function removes the readable + * event handler from "fd", unless the return value is PSYNC_WAIT_REPLY. + * 2) server.master_initial_offset is set to the right value according + * to the master reply. This will be used to populate the 'server.master' + * structure replication offset. + */ + +#define PSYNC_WRITE_ERROR 0 +#define PSYNC_WAIT_REPLY 1 +#define PSYNC_CONTINUE 2 +#define PSYNC_FULLRESYNC 3 +#define PSYNC_NOT_SUPPORTED 4 +#define PSYNC_TRY_LATER 5 +int slaveTryPartialResynchronization(connection *conn, int read_reply) { + char *psync_replid; + char psync_offset[32]; + sds reply; + + /* Writing half */ + if (!read_reply) { + /* Initially set master_initial_offset to -1 to mark the current + * master replid and offset as not valid. Later if we'll be able to do + * a FULL resync using the PSYNC command we'll set the offset at the + * right value, so that this information will be propagated to the + * client structure representing the master into server.master. */ + server.master_initial_offset = -1; + + if (server.cached_master) { + psync_replid = server.cached_master->replid; + snprintf(psync_offset,sizeof(psync_offset),"%lld", server.cached_master->reploff+1); + serverLog(LL_NOTICE,"Trying a partial resynchronization (request %s:%s).", psync_replid, psync_offset); + } else { + serverLog(LL_NOTICE,"Partial resynchronization not possible (no cached master)"); + psync_replid = "?"; + memcpy(psync_offset,"-1",3); + } + + /* Issue the PSYNC command, if this is a master with a failover in + * progress then send the failover argument to the replica to cause it + * to become a master */ + if (server.failover_state == FAILOVER_IN_PROGRESS) { + reply = sendCommand(conn,"PSYNC",psync_replid,psync_offset,"FAILOVER",NULL); + } else { + reply = sendCommand(conn,"PSYNC",psync_replid,psync_offset,NULL); + } + + if (reply != NULL) { + serverLog(LL_WARNING,"Unable to send PSYNC to master: %s",reply); + sdsfree(reply); + connSetReadHandler(conn, NULL); + return PSYNC_WRITE_ERROR; + } + return PSYNC_WAIT_REPLY; + } + + /* Reading half */ + reply = receiveSynchronousResponse(conn); + /* Master did not reply to PSYNC */ + if (reply == NULL) { + connSetReadHandler(conn, NULL); + serverLog(LL_WARNING, "Master did not reply to PSYNC, will try later"); + return PSYNC_TRY_LATER; + } + + if (sdslen(reply) == 0) { + /* The master may send empty newlines after it receives PSYNC + * and before to reply, just to keep the connection alive. */ + sdsfree(reply); + return PSYNC_WAIT_REPLY; + } + + connSetReadHandler(conn, NULL); + + if (!strncmp(reply,"+FULLRESYNC",11)) { + char *replid = NULL, *offset = NULL; + + /* FULL RESYNC, parse the reply in order to extract the replid + * and the replication offset. */ + replid = strchr(reply,' '); + if (replid) { + replid++; + offset = strchr(replid,' '); + if (offset) offset++; + } + if (!replid || !offset || (offset-replid-1) != CONFIG_RUN_ID_SIZE) { + serverLog(LL_WARNING, + "Master replied with wrong +FULLRESYNC syntax."); + /* This is an unexpected condition, actually the +FULLRESYNC + * reply means that the master supports PSYNC, but the reply + * format seems wrong. To stay safe we blank the master + * replid to make sure next PSYNCs will fail. */ + memset(server.master_replid,0,CONFIG_RUN_ID_SIZE+1); + } else { + memcpy(server.master_replid, replid, offset-replid-1); + server.master_replid[CONFIG_RUN_ID_SIZE] = '\0'; + server.master_initial_offset = strtoll(offset,NULL,10); + serverLog(LL_NOTICE,"Full resync from master: %s:%lld", + server.master_replid, + server.master_initial_offset); + } + sdsfree(reply); + return PSYNC_FULLRESYNC; + } + + if (!strncmp(reply,"+CONTINUE",9)) { + /* Partial resync was accepted. */ + serverLog(LL_NOTICE, + "Successful partial resynchronization with master."); + + /* Check the new replication ID advertised by the master. If it + * changed, we need to set the new ID as primary ID, and set + * secondary ID as the old master ID up to the current offset, so + * that our sub-slaves will be able to PSYNC with us after a + * disconnection. */ + char *start = reply+10; + char *end = reply+9; + while(end[0] != '\r' && end[0] != '\n' && end[0] != '\0') end++; + if (end-start == CONFIG_RUN_ID_SIZE) { + char new[CONFIG_RUN_ID_SIZE+1]; + memcpy(new,start,CONFIG_RUN_ID_SIZE); + new[CONFIG_RUN_ID_SIZE] = '\0'; + + if (strcmp(new,server.cached_master->replid)) { + /* Master ID changed. */ + serverLog(LL_WARNING,"Master replication ID changed to %s",new); + + /* Set the old ID as our ID2, up to the current offset+1. */ + memcpy(server.replid2,server.cached_master->replid, + sizeof(server.replid2)); + server.second_replid_offset = server.master_repl_offset+1; + + /* Update the cached master ID and our own primary ID to the + * new one. */ + memcpy(server.replid,new,sizeof(server.replid)); + memcpy(server.cached_master->replid,new,sizeof(server.replid)); + + /* Disconnect all the sub-slaves: they need to be notified. */ + disconnectSlaves(); + } + } + + /* Setup the replication to continue. */ + sdsfree(reply); + replicationResurrectCachedMaster(conn); + + /* If this instance was restarted and we read the metadata to + * PSYNC from the persistence file, our replication backlog could + * be still not initialized. Create it. */ + if (server.repl_backlog == NULL) createReplicationBacklog(); + return PSYNC_CONTINUE; + } + + /* If we reach this point we received either an error (since the master does + * not understand PSYNC or because it is in a special state and cannot + * serve our request), or an unexpected reply from the master. + * + * Return PSYNC_NOT_SUPPORTED on errors we don't understand, otherwise + * return PSYNC_TRY_LATER if we believe this is a transient error. */ + + if (!strncmp(reply,"-NOMASTERLINK",13) || + !strncmp(reply,"-LOADING",8)) + { + serverLog(LL_NOTICE, + "Master is currently unable to PSYNC " + "but should be in the future: %s", reply); + sdsfree(reply); + return PSYNC_TRY_LATER; + } + + if (strncmp(reply,"-ERR",4)) { + /* If it's not an error, log the unexpected event. */ + serverLog(LL_WARNING, + "Unexpected reply to PSYNC from master: %s", reply); + } else { + serverLog(LL_NOTICE, + "Master does not support PSYNC or is in " + "error state (reply: %s)", reply); + } + sdsfree(reply); + return PSYNC_NOT_SUPPORTED; +} + +/* This handler fires when the non blocking connect was able to + * establish a connection with the master. */ +void syncWithMaster(connection *conn) { + char tmpfile[256], *err = NULL; + int dfd = -1, maxtries = 5; + int psync_result; + + /* If this event fired after the user turned the instance into a master + * with SLAVEOF NO ONE we must just return ASAP. */ + if (server.repl_state == REPL_STATE_NONE) { + connClose(conn); + return; + } + + /* Check for errors in the socket: after a non blocking connect() we + * may find that the socket is in error state. */ + if (connGetState(conn) != CONN_STATE_CONNECTED) { + serverLog(LL_WARNING,"Error condition on socket for SYNC: %s", + connGetLastError(conn)); + goto error; + } + + /* Send a PING to check the master is able to reply without errors. */ + if (server.repl_state == REPL_STATE_CONNECTING) { + serverLog(LL_NOTICE,"Non blocking connect for SYNC fired the event."); + /* Delete the writable event so that the readable event remains + * registered and we can wait for the PONG reply. */ + connSetReadHandler(conn, syncWithMaster); + connSetWriteHandler(conn, NULL); + server.repl_state = REPL_STATE_RECEIVE_PING_REPLY; + /* Send the PING, don't check for errors at all, we have the timeout + * that will take care about this. */ + err = sendCommand(conn,"PING",NULL); + if (err) goto write_error; + return; + } + + /* Receive the PONG command. */ + if (server.repl_state == REPL_STATE_RECEIVE_PING_REPLY) { + err = receiveSynchronousResponse(conn); + + /* The master did not reply */ + if (err == NULL) goto no_response_error; + + /* We accept only two replies as valid, a positive +PONG reply + * (we just check for "+") or an authentication error. + * Note that older versions of Redis replied with "operation not + * permitted" instead of using a proper error code, so we test + * both. */ + if (err[0] != '+' && + strncmp(err,"-NOAUTH",7) != 0 && + strncmp(err,"-NOPERM",7) != 0 && + strncmp(err,"-ERR operation not permitted",28) != 0) + { + serverLog(LL_WARNING,"Error reply to PING from master: '%s'",err); + sdsfree(err); + goto error; + } else { + serverLog(LL_NOTICE, + "Master replied to PING, replication can continue..."); + } + sdsfree(err); + err = NULL; + server.repl_state = REPL_STATE_SEND_HANDSHAKE; + } + + if (server.repl_state == REPL_STATE_SEND_HANDSHAKE) { + /* AUTH with the master if required. */ + if (server.masterauth) { + char *args[3] = {"AUTH",NULL,NULL}; + size_t lens[3] = {4,0,0}; + int argc = 1; + if (server.masteruser) { + args[argc] = server.masteruser; + lens[argc] = strlen(server.masteruser); + argc++; + } + args[argc] = server.masterauth; + lens[argc] = sdslen(server.masterauth); + argc++; + err = sendCommandArgv(conn, argc, args, lens); + if (err) goto write_error; + } + + /* Set the slave port, so that Master's INFO command can list the + * slave listening port correctly. */ + { + int port; + if (server.slave_announce_port) + port = server.slave_announce_port; + else if (server.tls_replication && server.tls_port) + port = server.tls_port; + else + port = server.port; + sds portstr = sdsfromlonglong(port); + err = sendCommand(conn,"REPLCONF", + "listening-port",portstr, NULL); + sdsfree(portstr); + if (err) goto write_error; + } + + /* Set the slave ip, so that Master's INFO command can list the + * slave IP address port correctly in case of port forwarding or NAT. + * Skip REPLCONF ip-address if there is no slave-announce-ip option set. */ + if (server.slave_announce_ip) { + err = sendCommand(conn,"REPLCONF", + "ip-address",server.slave_announce_ip, NULL); + if (err) goto write_error; + } + + /* Inform the master of our (slave) capabilities. + * + * EOF: supports EOF-style RDB transfer for diskless replication. + * PSYNC2: supports PSYNC v2, so understands +CONTINUE <new repl ID>. + * + * The master will ignore capabilities it does not understand. */ + err = sendCommand(conn,"REPLCONF", + "capa","eof","capa","psync2",NULL); + if (err) goto write_error; + + server.repl_state = REPL_STATE_RECEIVE_AUTH_REPLY; + return; + } + + if (server.repl_state == REPL_STATE_RECEIVE_AUTH_REPLY && !server.masterauth) + server.repl_state = REPL_STATE_RECEIVE_PORT_REPLY; + + /* Receive AUTH reply. */ + if (server.repl_state == REPL_STATE_RECEIVE_AUTH_REPLY) { + err = receiveSynchronousResponse(conn); + if (err == NULL) goto no_response_error; + if (err[0] == '-') { + serverLog(LL_WARNING,"Unable to AUTH to MASTER: %s",err); + sdsfree(err); + goto error; + } + sdsfree(err); + err = NULL; + server.repl_state = REPL_STATE_RECEIVE_PORT_REPLY; + return; + } + + /* Receive REPLCONF listening-port reply. */ + if (server.repl_state == REPL_STATE_RECEIVE_PORT_REPLY) { + err = receiveSynchronousResponse(conn); + if (err == NULL) goto no_response_error; + /* Ignore the error if any, not all the Redis versions support + * REPLCONF listening-port. */ + if (err[0] == '-') { + serverLog(LL_NOTICE,"(Non critical) Master does not understand " + "REPLCONF listening-port: %s", err); + } + sdsfree(err); + server.repl_state = REPL_STATE_RECEIVE_IP_REPLY; + return; + } + + if (server.repl_state == REPL_STATE_RECEIVE_IP_REPLY && !server.slave_announce_ip) + server.repl_state = REPL_STATE_RECEIVE_CAPA_REPLY; + + /* Receive REPLCONF ip-address reply. */ + if (server.repl_state == REPL_STATE_RECEIVE_IP_REPLY) { + err = receiveSynchronousResponse(conn); + if (err == NULL) goto no_response_error; + /* Ignore the error if any, not all the Redis versions support + * REPLCONF ip-address. */ + if (err[0] == '-') { + serverLog(LL_NOTICE,"(Non critical) Master does not understand " + "REPLCONF ip-address: %s", err); + } + sdsfree(err); + server.repl_state = REPL_STATE_RECEIVE_CAPA_REPLY; + return; + } + + /* Receive CAPA reply. */ + if (server.repl_state == REPL_STATE_RECEIVE_CAPA_REPLY) { + err = receiveSynchronousResponse(conn); + if (err == NULL) goto no_response_error; + /* Ignore the error if any, not all the Redis versions support + * REPLCONF capa. */ + if (err[0] == '-') { + serverLog(LL_NOTICE,"(Non critical) Master does not understand " + "REPLCONF capa: %s", err); + } + sdsfree(err); + err = NULL; + server.repl_state = REPL_STATE_SEND_PSYNC; + } + + /* Try a partial resynchronization. If we don't have a cached master + * slaveTryPartialResynchronization() will at least try to use PSYNC + * to start a full resynchronization so that we get the master replid + * and the global offset, to try a partial resync at the next + * reconnection attempt. */ + if (server.repl_state == REPL_STATE_SEND_PSYNC) { + if (slaveTryPartialResynchronization(conn,0) == PSYNC_WRITE_ERROR) { + err = sdsnew("Write error sending the PSYNC command."); + abortFailover("Write error to failover target"); + goto write_error; + } + server.repl_state = REPL_STATE_RECEIVE_PSYNC_REPLY; + return; + } + + /* If reached this point, we should be in REPL_STATE_RECEIVE_PSYNC_REPLY. */ + if (server.repl_state != REPL_STATE_RECEIVE_PSYNC_REPLY) { + serverLog(LL_WARNING,"syncWithMaster(): state machine error, " + "state should be RECEIVE_PSYNC but is %d", + server.repl_state); + goto error; + } + + psync_result = slaveTryPartialResynchronization(conn,1); + if (psync_result == PSYNC_WAIT_REPLY) return; /* Try again later... */ + + /* Check the status of the planned failover. We expect PSYNC_CONTINUE, + * but there is nothing technically wrong with a full resync which + * could happen in edge cases. */ + if (server.failover_state == FAILOVER_IN_PROGRESS) { + if (psync_result == PSYNC_CONTINUE || psync_result == PSYNC_FULLRESYNC) { + clearFailoverState(); + } else { + abortFailover("Failover target rejected psync request"); + return; + } + } + + /* If the master is in an transient error, we should try to PSYNC + * from scratch later, so go to the error path. This happens when + * the server is loading the dataset or is not connected with its + * master and so forth. */ + if (psync_result == PSYNC_TRY_LATER) goto error; + + /* Note: if PSYNC does not return WAIT_REPLY, it will take care of + * uninstalling the read handler from the file descriptor. */ + + if (psync_result == PSYNC_CONTINUE) { + serverLog(LL_NOTICE, "MASTER <-> REPLICA sync: Master accepted a Partial Resynchronization."); + if (server.supervised_mode == SUPERVISED_SYSTEMD) { + redisCommunicateSystemd("STATUS=MASTER <-> REPLICA sync: Partial Resynchronization accepted. Ready to accept connections in read-write mode.\n"); + } + return; + } + + /* Fall back to SYNC if needed. Otherwise psync_result == PSYNC_FULLRESYNC + * and the server.master_replid and master_initial_offset are + * already populated. */ + if (psync_result == PSYNC_NOT_SUPPORTED) { + serverLog(LL_NOTICE,"Retrying with SYNC..."); + if (connSyncWrite(conn,"SYNC\r\n",6,server.repl_syncio_timeout*1000) == -1) { + serverLog(LL_WARNING,"I/O error writing to MASTER: %s", + connGetLastError(conn)); + goto error; + } + } + + /* Prepare a suitable temp file for bulk transfer */ + if (!useDisklessLoad()) { + while(maxtries--) { + snprintf(tmpfile,256, + "temp-%d.%ld.rdb",(int)server.unixtime,(long int)getpid()); + dfd = open(tmpfile,O_CREAT|O_WRONLY|O_EXCL,0644); + if (dfd != -1) break; + sleep(1); + } + if (dfd == -1) { + serverLog(LL_WARNING,"Opening the temp file needed for MASTER <-> REPLICA synchronization: %s",strerror(errno)); + goto error; + } + server.repl_transfer_tmpfile = zstrdup(tmpfile); + server.repl_transfer_fd = dfd; + } + + /* Setup the non blocking download of the bulk file. */ + if (connSetReadHandler(conn, readSyncBulkPayload) + == C_ERR) + { + char conninfo[CONN_INFO_LEN]; + serverLog(LL_WARNING, + "Can't create readable event for SYNC: %s (%s)", + strerror(errno), connGetInfo(conn, conninfo, sizeof(conninfo))); + goto error; + } + + server.repl_state = REPL_STATE_TRANSFER; + server.repl_transfer_size = -1; + server.repl_transfer_read = 0; + server.repl_transfer_last_fsync_off = 0; + server.repl_transfer_lastio = server.unixtime; + return; + +no_response_error: /* Handle receiveSynchronousResponse() error when master has no reply */ + serverLog(LL_WARNING, "Master did not respond to command during SYNC handshake"); + /* Fall through to regular error handling */ + +error: + if (dfd != -1) close(dfd); + connClose(conn); + server.repl_transfer_s = NULL; + if (server.repl_transfer_fd != -1) + close(server.repl_transfer_fd); + if (server.repl_transfer_tmpfile) + zfree(server.repl_transfer_tmpfile); + server.repl_transfer_tmpfile = NULL; + server.repl_transfer_fd = -1; + server.repl_state = REPL_STATE_CONNECT; + return; + +write_error: /* Handle sendCommand() errors. */ + serverLog(LL_WARNING,"Sending command to master in replication handshake: %s", err); + sdsfree(err); + goto error; +} + +int connectWithMaster(void) { + server.repl_transfer_s = server.tls_replication ? connCreateTLS() : connCreateSocket(); + if (connConnect(server.repl_transfer_s, server.masterhost, server.masterport, + server.bind_source_addr, syncWithMaster) == C_ERR) { + serverLog(LL_WARNING,"Unable to connect to MASTER: %s", + connGetLastError(server.repl_transfer_s)); + connClose(server.repl_transfer_s); + server.repl_transfer_s = NULL; + return C_ERR; + } + + + server.repl_transfer_lastio = server.unixtime; + server.repl_state = REPL_STATE_CONNECTING; + serverLog(LL_NOTICE,"MASTER <-> REPLICA sync started"); + return C_OK; +} + +/* This function can be called when a non blocking connection is currently + * in progress to undo it. + * Never call this function directly, use cancelReplicationHandshake() instead. + */ +void undoConnectWithMaster(void) { + connClose(server.repl_transfer_s); + server.repl_transfer_s = NULL; +} + +/* Abort the async download of the bulk dataset while SYNC-ing with master. + * Never call this function directly, use cancelReplicationHandshake() instead. + */ +void replicationAbortSyncTransfer(void) { + serverAssert(server.repl_state == REPL_STATE_TRANSFER); + undoConnectWithMaster(); + if (server.repl_transfer_fd!=-1) { + close(server.repl_transfer_fd); + bg_unlink(server.repl_transfer_tmpfile); + zfree(server.repl_transfer_tmpfile); + server.repl_transfer_tmpfile = NULL; + server.repl_transfer_fd = -1; + } +} + +/* This function aborts a non blocking replication attempt if there is one + * in progress, by canceling the non-blocking connect attempt or + * the initial bulk transfer. + * + * If there was a replication handshake in progress 1 is returned and + * the replication state (server.repl_state) set to REPL_STATE_CONNECT. + * + * Otherwise zero is returned and no operation is performed at all. */ +int cancelReplicationHandshake(int reconnect) { + if (server.repl_state == REPL_STATE_TRANSFER) { + replicationAbortSyncTransfer(); + server.repl_state = REPL_STATE_CONNECT; + } else if (server.repl_state == REPL_STATE_CONNECTING || + slaveIsInHandshakeState()) + { + undoConnectWithMaster(); + server.repl_state = REPL_STATE_CONNECT; + } else { + return 0; + } + + if (!reconnect) + return 1; + + /* try to re-connect without waiting for replicationCron, this is needed + * for the "diskless loading short read" test. */ + serverLog(LL_NOTICE,"Reconnecting to MASTER %s:%d after failure", + server.masterhost, server.masterport); + connectWithMaster(); + + return 1; +} + +/* Set replication to the specified master address and port. */ +void replicationSetMaster(char *ip, int port) { + int was_master = server.masterhost == NULL; + + sdsfree(server.masterhost); + server.masterhost = NULL; + if (server.master) { + freeClient(server.master); + } + disconnectAllBlockedClients(); /* Clients blocked in master, now slave. */ + + /* Setting masterhost only after the call to freeClient since it calls + * replicationHandleMasterDisconnection which can trigger a re-connect + * directly from within that call. */ + server.masterhost = sdsnew(ip); + server.masterport = port; + + /* Update oom_score_adj */ + setOOMScoreAdj(-1); + + /* Here we don't disconnect with replicas, since they may hopefully be able + * to partially resync with us. We will disconnect with replicas and force + * them to resync with us when changing replid on partially resync with new + * master, or finishing transferring RDB and preparing loading DB on full + * sync with new master. */ + + cancelReplicationHandshake(0); + /* Before destroying our master state, create a cached master using + * our own parameters, to later PSYNC with the new master. */ + if (was_master) { + replicationDiscardCachedMaster(); + replicationCacheMasterUsingMyself(); + } + + /* Fire the role change modules event. */ + moduleFireServerEvent(REDISMODULE_EVENT_REPLICATION_ROLE_CHANGED, + REDISMODULE_EVENT_REPLROLECHANGED_NOW_REPLICA, + NULL); + + /* Fire the master link modules event. */ + if (server.repl_state == REPL_STATE_CONNECTED) + moduleFireServerEvent(REDISMODULE_EVENT_MASTER_LINK_CHANGE, + REDISMODULE_SUBEVENT_MASTER_LINK_DOWN, + NULL); + + server.repl_state = REPL_STATE_CONNECT; + serverLog(LL_NOTICE,"Connecting to MASTER %s:%d", + server.masterhost, server.masterport); + connectWithMaster(); +} + +/* Cancel replication, setting the instance as a master itself. */ +void replicationUnsetMaster(void) { + if (server.masterhost == NULL) return; /* Nothing to do. */ + + /* Fire the master link modules event. */ + if (server.repl_state == REPL_STATE_CONNECTED) + moduleFireServerEvent(REDISMODULE_EVENT_MASTER_LINK_CHANGE, + REDISMODULE_SUBEVENT_MASTER_LINK_DOWN, + NULL); + + /* Clear masterhost first, since the freeClient calls + * replicationHandleMasterDisconnection which can attempt to re-connect. */ + sdsfree(server.masterhost); + server.masterhost = NULL; + if (server.master) freeClient(server.master); + replicationDiscardCachedMaster(); + cancelReplicationHandshake(0); + /* When a slave is turned into a master, the current replication ID + * (that was inherited from the master at synchronization time) is + * used as secondary ID up to the current offset, and a new replication + * ID is created to continue with a new replication history. */ + shiftReplicationId(); + /* Disconnecting all the slaves is required: we need to inform slaves + * of the replication ID change (see shiftReplicationId() call). However + * the slaves will be able to partially resync with us, so it will be + * a very fast reconnection. */ + disconnectSlaves(); + server.repl_state = REPL_STATE_NONE; + + /* We need to make sure the new master will start the replication stream + * with a SELECT statement. This is forced after a full resync, but + * with PSYNC version 2, there is no need for full resync after a + * master switch. */ + server.slaveseldb = -1; + + /* Update oom_score_adj */ + setOOMScoreAdj(-1); + + /* Once we turn from slave to master, we consider the starting time without + * slaves (that is used to count the replication backlog time to live) as + * starting from now. Otherwise the backlog will be freed after a + * failover if slaves do not connect immediately. */ + server.repl_no_slaves_since = server.unixtime; + + /* Reset down time so it'll be ready for when we turn into replica again. */ + server.repl_down_since = 0; + + /* Fire the role change modules event. */ + moduleFireServerEvent(REDISMODULE_EVENT_REPLICATION_ROLE_CHANGED, + REDISMODULE_EVENT_REPLROLECHANGED_NOW_MASTER, + NULL); + + /* Restart the AOF subsystem in case we shut it down during a sync when + * we were still a slave. */ + if (server.aof_enabled && server.aof_state == AOF_OFF) restartAOFAfterSYNC(); +} + +/* This function is called when the slave lose the connection with the + * master into an unexpected way. */ +void replicationHandleMasterDisconnection(void) { + /* Fire the master link modules event. */ + if (server.repl_state == REPL_STATE_CONNECTED) + moduleFireServerEvent(REDISMODULE_EVENT_MASTER_LINK_CHANGE, + REDISMODULE_SUBEVENT_MASTER_LINK_DOWN, + NULL); + + server.master = NULL; + server.repl_state = REPL_STATE_CONNECT; + server.repl_down_since = server.unixtime; + /* We lost connection with our master, don't disconnect slaves yet, + * maybe we'll be able to PSYNC with our master later. We'll disconnect + * the slaves only if we'll have to do a full resync with our master. */ + + /* Try to re-connect immediately rather than wait for replicationCron + * waiting 1 second may risk backlog being recycled. */ + if (server.masterhost) { + serverLog(LL_NOTICE,"Reconnecting to MASTER %s:%d", + server.masterhost, server.masterport); + connectWithMaster(); + } +} + +void replicaofCommand(client *c) { + /* SLAVEOF is not allowed in cluster mode as replication is automatically + * configured using the current address of the master node. */ + if (server.cluster_enabled) { + addReplyError(c,"REPLICAOF not allowed in cluster mode."); + return; + } + + if (server.failover_state != NO_FAILOVER) { + addReplyError(c,"REPLICAOF not allowed while failing over."); + return; + } + + /* The special host/port combination "NO" "ONE" turns the instance + * into a master. Otherwise the new master address is set. */ + if (!strcasecmp(c->argv[1]->ptr,"no") && + !strcasecmp(c->argv[2]->ptr,"one")) { + if (server.masterhost) { + replicationUnsetMaster(); + sds client = catClientInfoString(sdsempty(),c); + serverLog(LL_NOTICE,"MASTER MODE enabled (user request from '%s')", + client); + sdsfree(client); + } + } else { + long port; + + if (c->flags & CLIENT_SLAVE) + { + /* If a client is already a replica they cannot run this command, + * because it involves flushing all replicas (including this + * client) */ + addReplyError(c, "Command is not valid when client is a replica."); + return; + } + + if (getRangeLongFromObjectOrReply(c, c->argv[2], 0, 65535, &port, + "Invalid master port") != C_OK) + return; + + /* Check if we are already attached to the specified master */ + if (server.masterhost && !strcasecmp(server.masterhost,c->argv[1]->ptr) + && server.masterport == port) { + serverLog(LL_NOTICE,"REPLICAOF would result into synchronization " + "with the master we are already connected " + "with. No operation performed."); + addReplySds(c,sdsnew("+OK Already connected to specified " + "master\r\n")); + return; + } + /* There was no previous master or the user specified a different one, + * we can continue. */ + replicationSetMaster(c->argv[1]->ptr, port); + sds client = catClientInfoString(sdsempty(),c); + serverLog(LL_NOTICE,"REPLICAOF %s:%d enabled (user request from '%s')", + server.masterhost, server.masterport, client); + sdsfree(client); + } + addReply(c,shared.ok); +} + +/* ROLE command: provide information about the role of the instance + * (master or slave) and additional information related to replication + * in an easy to process format. */ +void roleCommand(client *c) { + if (server.sentinel_mode) { + sentinelRoleCommand(c); + return; + } + + if (server.masterhost == NULL) { + listIter li; + listNode *ln; + void *mbcount; + int slaves = 0; + + addReplyArrayLen(c,3); + addReplyBulkCBuffer(c,"master",6); + addReplyLongLong(c,server.master_repl_offset); + mbcount = addReplyDeferredLen(c); + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + char ip[NET_IP_STR_LEN], *slaveaddr = slave->slave_addr; + + if (!slaveaddr) { + if (connPeerToString(slave->conn,ip,sizeof(ip),NULL) == -1) + continue; + slaveaddr = ip; + } + if (slave->replstate != SLAVE_STATE_ONLINE) continue; + addReplyArrayLen(c,3); + addReplyBulkCString(c,slaveaddr); + addReplyBulkLongLong(c,slave->slave_listening_port); + addReplyBulkLongLong(c,slave->repl_ack_off); + slaves++; + } + setDeferredArrayLen(c,mbcount,slaves); + } else { + char *slavestate = NULL; + + addReplyArrayLen(c,5); + addReplyBulkCBuffer(c,"slave",5); + addReplyBulkCString(c,server.masterhost); + addReplyLongLong(c,server.masterport); + if (slaveIsInHandshakeState()) { + slavestate = "handshake"; + } else { + switch(server.repl_state) { + case REPL_STATE_NONE: slavestate = "none"; break; + case REPL_STATE_CONNECT: slavestate = "connect"; break; + case REPL_STATE_CONNECTING: slavestate = "connecting"; break; + case REPL_STATE_TRANSFER: slavestate = "sync"; break; + case REPL_STATE_CONNECTED: slavestate = "connected"; break; + default: slavestate = "unknown"; break; + } + } + addReplyBulkCString(c,slavestate); + addReplyLongLong(c,server.master ? server.master->reploff : -1); + } +} + +/* Send a REPLCONF ACK command to the master to inform it about the current + * processed offset. If we are not connected with a master, the command has + * no effects. */ +void replicationSendAck(void) { + client *c = server.master; + + if (c != NULL) { + c->flags |= CLIENT_MASTER_FORCE_REPLY; + addReplyArrayLen(c,3); + addReplyBulkCString(c,"REPLCONF"); + addReplyBulkCString(c,"ACK"); + addReplyBulkLongLong(c,c->reploff); + c->flags &= ~CLIENT_MASTER_FORCE_REPLY; + } +} + +/* ---------------------- MASTER CACHING FOR PSYNC -------------------------- */ + +/* In order to implement partial synchronization we need to be able to cache + * our master's client structure after a transient disconnection. + * It is cached into server.cached_master and flushed away using the following + * functions. */ + +/* This function is called by freeClient() in order to cache the master + * client structure instead of destroying it. freeClient() will return + * ASAP after this function returns, so every action needed to avoid problems + * with a client that is really "suspended" has to be done by this function. + * + * The other functions that will deal with the cached master are: + * + * replicationDiscardCachedMaster() that will make sure to kill the client + * as for some reason we don't want to use it in the future. + * + * replicationResurrectCachedMaster() that is used after a successful PSYNC + * handshake in order to reactivate the cached master. + */ +void replicationCacheMaster(client *c) { + serverAssert(server.master != NULL && server.cached_master == NULL); + serverLog(LL_NOTICE,"Caching the disconnected master state."); + + /* Unlink the client from the server structures. */ + unlinkClient(c); + + /* Reset the master client so that's ready to accept new commands: + * we want to discard the non processed query buffers and non processed + * offsets, including pending transactions, already populated arguments, + * pending outputs to the master. */ + sdsclear(server.master->querybuf); + server.master->qb_pos = 0; + server.master->repl_applied = 0; + server.master->read_reploff = server.master->reploff; + if (c->flags & CLIENT_MULTI) discardTransaction(c); + listEmpty(c->reply); + c->sentlen = 0; + c->reply_bytes = 0; + c->bufpos = 0; + resetClient(c); + + /* Save the master. Server.master will be set to null later by + * replicationHandleMasterDisconnection(). */ + server.cached_master = server.master; + + /* Invalidate the Peer ID cache. */ + if (c->peerid) { + sdsfree(c->peerid); + c->peerid = NULL; + } + /* Invalidate the Sock Name cache. */ + if (c->sockname) { + sdsfree(c->sockname); + c->sockname = NULL; + } + + /* Caching the master happens instead of the actual freeClient() call, + * so make sure to adjust the replication state. This function will + * also set server.master to NULL. */ + replicationHandleMasterDisconnection(); +} + +/* This function is called when a master is turned into a slave, in order to + * create from scratch a cached master for the new client, that will allow + * to PSYNC with the slave that was promoted as the new master after a + * failover. + * + * Assuming this instance was previously the master instance of the new master, + * the new master will accept its replication ID, and potential also the + * current offset if no data was lost during the failover. So we use our + * current replication ID and offset in order to synthesize a cached master. */ +void replicationCacheMasterUsingMyself(void) { + serverLog(LL_NOTICE, + "Before turning into a replica, using my own master parameters " + "to synthesize a cached master: I may be able to synchronize with " + "the new master with just a partial transfer."); + + /* This will be used to populate the field server.master->reploff + * by replicationCreateMasterClient(). We'll later set the created + * master as server.cached_master, so the replica will use such + * offset for PSYNC. */ + server.master_initial_offset = server.master_repl_offset; + + /* The master client we create can be set to any DBID, because + * the new master will start its replication stream with SELECT. */ + replicationCreateMasterClient(NULL,-1); + + /* Use our own ID / offset. */ + memcpy(server.master->replid, server.replid, sizeof(server.replid)); + + /* Set as cached master. */ + unlinkClient(server.master); + server.cached_master = server.master; + server.master = NULL; +} + +/* Free a cached master, called when there are no longer the conditions for + * a partial resync on reconnection. */ +void replicationDiscardCachedMaster(void) { + if (server.cached_master == NULL) return; + + serverLog(LL_NOTICE,"Discarding previously cached master state."); + server.cached_master->flags &= ~CLIENT_MASTER; + freeClient(server.cached_master); + server.cached_master = NULL; +} + +/* Turn the cached master into the current master, using the file descriptor + * passed as argument as the socket for the new master. + * + * This function is called when successfully setup a partial resynchronization + * so the stream of data that we'll receive will start from where this + * master left. */ +void replicationResurrectCachedMaster(connection *conn) { + server.master = server.cached_master; + server.cached_master = NULL; + server.master->conn = conn; + connSetPrivateData(server.master->conn, server.master); + server.master->flags &= ~(CLIENT_CLOSE_AFTER_REPLY|CLIENT_CLOSE_ASAP); + server.master->authenticated = 1; + server.master->lastinteraction = server.unixtime; + server.repl_state = REPL_STATE_CONNECTED; + server.repl_down_since = 0; + + /* Fire the master link modules event. */ + moduleFireServerEvent(REDISMODULE_EVENT_MASTER_LINK_CHANGE, + REDISMODULE_SUBEVENT_MASTER_LINK_UP, + NULL); + + /* Re-add to the list of clients. */ + linkClient(server.master); + if (connSetReadHandler(server.master->conn, readQueryFromClient)) { + serverLog(LL_WARNING,"Error resurrecting the cached master, impossible to add the readable handler: %s", strerror(errno)); + freeClientAsync(server.master); /* Close ASAP. */ + } + + /* We may also need to install the write handler as well if there is + * pending data in the write buffers. */ + if (clientHasPendingReplies(server.master)) { + if (connSetWriteHandler(server.master->conn, sendReplyToClient)) { + serverLog(LL_WARNING,"Error resurrecting the cached master, impossible to add the writable handler: %s", strerror(errno)); + freeClientAsync(server.master); /* Close ASAP. */ + } + } +} + +/* ------------------------- MIN-SLAVES-TO-WRITE --------------------------- */ + +/* This function counts the number of slaves with lag <= min-slaves-max-lag. + * If the option is active, the server will prevent writes if there are not + * enough connected slaves with the specified lag (or less). */ +void refreshGoodSlavesCount(void) { + listIter li; + listNode *ln; + int good = 0; + + if (!server.repl_min_slaves_to_write || + !server.repl_min_slaves_max_lag) return; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + time_t lag = server.unixtime - slave->repl_ack_time; + + if (slave->replstate == SLAVE_STATE_ONLINE && + lag <= server.repl_min_slaves_max_lag) good++; + } + server.repl_good_slaves_count = good; +} + +/* return true if status of good replicas is OK. otherwise false */ +int checkGoodReplicasStatus(void) { + return server.masterhost || /* not a primary status should be OK */ + !server.repl_min_slaves_max_lag || /* Min slave max lag not configured */ + !server.repl_min_slaves_to_write || /* Min slave to write not configured */ + server.repl_good_slaves_count >= server.repl_min_slaves_to_write; /* check if we have enough slaves */ +} + +/* ----------------------- SYNCHRONOUS REPLICATION -------------------------- + * Redis synchronous replication design can be summarized in points: + * + * - Redis masters have a global replication offset, used by PSYNC. + * - Master increment the offset every time new commands are sent to slaves. + * - Slaves ping back masters with the offset processed so far. + * + * So synchronous replication adds a new WAIT command in the form: + * + * WAIT <num_replicas> <milliseconds_timeout> + * + * That returns the number of replicas that processed the query when + * we finally have at least num_replicas, or when the timeout was + * reached. + * + * The command is implemented in this way: + * + * - Every time a client processes a command, we remember the replication + * offset after sending that command to the slaves. + * - When WAIT is called, we ask slaves to send an acknowledgement ASAP. + * The client is blocked at the same time (see blocked.c). + * - Once we receive enough ACKs for a given offset or when the timeout + * is reached, the WAIT command is unblocked and the reply sent to the + * client. + */ + +/* This just set a flag so that we broadcast a REPLCONF GETACK command + * to all the slaves in the beforeSleep() function. Note that this way + * we "group" all the clients that want to wait for synchronous replication + * in a given event loop iteration, and send a single GETACK for them all. */ +void replicationRequestAckFromSlaves(void) { + server.get_ack_from_slaves = 1; +} + +/* Return the number of slaves that already acknowledged the specified + * replication offset. */ +int replicationCountAcksByOffset(long long offset) { + listIter li; + listNode *ln; + int count = 0; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + + if (slave->replstate != SLAVE_STATE_ONLINE) continue; + if (slave->repl_ack_off >= offset) count++; + } + return count; +} + +/* WAIT for N replicas to acknowledge the processing of our latest + * write command (and all the previous commands). */ +void waitCommand(client *c) { + mstime_t timeout; + long numreplicas, ackreplicas; + long long offset = c->woff; + + if (server.masterhost) { + addReplyError(c,"WAIT cannot be used with replica instances. Please also note that since Redis 4.0 if a replica is configured to be writable (which is not the default) writes to replicas are just local and are not propagated."); + return; + } + + /* Argument parsing. */ + if (getLongFromObjectOrReply(c,c->argv[1],&numreplicas,NULL) != C_OK) + return; + if (getTimeoutFromObjectOrReply(c,c->argv[2],&timeout,UNIT_MILLISECONDS) + != C_OK) return; + + /* First try without blocking at all. */ + ackreplicas = replicationCountAcksByOffset(c->woff); + if (ackreplicas >= numreplicas || c->flags & CLIENT_MULTI) { + addReplyLongLong(c,ackreplicas); + return; + } + + /* Otherwise block the client and put it into our list of clients + * waiting for ack from slaves. */ + c->bpop.timeout = timeout; + c->bpop.reploffset = offset; + c->bpop.numreplicas = numreplicas; + listAddNodeHead(server.clients_waiting_acks,c); + blockClient(c,BLOCKED_WAIT); + + /* Make sure that the server will send an ACK request to all the slaves + * before returning to the event loop. */ + replicationRequestAckFromSlaves(); +} + +/* This is called by unblockClient() to perform the blocking op type + * specific cleanup. We just remove the client from the list of clients + * waiting for replica acks. Never call it directly, call unblockClient() + * instead. */ +void unblockClientWaitingReplicas(client *c) { + listNode *ln = listSearchKey(server.clients_waiting_acks,c); + serverAssert(ln != NULL); + listDelNode(server.clients_waiting_acks,ln); +} + +/* Check if there are clients blocked in WAIT that can be unblocked since + * we received enough ACKs from slaves. */ +void processClientsWaitingReplicas(void) { + long long last_offset = 0; + int last_numreplicas = 0; + + listIter li; + listNode *ln; + + listRewind(server.clients_waiting_acks,&li); + while((ln = listNext(&li))) { + client *c = ln->value; + + /* Every time we find a client that is satisfied for a given + * offset and number of replicas, we remember it so the next client + * may be unblocked without calling replicationCountAcksByOffset() + * if the requested offset / replicas were equal or less. */ + if (last_offset && last_offset >= c->bpop.reploffset && + last_numreplicas >= c->bpop.numreplicas) + { + unblockClient(c); + addReplyLongLong(c,last_numreplicas); + } else { + int numreplicas = replicationCountAcksByOffset(c->bpop.reploffset); + + if (numreplicas >= c->bpop.numreplicas) { + last_offset = c->bpop.reploffset; + last_numreplicas = numreplicas; + unblockClient(c); + addReplyLongLong(c,numreplicas); + } + } + } +} + +/* Return the slave replication offset for this instance, that is + * the offset for which we already processed the master replication stream. */ +long long replicationGetSlaveOffset(void) { + long long offset = 0; + + if (server.masterhost != NULL) { + if (server.master) { + offset = server.master->reploff; + } else if (server.cached_master) { + offset = server.cached_master->reploff; + } + } + /* offset may be -1 when the master does not support it at all, however + * this function is designed to return an offset that can express the + * amount of data processed by the master, so we return a positive + * integer. */ + if (offset < 0) offset = 0; + return offset; +} + +/* --------------------------- REPLICATION CRON ---------------------------- */ + +/* Replication cron function, called 1 time per second. */ +void replicationCron(void) { + static long long replication_cron_loops = 0; + + /* Check failover status first, to see if we need to start + * handling the failover. */ + updateFailoverStatus(); + + /* Non blocking connection timeout? */ + if (server.masterhost && + (server.repl_state == REPL_STATE_CONNECTING || + slaveIsInHandshakeState()) && + (time(NULL)-server.repl_transfer_lastio) > server.repl_timeout) + { + serverLog(LL_WARNING,"Timeout connecting to the MASTER..."); + cancelReplicationHandshake(1); + } + + /* Bulk transfer I/O timeout? */ + if (server.masterhost && server.repl_state == REPL_STATE_TRANSFER && + (time(NULL)-server.repl_transfer_lastio) > server.repl_timeout) + { + serverLog(LL_WARNING,"Timeout receiving bulk data from MASTER... If the problem persists try to set the 'repl-timeout' parameter in redis.conf to a larger value."); + cancelReplicationHandshake(1); + } + + /* Timed out master when we are an already connected slave? */ + if (server.masterhost && server.repl_state == REPL_STATE_CONNECTED && + (time(NULL)-server.master->lastinteraction) > server.repl_timeout) + { + serverLog(LL_WARNING,"MASTER timeout: no data nor PING received..."); + freeClient(server.master); + } + + /* Check if we should connect to a MASTER */ + if (server.repl_state == REPL_STATE_CONNECT) { + serverLog(LL_NOTICE,"Connecting to MASTER %s:%d", + server.masterhost, server.masterport); + connectWithMaster(); + } + + /* Send ACK to master from time to time. + * Note that we do not send periodic acks to masters that don't + * support PSYNC and replication offsets. */ + if (server.masterhost && server.master && + !(server.master->flags & CLIENT_PRE_PSYNC)) + replicationSendAck(); + + /* If we have attached slaves, PING them from time to time. + * So slaves can implement an explicit timeout to masters, and will + * be able to detect a link disconnection even if the TCP connection + * will not actually go down. */ + listIter li; + listNode *ln; + robj *ping_argv[1]; + + /* First, send PING according to ping_slave_period. */ + if ((replication_cron_loops % server.repl_ping_slave_period) == 0 && + listLength(server.slaves)) + { + /* Note that we don't send the PING if the clients are paused during + * a Redis Cluster manual failover: the PING we send will otherwise + * alter the replication offsets of master and slave, and will no longer + * match the one stored into 'mf_master_offset' state. */ + int manual_failover_in_progress = + ((server.cluster_enabled && + server.cluster->mf_end) || + server.failover_end_time) && + checkClientPauseTimeoutAndReturnIfPaused(); + + if (!manual_failover_in_progress) { + ping_argv[0] = shared.ping; + replicationFeedSlaves(server.slaves, server.slaveseldb, + ping_argv, 1); + } + } + + /* Second, send a newline to all the slaves in pre-synchronization + * stage, that is, slaves waiting for the master to create the RDB file. + * + * Also send the a newline to all the chained slaves we have, if we lost + * connection from our master, to keep the slaves aware that their + * master is online. This is needed since sub-slaves only receive proxied + * data from top-level masters, so there is no explicit pinging in order + * to avoid altering the replication offsets. This special out of band + * pings (newlines) can be sent, they will have no effect in the offset. + * + * The newline will be ignored by the slave but will refresh the + * last interaction timer preventing a timeout. In this case we ignore the + * ping period and refresh the connection once per second since certain + * timeouts are set at a few seconds (example: PSYNC response). */ + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + + int is_presync = + (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_START || + (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_END && + server.rdb_child_type != RDB_CHILD_TYPE_SOCKET)); + + if (is_presync) { + connWrite(slave->conn, "\n", 1); + } + } + + /* Disconnect timedout slaves. */ + if (listLength(server.slaves)) { + listIter li; + listNode *ln; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + + if (slave->replstate == SLAVE_STATE_ONLINE) { + if (slave->flags & CLIENT_PRE_PSYNC) + continue; + if ((server.unixtime - slave->repl_ack_time) > server.repl_timeout) { + serverLog(LL_WARNING, "Disconnecting timedout replica (streaming sync): %s", + replicationGetSlaveName(slave)); + freeClient(slave); + continue; + } + } + /* We consider disconnecting only diskless replicas because disk-based replicas aren't fed + * by the fork child so if a disk-based replica is stuck it doesn't prevent the fork child + * from terminating. */ + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_END && server.rdb_child_type == RDB_CHILD_TYPE_SOCKET) { + if (slave->repl_last_partial_write != 0 && + (server.unixtime - slave->repl_last_partial_write) > server.repl_timeout) + { + serverLog(LL_WARNING, "Disconnecting timedout replica (full sync): %s", + replicationGetSlaveName(slave)); + freeClient(slave); + continue; + } + } + } + } + + /* If this is a master without attached slaves and there is a replication + * backlog active, in order to reclaim memory we can free it after some + * (configured) time. Note that this cannot be done for slaves: slaves + * without sub-slaves attached should still accumulate data into the + * backlog, in order to reply to PSYNC queries if they are turned into + * masters after a failover. */ + if (listLength(server.slaves) == 0 && server.repl_backlog_time_limit && + server.repl_backlog && server.masterhost == NULL) + { + time_t idle = server.unixtime - server.repl_no_slaves_since; + + if (idle > server.repl_backlog_time_limit) { + /* When we free the backlog, we always use a new + * replication ID and clear the ID2. This is needed + * because when there is no backlog, the master_repl_offset + * is not updated, but we would still retain our replication + * ID, leading to the following problem: + * + * 1. We are a master instance. + * 2. Our slave is promoted to master. It's repl-id-2 will + * be the same as our repl-id. + * 3. We, yet as master, receive some updates, that will not + * increment the master_repl_offset. + * 4. Later we are turned into a slave, connect to the new + * master that will accept our PSYNC request by second + * replication ID, but there will be data inconsistency + * because we received writes. */ + changeReplicationId(); + clearReplicationId2(); + freeReplicationBacklog(); + serverLog(LL_NOTICE, + "Replication backlog freed after %d seconds " + "without connected replicas.", + (int) server.repl_backlog_time_limit); + } + } + + replicationStartPendingFork(); + + /* Remove the RDB file used for replication if Redis is not running + * with any persistence. */ + removeRDBUsedToSyncReplicas(); + + /* Sanity check replication buffer, the first block of replication buffer blocks + * must be referenced by someone, since it will be freed when not referenced, + * otherwise, server will OOM. also, its refcount must not be more than + * replicas number + 1(replication backlog). */ + if (listLength(server.repl_buffer_blocks) > 0) { + replBufBlock *o = listNodeValue(listFirst(server.repl_buffer_blocks)); + serverAssert(o->refcount > 0 && + o->refcount <= (int)listLength(server.slaves)+1); + } + + /* Refresh the number of slaves with lag <= min-slaves-max-lag. */ + refreshGoodSlavesCount(); + replication_cron_loops++; /* Incremented with frequency 1 HZ. */ +} + +int shouldStartChildReplication(int *mincapa_out, int *req_out) { + /* We should start a BGSAVE good for replication if we have slaves in + * WAIT_BGSAVE_START state. + * + * In case of diskless replication, we make sure to wait the specified + * number of seconds (according to configuration) so that other slaves + * have the time to arrive before we start streaming. */ + if (!hasActiveChildProcess()) { + time_t idle, max_idle = 0; + int slaves_waiting = 0; + int mincapa; + int req; + int first = 1; + listNode *ln; + listIter li; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + client *slave = ln->value; + if (slave->replstate == SLAVE_STATE_WAIT_BGSAVE_START) { + if (first) { + /* Get first slave's requirements */ + req = slave->slave_req; + } else if (req != slave->slave_req) { + /* Skip slaves that don't match */ + continue; + } + idle = server.unixtime - slave->lastinteraction; + if (idle > max_idle) max_idle = idle; + slaves_waiting++; + mincapa = first ? slave->slave_capa : (mincapa & slave->slave_capa); + first = 0; + } + } + + if (slaves_waiting && + (!server.repl_diskless_sync || + (server.repl_diskless_sync_max_replicas > 0 && + slaves_waiting >= server.repl_diskless_sync_max_replicas) || + max_idle >= server.repl_diskless_sync_delay)) + { + if (mincapa_out) + *mincapa_out = mincapa; + if (req_out) + *req_out = req; + return 1; + } + } + + return 0; +} + +void replicationStartPendingFork(void) { + int mincapa = -1; + int req = -1; + + if (shouldStartChildReplication(&mincapa, &req)) { + /* Start the BGSAVE. The called function may start a + * BGSAVE with socket target or disk target depending on the + * configuration and slaves capabilities and requirements. */ + startBgsaveForReplication(mincapa, req); + } +} + +/* Find replica at IP:PORT from replica list */ +static client *findReplica(char *host, int port) { + listIter li; + listNode *ln; + client *replica; + + listRewind(server.slaves,&li); + while((ln = listNext(&li))) { + replica = ln->value; + char ip[NET_IP_STR_LEN], *replicaip = replica->slave_addr; + + if (!replicaip) { + if (connPeerToString(replica->conn, ip, sizeof(ip), NULL) == -1) + continue; + replicaip = ip; + } + + if (!strcasecmp(host, replicaip) && + (port == replica->slave_listening_port)) + return replica; + } + + return NULL; +} + +const char *getFailoverStateString() { + switch(server.failover_state) { + case NO_FAILOVER: return "no-failover"; + case FAILOVER_IN_PROGRESS: return "failover-in-progress"; + case FAILOVER_WAIT_FOR_SYNC: return "waiting-for-sync"; + default: return "unknown"; + } +} + +/* Resets the internal failover configuration, this needs + * to be called after a failover either succeeds or fails + * as it includes the client unpause. */ +void clearFailoverState() { + server.failover_end_time = 0; + server.force_failover = 0; + zfree(server.target_replica_host); + server.target_replica_host = NULL; + server.target_replica_port = 0; + server.failover_state = NO_FAILOVER; + unpauseClients(PAUSE_DURING_FAILOVER); +} + +/* Abort an ongoing failover if one is going on. */ +void abortFailover(const char *err) { + if (server.failover_state == NO_FAILOVER) return; + + if (server.target_replica_host) { + serverLog(LL_NOTICE,"FAILOVER to %s:%d aborted: %s", + server.target_replica_host,server.target_replica_port,err); + } else { + serverLog(LL_NOTICE,"FAILOVER to any replica aborted: %s",err); + } + if (server.failover_state == FAILOVER_IN_PROGRESS) { + replicationUnsetMaster(); + } + clearFailoverState(); +} + +/* + * FAILOVER [TO <HOST> <PORT> [FORCE]] [ABORT] [TIMEOUT <timeout>] + * + * This command will coordinate a failover between the master and one + * of its replicas. The happy path contains the following steps: + * 1) The master will initiate a client pause write, to stop replication + * traffic. + * 2) The master will periodically check if any of its replicas has + * consumed the entire replication stream through acks. + * 3) Once any replica has caught up, the master will itself become a replica. + * 4) The master will send a PSYNC FAILOVER request to the target replica, which + * if accepted will cause the replica to become the new master and start a sync. + * + * FAILOVER ABORT is the only way to abort a failover command, as replicaof + * will be disabled. This may be needed if the failover is unable to progress. + * + * The optional arguments [TO <HOST> <IP>] allows designating a specific replica + * to be failed over to. + * + * FORCE flag indicates that even if the target replica is not caught up, + * failover to it anyway. This must be specified with a timeout and a target + * HOST and IP. + * + * TIMEOUT <timeout> indicates how long should the primary wait for + * a replica to sync up before aborting. If not specified, the failover + * will attempt forever and must be manually aborted. + */ +void failoverCommand(client *c) { + if (server.cluster_enabled) { + addReplyError(c,"FAILOVER not allowed in cluster mode. " + "Use CLUSTER FAILOVER command instead."); + return; + } + + /* Handle special case for abort */ + if ((c->argc == 2) && !strcasecmp(c->argv[1]->ptr,"abort")) { + if (server.failover_state == NO_FAILOVER) { + addReplyError(c, "No failover in progress."); + return; + } + + abortFailover("Failover manually aborted"); + addReply(c,shared.ok); + return; + } + + long timeout_in_ms = 0; + int force_flag = 0; + long port = 0; + char *host = NULL; + + /* Parse the command for syntax and arguments. */ + for (int j = 1; j < c->argc; j++) { + if (!strcasecmp(c->argv[j]->ptr,"timeout") && (j + 1 < c->argc) && + timeout_in_ms == 0) + { + if (getLongFromObjectOrReply(c,c->argv[j + 1], + &timeout_in_ms,NULL) != C_OK) return; + if (timeout_in_ms <= 0) { + addReplyError(c,"FAILOVER timeout must be greater than 0"); + return; + } + j++; + } else if (!strcasecmp(c->argv[j]->ptr,"to") && (j + 2 < c->argc) && + !host) + { + if (getLongFromObjectOrReply(c,c->argv[j + 2],&port,NULL) != C_OK) + return; + host = c->argv[j + 1]->ptr; + j += 2; + } else if (!strcasecmp(c->argv[j]->ptr,"force") && !force_flag) { + force_flag = 1; + } else { + addReplyErrorObject(c,shared.syntaxerr); + return; + } + } + + if (server.failover_state != NO_FAILOVER) { + addReplyError(c,"FAILOVER already in progress."); + return; + } + + if (server.masterhost) { + addReplyError(c,"FAILOVER is not valid when server is a replica."); + return; + } + + if (listLength(server.slaves) == 0) { + addReplyError(c,"FAILOVER requires connected replicas."); + return; + } + + if (force_flag && (!timeout_in_ms || !host)) { + addReplyError(c,"FAILOVER with force option requires both a timeout " + "and target HOST and IP."); + return; + } + + /* If a replica address was provided, validate that it is connected. */ + if (host) { + client *replica = findReplica(host, port); + + if (replica == NULL) { + addReplyError(c,"FAILOVER target HOST and PORT is not " + "a replica."); + return; + } + + /* Check if requested replica is online */ + if (replica->replstate != SLAVE_STATE_ONLINE) { + addReplyError(c,"FAILOVER target replica is not online."); + return; + } + + server.target_replica_host = zstrdup(host); + server.target_replica_port = port; + serverLog(LL_NOTICE,"FAILOVER requested to %s:%ld.",host,port); + } else { + serverLog(LL_NOTICE,"FAILOVER requested to any replica."); + } + + mstime_t now = mstime(); + if (timeout_in_ms) { + server.failover_end_time = now + timeout_in_ms; + } + + server.force_failover = force_flag; + server.failover_state = FAILOVER_WAIT_FOR_SYNC; + /* Cluster failover will unpause eventually */ + pauseClients(PAUSE_DURING_FAILOVER, LLONG_MAX, CLIENT_PAUSE_WRITE); + addReply(c,shared.ok); +} + +/* Failover cron function, checks coordinated failover state. + * + * Implementation note: The current implementation calls replicationSetMaster() + * to start the failover request, this has some unintended side effects if the + * failover doesn't work like blocked clients will be unblocked and replicas will + * be disconnected. This could be optimized further. + */ +void updateFailoverStatus(void) { + if (server.failover_state != FAILOVER_WAIT_FOR_SYNC) return; + mstime_t now = server.mstime; + + /* Check if failover operation has timed out */ + if (server.failover_end_time && server.failover_end_time <= now) { + if (server.force_failover) { + serverLog(LL_NOTICE, + "FAILOVER to %s:%d time out exceeded, failing over.", + server.target_replica_host, server.target_replica_port); + server.failover_state = FAILOVER_IN_PROGRESS; + /* If timeout has expired force a failover if requested. */ + replicationSetMaster(server.target_replica_host, + server.target_replica_port); + return; + } else { + /* Force was not requested, so timeout. */ + abortFailover("Replica never caught up before timeout"); + return; + } + } + + /* Check to see if the replica has caught up so failover can start */ + client *replica = NULL; + if (server.target_replica_host) { + replica = findReplica(server.target_replica_host, + server.target_replica_port); + } else { + listIter li; + listNode *ln; + + listRewind(server.slaves,&li); + /* Find any replica that has matched our repl_offset */ + while((ln = listNext(&li))) { + replica = ln->value; + if (replica->repl_ack_off == server.master_repl_offset) { + char ip[NET_IP_STR_LEN], *replicaaddr = replica->slave_addr; + + if (!replicaaddr) { + if (connPeerToString(replica->conn,ip,sizeof(ip),NULL) == -1) + continue; + replicaaddr = ip; + } + + /* We are now failing over to this specific node */ + server.target_replica_host = zstrdup(replicaaddr); + server.target_replica_port = replica->slave_listening_port; + break; + } + } + } + + /* We've found a replica that is caught up */ + if (replica && (replica->repl_ack_off == server.master_repl_offset)) { + server.failover_state = FAILOVER_IN_PROGRESS; + serverLog(LL_NOTICE, + "Failover target %s:%d is synced, failing over.", + server.target_replica_host, server.target_replica_port); + /* Designated replica is caught up, failover to it. */ + replicationSetMaster(server.target_replica_host, + server.target_replica_port); + } +} |