CXX-606 Backport server r2.6.10..r2.6.11 changes

acmorrow · acmorrow · commit 99f6eca37f5b · 2015-08-14T12:12:04.000-04:00
Server SHAs picked into this commit:

872f3ff
b8c1c49
17fa52e
ed5dbf3
bd585fa
04a99c4
6e50440
d00c173
diff --git a/SConstruct b/SConstruct
@@ -223,7 +223,6 @@ add_option( "no-glibc-check" , "don't check for new versions of glibc" , 0 , Fal
 add_option( "mm", "use main memory instead of memory mapped files" , 0 , True )
 add_option( "asio" , "Use Asynchronous IO (NOT READY YET)" , 0 , True )
 add_option( "ssl" , "Enable SSL" , 0 , True )
-add_option( "ssl-fips-capability", "Enable the ability to activate FIPS 140-2 mode", 0, True );
 
 # library choices
 add_option( "usev8" , "use v8 for javascript" , 0 , True )
@@ -910,8 +909,6 @@ if has_option( "ssl" ):
     else:
         env.Append( LIBS=["ssl"] )
         env.Append( LIBS=["crypto"] )
-    if has_option("ssl-fips-capability"):
-        env.Append( CPPDEFINES=["MONGO_SSL_FIPS"] )
 
 try:
     umask = os.umask(022)
@@ -1444,6 +1441,41 @@ def doConfigure(myenv):
     # ask each module to configure itself and the build environment.
     moduleconfig.configure_modules(mongo_modules, conf)
 
+    def CheckLinkSSL(context):
+        test_body = """
+        #include <openssl/err.h>
+        #include <openssl/ssl.h>
+        #include <stdlib.h>
+
+        int main() {
+            SSL_library_init();
+            SSL_load_error_strings();
+            ERR_load_crypto_strings();
+
+            OpenSSL_add_all_algorithms();
+            ERR_free_strings();
+            return EXIT_SUCCESS;
+        }
+        """
+        context.Message("Checking if OpenSSL is available...")
+        ret = context.TryLink(textwrap.dedent(test_body), ".c")
+        context.Result(ret)
+        return ret
+    conf.AddTest("CheckLinkSSL", CheckLinkSSL)
+
+    if has_option("ssl"):
+        if not conf.CheckLinkSSL():
+            print "SSL is enabled, but is unavailable"
+            Exit(1)
+
+        if conf.CheckDeclaration(
+            "FIPS_mode_set",
+            includes="""
+                #include <openssl/crypto.h>
+                #include <openssl/evp.h>
+            """):
+            conf.env.Append(CPPDEFINES=['MONGO_HAVE_FIPS_MODE_SET'])
+
     return conf.Finish()
 
 env = doConfigure( env )
diff --git a/src/mongo/client/dbclientcursor.cpp b/src/mongo/client/dbclientcursor.cpp
@@ -325,6 +325,10 @@ namespace mongo {
     }
 
     DBClientCursor::~DBClientCursor() {
+        kill();
+    }
+
+    void DBClientCursor::kill() {
         DESTRUCTOR_GUARD (
 
         if ( cursorId && _ownCursor && ! inShutdown() ) {
@@ -359,6 +363,9 @@ namespace mongo {
         }
 
         );
+
+        // Mark this cursor as dead since we can't do any getMores.
+        cursorId = 0;
     }
 
 
diff --git a/src/mongo/client/dbclientcursor.h b/src/mongo/client/dbclientcursor.h
@@ -202,6 +202,18 @@ namespace mongo {
         void initLazy( bool isRetry = false );
         bool initLazyFinish( bool& retry );
 
+        /**
+         * Marks this object as dead and sends the KillCursors message to the server.
+         *
+         * Any errors that result from this are swallowed since this is typically performed as part
+         * of cleanup and a failure to kill the cursor should not result in a failure of the
+         * operation using the cursor.
+         *
+         * Killing an already killed or exhausted cursor does nothing, so it is safe to always call
+         * this if you want to ensure that a cursor is killed.
+         */
+        void kill();
+
         class Batch : boost::noncopyable {
             friend class DBClientCursor;
             auto_ptr<Message> m;
diff --git a/src/mongo/client/replica_set_monitor.cpp b/src/mongo/client/replica_set_monitor.cpp
@@ -537,8 +537,16 @@ namespace {
             return;
         }
 
-        if (reply.isMaster)
-            receivedIsMasterFromMaster(reply);
+        if (reply.isMaster) {
+            const bool stalePrimary = !receivedIsMasterFromMaster(reply);
+            if (stalePrimary) {
+                log() << "node " << from << " believes it is primary, but its election id of "
+                      << reply.electionId << " is older than the most recent election id"
+                      << " for this set, " << _set->maxElectionId;
+                failedHost(from);
+                return;
+            }
+        }
 
         if (_scan->foundUpMaster) {
             // We only update a Node if a master has confirmed it is in the set.
@@ -614,9 +622,16 @@ namespace {
         return scan;
     }
 
-    void Refresher::receivedIsMasterFromMaster(const IsMasterReply& reply) {
+    bool Refresher::receivedIsMasterFromMaster(const IsMasterReply& reply) {
         invariant(reply.isMaster);
 
+        if (reply.electionId.isSet()) {
+            if (_set->maxElectionId.isSet() && _set->maxElectionId.compare(reply.electionId) > 0) {
+                return false;
+            }
+            _set->maxElectionId = reply.electionId;
+        }
+
         // Mark all nodes as not master. We will mark ourself as master before releasing the lock.
         // NOTE: we use a "last-wins" policy if multiple hosts claim to be master.
         for (size_t i = 0; i < _set->nodes.size(); i++) {
@@ -686,6 +701,8 @@ namespace {
 
         _scan->foundUpMaster = true;
         _set->lastSeenMaster = reply.host;
+
+        return true;
     }
 
     void Refresher::receivedIsMasterBeforeFoundMaster(const IsMasterReply& reply) {
@@ -779,6 +796,10 @@ namespace {
             // hidden nodes can't be master, even if they claim to be.
             isMaster = !hidden && raw["ismaster"].trueValue();
 
+            if (isMaster && raw.hasField("electionId")) {
+                electionId = raw["electionId"].OID();
+            }
+
             const string primaryString = raw["primary"].str();
             primary = primaryString.empty() ? HostAndPort() : HostAndPort(primaryString);
 
diff --git a/src/mongo/client/replica_set_monitor.h b/src/mongo/client/replica_set_monitor.h
@@ -292,12 +292,17 @@ namespace mongo {
         static ScanStatePtr startNewScan(const SetState* set);
 
     private:
+
         /**
+         * First, checks that the "reply" is not from a stale primary by
+         * comparing the electionId of "reply" to the maxElectionId recorded by the SetState.
+         * Returns true if "reply" belongs to a non-stale primary.
+         *
          * Updates _set and _scan based on set-membership information from a master.
          * Applies _scan->unconfirmedReplies to confirmed nodes.
          * Does not update this host's node in _set->nodes.
          */
-        void receivedIsMasterFromMaster(const IsMasterReply& reply);
+        bool receivedIsMasterFromMaster(const IsMasterReply& reply);
 
         /**
          * Adjusts the _scan work queue based on information from this host.
diff --git a/src/mongo/client/replica_set_monitor_internal.h b/src/mongo/client/replica_set_monitor_internal.h
@@ -55,6 +55,7 @@ namespace mongo {
         bool isMaster;
         bool secondary;
         bool hidden;
+        OID electionId; // Set if this isMaster reply is from the primary
         HostAndPort primary; // empty if not present
         std::set<HostAndPort> normalHosts; // both "hosts" and "passives"
         BSONObj tags;
@@ -162,6 +163,7 @@ namespace mongo {
         const std::string name; // safe to read outside lock since it is const
         int consecutiveFailedScans;
         std::set<HostAndPort> seedNodes; // updated whenever a master reports set membership changes
+        OID maxElectionId; // largest election id observed by this ReplicaSetMonitor
         HostAndPort lastSeenMaster; // empty if we have never seen a master. can be same as current
         Nodes nodes; // maintained sorted and unique by host
         ScanStatePtr currentScan; // NULL if no scan in progress
diff --git a/src/mongo/client/replica_set_monitor_test.cpp b/src/mongo/client/replica_set_monitor_test.cpp
@@ -769,3 +769,185 @@ TEST(ReplicaSetMonitorTests, OutOfBandFailedHost) {
         }
     }
 }
+
+// Newly elected primary with electionId >= maximum electionId seen by the Refresher
+TEST(ReplicaSetMonitorTests, NewPrimaryWithMaxElectionId) {
+    SetStatePtr state = boost::make_shared<SetState>("name", basicSeedsSet);
+    Refresher refresher(state);
+
+    set<HostAndPort> seen;
+
+    // get all hosts to contact first
+    for (size_t i = 0; i != basicSeeds.size(); ++i) {
+        NextStep ns = refresher.getNextStep();
+        ASSERT_EQUALS(ns.step, NextStep::CONTACT_HOST);
+        ASSERT(basicSeedsSet.count(ns.host));
+        ASSERT(!seen.count(ns.host));
+        seen.insert(ns.host);
+    }
+
+    const ReadPreferenceSetting primaryOnly(ReadPreference_PrimaryOnly, TagSet());
+
+    // mock all replies
+    for (size_t i = 0; i != basicSeeds.size(); ++i) {
+        // All hosts to talk to are already dispatched, but no reply has been received
+        NextStep ns = refresher.getNextStep();
+        ASSERT_EQUALS(ns.step, NextStep::WAIT);
+        ASSERT(ns.host.empty());
+
+        refresher.receivedIsMaster(basicSeeds[i],
+                                   -1,
+                                   BSON("setName" << "name"
+                                        << "ismaster" << true
+                                        << "secondary" << false
+                                        << "hosts" << BSON_ARRAY("a" << "b" << "c")
+                                        << "electionId" << OID::gen()
+                                        << "ok" << true));
+
+        // Ensure the set primary is the host we just got a reply from
+        HostAndPort currentPrimary = state->getMatchingHost(primaryOnly);
+        ASSERT_EQUALS(currentPrimary.host(), basicSeeds[i].host());
+        ASSERT_EQUALS(state->nodes.size(), basicSeeds.size());
+
+        // Check the state of each individual node
+        for (size_t j = 0; j != basicSeeds.size(); ++j) {
+            Node* node = state->findNode(basicSeeds[j]);
+            ASSERT(node);
+            ASSERT_EQUALS(node->host.toString(), basicSeeds[j].toString());
+            ASSERT_EQUALS(node->isUp, j <= i);
+            ASSERT_EQUALS(node->isMaster, j == i);
+            ASSERT(node->tags.isEmpty());
+        }
+    }
+
+    // Now all hosts have returned data
+    NextStep ns = refresher.getNextStep();
+    ASSERT_EQUALS(ns.step, NextStep::DONE);
+    ASSERT(ns.host.empty());
+}
+
+// Ignore electionId of secondaries
+TEST(ReplicaSetMonitorTests, IgnoreElectionIdFromSecondaries) {
+    SetStatePtr state = boost::make_shared<SetState>("name", basicSeedsSet);
+    Refresher refresher(state);
+
+    set<HostAndPort> seen;
+
+    const OID primaryElectionId = OID::gen();
+
+    // mock all replies
+    for (size_t i = 0; i != basicSeeds.size(); ++i) {
+        NextStep ns = refresher.getNextStep();
+        ASSERT_EQUALS(ns.step, NextStep::CONTACT_HOST);
+        ASSERT(basicSeedsSet.count(ns.host));
+        ASSERT(!seen.count(ns.host));
+        seen.insert(ns.host);
+
+        // mock a reply
+        const bool primary = ns.host.host() == "a";
+        refresher.receivedIsMaster(ns.host,
+                                   -1,
+                                   BSON("setName" << "name"
+                                        << "ismaster" << primary
+                                        << "secondary" << !primary
+                                        << "electionId" << (primary ?
+                                                            primaryElectionId : OID::gen())
+                                        << "hosts" << BSON_ARRAY("a" << "b" << "c")
+                                        << "ok" << true));
+    }
+
+    // check that the SetState's maxElectionId == primary's electionId
+    ASSERT_EQUALS(state->maxElectionId, primaryElectionId);
+
+    // Now all hosts have returned data
+    NextStep ns = refresher.getNextStep();
+    ASSERT_EQUALS(ns.step, NextStep::DONE);
+    ASSERT(ns.host.empty());
+}
+
+// Stale Primary with obsolete electionId
+TEST(ReplicaSetMonitorTests, StalePrimaryWithObsoleteElectionId) {
+    SetStatePtr state = boost::make_shared<SetState>("name", basicSeedsSet);
+    Refresher refresher(state);
+
+    const OID firstElectionId = OID::gen();
+    const OID secondElectionId = OID::gen();
+
+    set<HostAndPort> seen;
+
+    // contact first host claiming to be primary with greater electionId
+    {
+        NextStep ns = refresher.getNextStep();
+        ASSERT_EQUALS(ns.step, NextStep::CONTACT_HOST);
+        ASSERT(basicSeedsSet.count(ns.host));
+        ASSERT(!seen.count(ns.host));
+        seen.insert(ns.host);
+
+        refresher.receivedIsMaster(ns.host,
+                                   -1,
+                                   BSON("setName" << "name"
+                                        << "ismaster" << true
+                                        << "secondary" << false
+                                        << "electionId" << secondElectionId
+                                        << "hosts" << BSON_ARRAY("a" << "b" << "c")
+                                        << "ok" << true));
+
+        Node* node = state->findNode(ns.host);
+        ASSERT(node);
+        ASSERT_TRUE(node->isMaster);
+        ASSERT_EQUALS(state->maxElectionId, secondElectionId);
+    }
+
+    // contact second host claiming to be primary with smaller electionId
+    {
+        NextStep ns = refresher.getNextStep();
+        ASSERT_EQUALS(ns.step, NextStep::CONTACT_HOST);
+        ASSERT(basicSeedsSet.count(ns.host));
+        ASSERT(!seen.count(ns.host));
+        seen.insert(ns.host);
+
+        refresher.receivedIsMaster(ns.host,
+                                   -1,
+                                   BSON("setName" << "name"
+                                        << "ismaster" << true
+                                        << "secondary" << false
+                                        << "electionId" << firstElectionId
+                                        << "hosts" << BSON_ARRAY("a" << "b" << "c")
+                                        << "ok" << true));
+
+        Node* node = state->findNode(ns.host);
+        ASSERT(node);
+        // The SetState shouldn't see this host as master
+        ASSERT_FALSE(node->isMaster);
+        // the max electionId should remain the same
+        ASSERT_EQUALS(state->maxElectionId, secondElectionId);
+    }
+
+    // third host is a secondary
+    {
+        NextStep ns = refresher.getNextStep();
+        ASSERT_EQUALS(ns.step, NextStep::CONTACT_HOST);
+        ASSERT(basicSeedsSet.count(ns.host));
+        ASSERT(!seen.count(ns.host));
+        seen.insert(ns.host);
+
+        refresher.receivedIsMaster(ns.host,
+                                   -1,
+                                   BSON("setName" << "name"
+                                        << "ismaster" << false
+                                        << "secondary" << true
+                                        << "hosts" << BSON_ARRAY("a" << "b" << "c")
+                                        << "ok" << true));
+
+        Node* node = state->findNode(ns.host);
+        ASSERT(node);
+        ASSERT_FALSE(node->isMaster);
+        // the max electionId should remain the same
+        ASSERT_EQUALS(state->maxElectionId, secondElectionId);
+    }
+
+    // Now all hosts have returned data
+    NextStep ns = refresher.getNextStep();
+    ASSERT_EQUALS(ns.step, NextStep::DONE);
+    ASSERT(ns.host.empty());
+}
diff --git a/src/mongo/util/net/message_port.cpp b/src/mongo/util/net/message_port.cpp
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
diff --git a/src/mongo/util/version.cpp b/src/mongo/util/version.cpp

Original file line number	Diff line number	Diff line change
`@@ -325,6 +325,10 @@ namespace mongo {`
`325`	`325`	`}`
`326`	`326`
`327`	`327`	`DBClientCursor::~DBClientCursor() {`
	`328`	`+ kill();`
	`329`	`+ }`
	`330`	`+`
	`331`	`+ void DBClientCursor::kill() {`
`328`	`332`	`DESTRUCTOR_GUARD (`
`329`	`333`
`330`	`334`	`if ( cursorId && _ownCursor && ! inShutdown() ) {`
`@@ -359,6 +363,9 @@ namespace mongo {`
`359`	`363`	`}`
`360`	`364`
`361`	`365`	`);`
	`366`	`+`
	`367`	`+ // Mark this cursor as dead since we can't do any getMores.`
	`368`	`+ cursorId = 0;`
`362`	`369`	`}`
`363`	`370`
`364`	`371`