Sun Cluster 3.0 Data Services Developers' Guide

Controlling the Data Service

A data service must provide a START or PRENET_START method to activate the application daemon on the cluster, and a STOP or PRENET_STOP method to stop the application daemon on the cluster. The sample data service implements a START and a STOP method. See "Deciding on the START and STOP Methods to Use" for information about when you might want to use PRENET_START and PRENET_STOP instead.

START Method

The RGM invokes the START method on a cluster node when the resource group containing the data service resource is brought online on that node or when the resource is enabled. In the sample application, the START method activates the in.named (DNS) daemon on that node.

This section describes the major pieces of the START method for the sample application. It does not describe functionality common to all methods, such as the parse_args function and obtaining the syslog facility, which are described in "Providing Common Functionality to All Methods".

For the complete listing of the START method, see "START Method Code Listing".

START Overview

Before attempting to launch DNS, the START method in the sample data service verifies the configuration directory and configuration file (named.conf) are accessible and available. Information in named.conf is essential to successful operation of DNS.

This method uses the process monitor facility (pmfadm) to start the DNS daemon (in.named). If DNS crashes or fails to start, the method attempts to start it a prescribed number of times during a specified interval. The number of retries and the interval are specified by properties in the data service's RTR file.

This START method is guaranteed to be idempotent. Although the RGM should not call a START method twice without first stopping the data service with a call to its STOP method, this START method exits with success even if DNS is already running.

Verifying the Configuration

In order to operate, DNS requires information from the named.conf file in the configuration directory. Therefore, the START method performs some sanity checks to verify that the directory and file are accessible before attempting to launch DNS.

The Confdir extension property provides the path to the configuration directory. The property itself is defined in the RTR file. However, the cluster administrator specifies the actual location when configuring the data service.

In the sample data service, the START method retrieves the location of the configuration directory using the scha_resource_get(1HA) command.

Note -

Because Confdir is an extension property, scha_resource_get returns both the type and value. The awk(1) command retrieves just the value and places it in a shell variable, CONFIG_DIR.

# find the value of Confdir set by the cluster administrator at the time of
# adding the resource.
config_info=`scha_resource_get -O Extension -R $RESOURCE_NAME \

# scha_resource_get returns the "type" as well as the "value" for the extension
# properties. Get only the value of the extension property 
CONFIG_DIR=`echo $config_info | awk '{print $2}'`

The START method then uses the value of CONFIG_DIR to verify that the directory is accessible. If it is not accessible, START logs an error message and exits with error status. See "START Exit Status".

# Check if $CONFIG_DIR is accessible.
if [ ! -d $CONFIG_DIR ]; then
	logger -p ${SYSLOG_FACILITY}.err \
			"${ARGV0} Directory $CONFIG_DIR is missing or not mounted"
	exit 1

Before starting the application daemon, this method performs a final check to verify that the named.conf file is present. If it is not present, START logs an error message and exits with error status.

# Change to the $CONFIG_DIR directory in case there are relative
# pathnames in the data files.

# Check that the named.conf file is present in the $CONFIG_DIR directory
if [ ! -s named.conf ]; then
	logger -p ${SYSLOG_FACILITY}.err \
			"${ARGV0} File $CONFIG_DIR/named.conf is missing or empty"
	exit 1

Starting the Application

This method uses the process manager facility (pmfadm) to launch the application. The pmfadm command allows you to set the number of times to restart the application during a specified time frame, if it crashes during startup. The RTR file contains two properties, Retry_count, which specifies the number of times to attempt restarting an application, and Retry_interval, which specifies the time period over which to do so.

The START method retrieves the values of Retry_count and Retry_interval using the scha_resource_get command and stores their values in shell variables. It then passes these values to pmfadm using the -n and -t options.

# Get the value for retry count from the RTR file.
RETRY_CNT=`scha_resource_get -O Retry_Count -R $RESOURCE_NAME \
# Get the value for retry interval from the RTR file. This value is in seconds
# and must be converted to minutes for passing to pmfadm. Note that the 
# conversion rounds up; for example, 50 seconds rounds up to 1 minute.
((RETRY_INTRVAL=`scha_resource_get -O Retry_Interval -R $RESOURCE_NAME \

# Start the in.named daemon under the control of PMF. Let it crash and restart 
# up to $RETRY_COUNT times in a period of RETRY_INTERVAL; if it crashes
# more often than that, PMF will cease trying to restart it.
# If there is a process already registered under the tag
# <$RESOURCE_NAME.named>, then, PMF sends out an alert message that the
# process is already running.
pmfadm -c $RESOURCE_NAME.named -n $RETRY_CNT -t $RETRY_INTRVAL \
    /usr/sbin/in.named -c named.conf

# Log a message indicating that HA-DNS has been started.
if [ $? -eq 0 ]; then
	logger -p ${SYSLOG_FACILITY}.err \
			"${ARGV0} HA-DNS successfully started"
exit 0

START Exit Status

A START method should not exit with success until the underlying application is actually running and available, particularly if other data services are dependent on it. One way to verify success is to probe the application to verify it is running before exiting the START method. For a complex application, such as a database, be certain to set the value for the Start_timeout property in the RTR file sufficiently high to allow time for the application to initialize and perform crash recovery.

Note -

Because the application resource, DNS, in the sample data service launches quickly, the sample data service does not poll to verify it is running before exiting with success.

If this method fails to start DNS and exits with failure status, the RGM checks the Failover_mode property, which determines how to react. The sample data service does not explicitly set the Failover_mode property, so this property has the default value NONE (unless the cluster administrator has overridden the default and specified a different value). In this case, the RGM takes no action other than to set the state of the data service. User intervention is required to restart on the same node or fail over to a different node.

STOP Method

The STOP method is invoked on a cluster node when the resource group containing the HA-DNS resource is brought offline on that node or the resource is disabled. This method stops the in.named (DNS) daemon on that node.

This section describes the major pieces of the STOP method for the sample application. It does not describe functionality common to all methods, such as the parse_args function and obtaining the syslog facility, which are described in "Providing Common Functionality to All Methods".

For the complete listing of the STOP method, see "STOP Method Code Listing".

STOP Overview

There are two primary considerations when attempting to stop the data service. The first is to provide an orderly shutdown. Sending a SIGTERM signal through pmfadm is the best way to accomplish this.

The second consideration is to ensure that the data service is actually stopped to avoid putting it in Stop_failed state. The best way to accomplish this is to send a SIGKILL signal through pmfadm.

The STOP method in the sample data service takes both these considerations into account. It first sends a SIGTERM signal. If this signal fails to stop the data service, the method sends a SIGKILL signal.

Before attempting to stop DNS, this STOP method verifies that the process is actually running. If the process is running, STOP uses the process monitor facility (pmfadm) to stop it.

This STOP method is guaranteed to be idempotent. Although the RGM should not call a STOP method twice without first starting the data service with a call to its START method, the RGM could call a STOP method on a resource even though the resource was never started or it died of its own accord. Therefore, this STOP method exits with success even if DNS is not running.

Stopping the Application

The STOP method provides a two-tiered approach to stopping the data service: an orderly or smooth approach using a SIGTERM signal through pmfadm and an abrupt or hard approach using a SIGKILL signal. The STOP method obtains the Stop_timeout value (the amount of time in which the STOP method must return). STOP then allocates 80% of this time to stopping smoothly and 15% to stopping abruptly (5% is reserved), as shown in the following sample.




The STOP method uses pmfadm -q to verify that the DNS daemon is running. If it is, STOP first uses pmfadm -s to send a TERM signal to terminate the DNS process. If this signal fails to terminate the process after 80% of the timeout value has expired STOP sends a SIGKILL signal. If this signal also fails to terminate the process within 15% of the timeout value, the method logs an error message and exits with error status.

If pmfadm terminates the process, the method logs a message that the process has stopped and exits with success.

If the DNS process is not running, the method logs a message that it is not running and exits with success anyway. The following code sample shows how STOP uses pmfadm to stop the DNS process.

# See if in.named is running, and if so, kill it. 
if pmfadm -q $RESOURCE_NAME.named; then 
	# Send a SIGTERM signal to the data service and wait for 80% of
	# total timeout value.
	if [ $? -ne 0 ]; then 
		logger -p ${SYSLOG_FACILITY}.err \
		    "${ARGV0} Failed to stop HA-DNS with SIGTERM; Retry
with \
		# Since the data service did not stop with a SIGTERM signal, use 
		# SIGKILL now and wait for another 15% of the total timeout value.
		pmfadm -s $RESOURCE_NAME.named -w $HARD_TIMEOUT KILL
		if [ $? -ne 0 ]; then
		    logger -p ${SYSLOG_FACILITY}.err \
		    "${ARGV0} Failed to stop HA-DNS; Exiting UNSUCCESFUL"
		    exit 1
	# The data service is not running as of now. Log a message and 
	# exit success.
	logger -p ${SYSLOG_FACILITY}.err \
    	    "HA-DNS is not started"

	# Even if HA-DNS is not running, exit success to avoid putting
	# the data service resource in STOP_FAILED State.

	exit 0


# Could successfully stop DNS. Log a message and exit success.
logger -p ${SYSLOG_FACILITY}.err \
    "HA-DNS successfully stopped"
exit 0

STOP Exit Status

A STOP method should not exit with success until the underlying application is actually stopped, particularly if other data services have dependencies on it. Failure to do so can result in data corruption.

For a complex application, such as a database, be certain to set the value for the Stop_timeout property in the RTR file sufficiently high to allow time for the application to clean up while stopping.

If this method fails to stop DNS and exits with failure status, the RGM checks the Failover_mode property, which determines how to react. The sample data service does not explicitly set the Failover_mode property, so it has the default value NONE (unless the cluster administrator has overridden the default and specified a different value). In this case, the RGM takes no action other than to set the state of the data service to Stop_failed. User intervention is required to stop the application forcibly and clear the Stop_failed state.