SUNW.xfnts 故障监视器

在节点上启动资源后，RGM 不直接调用 PROBE 方法，而是调用 Monitor_start 方法来启动监视器。xfnts_monitor_start 方法用于启动在 PMF 控制下的故障监视器。xfnts_monitor_stop 方法用于停止故障监视器。

SUNW.xfnts 故障监视器可以执行以下操作：

• 通过使用为检查基于 TCP 的简单服务专门设计的实用程序（例如 xfs），定期监视 xfs 服务器守护进程的运行状况。

• 跟踪应用程序在时间窗口内遇到的问题（使用 Retry_count 和 Retry_interval 属性），并在应用程序完全失败时决定是重新启动还是故障转移数据服务。scds_fm_action() 和 scds_fm_sleep() 函数为此跟踪和决定机制提供了内置支持。

• 使用 scds_fm_action() 实现故障转移或重新启动决策。

• 更新资源状态，并使资源状态可用于管理工具和 GUI。

xfonts_probe 主循环

xfonts_probe 方法用于实现循环。实现循环前，xfonts_probe 将执行以下操作：

• 检索 xfnts 资源的网络地址资源，如下所示：

  /* Get the ip addresses available for this resource */
     if (scds_get_netaddr_list(scds_handle, &netaddr)) {
        scds_syslog(LOG_ERR,
            "No network address resource in resource group.");
        scds_close(&scds_handle);
        return (1);
     }
  
     /* Return an error if there are no network resources */
     if (netaddr == NULL || netaddr->num_netaddrs == 0) {
        scds_syslog(LOG_ERR,
            "No network address resource in resource group.");
        return (1);
     }

• 调用 scds_fm_sleep() 并将 Thorough_probe_interval 的值作为超时值传递。探测将根据探测之间的 Thorough_probe_interval 值进行休眠，如下所示：

  timeout = scds_get_ext_probe_timeout(scds_handle);
  
     for (;;) {
        /*
         * sleep for a duration of thorough_probe_interval between
         *  successive probes.
         */
        (void) scds_fm_sleep(scds_handle,
            scds_get_rs_thorough_probe_interval(scds_handle));

xfnts_probe 方法用于实现以下循环：

for (ip = 0; ip < netaddr->num_netaddrs; ip++) {
         /*
          * Grab the hostname and port on which the
          * health has to be monitored.
          */
         hostname = netaddr->netaddrs[ip].hostname;
         port = netaddr->netaddrs[ip].port_proto.port;
         /*
          * HA-XFS supports only one port and
          * hence obtain the port value from the
          * first entry in the array of ports.
          */
         ht1 = gethrtime(); /* Latch probe start time */
         scds_syslog(LOG_INFO, "Probing the service on port: %d.", port);

         probe_result =
         svc_probe(scds_handle, hostname, port, timeout);

         /*
          * Update service probe history,
          * take action if necessary.
          * Latch probe end time.
          */
         ht2 = gethrtime();

         /* Convert to milliseconds */
         dt = (ulong_t)((ht2 - ht1) / 1e6);

         /*
          * Compute failure history and take
          * action if needed
          */
         (void) scds_fm_action(scds_handle,
             probe_result, (long)dt);
      }   /* Each net resource */
   }    /* Keep probing forever */

svc_probe() 函数将实现探测程序逻辑。svc_probe() 的返回值被传递给 scds_fm_action()，后者用于确定是重新启动应用程序，是将资源组故障转移，还是不进行任何操作。

svc_probe() 函数

svc_probe() 函数通过调用 scds_fm_tcp_connect() 建立与指定端口的简单套接字连接。如果连接失败，svc_probe() 将返回一个值 100，该值表示完全失败。如果连接成功，但是断开连接失败，svc_probe() 将返回一个值 50，该值表示部分失败。如果连接和断开连接都成功，svc_probe() 将返回一个值 0，该值表示成功。

svc_probe() 的代码如下：

int svc_probe(scds_handle_t scds_handle,
char *hostname, int port, int timeout)
{
   int  rc;
   hrtime_t   t1, t2;
   int    sock;
   char   testcmd[2048];
   int    time_used, time_remaining;
   time_t      connect_timeout;


   /*
    * probe the data service by doing a socket connection to the port
    * specified in the port_list property to the host that is
    * serving the XFS data service. If the XFS service which is configured
    * to listen on the specified port, replies to the connection, then
    * the probe is successful. Else we will wait for a time period set
    * in probe_timeout property before concluding that the probe failed.
    */

   /*
    * Use the SVC_CONNECT_TIMEOUT_PCT percentage of timeout
    * to connect to the port
    */
   connect_timeout = (SVC_CONNECT_TIMEOUT_PCT * timeout)/100;
   t1 = (hrtime_t)(gethrtime()/1E9);

   /*
    * the probe makes a connection to the specified hostname and port.
    * The connection is timed for 95% of the actual probe_timeout.
    */
   rc = scds_fm_tcp_connect(scds_handle, &sock, hostname, port,
       connect_timeout);
   if (rc) {
      scds_syslog(LOG_ERR,
          "Failed to connect to port <%d> of resource <%s>.",
          port, scds_get_resource_name(scds_handle));
      /* this is a complete failure */
      return (SCDS_PROBE_COMPLETE_FAILURE);
   }

   t2 = (hrtime_t)(gethrtime()/1E9);

   /*
    * Compute the actual time it took to connect. This should be less than
    * or equal to connect_timeout, the time allocated to connect.
    * If the connect uses all the time that is allocated for it,
    * then the remaining value from the probe_timeout that is passed to
    * this function will be used as disconnect timeout. Otherwise, the
    * the remaining time from the connect call will also be added to
    * the disconnect timeout.
    *
    */

   time_used = (int)(t2 - t1);

   /*
    * Use the remaining time(timeout - time_took_to_connect) to disconnect
    */

   time_remaining = timeout - (int)time_used;

   /*
    * If all the time is used up, use a small hardcoded timeout
    * to still try to disconnect. This will avoid the fd leak.
    */
   if (time_remaining <= 0) {
      scds_syslog_debug(DBG_LEVEL_LOW,
          "svc_probe used entire timeout of "
          "%d seconds during connect operation and exceeded the "
          "timeout by %d seconds. Attempting disconnect with timeout"
          " %d ",
          connect_timeout,
          abs(time_used),
          SVC_DISCONNECT_TIMEOUT_SECONDS);

      time_remaining = SVC_DISCONNECT_TIMEOUT_SECONDS;
   }

   /*
    * Return partial failure in case of disconnection failure.
    * Reason: The connect call is successful, which means
    * the application is alive. A disconnection failure
    * could happen due to a hung application or heavy load.
    * If it is the later case, don't declare the application
    * as dead by returning complete failure. Instead, declare
    * it as partial failure. If this situation persists, the
    * disconnect call will fail again and the application will be
    * restarted.
    */
   rc = scds_fm_tcp_disconnect(scds_handle, sock, time_remaining);
   if (rc != SCHA_ERR_NOERR) {
      scds_syslog(LOG_ERR,
          "Failed to disconnect to port %d of resource %s.",
          port, scds_get_resource_name(scds_handle));
      /* this is a partial failure */
      return (SCDS_PROBE_COMPLETE_FAILURE/2);
   }

   t2 = (hrtime_t)(gethrtime()/1E9);
   time_used = (int)(t2 - t1);
   time_remaining = timeout - time_used;

   /*
    * If there is no time left, don't do the full test with
    * fsinfo. Return SCDS_PROBE_COMPLETE_FAILURE/2
    * instead. This will make sure that if this timeout
    * persists, server will be restarted.
    */
   if (time_remaining <= 0) {
      scds_syslog(LOG_ERR, "Probe timed out.");
      return (SCDS_PROBE_COMPLETE_FAILURE/2);
   }

   /*
    * The connection and disconnection to port is successful,
    * Run the fsinfo command to perform a full check of
    * server health.
    * Redirect stdout, otherwise the output from fsinfo
    * ends up on the console.
    */
   (void) sprintf(testcmd,
       "/usr/openwin/bin/fsinfo -server %s:%d > /dev/null",
       hostname, port);
   scds_syslog_debug(DBG_LEVEL_HIGH,
       "Checking the server status with %s.", testcmd);
   if (scds_timerun(scds_handle, testcmd, time_remaining,
      SIGKILL, &rc) != SCHA_ERR_NOERR || rc != 0) {

      scds_syslog(LOG_ERR,
         "Failed to check server status with command <%s>",
         testcmd);
      return (SCDS_PROBE_COMPLETE_FAILURE/2);
   }
   return (0);
}

完成时，svc_probe() 将返回一个值，来表示操作是成功 (0)、是部分失败 (50) 还是完全失败 (100)。xfnts_probe 方法将把此值传送到 scds_fm_action()。

确定故障监视器操作

xfnts_probe 方法将调用 scds_fm_action() 来确定要执行的操作。scds_fm_action() 的逻辑如下：

• 保留 Retry_interval 属性值内的累积失败历史记录。

• 如果累积失败次数达到 100 次（完全失败），则重新启动数据服务。如果超出 Retry_interval 的值，将重置该历史记录。

• 如果在 Retry_interval 指定的时间内，重新启动次数超出了 Retry_count 属性的值，则故障转移该数据服务。

例如，假定探测建立了与 xfs 服务器的连接，但断开连接时失败。这表明该服务器正在运行，但是可能处于挂起状态或恰好处于临时装入状态。断开连接失败将向 scds_fm_action() 发送部分失败 (50)。此值虽然小于用来重启该数据服务的阈值，但是它将保留在失败历史记录中。

如果在下次探测时断开服务器连接再次失败，值 50 将被添加到由 scds_fm_action() 维护的失败历史记录中。累积失败值现在为 100，因此 scds_fm_action() 将重新启动数据服务。