| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This is a minor consistency issue. Currently when a view compaction
starts it doesn't include the `total_changes` and `changes_done` fields
until the first task status update. This is easy to miss as every other
task type includes those fields from the initial task definition.
The obvious trivial fix is both obvious and trivial.
|
| | |
|
| |
|
|
|
|
| |
This fixes a memory bug:
https://github.com/apache/couchdb-snappy/commit/2038ad13b1d6926468f25adea110028e3c0b4b0c
|
| |\
| |
| | |
Fix ets_lru configuration in chttpd application
|
| |/
|
|
|
| |
The code was incorect in a sense that it was using is_integer guard,
while `config:get` cannot return integer.
|
| |
|
|
|
|
| |
Previously returning null from mango native proc lead to case clause error in
couch_query_servers. Instead return a proper shape but with null results for
each reduction.
|
| |
|
|
|
|
| |
Previously it was too easy to crash the whole node when any of couch_log's
children restarted. To improve resiliency, let couch_log application restart
a few more times before taking down the whole node with it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gen_server, gen_fsm and gen_statem might send extra args when terminating. This
is a recent behavior and not handling these extra args could lead to couch_log
application crashing and taking down the whole VM with it.
There are two improvements to fix the issue:
1) Handle the extra args. Format them and log as they might have useful
information included.
2) Wrap the whole `format` function in a `try ... catch` statement. This will
avoid any other cases where the logger itself if crashing when attepting to
format error events.
|
| |\
| |
| | |
Fix test failure on upgrade_v5_test
|
| |/
|
|
| |
COUCHDB-3326
|
| |\
| |
| | |
Upgrade disk version to 7/latest for databases generated prior to clustered purge builds
|
| |/
|
|
|
|
|
|
| |
- for databases generated before this code base, the disk
version needs to be upgraded to 7 or higher so that it
can match the db_header with purge_tree and purge_seq_tree
COUCHDB-3326
|
| |\
| |
| | |
Test correct condition for exceed_limit error
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were testing if Pos + TotalBytes exceeded the pread
limit. This is the wrong logic entirely. We are trying to prevent an
attempted call to file:pread/3 where the third parameter, the number
of bytes to read, is a very large number (due to a corruption
elsewhere, say). Instead we throw exceed_limit as soon as a file gets
above a certain size.
I switched this to an if statement to make it clear that the "read
past EOF" and "try to read too many bytes" checks are quite distinct
from each other.
|
| |\
| |
| | |
Add document_purges counter for stats
|
| |/
|
|
| |
COUCHDB-3326
|
| |\
| |
| | |
Restrict access to `_active_tasks` to server admin
|
| |/ |
|
| |\
| |
| | |
Pass user_ctx in _bulk_get
|
| |/
|
|
| |
This fixes _bulk_get for _users db and probably others I don't know
|
| |\
| |
| | |
Validate database prefix against DBNAME_REGEX for system dbs
|
| |/
|
|
|
|
|
|
|
| |
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.
This fixes #1644
|
| |
|
|
| |
Fixes #1396
|
| |
|
|
|
|
|
|
|
| |
This can now return references that are from NIFs monitoring the
process. This is important for the new file IO NIFs that monitor the
controlling process. For now we'll just take the easy way out by
filtering the references from our returned monitor lists.
Fixes #1396
|
| |
|
|
| |
Fixes #1396
|
| |
|
|
|
|
|
|
|
|
| |
This is a temporary bandaid to allow us to continue using parameterized
modules with Erlang 21. We'll have to go back and modify every one of
these files to avoid that as well as figuring out how to upgrade
mochiweb to something that doesn't use parameterized modules by the time
they are fully removed from Erlang.
Fixes #1396
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously a user could insert a VDU function into one of the _replicator
databases such that it prevents the replicator application from updating
documents in that db. Replicator application would then crash and prevent
replications from running on the whole cluster.
To avoid crashing the replicator when saving documents, log the error
and return `{ok, forbidden}`. The return might seem odd but we are
asserting that forbidden is an OK value in this context and explicitly
handling it. This shape of the return also conforms to the expected
`{ok, _Rev}` result, noticing that `_Rev` is never actually used.
|
| | |
|
| |
|
|
| |
Fixes #1612
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures they will be ready to process requests as soon as the application
starts up. This should make the service available sooner and should help tests
which setup and tear down the services repeatedly, where it would avoid an
annoying retry-until-ready loop.
Per-node servers/buffers are started in the init method of the monitors. There
is not chance of deadlock there because per-node supervisors are started before
the monitors.
Issue #1625
|
| |
|
|
|
|
|
| |
This has been solid for years and when not enabled can be a performance
bottleneck.
Fixes #1625
|
| |
|
|
|
|
|
|
|
|
| |
This used to be the case before the scheduling replicator:
https://github.com/apache/couchdb-couch-replicator/blob/master/src/couch_replicator.erl#L166
This is also how replications backed by a document in a _replicator db behave:
https://github.com/apache/couchdb/blob/master/src/couch_replicator/src/couch_replicator_doc_processor.erl#L283
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously when an owner process crashed before it had a chance to release the
worker to the pool, the worker entry was simply deleted. In some cases that
was ok because ibrowse's inactivity timeout would kick in and connection would
stop itself. In other cases, as observed in practice with _changes feed
connection over TLS protocol, inactivity timeout would never fire, so these
deleted connections would slowly accumulate leaking memory and filling the
process table. TLS connection would keep an associated session
open as well making things even worse.
To prevent the connection leak, explicitly unlink and kill the worker.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent Linux distributions start defaulting to Python 3, and require
ambiguous scripts to be more explicit.
For example building for Fedora 30 (not released yet) fails with:
ERROR: ambiguous python shebang in /opt/couchdb/bin/couchup:
#!/usr/bin/env python. Change it to python3 (or python2) explicitly.
So this commit changes the four Python scripts to use `python2`.
Note: They seem to be Python-3-compatible, but I couldn't be sure. If
you know they are, please tell me, I'll change it to `python3`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Mango match doc on co-ordinating node
This fixes an issue when doing a rolling upgrade of a CouchDB cluster
and adding commit a6bc72e the nodes that were not upgraded yet would
send through all the docs in the index and those would be passed through
to the user because the co-oridnator would assume it was matched at the
node level. This adds in a check to see if it has been matched at the
node level or not. And then performs a match if required.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previosly local node revisions were causing `badmatch` failures in read repair
filter. Node sequences already filtered out local nodes while NodeRevs didn't, so
during matching `{Node, NodeSeq} = lists:keyfind(Node, 1, NodeSeqs)` Node would
not be found in the list and crash.
Example of crash:
```
fabric_rpc:update_docs/3 error:{badmatch,false}
[{fabric_rpc,'-read_repair_filter/3-fun-1-',4,[{file,"src/fabric_rpc.erl"},{line,360}]},
```
|
| |\
| |
| | |
Implement couch_file:format_status to log filepath
|
| |/ |
|
| |\
| |
| | |
Couch server improvements
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The couchdb.update_lru_on_read setting controls whether couch_server
uses read requests as LRU update triggers. Unfortunately, the messages
for update_lru on reads are sent regardless of whether this is enabled
or disabled. While in principle this is harmless, and overloaded
couch_server pid can accumulate a considerable volume of these messages,
even when disabled. This patch prevents the caller from sending an
update_lru message when the setting is disabled.
|
| |/
|
|
|
|
|
|
| |
This adds the read_concurrency option to couch_server's ETS table for
couch_dbs which contains the references to open database handles. This
is an obvious improvement as all callers opening database pids interact
with this ETS table concurrently. Conversely, the couch_server pid is
the only writer, so no need for write_concurrency.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Off-heap messages is an Erlang 19 feature:
http://erlang.org/doc/man/erlang.html#process_flag_message_queue_data
It is adviseable to use that setting for processes which expect to receive a
lot of messages. CouchDB sets it for couch_server, couch_log_server and bunch
of others as well.
In some cases the off-heap behavior could alter the timing of message receives
and expose subtle bugs that have been lurking in the code for years. Or could
slightly reduce performance, so a safety measure allow disabling it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Its possible that a busy couch_server and a specific ordering and timing
of events can end up with an open_async message in the mailbox while a
new and unrelated open_async process is spawned. This change just ensure
that if we encounter any old messages in the mailbox that we ignore
them.
The underlying issue here is that a delete request clears out the state
in our couch_dbs ets table while not clearing out state in the message
queue. In some fairly specific circumstances this leads to the message
on in the mailbox satisfying an ets entry for a newer open_async
process. This change just includes a match on the opener process.
Anything unmatched came before the current open_async request which
means it should be ignored.
|
| |
|
|
|
|
|
|
| |
A rather uncommon bug found in production. Will write more as this is
just for show and tell.
For now this test case just demonstrates the issue that was discovered.
A fix is still being pondered.
|
| |
|
|
|
|
|
| |
If couch_server terminates while there is an active open_async process
it will throw a function_clause exception because `couch_db:get_pid/1`
will fail due to the `#entry.db` member being undefined. Simple fix is
to just filter those out.
|
| |\
| |
| | |
Log error when changes forced to rewind to beginning
|
| |/ |
|
| |\
| |
| | |
Create shard files if missing
|
| |/
|
|
|
|
|
|
|
|
| |
If, when a database is created, it was not possible to create any of
the shard files, the database cannot be used. All requests return a
"No DB shards could be opened." error.
This commit changes fabric_util:get_db/2 to create the shard file if
missing. This is correct as that function has already called
mem3:shards(DbName) which only returns shards if the database exists.
|
| |
|
|
|
|
|
|
|
|
|
| |
We removed a security call in `do_db_req` to avoid
a duplicate authorization check and as a result
there are now no db validation in noop call
`/db/_ensure_full_commit`. This makes it always
return a success code, even for missing databases.
This fix places the security check back, directly
in _ensure_full_commit call and adds eunit tests
for a good measure.
|
