From ec73888f0986d7a835e719e9f6b926809e63a75d Mon Sep 17 00:00:00 2001
From: Joao Eduardo Luis <joao.luis@inktank.com>
Date: Sat, 21 Jun 2014 18:15:29 +0100
Subject: [PATCH] mon: Monitor: sanitize options at start

Make sure some options have sane values.

Fixes: #8605

Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
---
 src/mon/Monitor.cc | 37 ++++++++++++++++++++++++++++++++++---
 src/mon/Monitor.h  |  1 +
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 036c2f6712bb3..e256a8614eb2c 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -386,12 +386,45 @@ void Monitor::write_features(MonitorDBStore::Transaction &t)
   t.put(MONITOR_NAME, COMPAT_SET_LOC, bl);
 }
 
+int Monitor::sanitize_options()
+{
+  int r = 0;
+
+  // mon_lease must be greater than mon_lease_renewal; otherwise we
+  // may incur in leases expiring before they are renewed.
+  if (g_conf->mon_lease <= g_conf->mon_lease_renew_interval) {
+    derr << "'mon_lease' (val: " << g_conf->mon_lease << ") must be greater "
+         << "than 'mon_lease_renew_interval' (val: "
+         << g_conf->mon_lease_renew_interval << ")" << dendl;
+    r = -EINVAL;
+  }
+
+  // mon_lease_ack_timeout must be greater than mon_lease to make sure we've
+  // got time to renew the lease and get an ack for it. Having both options
+  // with the same value, for a given small vale, could mean timing out if
+  // the monitors happened to be overloaded -- or even under normal load for
+  // a small enough value.
+  if (g_conf->mon_lease_ack_timeout <= g_conf->mon_lease) {
+    derr << "'mon_lease_ack_timeout' (val: " << g_conf->mon_lease_ack_timeout
+         << ") must be greater than 'mon_lease' (val: "
+         << g_conf->mon_lease << ")" << dendl;
+    r = -EINVAL;
+  }
+  return r;
+}
+
 int Monitor::preinit()
 {
   lock.Lock();
 
   dout(1) << "preinit fsid " << monmap->fsid << dendl;
-  
+
+  int r = sanitize_options();
+  if (r < 0) {
+    derr << "option sanitization failed!" << dendl;
+    return r;
+  }
+
   assert(!logger);
   {
     PerfCountersBuilder pcb(g_ceph_context, "mon", l_mon_first, l_mon_last);
@@ -499,8 +532,6 @@ int Monitor::preinit()
   init_paxos();
   health_monitor->init();
 
-  int r;
-
   if (is_keyring_required()) {
     // we need to bootstrap authentication keys so we can form an
     // initial quorum.
diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h
index 2fb784229538e..723d78bddbbbe 100644
--- a/src/mon/Monitor.h
+++ b/src/mon/Monitor.h
@@ -771,6 +771,7 @@ public:
 
   static int check_features(MonitorDBStore *store);
 
+  int sanitize_options();
   int preinit();
   int init();
   void init_paxos();
-- 
2.39.5