2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
1 |
# Copyright (C) 2006, 2007 Canonical Ltd
|
1887.1.1
by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines, |
2 |
#
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
3 |
# This program is free software; you can redistribute it and/or modify
|
4 |
# it under the terms of the GNU General Public License as published by
|
|
5 |
# the Free Software Foundation; either version 2 of the License, or
|
|
6 |
# (at your option) any later version.
|
|
1887.1.1
by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines, |
7 |
#
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
8 |
# This program is distributed in the hope that it will be useful,
|
9 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
10 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
11 |
# GNU General Public License for more details.
|
|
1887.1.1
by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines, |
12 |
#
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
13 |
# You should have received a copy of the GNU General Public License
|
14 |
# along with this program; if not, write to the Free Software
|
|
15 |
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
16 |
||
1553.5.31
by Martin Pool
LockDir doc corrections |
17 |
"""On-disk mutex protecting a resource
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
18 |
|
1553.5.33
by Martin Pool
LockDir review comment fixes |
19 |
bzr on-disk objects are locked by the existence of a directory with a
|
20 |
particular name within the control directory. We use this rather than OS
|
|
21 |
internal locks (such as flock etc) because they can be seen across all
|
|
22 |
transports, including http.
|
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
23 |
|
24 |
Objects can be read if there is only physical read access; therefore
|
|
25 |
readers can never be required to create a lock, though they will
|
|
26 |
check whether a writer is using the lock. Writers can't detect
|
|
27 |
whether anyone else is reading from the resource as they write.
|
|
28 |
This works because of ordering constraints that make sure readers
|
|
29 |
see a consistent view of existing data.
|
|
30 |
||
31 |
Waiting for a lock must be done by polling; this can be aborted after
|
|
32 |
a timeout.
|
|
33 |
||
34 |
Locks must always be explicitly released, typically from a try/finally
|
|
35 |
block -- they are not released from a finalizer or when Python
|
|
36 |
exits.
|
|
37 |
||
38 |
Locks may fail to be released if the process is abruptly terminated
|
|
39 |
(machine stop, SIGKILL) or if a remote transport becomes permanently
|
|
40 |
disconnected. There is therefore a method to break an existing lock.
|
|
41 |
This should rarely be used, and generally only with user approval.
|
|
42 |
Locks contain some information on when the lock was taken and by who
|
|
43 |
which may guide in deciding whether it can safely be broken. (This is
|
|
44 |
similar to the messages displayed by emacs and vim.) Note that if the
|
|
45 |
lock holder is still alive they will get no notification that the lock
|
|
46 |
has been broken and will continue their work -- so it is important to be
|
|
47 |
sure they are actually dead.
|
|
48 |
||
49 |
A lock is represented on disk by a directory of a particular name,
|
|
50 |
containing an information file. Taking a lock is done by renaming a
|
|
51 |
temporary directory into place. We use temporary directories because
|
|
52 |
for all known transports and filesystems we believe that exactly one
|
|
53 |
attempt to claim the lock will succeed and the others will fail. (Files
|
|
54 |
won't do because some filesystems or transports only have
|
|
55 |
rename-and-overwrite, making it hard to tell who won.)
|
|
56 |
||
57 |
The desired characteristics are:
|
|
58 |
||
59 |
* Locks are not reentrant. (That is, a client that tries to take a
|
|
60 |
lock it already holds may deadlock or fail.)
|
|
61 |
* Stale locks can be guessed at by a heuristic
|
|
62 |
* Lost locks can be broken by any client
|
|
63 |
* Failed lock operations leave little or no mess
|
|
64 |
* Deadlocks are avoided by having a timeout always in use, clients
|
|
65 |
desiring indefinite waits can retry or set a silly big timeout.
|
|
66 |
||
67 |
Storage formats use the locks, and also need to consider concurrency
|
|
68 |
issues underneath the lock. A format may choose not to use a lock
|
|
69 |
at all for some operations.
|
|
70 |
||
71 |
LockDirs always operate over a Transport. The transport may be readonly, in
|
|
72 |
which case the lock can be queried but not acquired.
|
|
73 |
||
74 |
Locks are identified by a path name, relative to a base transport.
|
|
75 |
||
76 |
Calling code will typically want to make sure there is exactly one LockDir
|
|
77 |
object per actual lock on disk. This module does nothing to prevent aliasing
|
|
78 |
and deadlocks will likely occur if the locks are aliased.
|
|
79 |
||
80 |
In the future we may add a "freshen" method which can be called
|
|
81 |
by a lock holder to check that their lock has not been broken, and to
|
|
82 |
update the timestamp within it.
|
|
83 |
||
1553.5.18
by Martin Pool
LockDir should use Transport.rename when releasing locks too. |
84 |
Example usage:
|
85 |
||
86 |
>>> from bzrlib.transport.memory import MemoryTransport
|
|
87 |
>>> # typically will be obtained from a BzrDir, Branch, etc
|
|
88 |
>>> t = MemoryTransport()
|
|
89 |
>>> l = LockDir(t, 'sample-lock')
|
|
1553.5.61
by Martin Pool
Locks protecting LockableFiles must now be explicitly created before use. |
90 |
>>> l.create()
|
2555.3.11
by Martin Pool
fix up doctest example for token being returned from wait_lock |
91 |
>>> token = l.wait_lock()
|
1553.5.18
by Martin Pool
LockDir should use Transport.rename when releasing locks too. |
92 |
>>> # do something here
|
93 |
>>> l.unlock()
|
|
94 |
||
1553.5.12
by Martin Pool
New LockDir locking mechanism |
95 |
"""
|
96 |
||
2555.3.10
by Martin Pool
doc |
97 |
|
98 |
# TODO: We sometimes have the problem that our attempt to rename '1234' to
|
|
99 |
# 'held' fails because the transport server moves into an existing directory,
|
|
100 |
# rather than failing the rename. If we made the info file name the same as
|
|
101 |
# the locked directory name we would avoid this problem because moving into
|
|
102 |
# the held directory would implicitly clash. However this would not mesh with
|
|
103 |
# the existing locking code and needs a new format of the containing object.
|
|
104 |
# -- robertc, mbp 20070628
|
|
105 |
||
1553.5.12
by Martin Pool
New LockDir locking mechanism |
106 |
import os |
107 |
import time |
|
1957.1.1
by John Arbash Meinel
Report to the user when we are spinning on a lock |
108 |
from cStringIO import StringIO |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
109 |
|
2055.2.1
by John Arbash Meinel
Make LockDir less sensitive to invalid configuration of email |
110 |
from bzrlib import ( |
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
111 |
debug, |
2055.2.1
by John Arbash Meinel
Make LockDir less sensitive to invalid configuration of email |
112 |
errors, |
113 |
)
|
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
114 |
import bzrlib.config |
115 |
from bzrlib.errors import ( |
|
116 |
DirectoryNotEmpty, |
|
117 |
FileExists, |
|
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
118 |
LockBreakMismatch, |
1553.5.23
by Martin Pool
Start LockDir.confirm method and LockBroken exception |
119 |
LockBroken, |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
120 |
LockContention, |
121 |
LockNotHeld, |
|
122 |
NoSuchFile, |
|
1662.1.12
by Martin Pool
Translate unknown sftp errors to PathError, no NoSuchFile |
123 |
PathError, |
1558.10.1
by Aaron Bentley
Handle lockdirs over NFS properly |
124 |
ResourceBusy, |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
125 |
UnlockableTransport, |
126 |
)
|
|
1957.1.1
by John Arbash Meinel
Report to the user when we are spinning on a lock |
127 |
from bzrlib.trace import mutter, note |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
128 |
from bzrlib.transport import Transport |
1957.1.5
by John Arbash Meinel
Create a helper function for formatting lock information |
129 |
from bzrlib.osutils import rand_chars, format_delta |
1993.1.2
by John Arbash Meinel
Use Stanza.to_string() rather than a RioWriter |
130 |
from bzrlib.rio import read_stanza, Stanza |
2094.3.5
by John Arbash Meinel
Fix imports to ensure modules are loaded before they are used |
131 |
import bzrlib.ui |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
132 |
|
1957.1.15
by John Arbash Meinel
Review feedback from Robert |
133 |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
134 |
# XXX: At the moment there is no consideration of thread safety on LockDir
|
135 |
# objects. This should perhaps be updated - e.g. if two threads try to take a
|
|
136 |
# lock at the same time they should *both* get it. But then that's unlikely
|
|
137 |
# to be a good idea.
|
|
138 |
||
139 |
# TODO: Perhaps store some kind of note like the bzr command line in the lock
|
|
140 |
# info?
|
|
141 |
||
142 |
# TODO: Some kind of callback run while polling a lock to show progress
|
|
143 |
# indicators.
|
|
144 |
||
1553.5.59
by Martin Pool
Pass file/mode bits through to creation of lock files/dirs |
145 |
# TODO: Make sure to pass the right file and directory mode bits to all
|
146 |
# files/dirs created.
|
|
147 |
||
1957.1.15
by John Arbash Meinel
Review feedback from Robert |
148 |
|
149 |
_DEFAULT_TIMEOUT_SECONDS = 300 |
|
1957.1.9
by John Arbash Meinel
Change default timeouts, and report differently the first failure |
150 |
_DEFAULT_POLL_SECONDS = 1.0 |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
151 |
|
1957.1.15
by John Arbash Meinel
Review feedback from Robert |
152 |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
153 |
class LockDir(object): |
1553.5.33
by Martin Pool
LockDir review comment fixes |
154 |
"""Write-lock guarding access to data."""
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
155 |
|
1553.5.33
by Martin Pool
LockDir review comment fixes |
156 |
__INFO_NAME = '/info' |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
157 |
|
1553.5.59
by Martin Pool
Pass file/mode bits through to creation of lock files/dirs |
158 |
def __init__(self, transport, path, file_modebits=0644, dir_modebits=0755): |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
159 |
"""Create a new LockDir object.
|
160 |
||
161 |
The LockDir is initially unlocked - this just creates the object.
|
|
162 |
||
163 |
:param transport: Transport which will contain the lock
|
|
164 |
||
165 |
:param path: Path to the lock within the base directory of the
|
|
166 |
transport.
|
|
167 |
"""
|
|
168 |
assert isinstance(transport, Transport), \ |
|
169 |
("not a transport: %r" % transport) |
|
170 |
self.transport = transport |
|
171 |
self.path = path |
|
172 |
self._lock_held = False |
|
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
173 |
self._locked_via_token = False |
1553.5.54
by Martin Pool
Add LockDir.read_lock fake method |
174 |
self._fake_read_lock = False |
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
175 |
self._held_dir = path + '/held' |
176 |
self._held_info_path = self._held_dir + self.__INFO_NAME |
|
1553.5.59
by Martin Pool
Pass file/mode bits through to creation of lock files/dirs |
177 |
self._file_modebits = file_modebits |
178 |
self._dir_modebits = dir_modebits |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
179 |
|
1957.1.1
by John Arbash Meinel
Report to the user when we are spinning on a lock |
180 |
self._report_function = note |
181 |
||
1553.5.12
by Martin Pool
New LockDir locking mechanism |
182 |
def __repr__(self): |
183 |
return '%s(%s%s)' % (self.__class__.__name__, |
|
184 |
self.transport.base, |
|
185 |
self.path) |
|
186 |
||
1553.5.13
by Martin Pool
New Transport.rename that mustn't overwrite |
187 |
is_held = property(lambda self: self._lock_held) |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
188 |
|
1666.1.4
by Robert Collins
* 'Metadir' is now the default disk format. This improves behaviour in |
189 |
def create(self, mode=None): |
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
190 |
"""Create the on-disk lock.
|
191 |
||
192 |
This is typically only called when the object/directory containing the
|
|
193 |
directory is first created. The lock is not held when it's created.
|
|
194 |
"""
|
|
195 |
if self.transport.is_readonly(): |
|
196 |
raise UnlockableTransport(self.transport) |
|
2555.3.13
by Martin Pool
LockDir cleanups |
197 |
self._trace("create lock directory") |
1666.1.4
by Robert Collins
* 'Metadir' is now the default disk format. This improves behaviour in |
198 |
self.transport.mkdir(self.path, mode=mode) |
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
199 |
|
2555.3.20
by Martin Pool
rename _lock_core to _attempt_lock |
200 |
def _attempt_lock(self): |
2555.3.13
by Martin Pool
LockDir cleanups |
201 |
"""Make the pending directory and attempt to rename into place.
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
202 |
|
2555.3.13
by Martin Pool
LockDir cleanups |
203 |
If the rename succeeds, we read back the info file to check that we
|
204 |
really got the lock.
|
|
205 |
||
206 |
If we fail to acquire the lock, this method is responsible for
|
|
207 |
cleaning up the pending directory if possible. (But it doesn't do
|
|
208 |
that yet.)
|
|
209 |
||
210 |
:returns: The nonce of the lock, if it was successfully acquired.
|
|
211 |
||
212 |
:raises LockContention: If the lock is held by someone else. The exception
|
|
213 |
contains the info of the current holder of the lock.
|
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
214 |
"""
|
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
215 |
self._trace("lock_write...") |
216 |
start_time = time.time() |
|
217 |
tmpname = self._create_pending_dir() |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
218 |
try: |
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
219 |
self.transport.rename(tmpname, self._held_dir) |
1662.1.12
by Martin Pool
Translate unknown sftp errors to PathError, no NoSuchFile |
220 |
except (PathError, DirectoryNotEmpty, FileExists, ResourceBusy), e: |
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
221 |
self._trace("... contention, %s", e) |
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
222 |
self._remove_pending_dir(tmpname) |
223 |
raise LockContention(self) |
|
224 |
except Exception, e: |
|
225 |
self._trace("... lock failed, %s", e) |
|
226 |
self._remove_pending_dir(tmpname) |
|
227 |
raise
|
|
228 |
# We must check we really got the lock, because Launchpad's sftp
|
|
229 |
# server at one time had a bug were the rename would successfully
|
|
230 |
# move the new directory into the existing directory, which was
|
|
231 |
# incorrect. It's possible some other servers or filesystems will
|
|
232 |
# have a similar bug allowing someone to think they got the lock
|
|
233 |
# when it's already held.
|
|
234 |
info = self.peek() |
|
235 |
self._trace("after locking, info=%r", info) |
|
236 |
if info['nonce'] != self.nonce: |
|
237 |
self._trace("rename succeeded, " |
|
238 |
"but lock is still held by someone else") |
|
239 |
raise LockContention(self) |
|
240 |
self._lock_held = True |
|
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
241 |
self._trace("... lock succeeded after %dms", |
242 |
(time.time() - start_time) * 1000) |
|
2555.3.6
by Martin Pool
Restore disabled LockDir trace message |
243 |
return self.nonce |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
244 |
|
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
245 |
def _remove_pending_dir(self, tmpname): |
246 |
"""Remove the pending directory
|
|
247 |
||
248 |
This is called if we failed to rename into place, so that the pending
|
|
249 |
dirs don't clutter up the lockdir.
|
|
250 |
"""
|
|
251 |
self._trace("remove %s", tmpname) |
|
2555.3.18
by Martin Pool
Don't fail hard when removing pending lockdir |
252 |
try: |
253 |
self.transport.delete(tmpname + self.__INFO_NAME) |
|
254 |
self.transport.rmdir(tmpname) |
|
255 |
except PathError, e: |
|
256 |
note("error removing pending lock: %s", e) |
|
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
257 |
|
2555.3.13
by Martin Pool
LockDir cleanups |
258 |
def _create_pending_dir(self): |
259 |
tmpname = '%s/%s.tmp' % (self.path, rand_chars(10)) |
|
260 |
try: |
|
261 |
self.transport.mkdir(tmpname) |
|
262 |
except NoSuchFile: |
|
263 |
# This may raise a FileExists exception
|
|
264 |
# which is okay, it will be caught later and determined
|
|
265 |
# to be a LockContention.
|
|
266 |
self._trace("lock directory does not exist, creating it") |
|
267 |
self.create(mode=self._dir_modebits) |
|
268 |
# After creating the lock directory, try again
|
|
269 |
self.transport.mkdir(tmpname) |
|
270 |
self.nonce = rand_chars(20) |
|
271 |
info_bytes = self._prepare_info() |
|
272 |
# We use put_file_non_atomic because we just created a new unique
|
|
273 |
# directory so we don't have to worry about files existing there.
|
|
274 |
# We'll rename the whole directory into place to get atomic
|
|
275 |
# properties
|
|
276 |
self.transport.put_bytes_non_atomic(tmpname + self.__INFO_NAME, |
|
277 |
info_bytes) |
|
278 |
return tmpname |
|
279 |
||
1553.5.12
by Martin Pool
New LockDir locking mechanism |
280 |
def unlock(self): |
1553.5.30
by Martin Pool
docstring for LockDir.unlock |
281 |
"""Release a held lock
|
282 |
"""
|
|
1553.5.54
by Martin Pool
Add LockDir.read_lock fake method |
283 |
if self._fake_read_lock: |
284 |
self._fake_read_lock = False |
|
285 |
return
|
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
286 |
if not self._lock_held: |
287 |
raise LockNotHeld(self) |
|
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
288 |
if self._locked_via_token: |
289 |
self._locked_via_token = False |
|
290 |
self._lock_held = False |
|
291 |
else: |
|
292 |
# rename before deleting, because we can't atomically remove the
|
|
293 |
# whole tree
|
|
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
294 |
start_time = time.time() |
295 |
self._trace("unlocking") |
|
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
296 |
tmpname = '%s/releasing.%s.tmp' % (self.path, rand_chars(20)) |
297 |
# gotta own it to unlock
|
|
298 |
self.confirm() |
|
299 |
self.transport.rename(self._held_dir, tmpname) |
|
300 |
self._lock_held = False |
|
301 |
self.transport.delete(tmpname + self.__INFO_NAME) |
|
2555.3.14
by Martin Pool
Better handling in LockDir of rename that moves one directory within another |
302 |
try: |
303 |
self.transport.rmdir(tmpname) |
|
304 |
except DirectoryNotEmpty, e: |
|
305 |
# There might have been junk left over by a rename that moved
|
|
306 |
# another locker within the 'held' directory. do a slower
|
|
307 |
# deletion where we list the directory and remove everything
|
|
308 |
# within it.
|
|
309 |
#
|
|
310 |
# Maybe this should be broader to allow for ftp servers with
|
|
311 |
# non-specific error messages?
|
|
312 |
self._trace("doing recursive deletion of non-empty directory " |
|
313 |
"%s", tmpname) |
|
314 |
self.transport.delete_tree(tmpname) |
|
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
315 |
self._trace("... unlock succeeded after %dms", |
316 |
(time.time() - start_time) * 1000) |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
317 |
|
1687.1.5
by Robert Collins
Add break_lock utility function to LockDir. |
318 |
def break_lock(self): |
319 |
"""Break a lock not held by this instance of LockDir.
|
|
320 |
||
321 |
This is a UI centric function: it uses the bzrlib.ui.ui_factory to
|
|
322 |
prompt for input if a lock is detected and there is any doubt about
|
|
323 |
it possibly being still active.
|
|
324 |
"""
|
|
1687.1.6
by Robert Collins
Extend LockableFiles to support break_lock() calls. |
325 |
self._check_not_locked() |
1687.1.5
by Robert Collins
Add break_lock utility function to LockDir. |
326 |
holder_info = self.peek() |
327 |
if holder_info is not None: |
|
1957.1.5
by John Arbash Meinel
Create a helper function for formatting lock information |
328 |
lock_info = '\n'.join(self._format_lock_info(holder_info)) |
329 |
if bzrlib.ui.ui_factory.get_boolean("Break %s" % lock_info): |
|
1687.1.5
by Robert Collins
Add break_lock utility function to LockDir. |
330 |
self.force_break(holder_info) |
331 |
||
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
332 |
def force_break(self, dead_holder_info): |
1553.5.25
by Martin Pool
New LockDir.force_break and simple test case |
333 |
"""Release a lock held by another process.
|
334 |
||
335 |
WARNING: This should only be used when the other process is dead; if
|
|
336 |
it still thinks it has the lock there will be two concurrent writers.
|
|
337 |
In general the user's approval should be sought for lock breaks.
|
|
338 |
||
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
339 |
dead_holder_info must be the result of a previous LockDir.peek() call;
|
340 |
this is used to check that it's still held by the same process that
|
|
341 |
the user decided was dead. If this is not the current holder,
|
|
342 |
LockBreakMismatch is raised.
|
|
343 |
||
1553.5.25
by Martin Pool
New LockDir.force_break and simple test case |
344 |
After the lock is broken it will not be held by any process.
|
345 |
It is possible that another process may sneak in and take the
|
|
346 |
lock before the breaking process acquires it.
|
|
347 |
"""
|
|
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
348 |
if not isinstance(dead_holder_info, dict): |
349 |
raise ValueError("dead_holder_info: %r" % dead_holder_info) |
|
1687.1.6
by Robert Collins
Extend LockableFiles to support break_lock() calls. |
350 |
self._check_not_locked() |
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
351 |
current_info = self.peek() |
352 |
if current_info is None: |
|
1553.5.26
by Martin Pool
Breaking an already-released lock should just succeed |
353 |
# must have been recently released
|
354 |
return
|
|
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
355 |
if current_info != dead_holder_info: |
356 |
raise LockBreakMismatch(self, current_info, dead_holder_info) |
|
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
357 |
tmpname = '%s/broken.%s.tmp' % (self.path, rand_chars(20)) |
358 |
self.transport.rename(self._held_dir, tmpname) |
|
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
359 |
# check that we actually broke the right lock, not someone else;
|
360 |
# there's a small race window between checking it and doing the
|
|
361 |
# rename.
|
|
1553.5.33
by Martin Pool
LockDir review comment fixes |
362 |
broken_info_path = tmpname + self.__INFO_NAME |
363 |
broken_info = self._read_info_file(broken_info_path) |
|
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
364 |
if broken_info != dead_holder_info: |
365 |
raise LockBreakMismatch(self, broken_info, dead_holder_info) |
|
366 |
self.transport.delete(broken_info_path) |
|
1553.5.25
by Martin Pool
New LockDir.force_break and simple test case |
367 |
self.transport.rmdir(tmpname) |
368 |
||
1687.1.6
by Robert Collins
Extend LockableFiles to support break_lock() calls. |
369 |
def _check_not_locked(self): |
370 |
"""If the lock is held by this instance, raise an error."""
|
|
371 |
if self._lock_held: |
|
372 |
raise AssertionError("can't break own lock: %r" % self) |
|
373 |
||
1553.5.20
by Martin Pool
Start adding LockDir.confirm() method |
374 |
def confirm(self): |
375 |
"""Make sure that the lock is still held by this locker.
|
|
376 |
||
377 |
This should only fail if the lock was broken by user intervention,
|
|
378 |
or if the lock has been affected by a bug.
|
|
379 |
||
380 |
If the lock is not thought to be held, raises LockNotHeld. If
|
|
381 |
the lock is thought to be held but has been broken, raises
|
|
382 |
LockBroken.
|
|
383 |
"""
|
|
384 |
if not self._lock_held: |
|
385 |
raise LockNotHeld(self) |
|
1553.5.23
by Martin Pool
Start LockDir.confirm method and LockBroken exception |
386 |
info = self.peek() |
387 |
if info is None: |
|
388 |
# no lock there anymore!
|
|
389 |
raise LockBroken(self) |
|
390 |
if info.get('nonce') != self.nonce: |
|
391 |
# there is a lock, but not ours
|
|
392 |
raise LockBroken(self) |
|
1553.5.33
by Martin Pool
LockDir review comment fixes |
393 |
|
394 |
def _read_info_file(self, path): |
|
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
395 |
"""Read one given info file.
|
396 |
||
397 |
peek() reads the info file of the lock holder, if any.
|
|
398 |
"""
|
|
1553.5.33
by Martin Pool
LockDir review comment fixes |
399 |
return self._parse_info(self.transport.get(path)) |
1553.5.20
by Martin Pool
Start adding LockDir.confirm() method |
400 |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
401 |
def peek(self): |
402 |
"""Check if the lock is held by anyone.
|
|
403 |
|
|
404 |
If it is held, this returns the lock info structure as a rio Stanza,
|
|
405 |
which contains some information about the current lock holder.
|
|
406 |
Otherwise returns None.
|
|
407 |
"""
|
|
408 |
try: |
|
1553.5.58
by Martin Pool
Change LockDirs to format "lock-name/held/info" |
409 |
info = self._read_info_file(self._held_info_path) |
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
410 |
self._trace("peek -> held") |
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
411 |
assert isinstance(info, dict), \ |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
412 |
"bad parse result %r" % info |
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
413 |
return info |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
414 |
except NoSuchFile, e: |
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
415 |
self._trace("peek -> not held") |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
416 |
|
1993.1.2
by John Arbash Meinel
Use Stanza.to_string() rather than a RioWriter |
417 |
def _prepare_info(self): |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
418 |
"""Write information about a pending lock to a temporary file.
|
419 |
"""
|
|
420 |
import socket |
|
421 |
# XXX: is creating this here inefficient?
|
|
422 |
config = bzrlib.config.GlobalConfig() |
|
2055.2.1
by John Arbash Meinel
Make LockDir less sensitive to invalid configuration of email |
423 |
try: |
424 |
user = config.user_email() |
|
2055.2.2
by John Arbash Meinel
Switch extract_email_address() to use a more specific exception |
425 |
except errors.NoEmailInUsername: |
2055.2.1
by John Arbash Meinel
Make LockDir less sensitive to invalid configuration of email |
426 |
user = config.username() |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
427 |
s = Stanza(hostname=socket.gethostname(), |
428 |
pid=str(os.getpid()), |
|
429 |
start_time=str(int(time.time())), |
|
430 |
nonce=self.nonce, |
|
2055.2.1
by John Arbash Meinel
Make LockDir less sensitive to invalid configuration of email |
431 |
user=user, |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
432 |
)
|
1993.1.2
by John Arbash Meinel
Use Stanza.to_string() rather than a RioWriter |
433 |
return s.to_string() |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
434 |
|
435 |
def _parse_info(self, info_file): |
|
1553.5.27
by Martin Pool
Confirm that only the intended holder of a lock was broken. |
436 |
return read_stanza(info_file.readlines()).as_dict() |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
437 |
|
2555.3.13
by Martin Pool
LockDir cleanups |
438 |
def attempt_lock(self): |
439 |
"""Take the lock; fail if it's already held.
|
|
440 |
|
|
441 |
If you wish to block until the lock can be obtained, call wait_lock()
|
|
442 |
instead.
|
|
443 |
||
444 |
:return: The lock token.
|
|
445 |
:raises LockContention: if the lock is held by someone else.
|
|
446 |
"""
|
|
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
447 |
if self._fake_read_lock: |
448 |
raise LockContention(self) |
|
449 |
if self.transport.is_readonly(): |
|
450 |
raise UnlockableTransport(self.transport) |
|
2555.3.20
by Martin Pool
rename _lock_core to _attempt_lock |
451 |
return self._attempt_lock() |
2555.3.13
by Martin Pool
LockDir cleanups |
452 |
|
453 |
def wait_lock(self, timeout=None, poll=None, max_attempts=None): |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
454 |
"""Wait a certain period for a lock.
|
455 |
||
456 |
If the lock can be acquired within the bounded time, it
|
|
457 |
is taken and this returns. Otherwise, LockContention
|
|
458 |
is raised. Either way, this function should return within
|
|
459 |
approximately `timeout` seconds. (It may be a bit more if
|
|
460 |
a transport operation takes a long time to complete.)
|
|
2555.3.5
by Martin Pool
Return token directly from LockDir.acquire to avoid unnecessary peek() |
461 |
|
2555.3.13
by Martin Pool
LockDir cleanups |
462 |
:param timeout: Approximate maximum amount of time to wait for the
|
463 |
lock, in seconds.
|
|
464 |
|
|
465 |
:param poll: Delay in seconds between retrying the lock.
|
|
466 |
||
467 |
:param max_attempts: Maximum number of times to try to lock.
|
|
468 |
||
2555.3.5
by Martin Pool
Return token directly from LockDir.acquire to avoid unnecessary peek() |
469 |
:return: The lock token.
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
470 |
"""
|
1957.1.17
by John Arbash Meinel
Change tests that expect locking to fail to timeout sooner. |
471 |
if timeout is None: |
472 |
timeout = _DEFAULT_TIMEOUT_SECONDS |
|
473 |
if poll is None: |
|
474 |
poll = _DEFAULT_POLL_SECONDS |
|
2555.3.13
by Martin Pool
LockDir cleanups |
475 |
# XXX: the transport interface doesn't let us guard against operations
|
476 |
# there taking a long time, so the total elapsed time or poll interval
|
|
477 |
# may be more than was requested.
|
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
478 |
deadline = time.time() + timeout |
1957.1.13
by John Arbash Meinel
Change to reporting the time when we will stop trying to grab the lock |
479 |
deadline_str = None |
1957.1.7
by John Arbash Meinel
Add the ability to report if the lock changes from underneath you |
480 |
last_info = None |
2555.3.13
by Martin Pool
LockDir cleanups |
481 |
attempt_count = 0 |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
482 |
while True: |
2555.3.13
by Martin Pool
LockDir cleanups |
483 |
attempt_count += 1 |
1553.5.12
by Martin Pool
New LockDir locking mechanism |
484 |
try: |
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
485 |
return self.attempt_lock() |
486 |
except LockContention: |
|
487 |
# possibly report the blockage, then try again
|
|
488 |
pass
|
|
489 |
# TODO: In a few cases, we find out that there's contention by
|
|
490 |
# reading the held info and observing that it's not ours. In
|
|
491 |
# those cases it's a bit redundant to read it again. However,
|
|
492 |
# the normal case (??) is that the rename fails and so we
|
|
493 |
# don't know who holds the lock. For simplicity we peek
|
|
494 |
# always.
|
|
495 |
new_info = self.peek() |
|
496 |
if new_info is not None and new_info != last_info: |
|
497 |
if last_info is None: |
|
498 |
start = 'Unable to obtain' |
|
1957.1.9
by John Arbash Meinel
Change default timeouts, and report differently the first failure |
499 |
else: |
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
500 |
start = 'Lock owner changed for' |
501 |
last_info = new_info |
|
502 |
formatted_info = self._format_lock_info(new_info) |
|
503 |
if deadline_str is None: |
|
504 |
deadline_str = time.strftime('%H:%M:%S', |
|
505 |
time.localtime(deadline)) |
|
506 |
self._report_function('%s %s\n' |
|
507 |
'%s\n' # held by |
|
508 |
'%s\n' # locked ... ago |
|
509 |
'Will continue to try until %s\n', |
|
510 |
start, |
|
511 |
formatted_info[0], |
|
512 |
formatted_info[1], |
|
513 |
formatted_info[2], |
|
514 |
deadline_str) |
|
515 |
||
516 |
if (max_attempts is not None) and (attempt_count >= max_attempts): |
|
517 |
self._trace("exceeded %d attempts") |
|
518 |
raise LockContention(self) |
|
519 |
if time.time() + poll < deadline: |
|
520 |
self._trace("waiting %ss", poll) |
|
521 |
time.sleep(poll) |
|
522 |
else: |
|
523 |
self._trace("timeout after waiting %ss", timeout) |
|
524 |
raise LockContention(self) |
|
2018.5.75
by Andrew Bennetts
Add Repository.{dont_,}leave_lock_in_place. |
525 |
|
526 |
def leave_in_place(self): |
|
527 |
self._locked_via_token = True |
|
528 |
||
529 |
def dont_leave_in_place(self): |
|
530 |
self._locked_via_token = False |
|
1553.5.12
by Martin Pool
New LockDir locking mechanism |
531 |
|
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
532 |
def lock_write(self, token=None): |
533 |
"""Wait for and acquire the lock.
|
|
534 |
|
|
535 |
:param token: if this is already locked, then lock_write will fail
|
|
536 |
unless the token matches the existing lock.
|
|
537 |
:returns: a token if this instance supports tokens, otherwise None.
|
|
538 |
:raises TokenLockingNotSupported: when a token is given but this
|
|
539 |
instance doesn't support using token locks.
|
|
2279.7.7
by Andrew Bennetts
LockDir, Repository and Branch lock token changes from the hpss branch. |
540 |
:raises MismatchedToken: if the specified token doesn't match the token
|
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
541 |
of the existing lock.
|
2018.5.145
by Andrew Bennetts
Add a brief explanation of what tokens are used for to lock_write docstrings. |
542 |
|
543 |
A token should be passed in if you know that you have locked the object
|
|
544 |
some other way, and need to synchronise this object's state with that
|
|
545 |
fact.
|
|
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
546 |
|
547 |
XXX: docstring duplicated from LockableFiles.lock_write.
|
|
548 |
"""
|
|
549 |
if token is not None: |
|
550 |
self.validate_token(token) |
|
2018.5.75
by Andrew Bennetts
Add Repository.{dont_,}leave_lock_in_place. |
551 |
self.nonce = token |
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
552 |
self._lock_held = True |
553 |
self._locked_via_token = True |
|
2018.5.78
by Andrew Bennetts
Implement RemoteRepository.lock_write/unlock to expect and send tokens over the |
554 |
return token |
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
555 |
else: |
2555.3.5
by Martin Pool
Return token directly from LockDir.acquire to avoid unnecessary peek() |
556 |
return self.wait_lock() |
1553.5.44
by Martin Pool
LockableFiles can now call LockDir directly |
557 |
|
558 |
def lock_read(self): |
|
1759.2.1
by Jelmer Vernooij
Fix some types (found using aspell). |
559 |
"""Compatibility-mode shared lock.
|
1553.5.44
by Martin Pool
LockableFiles can now call LockDir directly |
560 |
|
561 |
LockDir doesn't support shared read-only locks, so this
|
|
1553.5.54
by Martin Pool
Add LockDir.read_lock fake method |
562 |
just pretends that the lock is taken but really does nothing.
|
1553.5.44
by Martin Pool
LockableFiles can now call LockDir directly |
563 |
"""
|
564 |
# At the moment Branches are commonly locked for read, but
|
|
565 |
# we can't rely on that remotely. Once this is cleaned up,
|
|
566 |
# reenable this warning to prevent it coming back in
|
|
567 |
# -- mbp 20060303
|
|
568 |
## warn("LockDir.lock_read falls back to write lock")
|
|
1553.5.54
by Martin Pool
Add LockDir.read_lock fake method |
569 |
if self._lock_held or self._fake_read_lock: |
570 |
raise LockContention(self) |
|
571 |
self._fake_read_lock = True |
|
1553.5.44
by Martin Pool
LockableFiles can now call LockDir directly |
572 |
|
1957.1.5
by John Arbash Meinel
Create a helper function for formatting lock information |
573 |
def _format_lock_info(self, info): |
574 |
"""Turn the contents of peek() into something for the user"""
|
|
575 |
lock_url = self.transport.abspath(self.path) |
|
576 |
delta = time.time() - int(info['start_time']) |
|
577 |
return [ |
|
578 |
'lock %s' % (lock_url,), |
|
579 |
'held by %(user)s on host %(hostname)s [process #%(pid)s]' % info, |
|
580 |
'locked %s' % (format_delta(delta),), |
|
581 |
]
|
|
582 |
||
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
583 |
def validate_token(self, token): |
584 |
if token is not None: |
|
585 |
info = self.peek() |
|
586 |
if info is None: |
|
587 |
# Lock isn't held
|
|
588 |
lock_token = None |
|
589 |
else: |
|
590 |
lock_token = info.get('nonce') |
|
591 |
if token != lock_token: |
|
592 |
raise errors.TokenMismatch(token, lock_token) |
|
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
593 |
else: |
2555.3.16
by Martin Pool
Clean up patch to make divergence from mainline smaller. |
594 |
self._trace("revalidated by token %r", token) |
2279.7.1
by Andrew Bennetts
``LockableFiles.lock_write()`` now accepts a ``token`` keyword argument, so that |
595 |
|
2555.3.3
by Martin Pool
Simple lock tracing in LockDir |
596 |
def _trace(self, format, *args): |
597 |
if 'lock' not in debug.debug_flags: |
|
598 |
return
|
|
599 |
mutter(str(self) + ": " + (format % args)) |