MXS-2321 Prevent master being set to maintenance

When a cluster is monitored by the MariaDB monitor it is no longer
possible to set the master to maintenance or draining mode, but a
switchover must be performed first.

Currently all other monitors impose no restrictions (and at least
the Clustrix monitor never will).

Documentation/Release-Notes/MaxScale-2.5.0-Release-Notes.md

@@ -25,6 +25,12 @@ The default timeout values for user loading have been changed.
 * `auth_read_timeout` changed from 1 to 10 seconds
 * `auth_write_timeout` changed from 2 to 10 seconds
 
+### Setting a server to maintenance or draining mode
+
+In the case of a regular MariaDB cluster (monitored by the MariaDB monitor),
+it is no longer possible to set the the master server to maintenance or
+draining mode, but a switchover must be performed first.
+
 ## Dropped Features
 
 ### Configuration parameters

include/maxscale/monitor.hh

@@ -576,8 +576,20 @@ protected:
     /**< Number of monitor ticks ran. Derived classes should increment this whenever completing a tick. */
     std::atomic_long m_ticks {0};
 
-private:
+protected:
+    /**
+     * Can a server be disabled, that is, set to maintenance or draining mode.
+     *
+     * @param server      A server being monitored by this monitor.
+     * @param errmsg_out  If cannot be, on return explanation why.
+     *
+     * @return True, if the server can be disabled, false otherwise.
+     *
+     * @note The default implementation return true.
+     */
+    virtual bool can_be_disabled(const MonitorServer& server, std::string* errmsg_out) const;
 
+private:
     /**
      * Creates a new monitored server object. Called by monitor configuration code. If a monitor wants to
      * implements its own server-class, it must override this function.

server/core/monitor.cc

@@ -1715,6 +1715,11 @@ bool Monitor::set_disk_space_threshold(const string& dst_setting)
     return rv;
 }
 
+bool Monitor::can_be_disabled(const MonitorServer& server, std::string* errmsg_out) const
+{
+    return true;
+}
+
 bool Monitor::set_server_status(SERVER* srv, int bit, string* errmsg_out)
 {
     MonitorServer* msrv = get_monitored_server(srv);
@@ -1741,7 +1746,7 @@ bool Monitor::set_server_status(SERVER* srv, int bit, string* errmsg_out)
                 *errmsg_out = ERR_CANNOT_MODIFY;
             }
         }
-        else
+        else if (can_be_disabled(*msrv, errmsg_out))
         {
             /* Maintenance and being-drained are set/cleared using a special variable which the
              * monitor reads when starting the next update cycle. */

server/modules/monitor/mariadbmon/mariadbmon.cc

@@ -401,6 +401,21 @@ json_t* MariaDBMonitor::to_json() const
     return rval;
 }
 
+bool MariaDBMonitor::can_be_disabled(const mxs::MonitorServer& mserver, std::string* errmsg_out) const
+{
+    // If the server is the master, it cannot be disabled.
+    bool can_be = !status_is_master(mserver.server->status());
+
+    if (!can_be)
+    {
+        *errmsg_out =
+            "The server is master, so it cannot be set in maintenance or draining mode. "
+            "First perform a switchover and then retry the operation.";
+    }
+
+    return can_be;
+}
+
 void MariaDBMonitor::pre_loop()
 {
     // Read the journal and the last known master.

server/modules/monitor/mariadbmon/mariadbmon.hh

@@ -107,6 +107,8 @@ public:
     bool run_manual_reset_replication(SERVER* master_server, json_t** error_out);
 
 protected:
+    bool can_be_disabled(const mxs::MonitorServer& server, std::string* errmsg_out) const;
+
     void pre_loop() override;
     void tick() override;
     void process_state_changes() override;