From: Erkki Seppala <flux-btrfs@inside.org>
To: linux-btrfs@vger.kernel.org
Subject: Re: RAID1 storage server won't boot with one disk missing
Date: Mon, 21 Sep 2015 23:00:36 +0300 [thread overview]
Message-ID: <m49mvwfczkr.fsf@coffee.modeemi.fi> (raw)
In-Reply-To: 55FAF198.2060106@libero.it
Goffredo Baroncelli <kreijack@libero.it> writes:
> Hi Anand,
>
>
> On 2015-09-17 17:18, Anand Jain wrote:
>> it looks like -o degraded is going to be a very obvious feature,
>> I have plans of making it a default feature, and provide -o
>> nodegraded feature instead. Thanks for comments if any.
>>
>> Thanks, Anand
>
> I am not sure if there is a "good" default for this kind of problem; there are several aspects:
>
> - remote machine:
> for a remote machine, I think that the root filesystem should be mounted anyway. For a secondary filesystem (home ?), may be that an user intervention could be better (but without home, how an user could log?).
However, if the basis for requiring user intervention is that going
forward automatically with the situation as-is would result in risk to
the data, how can the default of going forward during runtime, when one
of the disks drops out, be rationalized?
Most certainly the risk is already there when you no longer have parity
device for RAID1/RAID5, so wouldn't the prudent action be to remount the
device read-only immediately - instead of going on, which is what btrfs
now does, just waiting for another device to die.
Of course, I think few people would agree with that, as it would stop
the service (the parts requiring write access), when in fact the whole
point of RAID is to keep serving the clients when a device dies. So why
is the startup a special case?
I suppose the thinking is that the default forces the administrator to
consider setting up a monitoring system before adding 'nodegraded' to
the root mounting options, but in the outlined scenario there could
easily be data loss when the second device dies, and the user/admin
would be none the wiser until it's too late, even with the current
defaults.
--
_____________________________________________________________________
/ __// /__ ____ __ http://www.modeemi.fi/~flux/\ \
/ /_ / // // /\ \/ / \ /
/_/ /_/ \___/ /_/\_\@modeemi.fi \/
next prev parent reply other threads:[~2015-09-21 20:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-16 23:56 RAID1 storage server won't boot with one disk missing erpo41
2015-09-17 15:18 ` Anand Jain
2015-09-17 15:42 ` Chris Murphy
2015-09-17 17:00 ` Goffredo Baroncelli
2015-09-17 19:02 ` Roman Mamedov
2015-09-17 20:18 ` Chris Murphy
2015-09-18 13:29 ` Austin S Hemmelgarn
2015-09-21 20:00 ` Erkki Seppala [this message]
2015-09-18 1:36 ` Duncan
2015-09-18 3:02 ` Gareth Pye
2015-09-21 20:35 ` Erkki Seppala
2015-09-22 5:12 ` Duncan
2015-09-22 11:32 ` Austin S Hemmelgarn
2015-09-22 12:51 ` Qu Wenruo
2015-09-22 13:21 ` Austin S Hemmelgarn
2015-09-22 18:35 ` Chris Murphy
2015-09-22 19:45 ` Austin S Hemmelgarn
2015-09-17 15:26 ` Chris Murphy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m49mvwfczkr.fsf@coffee.modeemi.fi \
--to=flux-btrfs@inside.org \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.