From: Tomasz Pala <gotar@polanet.pl>
To: Btrfs BTRFS <linux-btrfs@vger.kernel.org>
Subject: Re: degraded permanent mount option
Date: Tue, 30 Jan 2018 16:24:16 +0100 [thread overview]
Message-ID: <20180130152415.GC7126@polanet.pl> (raw)
In-Reply-To: <f97f4e60-47fb-f1d6-dc09-0b46638a9eb4@gmail.com>
On Mon, Jan 29, 2018 at 14:00:53 -0500, Austin S. Hemmelgarn wrote:
> We already do so in the accepted standard manner. If the mount fails
> because of a missing device, you get a very specific message in the
> kernel log about it, as is the case for most other common errors (for
> uncommon ones you usually just get a generic open_ctree error). This is
> really the only option too, as the mount() syscall (which the mount
> command calls) returns only 0 on success or -1 and an appropriate errno
> value on failure, and we can't exactly go about creating a half dozen
> new error numbers just for this (well, technically we could, but I very
> much doubt that they would be accepted upstream, which defeats the purpose).
This is exacly why the separate communication channel being the ioctl is
currently used. And I really don't understand why do you fight against
expanding this ioctl response.
> With what you're proposing for BTRFS however, _everything_ is a
> complicated decision, namely:
> 1. Do you retry at all? During boot, the answer should usually be yes,
> but during normal system operation it should normally be no (because we
> should be letting the user handle issues at that point).
This is exactly why I propose to introduce ioctl in btrfs.ko that
accepts userspace-configured (as per-volume policy) expectations.
> 2. How long should you wait before you retry? There is no right answer
> here that will work in all cases (I've seen systems which take multiple
> minutes for devices to become available on boot), especially considering
> those of us who would rather have things fail early.
btrfs-last-resort@.timer per analogy to mdadm-last-resort@.timer
> 3. If the retry fails, do you retry again? How many times before it
> just outright fails? This is going to be system specific policy. On
> systems where devices may take a while to come online, the answer is
> probably yes and some reasonably large number, while on systems where
> devices are known to reliably be online immediately, it makes no sense
> to retry more than once or twice.
All of this is systemd timer/service job.
> 4. If you are going to retry, should you try a degraded mount? Again,
> this is going to be system specific policy (regular users would probably
> want this to be a yes, while people who care about data integrity over
> availability would likely want it to be a no).
Just like above - user-configured in systemd timers/services easily.
> 5. Assuming you do retry with the degraded mount, how many times should
> a normal mount fail before things go degraded? This ties in with 3 and
> has the same arguments about variability I gave there.
As above.
> 6. How many times do you try a degraded mount before just giving up?
> Again, similar variability to 3.
> 7. Should each attempt try first a regular mount and then a degraded
> one, or do you try just normal a couple times and then switch to
> degraded, or even start out trying normal and then start alternating?
> Any of those patterns has valid arguments both for and against it, so
> this again needs to be user configurable policy.
>
> Altogether, that's a total of 7 policy decisions that should be user
> configurable.
All of them easy to implement if the btrfs.ko could accept
'allow-degraded' per-volume instruction and return 'try-degraded' in the
ioctl.
> Having a config file other than /etc/fstab for the mount
> command should probably be avoided for sanity reasons (again, BTRFS is a
> filesystem, not a volume manager), so they would all have to be handled
> through mount options. The kernel will additionally have to understand
> that those options need to be ignored (things do try to mount
> filesystems without calling a mount helper, most notably the kernel when
> it mounts the root filesystem on boot if you're not using an initramfs).
> All in all, this type of thing gets out of hand _very_ fast.
You need to think about the two separately:
1. tracking STATE - this is remembering 'allow-degraded' option for now,
2. configured POLICY - this is to be handled by init system.
--
Tomasz Pala <gotar@pld-linux.org>
next prev parent reply other threads:[~2018-01-30 15:24 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-26 14:02 degraded permanent mount option Christophe Yayon
2018-01-26 14:18 ` Austin S. Hemmelgarn
2018-01-26 14:47 ` Christophe Yayon
2018-01-26 14:55 ` Austin S. Hemmelgarn
2018-01-27 5:50 ` Andrei Borzenkov
[not found] ` <1517035210.1252874.1249880112.19FABD13@webmail.messagingengine.com>
2018-01-27 6:43 ` Andrei Borzenkov
2018-01-27 6:48 ` Christophe Yayon
2018-01-27 10:08 ` Christophe Yayon
2018-01-27 10:26 ` Andrei Borzenkov
2018-01-27 11:06 ` Tomasz Pala
2018-01-27 13:26 ` Adam Borowski
2018-01-27 14:36 ` Goffredo Baroncelli
2018-01-27 15:38 ` Adam Borowski
2018-01-27 15:22 ` Duncan
2018-01-28 0:39 ` Tomasz Pala
2018-01-28 20:02 ` Chris Murphy
2018-01-28 22:39 ` Tomasz Pala
2018-01-29 0:00 ` Chris Murphy
2018-01-29 8:54 ` Tomasz Pala
2018-01-29 11:24 ` Adam Borowski
2018-01-29 13:05 ` Austin S. Hemmelgarn
2018-01-30 13:46 ` Tomasz Pala
2018-01-30 15:05 ` Austin S. Hemmelgarn
2018-01-30 16:07 ` Tomasz Pala
2018-01-29 17:58 ` Andrei Borzenkov
2018-01-29 19:00 ` Austin S. Hemmelgarn
2018-01-29 21:54 ` waxhead
2018-01-30 13:46 ` Austin S. Hemmelgarn
2018-01-30 19:50 ` Tomasz Pala
2018-01-30 20:40 ` Austin S. Hemmelgarn
2018-01-30 15:24 ` Tomasz Pala [this message]
2018-01-30 13:36 ` Tomasz Pala
2018-01-30 4:44 ` Chris Murphy
2018-01-30 15:40 ` Tomasz Pala
2018-01-28 8:06 ` Andrei Borzenkov
2018-01-28 10:27 ` Tomasz Pala
2018-01-28 15:57 ` Duncan
2018-01-28 16:51 ` Andrei Borzenkov
2018-01-28 20:28 ` Chris Murphy
2018-01-28 23:13 ` Tomasz Pala
2018-01-27 21:12 ` Chris Murphy
2018-01-28 0:16 ` Tomasz Pala
2018-01-27 22:42 ` Tomasz Pala
2018-01-29 13:42 ` Austin S. Hemmelgarn
2018-01-30 15:09 ` Tomasz Pala
2018-01-30 16:22 ` Tomasz Pala
2018-01-30 16:30 ` Austin S. Hemmelgarn
2018-01-30 19:24 ` Tomasz Pala
2018-01-30 19:40 ` Tomasz Pala
2018-01-27 20:57 ` Chris Murphy
2018-01-28 0:00 ` Tomasz Pala
2018-01-28 10:43 ` Tomasz Pala
2018-01-26 21:54 ` Chris Murphy
2018-01-26 22:03 ` Christophe Yayon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180130152415.GC7126@polanet.pl \
--to=gotar@polanet.pl \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).