From: Matthew Treinish <treinish@linux.vnet.ibm.com>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: NeilBrown <neilb@suse.de>, Christoph Hellwig <hch@infradead.org>,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH/RFC 0/7] Volatile Filehandle Client-side Support
Date: Tue, 15 Nov 2011 17:38:11 -0500 [thread overview]
Message-ID: <20111115223811.GA3687@Gelgoog.pok.ibm.com> (raw)
In-Reply-To: <1321339791.8267.17.camel@lade.trondhjem.org>
On Tue, Nov 15, 2011 at 08:49:51AM +0200, Trond Myklebust wrote:
> On Sun, 2011-11-13 at 13:06 -0500, Matthew Treinish wrote:
> > On Sun, Nov 13, 2011 at 02:54:00PM +1100, NeilBrown wrote:
> > > On Sat, 12 Nov 2011 09:49:53 -0500 Christoph Hellwig <hch@infradead.org>
> > > wrote:
> > >
> > > > On Fri, Nov 11, 2011 at 07:13:29PM -0500, Trond Myklebust wrote:
> > > > > On Fri, 2011-11-11 at 18:04 -0500, Matthew Treinish wrote:
> > > > > > This patch series implements client side support for volatile file handle
> > > > > > recovery (RFC 3530 section 4.2 and 4.3) with walk back using the dcache. To
> > > > > > test the client you either need a server that supports volatile file handles or
> > > > > > you can hard code the server to output NFS4ERR_FHEXPIRED instead of
> > > > > > NFSERR_STALE. (See the last patch in the series)
> > > > >
> > > > > WHY do we want to support this kind of "feature"? As you said, the RFC
> > > > > doesn't actually help in figuring out how this crap is supposed to work
> > > > > in practice, so why do we even consider starting to give a damn?
> > > >
> > > > *nod*. Pretending we handle it seems fairly dangerous. I'd much prefer
> > > > outright rejecting it.
> > >
> > > Hence the suggested mount option.
> > >
> > > A server might not be able to provide stable file handles, but can ensure
> > > that files don't get renamed - for these filesystems, the name is a
> > > reliable stable handle for the file (it just doesn't fit in the NFSv4 file
> > > handle structure).
> > >
> > > So if you know the filesystem will only return FHEXPIRED for filehandles
> > > belonging to files that cannot be renamed, then it is perfectly reasonable to
> > > repeat the name lookup to re-access the file after the server forgets about
> > > an old filehandle. The mount option is how you communicate this knowledge,
> > > because the RFC doesn't provide a way to communicate it.
> > >
> > This was one of 2 reasons for implementing this, and we actually run into this with
> > certain z/OS systems, because the z/OS NFS server currently uses FHEXPIRED in this way.
>
> So you're both basically saying that 'we know that this is a bad idea,
> so let's punt it to the users and assume they will know those few
> exceptions when it is safe to use'?
> In that case, are you planning on documenting what constitutes safe
> usage? So far, I've seen nothing either in the discussion here or in the
> changelogs that explains precisely when you can safely enable this mount
> option.
>
> Note that just disabling renames is, as I stated yesterday, not a
> sufficient condition. You pretty much need a read-only filesystem
> situation, in which case you can easily devise persistent filehandle
> solutions that work just as well.
>
Yes, I agree documenting the risks associated with the mount option is a
necessity, but something that I clearly overlooked. How about something like:
This option enables volatile filehandle recovery by re-lookup
on FHEXPIRED errors. Only use this mount option if the
filenames/paths on the server are not going to change from the
initial expiration until all the recovery operations complete.
Otherwise the validity of the files from the server can not be
guaranteed. It can only truly be considered safe to use on a
linux server, if the filesystem is read-only.
> > The other thought was that this could be used for migration/replication
> > between file synced servers. So, if we wanted to switch/move to another server where
> > the file names were the same but all the inode numbers were different you could use
> > this to refresh the invalid file handles on the new server.
>
> This runs into the rename problem. How do you guarantee that the files
> haven't been renamed before the migration event occurred? How does the
> client identify that the file is the same one when it looks it up on the
> new server?
>
I don't think there is a way to guarantee that the files haven't been renamed
before the migration event. It would probably only be fully safe under the same
conditions as above.
prev parent reply other threads:[~2011-11-15 22:38 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-11 23:04 [PATCH/RFC 0/7] Volatile Filehandle Client-side Support Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC 1/7] New mount option for volatile filehandle recovery Matthew Treinish
2011-11-12 0:19 ` Trond Myklebust
2011-11-12 3:35 ` Malahal Naineni
2011-11-11 23:04 ` [PATCH/RFC 2/7] Added support for FH_EXPIRE_TYPE attribute Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC 3/7] Add VFS objects from nfs4_proc calls into nfs4_exception Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC 4/7] Save root file handle in nfs_server Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC 5/7] Added VFH FHEXPIRED recovery functions Matthew Treinish
2011-11-12 0:27 ` Trond Myklebust
2011-11-12 3:45 ` Malahal Naineni
2011-11-12 17:16 ` Trond Myklebust
2011-11-14 21:12 ` Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC 6/7] Perform recovery on both inodes for rename Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC 7/7] Added error handling for NFS4ERR_FHEXPIRED Matthew Treinish
2011-11-11 23:04 ` [PATCH/RFC] Hard code testing on server <ONLY FOR TESTING> Matthew Treinish
2011-11-12 0:13 ` [PATCH/RFC 0/7] Volatile Filehandle Client-side Support Trond Myklebust
2011-11-12 14:49 ` Christoph Hellwig
2011-11-13 3:54 ` NeilBrown
2011-11-13 13:45 ` Tigran Mkrtchyan
2011-11-13 16:36 ` J. Bruce Fields
2011-11-13 21:07 ` NeilBrown
2011-11-14 0:42 ` J. Bruce Fields
2011-11-14 1:26 ` NeilBrown
2011-11-14 17:27 ` Trond Myklebust
2011-11-15 6:33 ` Trond Myklebust
2012-01-13 17:09 ` Malahal Naineni
2012-01-14 1:38 ` J. Bruce Fields
2012-01-16 16:52 ` Malahal Naineni
2012-01-17 15:18 ` J. Bruce Fields
2012-01-17 17:22 ` Malahal Naineni
2012-01-17 18:47 ` J. Bruce Fields
2012-01-17 19:43 ` Malahal Naineni
2011-11-14 16:29 ` Trond Myklebust
2011-11-13 16:42 ` J. Bruce Fields
2011-11-13 16:45 ` J. Bruce Fields
2011-11-13 18:25 ` Matthew Treinish
2011-11-13 18:06 ` Matthew Treinish
2011-11-14 9:09 ` Tigran Mkrtchyan
2011-11-14 21:47 ` Matthew Treinish
2011-11-15 6:49 ` Trond Myklebust
2011-11-15 22:38 ` Matthew Treinish [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111115223811.GA3687@Gelgoog.pok.ibm.com \
--to=treinish@linux.vnet.ibm.com \
--cc=Trond.Myklebust@netapp.com \
--cc=hch@infradead.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox