From: Jeff Layton <jlayton@redhat.com>
To: Lukas Hejtmanek <xhejtman@ics.muni.cz>
Cc: linux-nfs@vger.kernel.org, jiri.horky@cesnet.cz
Subject: Re: NFSv4 high availability setups
Date: Tue, 17 Apr 2012 11:14:11 -0400 [thread overview]
Message-ID: <20120417111411.334c3d2b@corrin.poochiereds.net> (raw)
In-Reply-To: <20120417143448.GU32132@ics.muni.cz>
On Tue, 17 Apr 2012 16:34:48 +0200
Lukas Hejtmanek <xhejtman@ics.muni.cz> wrote:
> Hi,
>
> On Tue, Apr 10, 2012 at 09:13:21AM -0400, Jeff Layton wrote:
> > Nope. It'll all work just great...until it doesn't. I don't have any
> > specific failure scenarios, but most of the problems will be issues
> > with state recovery when a server node is restarted.
> >
> > That may manifest in different ways -- problems reclaiming locks for
> > instance, or even silent data corruption depending on the application.
>
> would it work if I relax active-active scenario to just active-passive in the
> following way:
>
> Server A actively exports /export/A
> Server B actively exports /export/B
>
> Server B is passive backup for Server A
> Server A is passive backup for Server B
>
> would it work to migrate the failed Server B to Server A so that Server A will
> server both /export/A and /export/B?
>
> There will be a problem with v4recovery dir. Would it be possible just to
> merge v4recovery from Server B to Server A (nfs export would be stopped while
> merging v4recovery).
>
> It seems that cp -r B/v4recovery/* A/v4recovery/ would do all the things. Am
> I right?
>
> Do I need to copy recovery state if I delay migration of the failed Server B to
> Server A for 91 secs? I.e., longer than lease expiry time.. Or do I still need
> a record for the client in v4recovery dir in such a case?
>
That'll still be dangerous. Suppose (for instance) that a client1 lost
communication with server B for a period of time and then it expired
the lease and handed out a lock to client2 that it was holding
previously. client2 modifies the file and drops the lock. At the same
time, client1 has uninterrupted communication with serverA, and holds
state on it.
Eventually, you fail over server B and merge the directories. client1
attempts to renew its lease, but gets back an error and starts
reclaiming things. Now, server B would have denied reclaim of that lock
-- its lease had expired, but in this case it's allowed because you
merged the directory and it client1 held state on serverA. client1
reclaims the lock and thinks that it's held the lock the entire time --
data corruption and other hilarity ensues...
--
Jeff Layton <jlayton@redhat.com>
next prev parent reply other threads:[~2012-04-17 15:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-05 10:31 NFSv4 high availability setups Lukas Hejtmanek
2012-04-05 11:39 ` Jeff Layton
2012-04-10 12:55 ` Lukas Hejtmanek
2012-04-10 13:13 ` Jeff Layton
2012-04-10 18:14 ` Michael Schwartzkopff
2012-04-17 14:34 ` Lukas Hejtmanek
2012-04-17 15:14 ` Jeff Layton [this message]
2012-04-24 14:01 ` Jeff Layton
2012-04-24 14:28 ` Chuck Lever
2012-04-24 15:19 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120417111411.334c3d2b@corrin.poochiereds.net \
--to=jlayton@redhat.com \
--cc=jiri.horky@cesnet.cz \
--cc=linux-nfs@vger.kernel.org \
--cc=xhejtman@ics.muni.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox