From: Michael Tokarev <mjt@tls.msk.ru>
To: Linda Walsh <xfs@tlinx.org>
Cc: Eric Sandeen <sandeen@sandeen.net>,
Justin Piszcz <jpiszcz@lucidpixels.com>,
Moshe Yudkowsky <moshe@pobox.com>,
linux-raid@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: RAID needs more to survive a power hit, different /boot layout for example (was Re: draft howto on making raids for surviving a disk crash)
Date: Wed, 06 Feb 2008 05:12:40 +0300 [thread overview]
Message-ID: <47A91798.4090703@msgid.tls.msk.ru> (raw)
In-Reply-To: <47A9098F.4020801@tlinx.org>
Linda Walsh wrote:
>
> Michael Tokarev wrote:
>> Unfortunately an UPS does not *really* help here. Because unless
>> it has control program which properly shuts system down on the loss
>> of input power, and the battery really has the capacity to power the
>> system while it's shutting down (anyone tested this?
> ----
> Yes. I must say, I am not connected or paid by APC.
>
>> With new UPS?
>> and after an year of use, when the battery is not new?), -- unless
>> the UPS actually has the capacity to shutdown system, it will cut
>> the power at an unexpected time, while the disk(s) still has dirty
>> caches...
> --------
> If you have a "SmartUPS" by "APC", their is a freeware demon that monitors
[...]
Good stuff. I knew at least SOME UPSes are good... ;)
Too bad I rarely see such stuff in use by regular
home users...
[]
>> Note also that with linux software raid barriers are NOT supported.
> ------
> Are you sure about this? When my system boots, I used to have
> 3 new IDE's, and one older one. XFS checked each drive for barriers
> and turned off barriers for a disk that didn't support it. ... or
> are you referring specifically to linux-raid setups?
I'm referring especially to linux-raid setups (software raid).
md devices don't support barriers, because of a very simple
reasons: once more than one disk drive is involved, md layer
can't guarantee ordering ACROSS drives too. The problem is
that in case of power loss during writes, when an array needs
recovery/resync (at least the parts which were being written,
if bitmaps are in use), md layer will choose arbitrary drive
as a "master" and will copy data to another drive (speaking
of simplest case of 2-drive raid1 array). But the thing
is that one drive may have two last barriers written (I mean
the data that was "assotiated" with the barriers), and
another neither of the two - in two different places. And
hence we may see quite.. some inconsistency here.
This is regardless of whether underlying component devices
supports barriers or not.
> Would it be possible on boot to have xfs probe the Raid array,
> physically, to see if barriers are really supported (or not), and disable
> them if they are not (and optionally disabling write caching, but that's
> a major performance hit in my experience.
Xfs already probes the devices as you describe, exactly the
same way as you've seen with your ide disks, and disables
barriers.
The question and confusing was about what happens when the
barriers are disabled (provided, again, that we don't rely
on UPS and other external things). As far as I understand,
when barriers are working properly, xfs should be safe wrt
power losses (still a bit unsure about this). Now, when
barriers are turned off (for whatever reason), is it still
as safe? I don't know. Does it use regular cache flushes
in place of barriers in that case (which ARE supported by
md layer)?
Generally, it has been said numerous times that XFS is not
"powercut-friendly", and it has to be used when everything
is stable, including power. Hence I'm afraid to deploy it
where I know the power is not stable (we've about 70 such
places here, with servers in each, where they don't always
replace UPS batteries in time - ext3fs never crashed so
far, while ext2 did).
Thanks.
/mjt
next prev parent reply other threads:[~2008-02-06 2:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-03 19:15 RAID needs more to survive a power hit, different /boot layout for example (was Re: draft howto on making raids for surviving a disk crash) Moshe Yudkowsky
2008-02-03 20:01 ` Robin Hill
2008-02-03 20:46 ` Moshe Yudkowsky
2008-02-03 22:01 ` Robin Hill
2008-02-04 11:06 ` Moshe Yudkowsky
2008-02-04 11:40 ` Robin Hill
2008-02-03 20:28 ` Michael Tokarev
2008-02-03 20:54 ` Moshe Yudkowsky
2008-02-03 21:04 ` Michael Tokarev
2008-02-04 9:27 ` Michael Tokarev
2008-02-04 10:58 ` Moshe Yudkowsky
2008-02-04 13:52 ` Michael Tokarev
2008-02-04 14:09 ` Justin Piszcz
2008-02-04 14:25 ` Eric Sandeen
2008-02-04 14:42 ` Eric Sandeen
2008-02-04 15:31 ` Moshe Yudkowsky
2008-02-04 16:45 ` Eric Sandeen
2008-02-04 17:22 ` Michael Tokarev
2008-02-05 12:31 ` Linda Walsh
2008-02-04 16:38 ` Michael Tokarev
2008-02-04 19:02 ` Richard Scobie
2008-02-04 22:27 ` Justin Piszcz
2008-02-06 1:12 ` Linda Walsh
2008-02-06 2:12 ` Michael Tokarev [this message]
2008-02-06 9:14 ` Luca Berra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A91798.4090703@msgid.tls.msk.ru \
--to=mjt@tls.msk.ru \
--cc=jpiszcz@lucidpixels.com \
--cc=linux-raid@vger.kernel.org \
--cc=moshe@pobox.com \
--cc=sandeen@sandeen.net \
--cc=xfs@oss.sgi.com \
--cc=xfs@tlinx.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).