From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49775) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XOMH1-0007LG-5H for qemu-devel@nongnu.org; Mon, 01 Sep 2014 03:43:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XOMGr-0003WV-EH for qemu-devel@nongnu.org; Mon, 01 Sep 2014 03:43:35 -0400 Received: from mail-pd0-x232.google.com ([2607:f8b0:400e:c02::232]:44034) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XOMGr-0003WI-6i for qemu-devel@nongnu.org; Mon, 01 Sep 2014 03:43:25 -0400 Received: by mail-pd0-f178.google.com with SMTP id y13so5596826pdi.9 for ; Mon, 01 Sep 2014 00:43:22 -0700 (PDT) From: Liu Yuan Date: Mon, 1 Sep 2014 15:43:06 +0800 Message-Id: <1409557394-11853-1-git-send-email-namei.unix@gmail.com> Subject: [Qemu-devel] [PATCH 0/8] add basic recovery logic to quorum driver List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Kevin Wolf , Benoit Canet , Stefan Hajnoczi This patch set mainly add mainly two logics to implement device recover - notify qourum driver of the broken states from the child driver(s) - dirty track and sync the device after it is repaired Thus quorum allow VMs to continue while some child devices are broken and when the child devices are repaired and return back, we sync dirty bits during downtime to keep data consistency. The recovery logic is based on the driver state bitmap and will sync the dirty bits with a timeslice window in a coroutine in this prtimive implementation. Simple graph about 2 children with threshold=1 and read-pattern=fifo: (similary to DRBD) + denote device sync iteration - IO on a single device = IO on two devices sync complete, release dirty bitmap ^ | ====-----------------++++----++++----++========== | | | v | device repaired and begin to sync v device broken, create a dirty bitmap This sync logic can take care of nested broken problem, that devices are broken while in sync. We just start a sync process after the devices are repaired again and switch the devices from broken to sound only when the sync completes. For read-pattern=quorum mode, it enjoys the recovery logic without any problem. Todo: - use aio interface to sync data (multiple transfer in one go) - dynamic slice window to control sync bandwidth more smoothly - add auto-reconnection mechanism to other protocol (if not support yet) - add tests Cc: Eric Blake Cc: Benoit Canet Cc: Kevin Wolf Cc: Stefan Hajnoczi Liu Yuan (8): block/quorum: initialize qcrs.aiocb for read block: add driver operation callbacks block/sheepdog: propagate disconnect/reconnect events to upper driver block/quorum: add quorum_aio_release() helper quorum: fix quorum_aio_cancel() block/quorum: add broken state to BlockDriverState block: add two helpers quorum: add basic device recovery logic block.c | 17 +++ block/quorum.c | 324 +++++++++++++++++++++++++++++++++++++++++----- block/sheepdog.c | 9 ++ include/block/block.h | 9 ++ include/block/block_int.h | 6 + trace-events | 5 + 6 files changed, 336 insertions(+), 34 deletions(-) -- 1.9.1