diff options
| author | Mike Snitzer <snitzer@redhat.com> | 2014-02-14 11:58:41 -0500 |
|---|---|---|
| committer | Mike Snitzer <snitzer@redhat.com> | 2014-03-05 15:25:35 -0500 |
| commit | 07f2b6e0382ec4c59887d5954683f1a0b265574e (patch) | |
| tree | 4863593c0fb83c54cb2865f4f0f6a44969aa28a6 /Documentation | |
| parent | cdc2b4158405f1975f9d5205096f08430eda1c0e (diff) | |
dm thin: ensure user takes action to validate data and metadata consistency
If a thin metadata operation fails the current transaction will abort,
whereby causing potential for IO layers up the stack (e.g. filesystems)
to have data loss. As such, set THIN_METADATA_NEEDS_CHECK_FLAG in the
thin metadata's superblock which:
1) requires the user verify the thin metadata is consistent (e.g. use
thin_check, etc)
2) suggests the user verify the thin data is consistent (e.g. use fsck)
The only way to clear the superblock's THIN_METADATA_NEEDS_CHECK_FLAG is
to run thin_repair.
On metadata operation failure: abort current metadata transaction, set
pool in read-only mode, and now set the needs_check flag.
As part of this change, constraints are introduced or relaxed:
* don't allow a pool to transition to write mode if needs_check is set
* don't allow data or metadata space to be resized if needs_check is set
* if a thin pool's metadata space is exhausted: the kernel will now
force the user to take the pool offline for repair before the kernel
will allow the metadata space to be extended.
Also, update Documentation to include information about when the thin
provisioning target commits metadata, how it handles metadata failures
and running out of space.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Joe Thornber <ejt@redhat.com>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/device-mapper/cache.txt | 11 | ||||
| -rw-r--r-- | Documentation/device-mapper/thin-provisioning.txt | 29 |
2 files changed, 34 insertions, 6 deletions
diff --git a/Documentation/device-mapper/cache.txt b/Documentation/device-mapper/cache.txt index e6b72d355151..68c0f517c60e 100644 --- a/Documentation/device-mapper/cache.txt +++ b/Documentation/device-mapper/cache.txt | |||
| @@ -124,12 +124,11 @@ the default being 204800 sectors (or 100MB). | |||
| 124 | Updating on-disk metadata | 124 | Updating on-disk metadata |
| 125 | ------------------------- | 125 | ------------------------- |
| 126 | 126 | ||
| 127 | On-disk metadata is committed every time a REQ_SYNC or REQ_FUA bio is | 127 | On-disk metadata is committed every time a FLUSH or FUA bio is written. |
| 128 | written. If no such requests are made then commits will occur every | 128 | If no such requests are made then commits will occur every second. This |
| 129 | second. This means the cache behaves like a physical disk that has a | 129 | means the cache behaves like a physical disk that has a volatile write |
| 130 | write cache (the same is true of the thin-provisioning target). If | 130 | cache. If power is lost you may lose some recent writes. The metadata |
| 131 | power is lost you may lose some recent writes. The metadata should | 131 | should always be consistent in spite of any crash. |
| 132 | always be consistent in spite of any crash. | ||
| 133 | 132 | ||
| 134 | The 'dirty' state for a cache block changes far too frequently for us | 133 | The 'dirty' state for a cache block changes far too frequently for us |
| 135 | to keep updating it on the fly. So we treat it as a hint. In normal | 134 | to keep updating it on the fly. So we treat it as a hint. In normal |
diff --git a/Documentation/device-mapper/thin-provisioning.txt b/Documentation/device-mapper/thin-provisioning.txt index 8a7a3d46e0da..3b34b4fbb54f 100644 --- a/Documentation/device-mapper/thin-provisioning.txt +++ b/Documentation/device-mapper/thin-provisioning.txt | |||
| @@ -116,6 +116,35 @@ Resuming a device with a new table itself triggers an event so the | |||
| 116 | userspace daemon can use this to detect a situation where a new table | 116 | userspace daemon can use this to detect a situation where a new table |
| 117 | already exceeds the threshold. | 117 | already exceeds the threshold. |
| 118 | 118 | ||
| 119 | A low water mark for the metadata device is maintained in the kernel and | ||
| 120 | will trigger a dm event if free space on the metadata device drops below | ||
| 121 | it. | ||
| 122 | |||
| 123 | Updating on-disk metadata | ||
| 124 | ------------------------- | ||
| 125 | |||
| 126 | On-disk metadata is committed every time a FLUSH or FUA bio is written. | ||
| 127 | If no such requests are made then commits will occur every second. This | ||
| 128 | means the thin-provisioning target behaves like a physical disk that has | ||
| 129 | a volatile write cache. If power is lost you may lose some recent | ||
| 130 | writes. The metadata should always be consistent in spite of any crash. | ||
| 131 | |||
| 132 | If data space is exhausted the pool will either error or queue IO | ||
| 133 | according to the configuration (see: error_if_no_space). If metadata | ||
| 134 | space is exhausted or a metadata operation fails: the pool will error IO | ||
| 135 | until the pool is taken offline and repair is performed to 1) fix any | ||
| 136 | potential inconsistencies and 2) clear the flag that imposes repair. | ||
| 137 | Once the pool's metadata device is repaired it may be resized, which | ||
| 138 | will allow the pool to return to normal operation. Note that if a pool | ||
| 139 | is flagged as needing repair, the pool's data and metadata devices | ||
| 140 | cannot be resized until repair is performed. It should also be noted | ||
| 141 | that when the pool's metadata space is exhausted the current metadata | ||
| 142 | transaction is aborted. Given that the pool will cache IO whose | ||
| 143 | completion may have already been acknowledged to upper IO layers | ||
| 144 | (e.g. filesystem) it is strongly suggested that consistency checks | ||
| 145 | (e.g. fsck) be performed on those layers when repair of the pool is | ||
| 146 | required. | ||
| 147 | |||
| 119 | Thin provisioning | 148 | Thin provisioning |
| 120 | ----------------- | 149 | ----------------- |
| 121 | 150 | ||