Anna Czarnowska [Wed, 5 Jan 2011 03:42:27 +0000 (14:42 +1100)]
Incremental: move suitable spares to container when subarrays started.
By default Incremental places all imsm spares in separate container
with uuid=0:0:0:0. (patch giving spares uuid_zero needed)
When we find enough members to start an array
we are able to determine domain so we search spare container
for suitable spares and move them to the container that
is currently assembled.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Wed, 5 Jan 2011 02:54:18 +0000 (13:54 +1100)]
Assemble: allow to assemble spares on their own
If we find spares but no members of given array
we create container with just spares.
This allows auto assemble to pick up all lose imsm spares when there
is no config file.
When there is a valid config file and any array is assembled from it
we don't try auto assembly so we will not assemble spares that don't
match any array.
To remedy this we must add
ARRAY metadata=imsm UUID=00000000:00000000:00000000:00000000
to config file.
This container will include all remaining spares.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Wed, 5 Jan 2011 02:42:59 +0000 (13:42 +1100)]
Assemble: we need to read policy to know array domains
Policy must be read on all disks identified as array members
to get array's domains list.
Currently it is only read on first array member in auto assembly mode.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Validate size of potential spare disk for external metadata (with containers)
mdinfo read with sysfs_read do not contain information about the space
needed to store data of all volumes created in that container, so that
spare can be used as replacement for existing subarrays in the future.
If lost disk was the only one that belonged to particular domain, array
won't match with that domain any longer. We can achieve this by moving
domain check below the 'target' test.
Added test for array degradation for spare-same-slot
spare-same-slot allows re-adding of missing array member with disk
re-inserted into the same slot where previous member was plugged in.
If in the meantime another spare has been used for recovery, same slot
cookie should be ignored.
external: get number of failed disks for container
Container degradation here is defined as the number of failed disks in
mostly degraded sub-array. This number is used as value for
array.failed_disks and used in comparison to find best match.
Anna Czarnowska [Sun, 26 Dec 2010 11:08:51 +0000 (22:08 +1100)]
Assemble imsm spares in matching domain only
Imsm spare will only be taken if it matches domain of
identified members of currently assembled array.
This implies that:
- spare with null domain will match first array assembled.
- if array has null domain then no spare will match
If we allow spares to set st they may block assembly of subarrays.
This is because in auto-assembly tmpdev->used=0 for a spare not matching
any array. If we find such spare before container and set st, the content
will not get assembled.
We allow uuid_zero match any uuid in assembly as unsuitable spares will
be rejected on domain check.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Krzysztof Wojcik [Sun, 26 Dec 2010 10:59:14 +0000 (21:59 +1100)]
Enable tests for OLCE, takeover, migrations for imsm metadata
Patch provides set of tests for On-line Capacity Expansion,
takeover, migrations operations for imsm metadata type.
Tests are grouped by operation type:
12 - On-line Capacity Expansion on one volume
13 - On-line Capacity Expansion on two volumes
14 - Negative tests for takeover, migrations
15 - Chunk size migrations
16 - raid0 -> raid5, raid5 -> raid0 migrations
18 - takeover operations
To run particular test group, following command should be executed:
(from mdadm's source code root directory)
./test <group number>
Example:
To run On-line Capacity Expansion on one volume tests:
./test 12
Tests execution results:
- In case of test pass, "succeeded" word is printed on console
- If test is failed, "FAILED" word is printed on console
and logs are stored in <mdadm-root-dir>/tests/log/ directory
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com> Signed-off-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Krzysztof Wojcik [Thu, 16 Dec 2010 13:34:54 +0000 (14:34 +0100)]
FIX: Bad block verification during assembling array
We need to refuse to assemble an arrays with bad blocks.
Initially there was condition in container_content function
that returns error value in the case when metadata store information
about bad blocks.
When the container_content function is called from functions NOT connected
with assemble (Kill_subarray, Detail) we get faulty error return value.
Patch introduces new flag in array.status - MD_SB_BBM_ERRORS. It is set
in container_content when bad blocks are detected and can be checked by
container_content caller.
Signed-off-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
fix: incremental for bare disks returns invalid value
return value should remain the same as result of Manage_Subdevs (last
significant operation). Right now it is inverted what results in
error status for successful operation.
fix: adding spare via incremental do not trigger recovery
After incremental has added spare, monitor should be woken up in order
to see if anything has changed. If mdmon is not waken up, recovery do not
start.
Adam Kwolek [Thu, 16 Dec 2010 04:48:27 +0000 (15:48 +1100)]
imsm: Do not indicate resync during reshape
If reshape is started resync is not allowed in parallel. This would
break reshape. If array is in General Migration state do not indicate
resync and allow for reshape continuation.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Thu, 16 Dec 2010 02:17:45 +0000 (13:17 +1100)]
imsm: Process reshape_update in mdmon
For this update prepare_update() allocates memory to relink imsm
(bigger) device imsm structures. It calculates new /bigger/ anchor
size.
Process update applies update in to imsm structures. This includes
- converting selected spares into configured devices
- marking the arrays as migrating
- making a new 'map' for each array with the changed details.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Thu, 16 Dec 2010 01:10:01 +0000 (12:10 +1100)]
Allow a metadata update to have a linked list of allocated spaces.
Sometimes one metadata update will require allocating several
larger data structures. As 'monitor' cannot allocate, 'manager'
must, so it must be able to attach a list of allocates to the
update, and importantly it must be able to easily free them.
So add a 'space_list' element to metadata updates where each
element on the list starts with a pointer to the next.
NeilBrown [Thu, 16 Dec 2010 00:45:21 +0000 (11:45 +1100)]
imsm: Prepare reshape_update in mdadm
During Online Capacity Expansion metadata has to be updated to show
array changes and allow for future assembly of array. To do this
mdadm prepares and sends reshape_update metadata update to mdmon.
The update contains the old and new number of raid disks, and the
indices of the spare disks that will be used to fill the spaces.
This works as follows:
1. reshape_super() prepares metadata update.
2. mdadm discovers the spares and adds them to the array
3. mdadm sends the update to mdmon
4. managemon in prepare_update() allocates required memory for bigger
device object
5. monitor in process_update() updates the metadata to record the
new sizes and the newly assigned devices.
6. mdadm initiates the reshape
Based on code From: Adam Kwolek <adam.kwolek@intel.com>
Signed-off-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com> Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Wed, 15 Dec 2010 22:07:52 +0000 (09:07 +1100)]
mdmon: when a reshape is detected, add any newly added devices to the array.
When mdadm starts a reshape, it might add some devices to the array
first. mdmon needs to notice the reshape starting and check for any
new devices. If there are any they need to be provided to be
monitored.
NeilBrown [Wed, 15 Dec 2010 22:07:52 +0000 (09:07 +1100)]
Grow: add disks chosen by metadata handler to array for growth.
With externally managed container based metadata, the ->reshape_super
method must choose any spares that are to be added to the array.
They should be prepared so that ->container_content will find them
as spares (disk.state == 0) which are assigned to a slot
(raid_disk >= 0).
We need to take those and add them to the array(s).
NeilBrown [Wed, 15 Dec 2010 22:07:52 +0000 (09:07 +1100)]
Grow: split out start_reshape for initiating reshape via sysfs.
Rather than sprinkling various sysfs setting around, put them all
in one place. This will make implementing ->manage_reshape easier.
This changes behaviour slightly.
Previously we would not set 'sync_action' to 'reshape' until we were
ready for the process to start. Now we set sync_max to zero and set
sync_action to 'reshape' at that time. When we want reshape to
actually start we advance sync_max.
NeilBrown [Wed, 15 Dec 2010 22:07:51 +0000 (09:07 +1100)]
Grow: be more careful about metadata updates.
1/ When we sunc_metadata, we must reset ->update_tail else
future metadata updates might go direct to the device bypassing
mdmon.
2/ When converting to an array with redundancy so we can add disks
it is neater to sync_metadata before starting mdmon rather that
artificially setting update_tail early.
NeilBrown [Wed, 15 Dec 2010 22:07:51 +0000 (09:07 +1100)]
Grow: check container is idle before freezing it.
Before we freeze a container in preparation for growing a subarray, we
need to be sure all the subarrays are idle.
This test is racy as recovery could start at any moment following a
failure. However it is still useful as it stops us from even trying
to start a reshape while a reshape or recovery is active.
Labun, Marcin [Wed, 15 Dec 2010 04:51:53 +0000 (15:51 +1100)]
IMSM: do not rebuild the array if a non-redundant sub-array with failed disks is present
Before looking for a spare to rebuild a degraded array, check if there
are any failed disks in container. Block rebuild if another sub-array
is failed until failed disks are removed from container.
Currently, Intel metadata handler rebuilds all sub-arrays even if one
of them is non-redundant. In case of failed sub-array, failed disks
are just replaced with new ones in the metadata mapping. The data for
failed disk is not restored even the disk is present in the system.
With this fix, we require the removal of the failed disk from
container to start the process of rebuilding the array with failed
member. If the disk is physically pulled out of the system, the disk
is removed from container automatically by exiting udev rules.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Labun, Marcin [Wed, 15 Dec 2010 04:51:51 +0000 (15:51 +1100)]
IMSM: Fix problem in mdmon monitor of using removed disk in imsm container.
Manager thread shall pass the information to monitor thread (mdmon)
that some devices are removed from container. Otherwise, monitor
(mdmon) might use such devices (spares) to rebuild the array that has
gone degraded.
This problem happens for imsm containers, since a list of the
container disks is maintained in intel_super structure. When array
goes degraded, the list is searched to find a spare disks to start
rebuild. Without this fix the rebuild could be stared on the spare
device that was a member of the container, but has been removed from
it.
New super type function handler has been introduced to prepare
metadata format specific information about removed devices.
int (*remove_from_super)(struct supertype *st, mdu_disk_info_t *dinfo)
The message prepared in remove_from_super is later processed by
process_update handler in monitor thread.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Luca Berra [Sun, 12 Dec 2010 10:33:55 +0000 (11:33 +0100)]
segfault in imsm create with wrong arguments
When calling mdadm -C --metadata=imsm -l 1 /dev/sd..
mdadm segfaults in default_chunk_imsm()
above syntax is incorrect, but mdadm should error instead of segfaulting
NeilBrown [Thu, 9 Dec 2010 02:06:29 +0000 (13:06 +1100)]
Allow --update=devicesize with --re-add
This is useful with 1.1 and 1.2 metadata to update the metadata if
the device size has changed.
The same functionality can be achieved by writing to the device size
in sysfs after re-adding normally, but in some cases this might be
easier.
NeilBrown [Thu, 9 Dec 2010 00:51:13 +0000 (11:51 +1100)]
Grow: warn if growing an array will make it degraded.
Growing an array when there aren't enough spares can make the array
degraded. This works but might not be what is wanted.
So warn the user in this case and require a --force to go ahead
with the reshape.
fix: mdadm -Ss for external metadata don't stop container
Sometimes (~50%) mdadm -Ss cannot stop container as mdmon opens its device
and do not close it before exit(). The period between open and release of
handle is too long and md is not able stop device. Releasing handle before
exit does not block md.
fix: incremental on invalid container causes segfault
counterpart of 417f346ee0 for incremental.
If md device has metadata_version="none" super_by_fd() matches
supertype=super0.
Call of load_container() dereferences null, so we have to forbid it.
Adam Kwolek [Fri, 3 Dec 2010 10:33:55 +0000 (21:33 +1100)]
FIX: wait_backup() sometimes hungs
Sometimes wait_backup() omits transition from reshape to idle state
and mdadm seams to be hung. So check the 'complete' count
*before* waiting rather than only after.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Fri, 3 Dec 2010 04:10:20 +0000 (15:10 +1100)]
FIX: Honor !reshape state on wait_reshape() entry
When wait_reshape() function starts it can occurs that reshape is
finished already, before wait_reshape() start. This can lead to wait
for change state inside this function for a long time. To avoid this
before wait we should test if finish conditions are not reached
already.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Fri, 3 Dec 2010 04:03:25 +0000 (15:03 +1100)]
FIX: Do not use layout for raid4 and raid0 while geo map computing
After takeover, layout has no meaning for computing geo map for raid0
and raid4. Set layout to 0 for such cases. It can happen after
takeover operation when not all array information is reread.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Thu, 2 Dec 2010 08:18:49 +0000 (09:18 +0100)]
FIX: Cannot exit monitor after takeover
When performing backward takeover to raid0 monitor cannot exit
for single raid0 array configuration.
Monitor is locked by communication (ping_manager()) after unfreeze()
Do not ping manager for raid0 array as they shouldn't be monitored.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Fri, 3 Dec 2010 03:11:29 +0000 (14:11 +1100)]
Monitor: don't add more spares than needed
When we add a spare to a container it takes a while
before it is noticed by mdmon and recovery starts.
During this time the array remains degraded but we don't want to add
any more spares to this container. Therefore we must check container
with degraded array if it doesn't already have a suitable spare.
container_choose_spare is reused with from=to
Domain check is not needed in this situation.
Ping_manager after moving disk is needed to be able to see
newly added disk in container after coming back through the loop.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Wed, 1 Dec 2010 03:51:27 +0000 (14:51 +1100)]
Create/grow: improve checks on number of devices.
Check on upper limit of number of devices was in the wrong place.
Result was could not create array with more than 27 devices without
explicitly setting metadata, even though default metadata allows more.
Fixed, and also perform check when growing an array.
NeilBrown [Wed, 1 Dec 2010 00:47:32 +0000 (11:47 +1100)]
Assemble: allow an array undergoing reshape to be started without backup file
Though not having the proper backup file can cause data corruption, it
is not enough to justify not being able to start the array at all.
So allow "--invalid-backup" to be specified which says "just continue
even if a backup cannot be restored".
fix: assemble for external metadata generates segfault if invalid device found
An attempt to invoke super_by_fd() on device that has
metadata_version="none" always matches super0 (as test_version is "").
In Assemble() it results in segfault when load_container is invoked
(=null for super0).
As of now load_container is only started if it points to valid pointer.
NeilBrown [Tue, 30 Nov 2010 22:47:21 +0000 (09:47 +1100)]
ddf: don't print warning on assemble
Now that we check the error return of 'update_super' better, we
much make sure that ddf doesn't incorrectly report that the
superblocks are wrong during assemble.
NeilBrown [Tue, 30 Nov 2010 05:34:25 +0000 (16:34 +1100)]
Grow: give useful message when adding bitmap gives EBUSY.
If adding a bitmap fails with EBUSY, then it is because the array is
currently resyncing/recovering/reshaping.
As this is non-obvious, give a message explaining the fact.
Adam Kwolek [Fri, 26 Nov 2010 07:08:01 +0000 (08:08 +0100)]
imsm: Allow multiple spares to be collected.
Assumption for spares searching was that after picking new device, it
has to be added to array before next search. This causes returning
different disk on each call.
When creating a spare list during Online Capacity Expansion, we will
first collect the devices list and then all devices are added to md.
Picked device from spares pool has to be checked against picked
devices so far. If not, the same disk will be returned all the time.
Already picked devices are stored in the list and this list is used
for new devices verification also.
So add an extra arg to imsm_add_spare to hold a list of known
spares to ignore.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 01:53:16 +0000 (12:53 +1100)]
imsm: FIX: core dump during imsm metadata writing
Wrong number of disks during metadata update causes core dump. New
disks number based on internal mdmon information has to used for
calculation (not previously read from metadata).
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 01:28:01 +0000 (12:28 +1100)]
imsm: Add support for general migration
Internal IMSM procedures need to support the General Migration.
It is used during operations like:
- Online Capacity Expansion,
- migration initialization,
- finishing migration,
- apply changes to raid disks etc.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 01:11:09 +0000 (12:11 +1100)]
Treat feature as experimental
Due to fact that IMSM Windows compatibility was not tested yet,
feature has to be treated as experimental until compatibility
verification will be performed.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 00:57:51 +0000 (11:57 +1100)]
Disk removal support for Raid10->Raid0 takeover
Until now Raid10->Raid0 takeover was possible only if all the mirrors
where removed before md starts the takeover. Now mdadm, when
performing Raid10->raid0 takeover, will remove all unwanted mirrors
from the array before actual md takeover is called.
Signed-off-by: Maciej Trela <maciej.trela@intel.com> Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Fri, 26 Nov 2010 13:29:53 +0000 (14:29 +0100)]
Monitor: fix writing autorebuild.pid
If /var/run/mdadm doesn't exist we can never succeed writing
so we should try to create it first. When we make sure it is there we
write pid file as before.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Fri, 26 Nov 2010 10:51:59 +0000 (11:51 +0100)]
Monitor: reset dev when size too small
Cc: linux-raid@vger.kernel.org, Williams, Dan J <dan.j.williams@intel.com>, Ciechanowski, Ed <ed.ciechanowski@intel.com>
Otherwise spare will be considered good anyway.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Sun, 28 Nov 2010 22:51:27 +0000 (09:51 +1100)]
Monitor: few bug fixes for spare migration
1. If array not changed we should still report any degraded
- another array may have a new spare that we can move.
2. Array with err=1 can't give a spare.
3. We look for spares in "from" not "st" which is supertype
and has devname=NULL.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Sun, 28 Nov 2010 22:40:15 +0000 (09:40 +1100)]
Incremental - avoid including wayward devices.
If a devices - typically in a mirrored set - is assembled
independently of the other devices, and then attempted to be brought
back into the set, it could contain inconsistent data. It should not
be included.
So detect this situation by ensuring that the 'most recent' device is
believed to be active by every other device. If a device is wayward,
it will only consider fellow wayward devices to be active and will
think all others are failed or missing.
This patches fixes --incremental, --assemble was done in an earlier
patch.
NeilBrown [Thu, 25 Nov 2010 07:58:45 +0000 (18:58 +1100)]
Improve opt parsing, and distinguish long from short.
In several cases, two different long options map to the same short
option. So e.g. you could give '--brief' and it would be interpreted
as '--bitmap'. That isn't really good.
So for every shared short option, define an option number and return
that for the long option instead. Then always check for both the
short and long options.
Also give some bugs like " mode == 'G'" which should be '== GROW'.
NeilBrown [Thu, 25 Nov 2010 07:37:23 +0000 (18:37 +1100)]
Monitor: separate 'choose_spare' out from 'move_spare'
choosing a spare from a container is more complicated that
from a native array. So separate out choose_spare to make it easier
to use an alternate implementation
Dan Williams [Tue, 23 Nov 2010 05:39:58 +0000 (16:39 +1100)]
External reshape (step 2): Freeze container
When growing the number of raid disks the reshape process will promote
container-spares to subarray-spares (later the kernel promotes them to
subarray-members in raid5_start_reshape()). The automatic spare
promotion that mdmon performs upon seeing a degraded array must be
disabled until the reshape process has been initiated. Otherwise, mdmon
may start a rebuild before the reshape parameters can be specified.
In the external case we arrange for the monitor to be blocked, and
turn off the safemode delay.
Mdmon is updated to check sync_action is not frozen before initiating
recovery.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams [Thu, 18 Nov 2010 09:22:59 +0000 (10:22 +0100)]
External reshape (step 1): container reshape and ->reshape_super()
In the native metadata case Grow_reshape() and the kernel validate what
reshapes are possible / supported and the kernel handles all the metadata
updates. In the external case the metadata format may have specific
constraints above this baseline. External formats also introduce the
constraint of only permitting some reshapes at container scope versus subarray
scope. For exmaple imsm changes to 'raiddisks' must be applied to all arrays
in the container.
This operation assumes that its 'st' parameter has been obtained from
super_by_fd() (such that st->subarray is up to date), and that a snapshot of
the metadata has been loaded from the container.
Why a new method, versus extending an existing one?
->validate_geometry: this routine assumes it is being called from Create(),
adding reshape complicates the cases that this routine needs to handle. Where
we find that checks can be shared between the two cases those routines
refactored into common code internal to the metadata handler, i.e. no need to
provide a unified external interface. ->validate_geometry() also does not
expect to update the metadata.
->update_super: this is meant to update single fields at Assembly() and only at
the container scope. Reshape potentially wants to update multiple fields at
either container or subarray scope.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>