NeilBrown [Wed, 15 Dec 2010 22:07:52 +0000 (09:07 +1100)]
Grow: split out start_reshape for initiating reshape via sysfs.
Rather than sprinkling various sysfs setting around, put them all
in one place. This will make implementing ->manage_reshape easier.
This changes behaviour slightly.
Previously we would not set 'sync_action' to 'reshape' until we were
ready for the process to start. Now we set sync_max to zero and set
sync_action to 'reshape' at that time. When we want reshape to
actually start we advance sync_max.
NeilBrown [Wed, 15 Dec 2010 22:07:51 +0000 (09:07 +1100)]
Grow: be more careful about metadata updates.
1/ When we sunc_metadata, we must reset ->update_tail else
future metadata updates might go direct to the device bypassing
mdmon.
2/ When converting to an array with redundancy so we can add disks
it is neater to sync_metadata before starting mdmon rather that
artificially setting update_tail early.
NeilBrown [Wed, 15 Dec 2010 22:07:51 +0000 (09:07 +1100)]
Grow: check container is idle before freezing it.
Before we freeze a container in preparation for growing a subarray, we
need to be sure all the subarrays are idle.
This test is racy as recovery could start at any moment following a
failure. However it is still useful as it stops us from even trying
to start a reshape while a reshape or recovery is active.
Labun, Marcin [Wed, 15 Dec 2010 04:51:53 +0000 (15:51 +1100)]
IMSM: do not rebuild the array if a non-redundant sub-array with failed disks is present
Before looking for a spare to rebuild a degraded array, check if there
are any failed disks in container. Block rebuild if another sub-array
is failed until failed disks are removed from container.
Currently, Intel metadata handler rebuilds all sub-arrays even if one
of them is non-redundant. In case of failed sub-array, failed disks
are just replaced with new ones in the metadata mapping. The data for
failed disk is not restored even the disk is present in the system.
With this fix, we require the removal of the failed disk from
container to start the process of rebuilding the array with failed
member. If the disk is physically pulled out of the system, the disk
is removed from container automatically by exiting udev rules.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Labun, Marcin [Wed, 15 Dec 2010 04:51:51 +0000 (15:51 +1100)]
IMSM: Fix problem in mdmon monitor of using removed disk in imsm container.
Manager thread shall pass the information to monitor thread (mdmon)
that some devices are removed from container. Otherwise, monitor
(mdmon) might use such devices (spares) to rebuild the array that has
gone degraded.
This problem happens for imsm containers, since a list of the
container disks is maintained in intel_super structure. When array
goes degraded, the list is searched to find a spare disks to start
rebuild. Without this fix the rebuild could be stared on the spare
device that was a member of the container, but has been removed from
it.
New super type function handler has been introduced to prepare
metadata format specific information about removed devices.
int (*remove_from_super)(struct supertype *st, mdu_disk_info_t *dinfo)
The message prepared in remove_from_super is later processed by
process_update handler in monitor thread.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Luca Berra [Sun, 12 Dec 2010 10:33:55 +0000 (11:33 +0100)]
segfault in imsm create with wrong arguments
When calling mdadm -C --metadata=imsm -l 1 /dev/sd..
mdadm segfaults in default_chunk_imsm()
above syntax is incorrect, but mdadm should error instead of segfaulting
NeilBrown [Thu, 9 Dec 2010 02:06:29 +0000 (13:06 +1100)]
Allow --update=devicesize with --re-add
This is useful with 1.1 and 1.2 metadata to update the metadata if
the device size has changed.
The same functionality can be achieved by writing to the device size
in sysfs after re-adding normally, but in some cases this might be
easier.
NeilBrown [Thu, 9 Dec 2010 00:51:13 +0000 (11:51 +1100)]
Grow: warn if growing an array will make it degraded.
Growing an array when there aren't enough spares can make the array
degraded. This works but might not be what is wanted.
So warn the user in this case and require a --force to go ahead
with the reshape.
fix: mdadm -Ss for external metadata don't stop container
Sometimes (~50%) mdadm -Ss cannot stop container as mdmon opens its device
and do not close it before exit(). The period between open and release of
handle is too long and md is not able stop device. Releasing handle before
exit does not block md.
fix: incremental on invalid container causes segfault
counterpart of 417f346ee0 for incremental.
If md device has metadata_version="none" super_by_fd() matches
supertype=super0.
Call of load_container() dereferences null, so we have to forbid it.
Adam Kwolek [Fri, 3 Dec 2010 10:33:55 +0000 (21:33 +1100)]
FIX: wait_backup() sometimes hungs
Sometimes wait_backup() omits transition from reshape to idle state
and mdadm seams to be hung. So check the 'complete' count
*before* waiting rather than only after.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Fri, 3 Dec 2010 04:10:20 +0000 (15:10 +1100)]
FIX: Honor !reshape state on wait_reshape() entry
When wait_reshape() function starts it can occurs that reshape is
finished already, before wait_reshape() start. This can lead to wait
for change state inside this function for a long time. To avoid this
before wait we should test if finish conditions are not reached
already.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Fri, 3 Dec 2010 04:03:25 +0000 (15:03 +1100)]
FIX: Do not use layout for raid4 and raid0 while geo map computing
After takeover, layout has no meaning for computing geo map for raid0
and raid4. Set layout to 0 for such cases. It can happen after
takeover operation when not all array information is reread.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Thu, 2 Dec 2010 08:18:49 +0000 (09:18 +0100)]
FIX: Cannot exit monitor after takeover
When performing backward takeover to raid0 monitor cannot exit
for single raid0 array configuration.
Monitor is locked by communication (ping_manager()) after unfreeze()
Do not ping manager for raid0 array as they shouldn't be monitored.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Fri, 3 Dec 2010 03:11:29 +0000 (14:11 +1100)]
Monitor: don't add more spares than needed
When we add a spare to a container it takes a while
before it is noticed by mdmon and recovery starts.
During this time the array remains degraded but we don't want to add
any more spares to this container. Therefore we must check container
with degraded array if it doesn't already have a suitable spare.
container_choose_spare is reused with from=to
Domain check is not needed in this situation.
Ping_manager after moving disk is needed to be able to see
newly added disk in container after coming back through the loop.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Wed, 1 Dec 2010 03:51:27 +0000 (14:51 +1100)]
Create/grow: improve checks on number of devices.
Check on upper limit of number of devices was in the wrong place.
Result was could not create array with more than 27 devices without
explicitly setting metadata, even though default metadata allows more.
Fixed, and also perform check when growing an array.
NeilBrown [Wed, 1 Dec 2010 00:47:32 +0000 (11:47 +1100)]
Assemble: allow an array undergoing reshape to be started without backup file
Though not having the proper backup file can cause data corruption, it
is not enough to justify not being able to start the array at all.
So allow "--invalid-backup" to be specified which says "just continue
even if a backup cannot be restored".
fix: assemble for external metadata generates segfault if invalid device found
An attempt to invoke super_by_fd() on device that has
metadata_version="none" always matches super0 (as test_version is "").
In Assemble() it results in segfault when load_container is invoked
(=null for super0).
As of now load_container is only started if it points to valid pointer.
NeilBrown [Tue, 30 Nov 2010 22:47:21 +0000 (09:47 +1100)]
ddf: don't print warning on assemble
Now that we check the error return of 'update_super' better, we
much make sure that ddf doesn't incorrectly report that the
superblocks are wrong during assemble.
NeilBrown [Tue, 30 Nov 2010 05:34:25 +0000 (16:34 +1100)]
Grow: give useful message when adding bitmap gives EBUSY.
If adding a bitmap fails with EBUSY, then it is because the array is
currently resyncing/recovering/reshaping.
As this is non-obvious, give a message explaining the fact.
Adam Kwolek [Fri, 26 Nov 2010 07:08:01 +0000 (08:08 +0100)]
imsm: Allow multiple spares to be collected.
Assumption for spares searching was that after picking new device, it
has to be added to array before next search. This causes returning
different disk on each call.
When creating a spare list during Online Capacity Expansion, we will
first collect the devices list and then all devices are added to md.
Picked device from spares pool has to be checked against picked
devices so far. If not, the same disk will be returned all the time.
Already picked devices are stored in the list and this list is used
for new devices verification also.
So add an extra arg to imsm_add_spare to hold a list of known
spares to ignore.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 01:53:16 +0000 (12:53 +1100)]
imsm: FIX: core dump during imsm metadata writing
Wrong number of disks during metadata update causes core dump. New
disks number based on internal mdmon information has to used for
calculation (not previously read from metadata).
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 01:28:01 +0000 (12:28 +1100)]
imsm: Add support for general migration
Internal IMSM procedures need to support the General Migration.
It is used during operations like:
- Online Capacity Expansion,
- migration initialization,
- finishing migration,
- apply changes to raid disks etc.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 01:11:09 +0000 (12:11 +1100)]
Treat feature as experimental
Due to fact that IMSM Windows compatibility was not tested yet,
feature has to be treated as experimental until compatibility
verification will be performed.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Mon, 29 Nov 2010 00:57:51 +0000 (11:57 +1100)]
Disk removal support for Raid10->Raid0 takeover
Until now Raid10->Raid0 takeover was possible only if all the mirrors
where removed before md starts the takeover. Now mdadm, when
performing Raid10->raid0 takeover, will remove all unwanted mirrors
from the array before actual md takeover is called.
Signed-off-by: Maciej Trela <maciej.trela@intel.com> Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Fri, 26 Nov 2010 13:29:53 +0000 (14:29 +0100)]
Monitor: fix writing autorebuild.pid
If /var/run/mdadm doesn't exist we can never succeed writing
so we should try to create it first. When we make sure it is there we
write pid file as before.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Fri, 26 Nov 2010 10:51:59 +0000 (11:51 +0100)]
Monitor: reset dev when size too small
Cc: linux-raid@vger.kernel.org, Williams, Dan J <dan.j.williams@intel.com>, Ciechanowski, Ed <ed.ciechanowski@intel.com>
Otherwise spare will be considered good anyway.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Sun, 28 Nov 2010 22:51:27 +0000 (09:51 +1100)]
Monitor: few bug fixes for spare migration
1. If array not changed we should still report any degraded
- another array may have a new spare that we can move.
2. Array with err=1 can't give a spare.
3. We look for spares in "from" not "st" which is supertype
and has devname=NULL.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Sun, 28 Nov 2010 22:40:15 +0000 (09:40 +1100)]
Incremental - avoid including wayward devices.
If a devices - typically in a mirrored set - is assembled
independently of the other devices, and then attempted to be brought
back into the set, it could contain inconsistent data. It should not
be included.
So detect this situation by ensuring that the 'most recent' device is
believed to be active by every other device. If a device is wayward,
it will only consider fellow wayward devices to be active and will
think all others are failed or missing.
This patches fixes --incremental, --assemble was done in an earlier
patch.
NeilBrown [Thu, 25 Nov 2010 07:58:45 +0000 (18:58 +1100)]
Improve opt parsing, and distinguish long from short.
In several cases, two different long options map to the same short
option. So e.g. you could give '--brief' and it would be interpreted
as '--bitmap'. That isn't really good.
So for every shared short option, define an option number and return
that for the long option instead. Then always check for both the
short and long options.
Also give some bugs like " mode == 'G'" which should be '== GROW'.
NeilBrown [Thu, 25 Nov 2010 07:37:23 +0000 (18:37 +1100)]
Monitor: separate 'choose_spare' out from 'move_spare'
choosing a spare from a container is more complicated that
from a native array. So separate out choose_spare to make it easier
to use an alternate implementation
Dan Williams [Tue, 23 Nov 2010 05:39:58 +0000 (16:39 +1100)]
External reshape (step 2): Freeze container
When growing the number of raid disks the reshape process will promote
container-spares to subarray-spares (later the kernel promotes them to
subarray-members in raid5_start_reshape()). The automatic spare
promotion that mdmon performs upon seeing a degraded array must be
disabled until the reshape process has been initiated. Otherwise, mdmon
may start a rebuild before the reshape parameters can be specified.
In the external case we arrange for the monitor to be blocked, and
turn off the safemode delay.
Mdmon is updated to check sync_action is not frozen before initiating
recovery.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams [Thu, 18 Nov 2010 09:22:59 +0000 (10:22 +0100)]
External reshape (step 1): container reshape and ->reshape_super()
In the native metadata case Grow_reshape() and the kernel validate what
reshapes are possible / supported and the kernel handles all the metadata
updates. In the external case the metadata format may have specific
constraints above this baseline. External formats also introduce the
constraint of only permitting some reshapes at container scope versus subarray
scope. For exmaple imsm changes to 'raiddisks' must be applied to all arrays
in the container.
This operation assumes that its 'st' parameter has been obtained from
super_by_fd() (such that st->subarray is up to date), and that a snapshot of
the metadata has been loaded from the container.
Why a new method, versus extending an existing one?
->validate_geometry: this routine assumes it is being called from Create(),
adding reshape complicates the cases that this routine needs to handle. Where
we find that checks can be shared between the two cases those routines
refactored into common code internal to the metadata handler, i.e. no need to
provide a unified external interface. ->validate_geometry() also does not
expect to update the metadata.
->update_super: this is meant to update single fields at Assembly() and only at
the container scope. Reshape potentially wants to update multiple fields at
either container or subarray scope.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams [Thu, 18 Nov 2010 09:22:01 +0000 (10:22 +0100)]
Assemble: fix assembly in the delta_disks > max_degraded case
Incremental assembly works on such an array because the kernel sees the
disk as in-sync and that the array is reshaping. Teach Assemble() the
same assumptions.
This is only needed on kernels that do not initialize ->recovery_offset
when activating spares for reshape.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams [Tue, 23 Nov 2010 04:08:19 +0000 (15:08 +1100)]
Manage: allow manual control of external raid0 readonly flag
mdadm --readwrite <subarray> will clear the external readonly flag ('-'
to '/'), but only for redudant arrays. Allow raid0 arrays as well so
the user has a simple helper to control this flag.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams [Tue, 23 Nov 2010 04:00:54 +0000 (15:00 +1100)]
block monitor: freeze spare assignment for external arrays
In order to support reshape and atomic removal of spares from containers
we need to prevent mdmon from activating spares. In the reshape case we
additionally need to freeze sync_action while the reshape transaction is
initiated with the kernel and recorded in the metadata.
When reshaping a raid0 array we need to freeze the array *before* it is
transitioned to a redundant raid level. Since sync_action does not exist
at this point we extend the '-' prefix of a subarray string to flag
mdmon not to activate spares.
Mdadm needs to be reasonably certain that the version of mdmon in the
system honors this 'freeze' indication. If mdmon is not already active
then we assume the version that gets started is the same as the mdadm
version. Otherwise, we check the version of mdmon as returned by the
extended ping_monitor() operation. This is to catch cases where mdadm
is upgraded in the filesystem, but mdmon started in the initramfs is
from a previous release.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Marcin Labun [Mon, 22 Nov 2010 09:58:07 +0000 (20:58 +1100)]
Policy is aware of metadata disk's controller domains.
Platform (metadata) domain let the metadata handlers differentiate
disk domains based on controllers that the disk belongs to.
Platform domain is sub-domain inside user specified domain
in mdadm.conf configuration files inheriting all parameters from it.
The metadata domain name is used disk domain matching functions.
The disk with the same metadata domain name belong to the same metadata
domain.
New metadata handler is added that retrieves platform domain string based
on disk path:
const char *(*get_disk_controller_domain)(const char *path);
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Mon, 22 Nov 2010 09:58:07 +0000 (20:58 +1100)]
Monitor: teach spare migration about containers
When trying to move a spare, move to the container of a degraded
array, not to the array itself.
And don't try to move from a subarray, only from a native or container
array.
And don't move from a container which contains degraded subarrays.
NeilBrown [Mon, 22 Nov 2010 09:58:07 +0000 (20:58 +1100)]
Monitor: policy based spare migration.
Rather than only migrating between arrays with the same spare_group,
we now migrate based on domains set in the policy.
In order for spare_group to continue to work, we treat it as a domain
of the destination array, and a domain of any device we might remove
from a source array.
Anna Czarnowska [Mon, 22 Nov 2010 09:58:07 +0000 (20:58 +1100)]
imsm: create mdinfo list of disks in a container from supertype
If getinfo_super is called on a container supertype we only get information
on first disk. As a parameter it uses reference to preallocated
mdinfo structure. Amending getinfo_super to return full list of disks
would require ammending all previous calls and subsequently freeing memory
allocated for mdinfo list.
Function container_content that returns a mdinfo list is written
specifically for assembly, performing actions not needed to just fill
mdinfo. It also does not include spares so is unsuitable.
As an alternative a new function getinfo_super_disks is created
to obtain information about all disks states in array.
Existing function sysfs_free is used to free memory
allocated by getinfo_super_disks.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Mon, 22 Nov 2010 09:58:06 +0000 (20:58 +1100)]
mdadm: added --no-sharing option for Monitor mode
--no-sharing option disables moving spares between arrays/containers.
Without the option spares are moved if needed according to config rules.
We only allow one process moving spares started with --scan option.
If there is such process running and another instance of Monitor
is starting without --scan, then we issue a warning but allow it
to continue.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Anna Czarnowska [Mon, 22 Nov 2010 09:58:06 +0000 (20:58 +1100)]
Monitor: set err on arrays not in mdstat
mse can be NULL when the array was not in mdstat when we read it
but existed in statelist and was recreated after reading mdstat.
In this case we set err as we can't get full update on this array
this time.
If the same array is given twice in command line it appears twice
in statelist. The first one will mark mse->devnum=INT_MAX
so the second one can't find mse. We set err on the second one as
it's not needed. Also if it becomes degraded we would look for spares
twice for the same array.
Signed-off-by: Anna Czarnowska <anna.czarnowska@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Mon, 22 Nov 2010 09:58:06 +0000 (20:58 +1100)]
Add action=spare-same-slot policy.
When "mdadm -I" is given a device with no metadata, mdadm tries to add
it as a 'spare' somewhere based on policy.
This patch changes the behaviour in two ways:
1/ If the device is at a 'path' where a previous device was removed
from an array or container, then we preferentially add the spare to
that array or container.
2/ Previously only 'bare' devices were considered for adding as
spares. Now if action=spare-same-slot is active, we will add
non-bare devices, but *only* if the path was previously in use
for some array, and the device will only be added to that array.
Based on code
From: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
NeilBrown [Mon, 22 Nov 2010 09:58:06 +0000 (20:58 +1100)]
incr/spare: recheck allowed action for each metadata.
The current act_spare tests only test if it is allowed for some
metadata.
As we check each array or partitioning type, we need to double-check
that sparing is allowed for that array or partitioning type.
extension of IncrementalRemove to store location (path-id) of removed device
If the disk is taken out from its port this port information is
lost. Only udev rule can provide us with this information, and then we
have to store it somehow. This patch adds writing 'cookie' file in
/dev/.mdadm/failed-slots directory in form of file named with value of
f<path-id> containing the metadata type and uuid of the array (or
container) that the device was a member of. The uuid is in exactly
the same format as in the mapfile.
FAILED_SLOTS_DIR constant has been added to hold the location of
cookie files.