[pve-devel] [RFC storage] zfspoolplugin: check if mounted instead of imported
Stoiko Ivanov
s.ivanov at proxmox.com
Thu Feb 18 14:15:56 CET 2021
Thanks for looking at the patch!
On Thu, 18 Feb 2021 13:20:55 +0100
Thomas Lamprecht <t.lamprecht at proxmox.com> wrote:
> On 18.02.21 12:33, Stoiko Ivanov wrote:
> > This patch addresses an issue we recently saw on a production machine:
> > * after booting a ZFS pool failed to get imported (due to an empty
> > /etc/zfs/zpool.cache)
> > * pvestatd/guest-startall eventually tried to import the pool
> > * the pool was imported, yet the datasets of the pool remained
> > not mounted
> >
> > A bit of debugging showed that `zpool import <poolname>` is not
> > atomic, in fact it does fork+exec `mount` with appropriate parameters.
> > If an import ran longer than the hardcoded timeout of 15s, it could
> > happen that the pool got imported, but the zpool command (and its
> > forks) got terminated due to timing out.
> >
> > reproducing this is straight-forward by setting (drastic) bw+iops
> > limits on a guests' disk (which contains a zpool) - e.g.:
> > `qm set 100 -scsi1 wd:vm-100-disk-1,iops_rd=10,iops_rd_max=20,\
> > iops_wr=15,iops_wr_max=20,mbps_rd=10,mbps_rd_max=15,mbps_wr=10,mbps_wr_max=15`
> > afterwards running `timeout 15 zpool import <poolname>` resulted in
> > that situation in the guest on my machine
> >
> > The patch changes the check in activate_storage for the ZFSPoolPlugin,
> > to check if the configured 'pool' (which can also be a sub-dataset) is
> > mounted (via `zfs get mounted <dataset>`).
> >
> > * In case this errors out we try to import the pool (and run `zfs
> > mount -a` if the dataset is not mounted after importing)
> > * In case it succeeds but reports the dataset as not mounted,
> > we run `zfs mount -a`
> >
> > The choice of running `zfs mount -a` has potential for regression, in
> > case someone manually umounts some dataset after booting the system
> > (but does not set the canmount option)
>
> Why not
> # zfs mount <dataset>
> ?
That would only mount the dataset and not anything beneath it, which
is different from what `zpool import` does (without the -N option).
AFAICT there is no way to recursively mount everything below a dataset
(short of manually walking through the tree)
While we mitigated those issues with container-datasets recently (by
explicitly mounting them before starting the container) - this does not
hold true for manually created datasets (e.g. for setting different
properties for certain guests, or for storing backups....)
(in case of the original reproducer, there was a PBS-datastore defined on
a sub-dataset)
>
> >
> > Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> > ---
> > * sending as RFC since I have the feeling that I miss quite a few corner-cases.
> > * an alternative to getting the mounted property via `zfs get` might be
> > parsing /proc/mounts (but zfs get mounted does mostly just that +stating
> > files in /sys, and 2 (potentially blocking) ioctls
> > * could reproduce the issue with ZFS 2.0.1 and 0.8.6 - so my current guess
> > is the issue on the production box might be related to some other
> > performance regression in its disk-subsystem (maybe introduced with the
> > new kernel)
> > * huge thanks to Dominik for many suggestions (including the idea of
> > limiting the disk-speed via our stack instead of dm-delay :)
> >
> > PVE/Storage/ZFSPoolPlugin.pm | 25 +++++++++++++++++++++----
> > 1 file changed, 21 insertions(+), 4 deletions(-)
> >
> > diff --git a/PVE/Storage/ZFSPoolPlugin.pm b/PVE/Storage/ZFSPoolPlugin.pm
> > index 105d802..32ad1c9 100644
> > --- a/PVE/Storage/ZFSPoolPlugin.pm
> > +++ b/PVE/Storage/ZFSPoolPlugin.pm
> > @@ -525,8 +525,17 @@ sub activate_storage {
> > my ($class, $storeid, $scfg, $cache) = @_;
> >
> > # Note: $scfg->{pool} can include dataset <pool>/<dataset>
> > - my $pool = $scfg->{pool};
> > - $pool =~ s!/.*$!!;
> > + my $dataset = $scfg->{pool};
> > + my $pool = ($dataset =~ s!/.*$!!r);
> > +
> > + my $dataset_mounted = sub {
> > + my $mounted = eval { $class->zfs_get_properties($scfg, 'mounted', "$dataset") };
>
> quotes don't do anything here, just gets you a "undefined value in string ..." warning
> if undefined (and underlying run_command does not change behavior either).
>
> I.e.,
>
> # perl -we 'use PVE::Tools qw(run_command); my $arg; run_command(["touch", "$arg"])'
> Use of uninitialized value $arg in string at -e line 1.
> touch: cannot touch '': No such file or directory
> command 'touch ''' failed: exit code 1
>
> vs.
>
> # perl -we 'use PVE::Tools qw(run_command); my $arg; run_command(["touch", $arg])'
> Use of uninitialized value $_[1] in exec at /usr/share/perl/5.28/IPC/Open3.pm line 178.
> touch: cannot touch '': No such file or directory
> command 'touch ''' failed: exit code 1
>
> I like to avoid using quotes in such cases to avoid suggesting that they have
> any use.
sorry - that was a bit shoddy copying - will fix that in a v2
>
> > + if ($@) {
> > + warn "$@\n";
> > + return undef;
> > + }
>
> I know this is just copied, but both should just use a simple
> warn "$@\n" if ($@);
>
> as the return is correctly using a defined check anyway
sounds good
>
>
> > + return defined($mounted) && $mounted =~ m/^yes$/;
> > + };
> >
> > my $pool_imported = sub {
> > my @param = ('-o', 'name', '-H', "$pool");
> > @@ -538,13 +547,21 @@ sub activate_storage {
> > return defined($res) && $res =~ m/$pool/;
> > };
> >
> > - if (!$pool_imported->()) {
> > + if (!defined($dataset_mounted->())) {
>
> don't complicated boolean, drop the defined.
in that case the return value of $dataset_mounted->() is ternary:
* undefined - error during `zfs get` -> we most likely need to import the
pool
* false - pool is imported, but dataset is not mounted -> we need to mount
only (the elsif branch)
* true - everything as it should be
coming to think about it:
this would be problematic, if the storage has a 'pool', which points to a
dataset configured with 'canmount=off' - see the description of 'canmount'
in zfsprops(8) for when this might make sense):
with the current check (if the pool is imported) this would work fine, with
the patch in place this would result in each activate_storage() to call zfs
mount -a.
My expectation is that this does not happen in the wild (manually setting
'canmount' to off for the root-dataset of a storage) - but it is
technically possible - but maybe I'm missing the use-case for this?
>
> > + # error from zfs get mounted - pool import necessary
> > # import can only be done if not yet imported!
> > my @param = ('-d', '/dev/disk/by-id/', '-o', 'cachefile=none', "$pool");
> > eval { $class->zfs_request($scfg, undef, 'zpool_import', @param) };
> > if (my $err = $@) {
> > # just could've raced with another import, so recheck if it is imported
> > - die "could not activate storage '$storeid', $@\n" if !$pool_imported->();
> > + die "could not activate storage '$storeid', $err\n" if !$pool_imported->();
> > + }
> > + if (!$dataset_mounted->()) {
> > + eval { $class->zfs_request($scfg, undef, 'mount', '-a') };
> > + if (my $err = $@) {
> > + # just could've raced with another import, so recheck if it is imported
>
> but you do not (re-)check anything?
will refactor that a bit in the v2
>
> > + die "could not activate storage '$storeid', $err\n";
> > + }
> > }
> > }
> > return 1;
> >
>
More information about the pve-devel
mailing list