OT: file systems was Re: Can filepro do drill downs like acess?
Bill Vermillion
fp at wjv.com
Fri Mar 26 14:28:09 PST 2004
You can just hit N now if you don't want to read further.
On Fri, Mar 26, 2004 at 12:54:19PM -0500, Jay R. Ashworth thus spoke:
> On Fri, Mar 26, 2004 at 10:19:48AM -0500, Bill Vermillion wrote:
> > That's one reason they were developed. When these were almost
> > standard for serious operations - sales for example - drives were
> > not that reliable and hardware wasn't that stable - even the best
> > of the HW. These were all on Unix systems BTW. Hard drives were
> > about $4/megabyte if you shopped, or if vendor supplied were
> > in the $8/megabyte range. [A far cry from the $1 Gigabyte
> > we see today for server strength IDE drives [ 50 cents or less for
> > consumer/desktop drives]. The high-end high-capacity SCSI's are in
> > the $6+ per GB.
> Seagate's Cheetah-164 is about $800 right now. That is,
> actually, $.50 a gig.
I saw youre later correction and my figure was based on $1200 that
I researched on a 16k Cheetah with Fiber-channel interface.
> > So on boot a snapshot is made of the drive in it's current state.
> > Multiple parallel fsck's are started in the background and the
> > system is brought up for use. Everything not fsck in the
> > background is essentially in a read-only at this moment.
> > But if a user program needs access the blocks needed are
> > essentially fsck'ed at that point. IOW the fsck is prioritized to
> > fsck blocks as needed. It will update the snapshot made at boot
> > so these are now excluded from the background fsck.
> > In tests an fsck which might take 15-30 minutes if done at boot -
> > even with parallel fscks running - when run in the background it
> > could take 5+ hours. But the system is avialbe immediately for
> > use.
> Actaully, mostof that is being done with journalling
> filesystems, these days, which are effectively the application
> of transactions to filesystem updates: the filesystem
> structure's sanity is preferred at the expense of the data, in
> the event of a crash.
Actually the way I understand it, journalling is going to protect
the data more but at the expense of a coherent file system in case
of a crash. And to be sure of stability you need to run a
journalling system in a synchronous mode with then sacrifices
performance.
This is why McKusick [one of the principle architects of BSD for
years and one of the authors of the 4.2, 4.3, and 4.4 series of
books explaining BSD before it became unencumberd] developed the
softupdates. It sets file system integrity as it's highest
priority and does meta data updates in a synchronous mode, and
planned carefully. THere is about a 40 page paper on that at one of
the University sites.
Then after meta-data is written the rest of the file system is
handled in lazy mode. It's interesting to perform an rm -r on a
source tree of about 350 MB and have the prompt returned back in a
matter of seconds, but then watch the blocks free up slowly -
sometimes taking as long as 2 minutes. Freeing block is not a
high priority but ensuring the FS is stable is.
This is part of the heart of the snapshot mode which runs fsck in
the BG:
A highly edited excerpt from one of the papers:
---------------------------
Home About USENIX Events Membership Publications Students
Running "fsck" in the Background
Marshall Kirk McKusick, Author and Consultant
Abstract
Traditionally, recovery of a BSD fast filesystem after an uncontrolled
system crash such as a power failure or a system panic required the
use of the filesystem checking program, "fsck". Because the filesystem
cannot be used while it is being checked by "fsck", a large server may
experience unacceptably long periods of unavailability after a crash.
....
2. Creating a Filesystem Snapshot
A filesystem snapshot is a frozen image of a filesystem at a given
instant in time. Implementing snapshots in the BSD fast filesystem has
proven to be straightforward. Taking a snapshot entails the following
steps:
1. A snapshot file is created to track later changes to the
filesystem; a snapshot file is shown in Fig. 1. This snapshot file
is initialized to the size of the filesystem's partition, and its
file block pointers are marked as zero which means "not copied."
....
2. A preliminary pass is made over each of the cylinder groups to
copy it to its preallocated backing block. ....
3. The filesystem is marked as "wanting to suspend." In this state,
processes that wish to invoke system calls that will modify the
filesystem are blocked from running, while processes that are
already in progress on such system calls are permitted to finish
them. These actions are enforced by inserting a gate at the top of
every system call that can write to a filesystem. The set of gated
system calls includes "write", "open" (when creating or
truncating), "fhopen" (when creating or truncating), "mknod",
"mkfifo", "link", "symlink", "unlink", "chflags", "fchflags",
"chmod", "lchmod", "fchmod", "chown", "lchown", "fchown",
"utimes", "lutimes", "futimes", "truncate", "ftruncate", "rename",
"mkdir", "rmdir", "fsync", "sync", "unmount", "undelete",
"quotactl", "revoke", and "extattrctl". In addition gates must be
added to "pageout", "ktrace", local domain socket creation, and
core dump creation. The gate tracks activity within a system call
for each mounted filesystem. A gate has two purposes. The first is
to suspend processes that want to enter the gated system call
during periods that the filesystem that the process wants to
modify is suspended. The second is to keep track of the number of
processes that are running inside the gated system call for each
mounted filesystem. When a process enters a gated system call, a
counter in the mount structure for the filesystem that it wants to
modify is incremented. When the process exits a gated system call,
the counter is decremented.
4. The filesystem's status is changed from "wanting to suspend" to
"fully suspended." ....
5. The filesystem is synchronized to disk as if it were about to be
unmounted.
6. Any cylinder groups that were modified after they were copied in
step two are recopied to their preallocated backing block.
....
7. With the snapshot file in place, activity on the filesystem
resumes. Any processes that were blocked at a gate are awakened
and allowed to proceed with their system call.
8. Blocks that had been claimed by any snapshots that existed at the
time that the current snapshot was taken are expunged from the new
snapshot for reasons described below.
During steps three through six, all write activity on the filesystem
is suspended. Steps three and four complete in at most a few
milliseconds. The time for step five is a function of the number of
dirty pages in the kernel. It is bounded by the amount of memory that
is dedicated to storing file pages. It is typically less than a second
and is independent of the size of the filesystem. Typically step six
needs to recopy only a few cylinder groups, so it also completes in
less than a second.
....
5. Implementation of Background "fsck"
Background "fsck" runs by taking a snapshot then running its
traditional algorithms over the snapshot. Because the snapshot is
taken of a completely quiescent filesystem, all of whose dirty blocks
have been written to disk, the snapshot appears to "fsck" to be
exactly like an unmounted raw disk partition. ...
_________________________________________________________________
This paper was originally published in the Proceedings of the BSDCon
'02 Conference on File and Storage Technologies, February 11-14,
2002, Cathedral Hill Hotel, San Francisco, California, USA.
Last changed: 28 Dec. 2001 ml
Technical Program
BSDCon 2002 Home
USENIX home
-----------------------
I hope you found that interesting. I've waited a long time for
relatively small FS'es to have an fsck performed, I'd really not
like to wait while a 250 GB file system [as an example] completes
it's fsck. And users waiting for the system to come back up don't
like it either.
Bill
--
Bill Vermillion - bv @ wjv . com
More information about the Filepro-list
mailing list