Sage Weil [Wed, 12 Dec 2012 01:15:56 +0000 (17:15 -0800)]
os/JournalingObjectStore: un-break op quiescing during journal replay
Commit d9dce4e9273adb4279519d65a0d8bfdfecb5c516 broke journal replay
because the commit thread may try to do a commit, and the ops are not
being applied via the normal work queue. Add back in a simpler form of the
old op quiescing (simpler because there is a single thread doing the
replay).
Signed-off-by: Sage Weil <sage@inktank.com> Reviewed-by: Samuel Just <sam.just@inktank.com>
Yehuda Sadeh [Tue, 11 Dec 2012 21:41:50 +0000 (13:41 -0800)]
mds: shutdown cleanly if can't authenticate
Fixes: #3590
This was triggered when tried to run mds with cephx enabled
against a mon without cephx support. We didn't handle the
returned error at all, so this one fixes it. It also makes
sure that we don't continue initialization until rotating
keys are in place (as the osd does).
Rename operation can call predirty_journal_parents() several times.
So a directory fragment's rstat can also be modified several times.
But only the first modification is journaled because EMetaBlob::add_dir()
does not update existing dirlump.
For example: when hanlding 'mv a/b/c a/c', Server::_rename_prepare may
first decrease directory a and b's nested files count by one, then
increases directory a's nested files count by one.
Sage Weil [Tue, 11 Dec 2012 00:41:19 +0000 (16:41 -0800)]
config: do not always print config file missing errors
Do not generate errors each time we fail to open a config file; only
generate one at the end if a search path was specified and none were
usable, right before we (already) exit. This avoids spamming stderr
about each path we tried in the search list before we found a good one.
Samuel Just [Mon, 10 Dec 2012 21:38:24 +0000 (13:38 -0800)]
config_opts.h: adjust recovery defaults
osd max backfills: 5 was too low for a default, 10
seems to work better in testing. The message
priority system should minimize disruption of
push and pull operations anyway.
osd recovery max chunk: 1MB was too small for a
default. 8MB is reasonable for a single push
and will allow us to recover an rbd block in
one push rather then 4 reducing client io
latency during log-based recovery.
osd recovery op priority: 10 rather than 30 will
further reduce the client io latency impact of
push and pull operations.
Sage Weil [Sun, 9 Dec 2012 05:44:54 +0000 (21:44 -0800)]
mon: fix leak of pool op reply data
We pass a pointer because it is an optional argument, but we shouldn't
put the bufferlist on the heap or else we have to manage it's life
cycle, and that's fragile (and previously broken).
Sage Weil [Fri, 7 Dec 2012 00:18:07 +0000 (16:18 -0800)]
filestore: simplify op quescing
The delicate balancing with op_apply_start() and that fact that it can
block was making it very hard to determine how long commit_start() should
wait, since requests in the workqueue threads could op_apply_start() in
any order. For example,
threadA: gets osr1 from wq
threadA: gets osr2 from wq
threadA: dequeue seq 11 from osr1, op_apply_start
threadC: commit_start on 11
threadA: op_apply_finish on seq 11
threadC: commit_started, commit_finish
threadB: dequeue seq 10 from osr2
<failed assert, badness>
Instead, rip out all this code, and use the ThreadPool pause() method to
quiesce operations. Keep some of the (now unnecessary) fields around
for sanity checks (blocked, open_ops, max_applying_seq, etc.).
Samuel Just [Tue, 4 Dec 2012 19:36:58 +0000 (11:36 -0800)]
PG: remove last_epoch_started asserts in proc_primary_info
These asserts are valid for a uniform cluster, but they won't hold
for a replica running a version without the info.last_epoch_started
patch.
Signed-off-by: Samuel Just <sam.just@inktank.com> Reviewed-by: Greg Farnum <greg@inktank.com>
(cherry picked from commit 0756052cff542ab02d653b40c37a645b395f31b3)
Sage Weil [Wed, 5 Dec 2012 13:56:37 +0000 (05:56 -0800)]
mds: move from EXCL to SYNC if nobody wants to write
We were moving to the MIX even if nobody wanted to write; that is not
useful, since if we only want to read SYNC will let us cache those reads.
SYNC is also a more friendly place (all things equal) to be.
mon: Monitor: rework 'paxos' to a list instead of a vector
After adding the gv patches, during Monitor::recovered_leader() we started
waking up contexts following the order of the 'paxos' vector. However,
given that the mdsmon has a forgotten dependency on the osdmon paxos
machine, we were incurring in a situation in which we proposed a value
through the osdmon before creating a new pending value (but by being
active, the mdsmon would go through with it nonetheless).
This is easily fixed by making sure that the mdsmon callbacks are only
awaken *after* the osdmon has been taken care of.
Fixes: #3495 Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
Samuel Just [Thu, 6 Dec 2012 01:05:38 +0000 (17:05 -0800)]
OSD: store current pg epoch in info and load at that epoch
Prior to split, this did not matter. With split, however, it's
crucial that a pg go through advance_pg() for the map causing
the split. During operation, a PG lags the OSD superblock
epoch. If the OSD dies after the OSD epoch passes the split
but before the pg epoch passes the split, the PG will be
reloaded at the OSD epoch and won't see the split operation.
The PG collection might after that point contain incorrect
objects which should have been split into a child.
Samuel Just [Wed, 21 Nov 2012 00:47:49 +0000 (16:47 -0800)]
OSD: add initial split support
PGs are split after updating to the map on which they split.
OSD::activate_map populates the set of currently "splitting"
pgs. Messages for those pgs are delayed until the split
is complete. We add the newly split children to pg_map
once the transaction populating their on-disk state completes.
Samuel Just [Thu, 6 Dec 2012 22:52:13 +0000 (14:52 -0800)]
librados: watch() should set the WRITE flag on the op
This caused a bug where the watch operation bypassed the is_degraded()
check in the write path and the repop got sent to the replica where the
replica crashed due to the is_missing() assert in sub_op_modify.
Signed-off-by: Samuel Just <sam.just@inktank.com> Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Samuel Just [Thu, 6 Dec 2012 21:57:01 +0000 (13:57 -0800)]
HashIndex: fix list_by_hash handling of next->is_max()
get_path_str() should not handle hobject_t::get_max(). get_path_str()
now asserts that the passed object is not max and the callers now check
for is_max(). This caused HashIndex.cc to incorrectly scan an entire
collection before returning no objects rather than scanning the top
level and returning no objects. It did not actually list_by_hash to
return an incorrect answer, however.
Signed-off-by: Samuel Just <sam.just@inktank.com> Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Sam Lang [Thu, 6 Dec 2012 05:11:10 +0000 (21:11 -0800)]
client: Allow cap release timeout to be configured
The delay for releasing an inode's capability is
hardcoded to 5 seconds. This patch takes the timeout
value from a config parameter, which defaults presently
to 5 seconds.
Dan Mick [Tue, 4 Dec 2012 04:59:17 +0000 (20:59 -0800)]
librbd: hold AioCompletion lock while modifying global state
C_AioRead::finish needs to add in each chunk of a partial read
request to the 'partial' map in the AioCompletion's state
(in destriper, of type StripedReadResult). That map is global
and must be protected from simultaneous access. Use the
AioCompletion lock; could create a separate lock if contention is an
issue.
Dan Mick [Sat, 1 Dec 2012 02:11:09 +0000 (18:11 -0800)]
librbd: handle parent change while async I/Os are in flight
During a test_librbd_fsx run including flatten, ImageCtx->parent
was being dereferenced while null. Between the time the parent
overlap is calculated and the time the guard+write completes
with ENOENT and submits the copyup+write, the parent image
could have changed (by resize) or been made irrelevant (by
child flatten) such that the parent overlap is now incorrect.
Handle "no parent" by just sending the copyup+write; the copyup
part will be a no-op. Move to WRITE_FLAT state in this case
because there's no more child to deal with.
Handle "overlap changed" by recalculating overlap before
reading parent data; if none is left, don't read, but rather
just clear m_object_image_extents, in which case the copyup
will again be a no-op because it will be of zero length.
However we still have a parent, so stay in WRITE_COPYUP state
and come back through as usual.
Dan Mick [Tue, 4 Dec 2012 04:59:17 +0000 (20:59 -0800)]
librbd: hold AioCompletion lock while modifying global state
C_AioRead::finish needs to add in each chunk of a partial read
request to the 'partial' map in the AioCompletion's state
(in destriper, of type StripedReadResult). That map is global
and must be protected from simultaneous access. Use the
AioCompletion lock; could create a separate lock if contention is an
issue.
Fixes: #3567 Signed-off-by: Dan Mick <dan.mick@inktank.com>
Dan Mick [Sat, 1 Dec 2012 02:11:09 +0000 (18:11 -0800)]
librbd: handle parent change while async I/Os are in flight
During a test_librbd_fsx run including flatten, ImageCtx->parent
was being dereferenced while null. Between the time the parent
overlap is calculated and the time the guard+write completes
with ENOENT and submits the copyup+write, the parent image
could have changed (by resize) or been made irrelevant (by
child flatten) such that the parent overlap is now incorrect.
Handle "no parent" by just sending the copyup+write; the copyup
part will be a no-op. Move to WRITE_FLAT state in this case
because there's no more child to deal with.
Handle "overlap changed" by recalculating overlap before
reading parent data; if none is left, don't read, but rather
just clear m_object_image_extents, in which case the copyup
will again be a no-op because it will be of zero length.
However we still have a parent, so stay in WRITE_COPYUP state
and come back through as usual.
Signed-off-by: Dan Mick <dan.mick@inktank.com> Fixes: #3524
Samuel Just [Wed, 12 Sep 2012 16:38:05 +0000 (09:38 -0700)]
PGMonitor,OSD: don't send creates on split
Splits will be handled when the map update effecting the split is
processed for the splitting pg on each OSD. This will mesh
with the pg history which will place the new pg at the current
positions of the splitting pg.
Samuel Just [Sun, 18 Nov 2012 02:18:23 +0000 (18:18 -0800)]
os/: Add CollectionIndex::prep_delete
If an unlink is interupted between removing the file
and updating the subdir attribute, the attribute will
overestimate the number of files in the directory. This
is by design, at worst we will merge the collection later
than intended, but closing the gap would require a second
subdir xattr update. However, this can in extreme cases
result in a collection with subdirectories but no objects.
FileStore::_destry_collection would therefore see an
erroneous -ENOTEMPTY.
prep_delete allows the CollectionIndex implementation to
clean up state prior to removal.
Several pieces of HashIndex involve multi-step operations
which are sensitive to OSD crashes. This patch introduces
failure injection to force retries from various points in
the LFNIndex helper methods to be used with store_test.cc.
Yan, Zheng [Tue, 4 Dec 2012 08:09:48 +0000 (16:09 +0800)]
mds: journal remote inode's projected parent
Server::_rename_prepare() adds remote inode's parent instead of
projected parent to the journal. So during journal replay, the
journal entry for the rename operation will wrongly revert the
remote inode's projected rename. This issue can be reproduced by:
Yan, Zheng [Tue, 4 Dec 2012 08:09:47 +0000 (16:09 +0800)]
mds: don't create bloom filter for incomplete dir
Creating bloom filter for incomplete dir that was added by log
replay will confuse subsequent dir lookup and can create null
dentry for existing file. The erroneous null dentry confuses the
fragstat accounting and causes undeletable empty directory.
The fix is check if the dir is complete before creating the bloom
filter. For the MDCache::trim_non_auth{,_subtree} cases, just do
not call CDir::add_to_bloom because bloom filter is useless for
replica.
Yan, Zheng [Tue, 4 Dec 2012 08:09:48 +0000 (16:09 +0800)]
mds: journal remote inode's projected parent
Server::_rename_prepare() adds remote inode's parent instead of
projected parent to the journal. So during journal replay, the
journal entry for the rename operation will wrongly revert the
remote inode's projected rename. This issue can be reproduced by:
Yan, Zheng [Tue, 4 Dec 2012 08:09:47 +0000 (16:09 +0800)]
mds: don't create bloom filter for incomplete dir
Creating bloom filter for incomplete dir that was added by log
replay will confuse subsequent dir lookup and can create null
dentry for existing file. The erroneous null dentry confuses the
fragstat accounting and causes undeletable empty directory.
The fix is check if the dir is complete before creating the bloom
filter. For the MDCache::trim_non_auth{,_subtree} cases, just do
not call CDir::add_to_bloom because bloom filter is useless for
replica.
projects / ceph.git / log