1
0
mirror of git://sourceware.org/git/lvm2.git synced 2025-01-05 13:18:20 +03:00
Commit Graph

8190 Commits

Author SHA1 Message Date
Jonathan Brassow
d5896f0afd Mirror: Fix hangs and lock-ups caused by attempting label reads of mirrors
There is a problem with the way mirrors have been designed to handle
failures that is resulting in stuck LVM processes and hung I/O.  When
mirrors encounter a write failure, they block I/O and notify userspace
to reconfigure the mirror to remove failed devices.  This process is
open to a couple races:
1) Any LVM process other than the one that is meant to deal with the
mirror failure can attempt to read the mirror, fail, and block other
LVM commands (including the repair command) from proceeding due to
holding a lock on the volume group.
2) If there are multiple mirrors that suffer a failure in the same
volume group, a repair can block while attempting to read the LVM
label from one mirror while trying to repair the other.

Mitigation of these races has been attempted by disallowing label reading
of mirrors that are either suspended or are indicated as blocking by
the kernel.  While this has closed the window of opportunity for hitting
the above problems considerably, it hasn't closed it completely.  This is
because it is still possible to start an LVM command, read the status of
the mirror as healthy, and then perform the read for the label at the
moment after a the failure is discovered by the kernel.

I can see two solutions to this problem:
1) Allow users to configure whether mirrors can be candidates for LVM
labels (i.e. whether PVs can be created on mirror LVs).  If the user
chooses to allow label scanning of mirror LVs, it will be at the expense
of a possible hang in I/O or LVM processes.
2) Instrument a way to allow asynchronous label reading - allowing
blocked label reads to be ignored while continuing to process the LVM
command.  This would action would allow LVM commands to continue even
though they would have otherwise blocked trying to read a mirror.  They
can then release their lock and allow a repair command to commence.  In
the event of #2 above, the repair command already in progress can continue
and repair the failed mirror.

This patch brings solution #1.  If solution #2 is developed later on, the
configuration option created in #1 can be negated - allowing mirrors to
be scanned for labels by default once again.
2013-10-22 19:14:33 -05:00
Peter Rajnoha
039bdad732 activation: flag temporary LVs internally
Add LV_TEMPORARY flag for LVs with limited existence during command
execution. Such LVs are temporary in way that they need to be activated,
some action done and then removed immediately. Such LVs are just like
any normal LV - the only difference is that they are removed during
LVM command execution. This is also the case for LVs representing
future pool metadata spare LVs which we need to initialize by using
the usual LV before they are declared as pool metadata spare.

We can optimize some other parts like udev to do a better job if
it knows that the LV is temporary and any processing on it is just
useless.

This flag is orthogonal to LV_NOSCAN flag introduced recently
as LV_NOSCAN flag is primarily used to mark an LV for the scanning
to be avoided before the zeroing of the device happens. The LV_TEMPORARY
flag makes a difference between a full-fledged LV visible in the system
and the LV just used as a temporary overlay for some action that needs to
be done on underlying PVs.

For example: lvcreate --thinpool POOL --zero n -L 1G vg

- first, the usual LV is created to do a clean up for pool metadata
  spare. The LV is activated, zeroed, deactivated.

- between "activated" and "zeroed" stage, the LV_NOSCAN flag is used
  to avoid any scanning in udev

- betwen "zeroed" and "deactivated" stage, we need to avoid the WATCH
  udev rule, but since the LV is just a usual LV, we can't make a
  difference. The LV_TEMPORARY internal LV flag helps here. If we
  create the LV with this flag, the DM_UDEV_DISABLE_DISK_RULES
  and DM_UDEV_DISABLE_OTHER_RULES flag are set (just like as it is
  with "invisible" and non-top-level LVs) - udev is directed to
  skip WATCH rule use.

- if the LV_TEMPORARY flag was not used, there would normally be
  a WATCH event generated once the LV is closed after "zeroed"
  stage. This will make problems with immediated deactivation that
  follows.
2013-10-23 14:09:37 +02:00
Peter Rajnoha
1dd6626696 cleanup: for commit 546db1c
- properly clean lvm2-pvscan@.service on distclean
 - use @sbindir@ for sbin path in ExecStop
2013-10-23 09:48:33 +02:00
Peter Rajnoha
9883bffb04 WHATS_NEW: typo 2013-10-22 16:37:02 +02:00
Peter Rajnoha
b109bfc1ef blkdeactivate: fix endless loop if device(s) given and unable to umount/deactivate
The blkdeactivate script iterates over the list of devices if they're
given as an argument and it tries to umount/deactivate them one by one.

This iteration failed to proceed if any of the umount/deactivation
was unsuccessful - there was a missing "shift" call to move to the
next argument (device) for processing. As a result of this, the same
device was tried again and again, causing an endless loop, never
proceeding to the next device given.
2013-10-22 16:24:39 +02:00
Peter Rajnoha
c3f44a0c66 make: correct sed line in udev's Makefile 2013-10-22 15:13:58 +02:00
Peter Rajnoha
3fee661028 udev+systemd: refine lvm2-pvscan@.service to better track device existence
When using ENV{SYSTEMD_WANTS}=lvm2-pvscan@... to instantiate a service
for lvmetad scan when the new PV appears in the system, the service
is started and executed. However, to track device removal, we need
to bind it (the "BindsTo" systemd directive) to a certain .device
systemd unit.

In default systemd setup, the device is tracked by it's name and
sysfs path (there's normally a sysfs path .device systemd unit for
a device and then the device name .device unit as an alias for it).
Neither of these two is useful for lvmetad update as we need to bind
it to device's <major>:<minor> pair.

The /dev/block/<major>:<minor> is the essential symlink under /dev
that exists for each block device (created by default udev rules
provided by udev directly). So let's use this as an alias for
the device's .device unit as well by means of "ENV{SYSTEMD_ALIAS}"
declaration within udev rules which systemd understands (this will
create a new alias "dev-block-<major>:<minor>.device".

Then we can easily bind the "dev-block-<major>:<minor>" device
systemd unit with instantiated lvm2-pvscan@<major>:<minor>.service.
So once the device is removed from the systemd, the
lvm-pvscan@<major>:<minor>.service executes it's ExecStop action
(which in turn notifies lvmetad about the device being gone).

This completes the udev-systemd-lvmetad interaction then.
2013-10-22 14:22:40 +02:00
Peter Rajnoha
0a48137d39 pvscan: use major:minor as short form of --major and --minor arg for pvscan --cache
Before, pvscan recognized either:
  pvscan --cache --major <major> --minor <minor>
or
  pvscan --cache <DevicePath>

When the device is gone and we need to notify lvmetad about device
removal, only --major/--minor works as we can't translate DevicePath
into major/minor pair anymore. The device does not exist in the system
and we don't keep DevicePath index in lvmetad cache to make the
translation internally into original major/minor pair. It would be
useless to keep this index just for this one exact case.

There's nothing bad about using "--major <major> --minor <minor>",
but it makes our life a bit harder when trying to make an
interconnection with systemd units, mainly with instantiated services
where only one and only one arg can be passed (which is encoded in the
service name).

This patch tries to make this easier by adding support for recognizing
the "<major>:<minor>" as a shortcut for the longer form
"--major <major> --minor <minor>". The rule here is simple: if the argument
starts with "/", it's a DevicePath, otherwise it's a <major>:<minor> pair.
2013-10-22 13:52:18 +02:00
Mike Snitzer
65456a4a29 vgimportclone: remove 2>/dev/null from three lvm commands
There is no point eating stderr for these commands.  In fact the
redirect causes confusion and hurts dubugging.

Also reword an error message if the pvs command fails so as not be
certain that a device is not a PV.  Coupled with removing the stderr
redirect this will improve the user experience in the face of errors.
2013-10-21 18:04:14 -04:00
Jonathan Brassow
7763607f36 TEST: Test was trying to kill 2 devices in RAID5 instead of RAID6
Segment type being used for test should have been 'raid6'.
2013-10-18 09:33:37 -05:00
Peter Rajnoha
546db1c4be udev+systemd: make pvscan --cache -aay run as systemd background job from udev
The new lvm2-pvscan@.service is responsible for on-demand execution
of "pvscan --cache --activate ay" which causes lvmetad to be
updated and LVM activation done if the VG is complete.

Also, use udev-systemd mechanism to instantiate the job as the
lvm2-pvscan@$devnode.service on each newly appeared PV in the system.
This prevents the background job to be killed (that would happen
if it was directly forked from udev rule - this behaviour is seen
in recent versions of udev with the help of systemd that can track
detached processes - the detached process would still be in the same
cgroup).

To enable this official udev-systemd protocol for instantiating
background jobs, use new --enable-udev-systemd-background-jobs
configure switch (it's disabled by default). This option is highly
recommended wherever systemd is used!
2013-10-18 11:38:49 +02:00
Zdenek Kabelac
9f406ce252 tests: drop settle for old systems
Reverts previously added udevsettle call.

Seems to be unrelated, while udev on old system may take over 10
minutes, to finish it's very slow and CPU intensive work, it doesn't
interact directly with created device, only access /dev/mapper/control
node via dmsetup, so the device is ocasionaly blocked by something else.
2013-10-17 22:54:12 +02:00
Zdenek Kabelac
7f4452a41e tests: older losetup allows only single device name
Stay compatible with only 1 arg for losetup -d
2013-10-17 17:52:42 +02:00
Zdenek Kabelac
d9e44112c5 tests: fix last commit
It must not fail here during execution, so always check in a way
that '||' is used for call of settle.
2013-10-17 16:59:30 +02:00
Zdenek Kabelac
66f4698a93 tests: workaround udevd compromising tests
Patch helps a bit when lvm2 is build with disabled udev_sync support,
but udevd runs in the system - so it randomly influences unrelated tests
even - so before every test wait at least till udevd is settled.
2013-10-17 16:19:06 +02:00
Zdenek Kabelac
93a07a1b84 tests: fix exporting content of make vars
Further tune script, so it works correctly with
usable and unusable thin tools.
2013-10-17 11:57:35 +02:00
Zdenek Kabelac
f9725503f8 tests: use bash for bash script
This script needs bash
2013-10-17 11:57:34 +02:00
Mikulas Patocka
ed30145f4a libdm: fix races with udev
On modern systems udev manages nodes in /dev/mapper directory.
It creates, deletes and renames the nodes according to the
state of the kernel driver.

When the dmsetup is compiled without udev support (--enable-udev_sync)
and runs on the system with running udevd it tries to manage nodes in
/dev/mapper too, so it can race with udev.
dmsetup checks if the node was created/deleted/renamed with the stat
syscall, and skips the operation if it was. However, if udev
creates/deletes/renames the node after the stat syscall and before the
mknod/unlink/rename syscall, dmsetup reports an error.

Since in the system everything happened as expected, skip reporting
error for such case.

These races can be easily provoked by inserting sleep at appropriate
places.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
2013-10-17 11:57:33 +02:00
Zdenek Kabelac
3ac7f927e1 libdm: do not show holders missing error
On older system this may not be present, so skip this error message.
2013-10-17 11:55:21 +02:00
mpatocka@redhat.com
efd1dc6bd3 headers: use __linux__ instead of linux
This file may be included by other programs, so it should be compliant
with the C standard.

* use __linux__ instead of linux - __linux__ is always defined, linux is
  not defined when gcc runs in standard-compliant mode (with -std=c89 or
  -std=c99) because the C standard doesn't allow polluting namespace
  with arbitrary defines.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
2013-10-17 11:54:44 +02:00
Peter Rajnoha
3924a041ba coverity: sscanf should use "%u" instead of "%i"
The "age" variable is unsigned:

  unsigned age = 0;
  ...
  if (argc == 2 && (sscanf(argv[1], "%i", &age) != 1))
2013-10-17 10:17:16 +02:00
Zdenek Kabelac
9b13cb8687 tests: correct LVM_TEST_THIN_CHECK_CMD
missed to use proper shell variable
2013-10-16 15:10:03 +02:00
Peter Rajnoha
ee878bc52c coverity: assigned variable not used and reassigned later 2013-10-16 15:06:43 +02:00
Zdenek Kabelac
dd3a2f13f1 thin: missed check for thin_pool in last update 2013-10-16 12:47:30 +02:00
Zdenek Kabelac
73971e1e7b tests: test repairability of thin pool
Initial testing of thin pool's metadata with thin repairing tools.
Try to use tools from configuration settings, but allow them
to be overriden by settings of these variables:
LVM_TEST_THIN_CHECK_CMD,
LVM_TEST_THIN_DUMP_CMD,
LVM_TEST_THIN_REPAIR_CMD

FIXME: test reveals some more important bugs:
  pvremove -ff also needs --yes
  vgremove -ff doesn not remove metadata when there are no real LVs.
  vgreduce is not able to reduce VG with pool without pool's PVs
2013-10-16 10:54:59 +02:00
Zdenek Kabelac
7ab5f29a9c tests: add wait
We need to wait till kill really kills sleep
2013-10-16 10:53:03 +02:00
Zdenek Kabelac
1b7631101b thin: fix lvconvert for active pool.
Prohibit conversion of pool device with active thin volumes.
Properly restore active states only for active thin pool volume.
Use new LV_NOSCAN when converting volume into thin pool's metadata.
2013-10-16 10:53:01 +02:00
Peter Rajnoha
48df36b8c5 activation: check for open count with a timeout before removal/deactivation of an LV
This patch reinstates the lv_info call to check for open count of
the LV we're removing/deactivating - this was changed with commit 125712b
some time ago and we relied on the ioctl retry logic deeper in the libdm
while calling the exact 'remove' ioctl.

However, there are still some situations in which it's still required to
check for open count before we do any 'remove' actions - this mainly
applies to LVs which consist of several sub LVs, like it is for
virtual snapshot devices.

The commit 1146691 fixed the issue with ordering of actions during
virtual snapshot removal while the snapshot is still open. But
the check for the open status of the snapshot is still prone to
marking the snapshot as in use with an immediate exit even though
this could be a temporary asynchronous open only, most notably
because of udev and its WATCH udev rule with accompanying scans
for the event which is asynchronous. The situation where this crops
up most often is when we're closing the LV that was open for read-write
and then calling lvremove immediately.

This patch reinstates the original lv_info call for the open status
of the LV in the lv_check_not_in_use fn that gets called before
we do any LV removal/deactivation. In addition to original logic,
this patch adds its own retry loop with a delay (25x0.2 seconds)
besides the existing ioctl retry loop.
2013-10-15 12:44:42 +02:00
Jonathan Brassow
d97583cfd3 RAID: Better error message when attempting scrubbing op on thinpool LV
Component LVs of a thinpool can be RAID LVs.  Users who attempt a
scrubbing operation directly on a thinpool will be prompted to
specify the sub-LV they wish the operation to be performed on.  If
neither of the sub-LVs are RAID, then a message telling them that
the operation can only be performed on a RAID LV will be given.
2013-10-14 15:14:16 -05:00
Jonathan Brassow
f58b26b633 RAID: Report RAID images split with tracking as out-of-sync ("I").
Split image should have an out-of-sync attr ('I') - always.  Even if
the RAID LV has not been written to since the LV was split off, it is
still not part of the group that makes up the RAID and is therefore
"out-of-sync".
2013-10-14 10:48:44 -05:00
Zdenek Kabelac
0f55d7cccc tests: lvcreate and snapshot update
Test creation really in cluster.
Update test to check removal when snapshot device is being held open.
2013-10-14 00:29:03 +02:00
Zdenek Kabelac
9f8f6bfefe tests: harness updates
Reshape code a bit to make sockepair 'swappable' with plain old pipe
call.

Display status for FAILED error.

Increase buffer to hold always at least 1 page size.

Print error results with capitals.
2013-10-14 00:26:59 +02:00
Zdenek Kabelac
851bba258c snapshot: rework parsing of snapshot metadata
Add better parsing code for snapshot metadata, which describe
properly errors found for snapshot segment.
2013-10-14 00:26:58 +02:00
Zdenek Kabelac
1146691afc snapshot: deactivate virtual snapshot first
Since the virtual snapshot has no reason to stay alive once we
detach related snapshot - deactivate whole thing in front of
snapshot removal - otherwice the code would get tricky for
support in cluster.

The correct full solution would require to have transactions
for libdm operations.

Also enable to the check for snapshot being opened prior
the origin deactivation, otherwise we could easily end
with the origin being deactivate, but snapshot still kept
active, desynchronizing locking state in cluster.
2013-10-14 00:25:15 +02:00
Zdenek Kabelac
ac961087b0 snapshot: disable merging for virtual snaps
Merging into virtual origin is not supposed to work.
2013-10-12 00:15:55 +02:00
Zdenek Kabelac
81504ba70c snapshot: move virtsnap code from tool to lib
Move code for removal dependency from tool's remove.c
into lib's manipulation code.

Same code then works with lvm2app.
2013-10-12 00:14:52 +02:00
Peter Rajnoha
6b35c70e8b metadata: add INTERNAL_ERROR to "Metadata inconsistency" msg
So we can spot it better if it occurs.
2013-10-10 13:34:43 +02:00
Peter Rajnoha
029b8fbe76 metadata: properly register LV_NOSCAN flag
Addendum to commit ce7489e which introduced a new *internal* LV_NOSCAN
flag and so it needs to be marked that way properly otherwise it
ends up unrecognized and improperly handled during metadata export.
2013-10-10 13:24:32 +02:00
Peter Rajnoha
304159c99a cleanup: WHATS_NEW + compiler warning about discarding const 2013-10-10 09:09:16 +02:00
Petr Rockai
7d299ecbb3 libdaemon: Fix a subtle race in worker thread creation. 2013-10-10 00:34:35 +02:00
Petr Rockai
cb613d4c10 lvmetad: Fix a possible deadlock in pv_clear_all. 2013-10-10 00:34:35 +02:00
Petr Rockai
b5aad86710 libdm: Fix a data race in dm_pool_{create,destroy}. 2013-10-10 00:34:35 +02:00
Petr Rockai
529a13ec89 libdm: Link to libpthread unconditionally. 2013-10-10 00:34:35 +02:00
Alasdair G Kergon
7bed6d1263 filters: Add NVM Express (nvme). 2013-10-09 20:08:07 +01:00
Peter Rajnoha
1b91847beb WHATS_NEW: commit 0decd75 2013-10-09 15:59:19 +02:00
Petr Rockai
bcb44281b7 lvmetad: Do not try to lock a NULL vgid. 2013-10-09 14:56:06 +02:00
Petr Rockai
17f3b8280b test: Correctly trigger inconsistent metadata repair in lvmcache-exercise.
Since lvconvert --repair sets handles_missing_pvs, it will not repair
inconsistent metadata automatically. Calling lvs instead should do the trick.
2013-10-09 14:44:15 +02:00
Petr Rockai
0decd7553a metadata: Fix metadata repair paths when lvmetad is used. 2013-10-09 14:44:01 +02:00
Petr Rockai
fbb6de845e test: Make comma a separator as in make check T=lvconvert,lvcreate 2013-10-09 14:02:34 +02:00
Peter Rajnoha
863be9d9c6 WHATS_NEW: commit d888a05 and 808a5d9 2013-10-09 12:11:12 +02:00