Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-files-11.txt
Thomas Haynes <loghyr@primarydata.com> Wed, 19 July 2017 08:11 UTC
Return-Path: <loghyr@primarydata.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4F8A131C25 for <nfsv4@ietfa.amsl.com>; Wed, 19 Jul 2017 01:11:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.489
X-Spam-Level:
X-Spam-Status: No, score=-2.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=primarydata.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Obn2pKKKlqET for <nfsv4@ietfa.amsl.com>; Wed, 19 Jul 2017 01:11:54 -0700 (PDT)
Received: from us-smtp-delivery-194.mimecast.com (us-smtp-delivery-194.mimecast.com [216.205.24.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26C52131C1E for <nfsv4@ietf.org>; Wed, 19 Jul 2017 01:11:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=PrimaryData.onmicrosoft.com; s=selector1-primarydata-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UJnE/M3s1MEUrbk9Z5S0jDs89xRQo/JsEs56V+GjsRc=; b=SBO2TaEP9j9aCWSqlDpNe4Z4UTYL93uXgFI3HQHd7gyMsLsBG33srUhT/8wjxyXyTWhTtY9b1AIwYWJGtayu8GS/TR5hU1PmAFT1301eEnm344YnoByCrNhcbxnE6U2ROFjeDc2GubV7MiNnNulFTM33DZTJCSVeVmlhQBXU3Ak=
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03lp0050.outbound.protection.outlook.com [216.32.180.50]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-155--oWLvENbNragWwZ6yt5PZg-1; Wed, 19 Jul 2017 04:11:50 -0400
Received: from BY2PR1101MB1093.namprd11.prod.outlook.com (10.164.166.21) by BY2PR1101MB1095.namprd11.prod.outlook.com (10.164.166.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Wed, 19 Jul 2017 08:11:47 +0000
Received: from BY2PR1101MB1093.namprd11.prod.outlook.com ([10.164.166.21]) by BY2PR1101MB1093.namprd11.prod.outlook.com ([10.164.166.21]) with mapi id 15.01.1261.024; Wed, 19 Jul 2017 08:11:47 +0000
From: Thomas Haynes <loghyr@primarydata.com>
To: Rick Macklem <rmacklem@uoguelph.ca>
CC: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-files-11.txt
Thread-Index: AQHS/61eXgmBOhPAi0mf/sAKFaj0LqJZW6EAgADc2wCAAJV6AA==
Date: Wed, 19 Jul 2017 08:11:46 +0000
Message-ID: <1E2202DA-9424-4AEC-AA7E-1F92F5F3B5AF@primarydata.com>
References: <150037229404.11336.16983983178083243373@ietfa.amsl.com> <6B40A2A0-741F-4E5C-849A-847DC1BCAC39@primarydata.com> <YTXPR01MB018967B530A4C9F166670740DDA10@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <YTXPR01MB018967B530A4C9F166670740DDA10@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:67c:370:128:14ca:25a2:43f7:4347]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR1101MB1095; 20:2dkhhHR7hDMS9w9uZPyLc+D1IhIaaeR9+Dkf3PZ6PLe61s7MIj9YFpiVXBksiovlkjoPVDVgJaHUR0DACzAxE/aOLXBMC/ES0ATZJBG10LyljGejlr4DIHLASGG/6VNgWP11CdWZofBBZuvnSw72cLWgD3t4dMNBjaE3P886i/s=
x-ms-office365-filtering-correlation-id: 3b9c8a48-4c34-457e-2deb-08d4ce7dccff
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BY2PR1101MB1095;
x-ms-traffictypediagnostic: BY2PR1101MB1095:
x-exchange-antispam-report-test: UriScan:(278178393323532)(158342451672863)(120809045254105)(236129657087228)(192374486261705)(35073007944872)(148574349560750);
x-microsoft-antispam-prvs: <BY2PR1101MB1095F02844AD41A02393889ECEA60@BY2PR1101MB1095.namprd11.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(2017060910075)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123555025)(20161123558100)(20161123564025)(2016111802025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6043046)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY2PR1101MB1095; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY2PR1101MB1095;
x-forefront-prvs: 0373D94D15
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39410400002)(39400400002)(39830400002)(39450400003)(51444003)(15404003)(51914003)(377454003)(377424004)(24454002)(54896002)(6246003)(236005)(6116002)(102836003)(110136004)(189998001)(14454004)(99286003)(76176999)(5660300001)(50986999)(230783001)(54356999)(36756003)(6306002)(6512007)(6916009)(53936002)(2950100002)(38730400002)(8936002)(2906002)(82746002)(8676002)(81166006)(6506006)(77096006)(6486002)(2900100001)(966005)(6436002)(33656002)(478600001)(229853002)(606006)(3280700002)(3660700001)(4326008)(53546010)(86362001)(83716003)(25786009)(7736002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR1101MB1095; H:BY2PR1101MB1093.namprd11.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: primarydata.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2017 08:11:46.9091 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 03193ed6-8726-4bb3-a832-18ab0d28adb7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR1101MB1095
X-MC-Unique: -oWLvENbNragWwZ6yt5PZg-1
Content-Type: multipart/alternative; boundary="_000_1E2202DA94244AECAA7E1F92F5F3B5AFprimarydatacom_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/5C2CMfGR3F94NYNCX2RdCpUJ-UY>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-files-11.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 08:11:58 -0000
Hi Rick, Thanks for the comments - in particular you helped me in the “SHOULD” wars. Tom On Jul 19, 2017, at 1:16 AM, Rick Macklem <rmacklem@uoguelph.ca<mailto:rmacklem@uoguelph.ca>> wrote: Here's some comments w.r.t. draft11, rick Generically, I think the only effects on the client of "tight" vs "loose" coupling is: Loose coupling (when doing I/O on storage server): - client uses synthetic uid/gid and anonymous stateid - *** when fenced off, client sees NFS4ERR_ACCESS reply to I/O Tight coupling (when doing I/O on storage server): - client uses same uid/gid as for MDS for the file and ffds_stateid - *** when fenced off, client sees NFS4ERR_BAD_STATEID reply to I/O As I tried to point out in my earlier reply, this may or may not be true. Look at https://tools.ietf.org/html/draft-ietf-nfsv4-layout-types-04 : on page 5: Note that there is no requirement on how these are implemented. While the File Layout Type does use the stateid to fence off the client, there is no requirement that other Layout Types use this stateid approach. But the other Layout Types MUST document how the client, metadata server, and storage devices interact to meet these requirements. Since the flex file draft does not spell out how the control protocol will work, it is up to the implementation to do so. I’ve added a new paragraph to the end of section 2.2: The client need not know the model used between the metadata server and the storage device. It need only react consistently to any errors in interacting with the storage device. It should both return the layout and error to the metadata server and ask for a new layout. At that point, the metadata server can either hand out a new layout, hand out no layout (forcing the I/O through it), or deny the client further access to the file. The "***" cases aren't explicitly spelled out in the draft. It might be nice to have something like this near the beginning of the document, so that client implementors aren't confused by the various discussions of "loose" vs "tight" coupling. Now, here's some things I spotted in draft-11. 2.1. LAYOUTCOMMIT The metadata server has the responsibility, upon receiving a LAYOUTCOMMIT (see Section 18.42 of [RFC5661]), of ensuring that the semantics of pNFS are respected (see Section 12.5.4 of [RFC5661]). These do include a requirement that data written to data storage device be stable before the occurance of the LAYOUTCOMMIT. Spelling of occurance as noted before, plus.. I think that this needs to be changed to apply to both loose and tight couplings too? (line 527-530 in the .txt file) I’m torn between I think it is obvious from the context, yet the context of entire section is the difference in models. The first sentence is now: Regardless of the coupling model, the metadata server ... case that there is loose coupling is in effect. If ffdv_tightly_coupled is not set, then the client MUST commit writes to the storage devices for the file before sending a LAYOUTCOMMIT to the metadata server. I.e., the writes MUST be committed by the client to stable storage via issuing WRITEs with stable_how == ... 2.2. Fencing Clients from the Storage Device With loosely coupled storage devices, the metadata server uses synthetic uids and gids for the data file, where the uid owner of the data file is allowed read/write access and the gid owner is allowed read only access. As part of the layout (see ffds_user and ffds_group in Section 5.1), the client is provided with the user and group to be used in the Remote Procedure Call (RPC) [RFC5531] credentials needed to access the data file. Fencing off of clients is achieved by the metadata server changing the synthetic uid and/or gid owners of the data file on the storage device to implicitly revoke the outstanding RPC credentials. It might be nice to add that the client will receive a NFS4ERR_ACCESS reply to I/O operations done against the storage server for the loosely coupled case? I’ve added wording as such... ... With tightly coupled storage devices, the metadata server sets the user and group owners, mode bits, and ACL of the data file to be the same as the metadata file. And the client must authenticate with the storage device and go through the same authorization process it would go through via the metadata server. In the case of tight coupling, fencing is the responsibility of the control protocol and is not described in detail here. However, implementations of the tight coupling locking model (see Section 2.3), will need a way to prevent access by certain clients to specific files by invalidating the corresponding stateids on the storage device. As above, it might be nice to clarify that the client will receive a NFS4ERR_BAD_STATEID for the tight coupled case? Added such wording, but kept the new paragraph. ... strongly coupled. They would use a back-end control protocol to I think David N. mentioned this before, but I think "strongly" should be "tightly"? … Thanks, I must have skipped it in his review. F_FLAGS_NO_IO_THRU_MDS: can be set to indicate that the client SHOULD not send I/O operations to the metadata server. I.e., even if the client could determine that there was a network diconnect to a storage device, the client SHOULD not try to proxy the I/O through the metadata server. Although I'll let the IETF guys debate the correct use of SHOULD, it seems rather strong here, given that it is "at best a hint" as described here: Looking at Section 12.5 of RFC 7862, IO_ADVISE, it uses MAY. I can’t shoehorn MAY and MIGHT with the negation, so “should” it is… And at the very least, “SHOULD not” should be a red flag, in that I MUST use “SHOULD NOT” or “should not”, but not “should NOT” or “SHOULD not”. 5.1.2. Client Interactions with FF_FLAGS_NO_IO_THRU_MDS Even if the metadata server provides the FF_FLAGS_NO_IO_THRU_MDS, flag, the client can still perform I/O to the metadata server. The flag is at best a hint. The flag is indicating to the client that ... data strucures are built on concepts introduced in NFSv4.2, the Spelling of structures. Ack ... 13. Recalling a Layout While Section 12.5.5 of [RFC5661] discusses layout type independent reasons for recalling a layout, the flexible file layout type metadata server should recall outstanding layouts in the following cases: o When the file's security policy changes, i.e., Access Control Lists (ACLs) or permission mode bits are set. I don't think this applies to the "tightly coupled" case, if the server propagates the ACL, perm changes to the storage server? Same comment applies to parts of: Hah, I’m saved since I used “should’ and not “SHOULD” or “MUST”. 15. Security Considerations third para. devices. When the metadata server receives a request to change a file's permissions or ACL, it SHOULD recall all layouts for that file Using the same logic, this should be a “should”. :-) No, I think it has to stay a “SHOULD” and we do have to call out this. I’ve replaced the second paragraph with: The metadata server enforces the file access-control policy at LAYOUTGET time. The client should use RPC authorization credentials (uid/gid for AUTH_SYS or tickets for Kerberos) for getting the layout for the requested iomode (READ or RW) and the server verifies the permissions and ACL for these credentials, possibly returning NFS4ERR_ACCESS if the client is not allowed the requested iomode. For the tightly coupled model, the LAYOUTGET does not return credentials for accessing the storage devices. Instead, the existing credential will be used to enforce subsequent access to the storage device. For the loosely coupled model, if the LAYOUTGET operation succeeds then the client receives, as part of the layout, a set of credentials allowing it I/O access to the specified data files corresponding to the requested iomode. When the client acts on I/O operations on behalf of its local users, it MUST authenticate and authorize the user by issuing respective OPEN and ACCESS calls to the metadata server, similar to having NFSv4 data delegations. (And fwiw, I had the hardest time with this point you brought up.) and then MUST fence off any clients still holding outstanding layouts for the respective files by implicitly invalidating the previously distributed credential on all data file comprising the file in ________________________________________ From: nfsv4 <nfsv4-bounces@ietf.org<mailto:nfsv4-bounces@ietf.org>> on behalf of Thomas Haynes <loghyr@primarydata.com<mailto:loghyr@primarydata.com>> Sent: Tuesday, July 18, 2017 6:06:16 AM To: nfsv4@ietf.org<mailto:nfsv4@ietf.org> Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-files-11.txt This has the FF_FLAGS_WRITE_ONE_MIRROR and the fixed IANA considerations. On Jul 18, 2017, at 12:04 PM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network File System Version 4 of the IETF. Title : Parallel NFS (pNFS) Flexible File Layout Authors : Benny Halevy Thomas Haynes Filename : draft-ietf-nfsv4-flex-files-11.txt Pages : 40 Date : 2017-07-18 Abstract: The Parallel Network File System (pNFS) allows a separation between the metadata (onto a metadata server) and data (onto a storage device) for a file. The flexible file layout type is defined in this document as an extension to pNFS which allows the use of storage devices in a fashion such that they require only a quite limited degree of interaction with the metadata server, using already existing protocols. Client side mirroring is also added to provide replication of files. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-nfsv4-flex-files/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-nfsv4-flex-files-11 https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-flex-files-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-flex-files-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www.ietf.org/mailman/listinfo/nfsv4 _______________________________________________ nfsv4 mailing list nfsv4@ietf.org<mailto:nfsv4@ietf.org> https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] I-D Action: draft-ietf-nfsv4-flex-files-1… internet-drafts
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-fil… Thomas Haynes
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-fil… Rick Macklem
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-fil… Thomas Haynes
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-flex-fil… David Noveck