Re: [nfsv4] RFC 7530: Filehandle of opened file after the REMOVE

[David Noveck <davenoveck@gmail.com>]

Bruce wrote:

> I think this is what OPEN4_RESULT_PRESERVE_UNLINKED in 5661 was meant to
> do.

In fact it was.  See the sixth bullet in section 1.8 of RFC5661.

The problem I see is that it doesn't solve the problem that Marcel has
pointed out.  If client A
opens the file and client B removes it, there is no way it can decide
whether or not to do a
silly rename.  Since he hasn't opened, the file he doesn't see the flag
indicating it is not
needed.  Also, since the file is not open he has no indication that it is
needed either.  So client
B will do a REMOVE in all cases.

Server implementations may or may not preserve the file until last close.
For those that do,
everything will work out OK, while for those that don't, there isn't much
that the client can
do.  If he did find out the server did not have the support, he has o way
to defer the remove
until last close because he has no way of finding out when this happens,

Trond wrote:

> There are 4 main problems that are inadequately discussed in any of the
existing RFCs,
> and that you need to address before we can consider replacing sillyrename

It appears it has already been considered and spec'd but the spec may not be
adequate.  Sigh!

> (which is well established today, and well understood by most users).

Most people understand why it works when it does but don't understand why
it doesn't
work in some cases.  So they are happy until they aren't.

> 1) How does the client identify that the server supports this
functionality?

The problem is that the client who doesn't open file, the troublesome case,
is exactly the one in which
he receives no information.  The client who does the open finds out silly
rename is not needed, but, in
this case, silly rename seems to work OK.

> 2) What functionality is needed on the underlying filesystems on the
server?

Almost all filesystems have the ability to defer deletion until the last
close.  If they don't, they
are not very usable.  Servers which don't support this are not suffering
from a lack of filesystem
functionality.  Instead, the problem seems to be that some servers have an
NFSv4 open which
either doesn't connect the to the underlying open functionality or there is
no underlying open functionality.

> 3) How does the server function in the case of a reboot? What can the
client expect in terms of recoverability?

This is addressed b section 18.16.3 of rfc5661.  The third bullet on page
 449 says:

Furthermore, the server promises to preserve the file through the
grace period after server restart, thereby giving the client the
opportunity to reclaim its open.


> 4) How does the client in practice perform recovery?
>   a) In the case of server reboots.

I think he just recovers this opens within the grace period.

>   b) In the case of lease timeouts/network partitions

This case is not addressed RFC5661, so far as I can see.  The typical
handling, in which
the locks are all dropped would cause the file to go away.  Courtesy locks
could address the
problem, but the spec doesn't that have to be implemented.

> Note that the lack of open-by-filehandle in NFSv4.0 makes 4.b) more
difficult than it should otherwise be.

True. In v4.1, a client can try an open-by-filehandle and take advantage of
any courtesy locks that the server
has retained.

On Tue, Dec 27, 2016 at 9:44 AM, J. Bruce Fields <bfields@fieldses.org>
wrote:

> On Wed, Dec 14, 2016 at 09:28:41AM -0500, Trond Myklebust wrote:
> > On Wed, Dec 14, 2016 at 6:21 AM, Marcel Telka <marcel@telka.sk> wrote:
> >
> > > Citát David Noveck <davenoveck@gmail.com>:
> > >
> > >> It appears that you want an informational document saying, more or
> less:
> > >>
> > >>    - If the server does not want clients to be discomfited by open
> files
> > >>    being removed, since such behavior is disallowed by typical OS
> > >> (e.g.Unix)
> > >>    semantics, the server can avoid this situation by delaying the
> actual
> > >>    removal of the file until last close, as allowed by RFC7530.
> > >>    - The use of rename by clients as a substitute for remove, normally
> > >>    known as "silly rename", has significant problems, since removes
> can
> > >> happen
> > >>    on nodes that do not have the file open.
> > >>
> > >> If this is what you want, then you can write an I-D and submit it.
> > >>
> > >
> > > Yes, this is exactly what I want to see.
> > >
> > >
> > There are 4 main problems that are inadequately discussed in any of the
> > existing RFCs, and that you need to address before we can consider
> > replacing sillyrename (which is well established today, and well
> understood
> > by most users).
> >
> > 1) How does the client identify that the server supports this
> functionality?
>
> I think this is what OPEN4_RESULT_PRESERVE_UNLINKED in 5661 was meant to
> do.  It'd be interesting to try an implementation and see if your other
> points are addressed, but I haven't thought about it in a long time.
>
> --b.
>
> > 2) What functionality is needed on the underlying filesystems on the
> server?
> > 3) How does the server function in the case of a reboot? What can the
> > client expect in terms of recoverability?
> > 4) How does the client in practice perform recovery?
> >    a) In the case of server reboots.
> >    b) In the case of lease timeouts/network partitions
> >
> > Note that the lack of open-by-filehandle in NFSv4.0 makes 4.b) more
> > difficult than it should otherwise be.
>
> > _______________________________________________
> > nfsv4 mailing list
> > nfsv4@ietf.org
> > https://www.ietf.org/mailman/listinfo/nfsv4
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
>