IETF Logo Mail Archive

Re: [nfsv4] Disk protection problem for pNFS block

sfaibish <sfaibish@emc.com> Thu, 21 October 2010 19:15 UTC

Return-Path: <sfaibish@emc.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD2BC3A6A65 for <nfsv4@core3.amsl.com>; Thu, 21 Oct 2010 12:15:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.334
X-Spam-Level:
X-Spam-Status: No, score=-6.334 tagged_above=-999 required=5 tests=[AWL=0.265, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yiAJDXgdQ25m for <nfsv4@core3.amsl.com>; Thu, 21 Oct 2010 12:15:25 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 316CC3A6A68 for <nfsv4@ietf.org>; Thu, 21 Oct 2010 12:15:24 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id o9LJGs8H028243 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 21 Oct 2010 15:16:54 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.145]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Thu, 21 Oct 2010 15:16:48 -0400
Received: from usensfaibisl2e.eng.emc.com (USENSFAIBISL2E.eng.emc.com [10.238.120.90]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id o9LJGUQS006514; Thu, 21 Oct 2010 15:16:31 -0400
Date: Thu, 21 Oct 2010 15:16:30 -0400
To: Benny Halevy <bhalevy@panasas.com>
From: sfaibish <sfaibish@emc.com>
Organization: EMC
Content-Type: text/plain; format="flowed"; delsp="yes"; charset="iso-8859-15"
MIME-Version: 1.0
References: <op.vkxrtzyxunckof@usensfaibisl2e.eng.emc.com> <20101021181922.GC10192@fieldses.org> <4CC08571.10203@panasas.com>
Content-Transfer-Encoding: 8bit
Message-ID: <op.vkxw5sj5unckof@usensfaibisl2e.eng.emc.com>
In-Reply-To: <4CC08571.10203@panasas.com>
User-Agent: Opera Mail/9.10 (Win32)
X-EMM-MHVC: 1
Cc: "J. Bruce Fields" <bfields@fieldses.org>, nfsv4 list <nfsv4@ietf.org>
Subject: Re: [nfsv4] Disk protection problem for pNFS block
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2010 19:15:28 -0000

On Thu, 21 Oct 2010 14:24:49 -0400, Benny Halevy <bhalevy@panasas.com>  
wrote:

> On 2010-10-21 20:19, J. Bruce Fields wrote:
>> On Thu, Oct 21, 2010 at 01:21:25PM -0400, sfaibish wrote:
>>> I want to discuss this issue in preparation for the WG discussion on
>>> this topic. In the current pNFS block protocol the client has to
>>> contact the MDS in order to get the signature offset of the devices
>>> used by the block client.
>>>
>>> Users of pNFS block in Linux want to be able to identify a LUN being  
>>> used
>>> to store pNFS data without having to contact the metadata server but  
>>> the
>
> You mean before sending GETDEVICELIST and GETDEVICEINFO?
In order to issue these you need to have a connection to the MDS and it
is only established at mount time and it cannot be used during the boot.

>
>>> protocol doesn't define a fixed location; the MDS will send it at mount
>>> time.
>
> The mount time thing is linux client specific actually.
Nope. It is for any OS (Solaris as an example).

> The client can issue GETDEVICELIST and GETDEVICEINFO at any time.
To whom? How does he know the MDS before mount?

>
>>> The location of the signature is not defined in the protocol but
>
> Hmm, now I'm confused too :-/
> http://tools.ietf.org/html/rfc5663
> 2.2.  GETDEVICELIST and GETDEVICEINFO
>
> 2.2.1.  Volume Identification
>
>    /// struct pnfs_block_sig_component4 { /* disk signature component */
>    ///     int64_t bsc_sig_offset;        /* byte offset of component
>    ///                                       on volume*/
>    ///     opaque  bsc_contents<>;        /* contents of this component
>    ///                                       of the signature */
>    /// };
The disk signature location is sent to the client in the GETDEVICEINFO
but it only includes signature identifying the device not anything else.
we need something to be specific just ID is not enough to protect. This is
the real problem I want to solve.

/Sorin

>
> Benny
>
>>> we can make it a configuration parameter in the client that will define
>>> the signature location for each pNFS block server. My prefered solution
>>> would be to enhance the block protocol.
>>>
>>> In more details the pNFS FS writes a signature to the LUN, but to find
>>> out the offset of the signature the client first needs to talk with the
>>> MDS to be told the offset that the signature is located when using
>>> GETDEVICEINFO. But this is too late and can only be done after the boot
>>> ends and as a result some boot time applications can destroy the FS.
>>
>> I'm confused: you're assuming such applications may write to every disk
>> they discover that isn't on some list of disks not to touch?
>>
>> The pnfs block protocol has to assume *some* level of sanity from
>> clients.
>>
>> --b.
>>
>>> One
>>> possible solution is to "hide" pNFS devices or write protect the  
>>> devices
>>> that contain pNFS data even if that host doesn't mount the pNFS
>>> block volume.
>>>
>>> The concern was that there is a window of time before the devices can  
>>> be
>>> protected at mount time but it leaves a window of possible data  
>>> corruption.
>>> I would also like to include some kind of protection mechanism in
>>> the protocol
>>> as an extenssion to RFS5663 for example. So Jason and I propose
>>> something like
>>> this:
>>>
>>> 1) Clients can have configuration file that specifies the signatures
>>> to protect.
>>>    The signature should be vendor agnostic: "pNFS block device" but
>>> at a fixed offset.
>>> 2) Clients could come pre-configured with a protection file that  
>>> recognizes
>>>    "most signatures"
>>> 3) pNFS servers could define a function that will return such  
>>> signatures.
>>>    It will be late, but every time one does a mount, the client
>>> could retrieve
>>>    the signatures, and then make sure that they are listed in the
>>> configuration
>>>    file.  This way the system learns what it needs to protect in
>>> cases where a
>>>    new non-standard pNFS server is introduced.
>>>
>>> What do people think about the problem and the solution idea? I will
>>> collect
>>> all the opinion and include in the discussion in Beijing. Thank you
>>> for your
>>> consideration
>>>
>>> /Sorin
>>>
>>>
>>> --
>>> Best Regards
>>>
>>> Sorin Faibish
>>> Corporate Distinguished Engineer
>>> Unified Storage Division
>>>         EMC²
>>> where information lives
>>>
>>> Phone: 508-249-5745
>>> Cellphone: 617-510-0422
>>> Email : sfaibish@emc.com
>>> _______________________________________________
>>> nfsv4 mailing list
>>> nfsv4@ietf.org
>>> https://www.ietf.org/mailman/listinfo/nfsv4
>> _______________________________________________
>> nfsv4 mailing list
>> nfsv4@ietf.org
>> https://www.ietf.org/mailman/listinfo/nfsv4
>
>



-- 
Best Regards

Sorin Faibish
Corporate Distinguished Engineer
Unified Storage Division
         EMC²
where information lives

Phone: 508-249-5745
Cellphone: 617-510-0422
Email : sfaibish@emc.com

v2.23.0 | Report a Bug | By Email