[nfsv4] Re: Genart last call review of draft-ietf-nfsv4-layrec-01

Thomas Haynes <loghyr@gmail.com> Tue, 15 October 2024 16:54 UTC

Return-Path: <loghyr@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87A81C1840DF; Tue, 15 Oct 2024 09:54:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2cIqB67KGwK; Tue, 15 Oct 2024 09:54:03 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF717C1D4A87; Tue, 15 Oct 2024 09:54:03 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-2e2e2d09decso19797a91.1; Tue, 15 Oct 2024 09:54:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729011243; x=1729616043; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6ReVslogM3Sobg+pw6Zui5ziVYyd5CmMI8K/qR2cjYw=; b=Ro8OFSvjP2oXT9REWwff+e8BnClH+x1PLY6eNQJOxLUnDIyOEFbScw1ZdC8afEo1Fc zhu7UKC+b5NXhTBH3OrJmgiqOXsY1sbTMDaOgfAatw53s1PHhJT/kKWf673fiGchfSzR 3Wg220lU666YaO3ce10bET5qqnJCOi2Nr3ExQCX5Gdyz5y3jTGdOLINtKr340vQcLSwR GvEEtJebS0z/qjU6HGUPG3BLfGme9OPShptqg1agAMxKQn0rJq2J6MvCoCe63VstFUpk KdZsS8ZEEKOw95PYOvK7Y+0H1pDS86X5nKdbDQgUfm3GXnbTuLNhrI70mwcZ9rgE2xgx c9hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729011243; x=1729616043; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6ReVslogM3Sobg+pw6Zui5ziVYyd5CmMI8K/qR2cjYw=; b=JzSxywYOcZu4reUCAHmCKSz29mLCUTyNEwk6LnWzF7ovoVGs2GCnYspG7uvU8zhaDp fUd9IeGrr5joEmI0D+zdtuWQ4762Xqn7kNgqaerSR2ChmgKiYqGg19JFVlccfom3IFqj +uOZ5d0Bf8rWgMm37FYl9ygACOLAignj3xILreWkG//3pjBVux255ZUaVijXFDeZYqKy tbUKpzcx6Urpfc2EH2KqjhqeKL67SpYaa9gxW9TNdIEXJHQok4lM1l9Sx6njek5ViNtW E5FWC2q69JKdPDf6w0DAcctO5wI37A1DWRvG0HdvEU/EudtDaJFpIS6UugsXt7+8Ax1K wcEg==
X-Forwarded-Encrypted: i=1; AJvYcCU6+fpT/JNMzFChzysDoSyvwMCXcrDMIZJOWmPcujThlwd2r1l8uSSn+QbhwAIDFN7j+LbkxPk=@ietf.org, AJvYcCVQ/TWt/S/gEUVLRpCYDylW6tpWKLPMHhXx8dyRg2fHAqItBkeTAmOJhN0JswNsfxjqWoEZLfLi4GS5@ietf.org, AJvYcCW4N4hDWF7kux+W504kGWYiRBecejFt5kqavbQDnzafbf8aXWBFcgt32dpx8I+KBMGL81D5Fl3u92p/+GcqON7tBuP+H86ZtRK7jeY=@ietf.org
X-Gm-Message-State: AOJu0YwVizGi4enxTWYn+uNB0iIKjpT8clgpv9j+VRpzcaKM2v/KCP80 NvJgdMWq0cPUDG9kCrbcWEuKiVufaDKi58ZUdzpKZs++Ay0Z8qfjbGLp07/C
X-Google-Smtp-Source: AGHT+IHHQfZBOfFnXIFEWbg3RJSHM/MpX+o0MHDTchTNPD/lI+4Skue5i4mex3wUTAGfY8UrI+k6Qw==
X-Received: by 2002:a17:90b:30c5:b0:2e2:c2b0:d03e with SMTP id 98e67ed59e1d1-2e2f0a9cb58mr25495884a91.5.1729011242862; Tue, 15 Oct 2024 09:54:02 -0700 (PDT)
Received: from smtpclient.apple ([2601:647:5b00:bf9:f496:99de:2ee3:1cac]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20d18059caasm14123955ad.244.2024.10.15.09.54.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Oct 2024 09:54:02 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\))
From: Thomas Haynes <loghyr@gmail.com>
In-Reply-To: <172437659311.377.1936980941446051875@dt-datatracker-584cd6c8dd-fvr2f>
Date: Tue, 15 Oct 2024 09:53:51 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4A621262-ADA3-4CF3-8E72-DCDBE28ADC30@gmail.com>
References: <172437659311.377.1936980941446051875@dt-datatracker-584cd6c8dd-fvr2f>
To: Dale Worley <worley@ariadne.com>
X-Mailer: Apple Mail (2.3818.100.11.1.3)
Message-ID-Hash: 644P7HQLFEM6MFACKONL2X2BYLJRX7MY
X-Message-ID-Hash: 644P7HQLFEM6MFACKONL2X2BYLJRX7MY
X-MailFrom: loghyr@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: gen-art@ietf.org, draft-ietf-nfsv4-layrec.all@ietf.org, last-call@ietf.org, nfsv4@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nfsv4] Re: Genart last call review of draft-ietf-nfsv4-layrec-01
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Pzr6QDm7cWwpHvRP9YirGhuyk4c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

Hi Dale.

Thanks for the review, I’m sorry I lost it in a storm of reviews over 3 documents.

I believe I have addressed all of your points, even if I did not directly reply to your points. I.e., an earlier rewrite might impact the scope of your comments.

I will push the changes per your review to be draft-ietf-nfsv4-layrec-02.

Thanks,
Tom


Comments are inline.

> On Aug 22, 2024, at 6:29 PM, Dale Worley via Datatracker <noreply@ietf.org> wrote:
> 
> Reviewer: Dale Worley
> Review result: Ready with Issues
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document:  draft-ietf-nfsv4-layrec-01
> Reviewer:  Dale R. Worley
> Review Date:  2024-08-22
> IETF LC End Date:  2024-08-27
> IESG Telechat date:  [not known]
> 
> Summary:
> 
>    This draft is on the right track but has open issues, described in
>    the review.
> 
> Major issues:
> 
> There seems to be no discussion of upward-compatibility.
> Particularly, what happens if the metadata server supports this
> extension but the client does not, and what happens if the client
> supports this extension but the metadata server does not.  I expect
> that following the details of the text, the servers will work things
> out correctly, but it's best if there is a holistic description of the
> compatibility situations so the reader can verify that they've been
> handled correctly, and that the implementer knows what to look for in
> version-mismatch situations.

I added a section for version mismatching. 


> 
> The text is written for people who have the entirety of the previously
> defined protocol in their heads, and know all of the processing
> paths.  

I will not argue this point.



> That is, it's a very densely-written sent of amendments, with
> no clear indexing of exactly what execution paths are affected by what
> extensions/requirements.  It would be better if the items were broken
> apart, the text expanded, and keyed to the definitions of the
> procedures which are being amended.
> 
> Minor issues:
> 
> A section of the text is written in the subjunctive mood, despite that
> it seems to be the core of the extension.  It should be written
> normally, with as much use of normative keywords as possible.
> 
> Nits/editorial comments:
> 
> 1.1.  Definitions
> 
>   See Section 1.1 of [RFC8435] for a more complete set of definitions.
> 
> However, the definitions that are given here duplicate RFC 8435.
> Perhaps better to make that clear, e.g.
> 
>   The following definitions are from Section 1.1 of [RFC8435].  See it
>   for a more complete set of definitions.


As per Shuping Peng’s review, I now just point the reader to RFC8435.

> 
> 2.  Layout State Recovery
> 
>   The LAYOUTRETURN needs
>   a layout stateid to proceed and there is no way for the client to
>   recover layout state.
> 
> Does this mean "the previous layout stateid known by the client has
> been rendered invalid by the MDS restart and there is no way for the
> client to obtain a valid stateid"?  Or is there more to "recover
> layout state" than just obtaining a valid a stateid?


Expounded on this as to why it can’t use the layout it has and why it can’t get a new one during recovery.



> 
>   If the server were to allow the client to use the anonymous stateid
>   of all zeros (see Section 8.2.3 of [RFC8881]) for lrf_stateid in
>   LAYOUTRETURN (see Section 18.44.1 of [RFC8881]), then the client
>   could inform the metadata server of errors encountered.
> 
> This paragraph and the following three paragraphs are written in the
> subjunctive mood.  This leaves it unclear to the reader whether this
> the text is prescribing the extension mentioned in the Abstract, or
> just presenting a proposal which will be discussed further.
> 
>   That in turn
>   would allow the metadata server to accurately resilver the file by
>   picking the correct mirror(s).
> 
> It seems desirable to state explicitly here how the metadata server
> "picks the correct mirror(s)", given that the LAYOUTRETURN seems to be
> used to inform the MDS of the copies that are corrupt rather than the
> ones that are not corrupt.  It's possible that this process is implied
> by previously defined parts of NFSv4.1, but if so it might be useful
> to point the reader to that description.

Fixed this inadvertently in doing the change for above.


> 
>   There are two error scenarios that can occur:
> 
>   During the grace period:  If the client were to send any lrf_stateid
>      in the LAYOUTRETURN other than the anonymous stateid of all zeros,
>      then the metadata server would respond with an error of
>      NFS4ERR_GRACE (see Section of 15.1.9.2 [RFC8881]).
> 
>   After the grace period:  If the client were to send any lrf_stateid
>      in the LAYOUTRETURN with the anonymous stateid of all zeros, then
>      the metadata server would respond with an error of
>      NFS4ERR_NO_GRACE (see Section 15.1.9.3 of [RFC8881]).
> 
> This text is unclear what of this error processing is added in the
> extension and what of it is part of the base that this document
> extends.

Added MUST now to try to clear that up.

>  Also, the text says "the metadata server would respond"
> rather than "the metadata server MUST respond" or other normative
> language that makes it clear how strict the requirements are.
> 
>   Also, when the metadata server builds the reply to the LAYOUTRETURN,
>   it MUST NOT bump the seqid of the lorr_stateid.
> 
> My suspicion is that "it MUST NOT bump the seqid of the lorr_stateid"
> only applies when the stateid of the request is all zeros, but the
> text doesn't state that, inviting implementation errors.

Thanks, subtle point.


> 
>   The metadata
>   server MUST NOT have been resilvering the file such that it has a
>   different layout (set of mirror instances) than the client before the
>   restart of the metadata server.
> 
> Presumably the metadata server might be restarted at any instant,
> regardless of what tasks it was executing.  That seems to make it
> impossible to conform to this requirement.  I suspect that the meaning
> is
> 
>   If the metadata server at the point of restarting was resilvering
>   the file such that the MDS has a different layout (set of mirror
>   instances) than the client, then upon restart, the MDS MUST NOT allow
>   <the procedures described in this document> [<-- replace those
>   words with the correct term].


Your point is valid, but the result is off.

Say the mds restarts and client A has a RW layout.

The mds cannot resilver until the client either recovers the file or the grace period expires.

If the client sends an error, then the resilvering can proceed. If the client sends no error, but does reclaim the file, then there is no need to resilver.

If the client does not respond before the grace period ends, the server would:

a) Fence the layout (change the uid/gid on the instances such that the client has no access with the old layout)
b) Record the file needs resilvering
c) Delete the write intent record (the record that allows it to know that the file needs recovering)
d) Start resilvering the file

If the mds restarts before c), then it just starts the process over when it comes back up.

If it restarts after d), then it knows that the client does not have a valid RW layout and can just start the resilvering.

You have raised a great question here, let me take the reply above and reword the text.


> 
> Also this assumes that the metadata server has some way of knowing
> what layout the client has, despite that the metadata server has
> restarted.  Presumably that is previously defined in NFSv4.1, but it
> might be helpful to point to that.

Agreed


> 
>   The metadata server MUST NOT resilver a file if there are clients
>   with outstanding layouts with iomode of LAYOUTIOMODE4_RW.  Whether
>   the metadata server prevents all I/O to the file until the
>   resilvering is done or [...]
> 
> Are these two sentences related?  The first talks of when the MDS must
> not resilver, but the second talks of what is to happen when
> resilvering is being done.  It seems that there should be a paragraph
> break here and then some text setting the context in which "The
> metadata server prevents all I/O ... or ...".
> 
>   Whether
>   the metadata server prevents all I/O to the file until the
>   resilvering is done or forces all I/O to go through the metadata
>   server or allows a proxy server to update the new data file as it is
>   being reslivered is all an implementation choice.
> 
> This sentence interacts in complex ways with a lot of specifics of how
> the metadata server behaves.  I assume that the WG has verified that
> this description is sufficient to clearly specify what behaviors are
> allowed by the client and servers.
> 


Yes 


>   Finally, the metadata server MUST determine that any files which are
>   neither explicitly recovered with a CLAIM_PREVIOUS nor have a
>   reported error via a LAYOUTRETURN, have to be resilvered.
> 
> would be simpler as
> 
>   Finally, the metadata server MUST resilver any files which are
>   neither explicitly recovered with a CLAIM_PREVIOUS nor have a
>   reported error via a LAYOUTRETURN.


Agreed


> 
> 4.  IANA Considerations
> 
>   IANA should use the current document (RFC-TBD) as the reference for
>   the new entries.
> 

Yes, will be fixed.


> This text speaks of new entries but does not specify what the new
> entries are.  As far as I can tell, there are no new entries in the
> IANA databases.  The text should be adjusted appropriately.
> 
> [END]
> 
> 
> 
> _______________________________________________
> nfsv4 mailing list -- nfsv4@ietf.org
> To unsubscribe send an email to nfsv4-leave@ietf.org