Date: Thu, 25 Jan 2007 23:59:30 -0600 From: "Rick C. Petty" <rick-freebsd@kiwi-computer.com> To: Fernan Aguero <fernan.aguero@gmail.com> Cc: Oliver Fromme <olli@lurza.secnetix.de>, freebsd-geom@FreeBSD.ORG Subject: Re: clear metadata using dd? Message-ID: <20070126055929.GA56183@keira.kiwi-computer.com> In-Reply-To: <20070123230800.GA98614@iib.unsam.edu.ar> References: <520894aa0701081445i43d76098m418ce695d2133e53@mail.gmail.com> <200701231830.l0NIURmC083278@lurza.secnetix.de> <20070123230800.GA98614@iib.unsam.edu.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2007 at 08:08:00PM -0300, Fernan Aguero wrote: > +----[ Oliver Fromme <olli@lurza.secnetix.de> (23.Jan.2007 15:41): > | > | As far as I can tell, the purpose of gmirror is to provide > | redundancy in the case of drive failure. I.e. if one > | drive fails, the system keeps running happily instead of > | crashing. Exactly. I don't understand why anyone would use mirror if it didn't cover the whole disk. I *know* the other setups, I just don't "understand why". =) > well, I beg to differ, but with this setup I don't see why > the system will crash if one disk fails ... I did several > tests, removed one disk, and the system booted and worked > fine in degraded mode ... Obviously you've never had a disk go bad. FreeBSD doesn't handle hardware failures well (at all?). If a disk crashes while powered up and running (a highly likely time such a failure would happen), FreeBSD removes the disk device completely, no questions asked. It does this sometimes when the drive is working just fine too. If such a thing happens and you have a filesystem mounted using that disk, you're boned. Prepare to kiss data goodbye, because you probably weren't prepared to be running the kernel in debug mode. And why should you have to, on a production system? Removing the disk while the system is off, that's such a trivial test and certainly doesn't replicate what could happen in a really bad situation. Think: hundreds of Terabytes of disks, using mirrors, RAID cards, whatnot. If a disk "goes bad" (or FreeBSD pretends such), and part of the disk was *not* completely mirrored (or otherwise RAID'd) and had a filesystem mounted on it, kernel panic.. file server down for hours if not days. Thankfully, gmirror (at least) handles this case gracefully, provided the whole disk is mirrored. Those people who aren't full-disk-mirroring their "important data" are taking quite a gamble. They should talk to those of us who have seen lots of drives fail in otherwise perfectly-working systems. Or assume the drive can't fail, I mean because it's still under warranty so why would it fail? And assume that even a slight vibration won't wiggle a SATA cable free, because you've hot-glued it in place. > Of course I'm not putting essential stuff in the gstriped > device. Here's how my setup looks like: > > ad4s1b, ad6s1b => swap > ad4s2, ad6s2 => gmirror (/, /var, /tmp, /usr) (i.e. base OS) > ad4s3, ad6s3 => gstripe (/freebsd, /usr/obj, /distfiles, /scratch) You described the perfect scenario for a nifty kernel panic. Don't believe me? Put the system into an "idle state" (no planned I/O) and pull the data cable out of one of the drives... just for five seconds, then plug it back in. It should survive, right? Now let's just hope the drives always play fair... -- Rick C. Petty
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070126055929.GA56183>