Date: Tue, 10 Mar 1998 04:39:02 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: shimon@simon-shapiro.org Cc: hackers@FreeBSD.ORG Subject: Fault tolerance issues Message-ID: <199803100439.VAA27415@usr09.primenet.com> In-Reply-To: <XFMail.980309152905.shimon@simon-shapiro.org> from "Simon Shapiro" at Mar 9, 98 03:29:05 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'm personally more concerned with being able to lock down the gears > > into a known-to-the-OS state, at all times. I can deal with rolling > > incomplete transactions back seperately, if I need transactions. > > Please elaborate (your metaphore brings images of broken gears in my lathe > :-) I want to make it so that if the power fails, if you have soft updates, you don't need to clean your disk. If you shutdown normally, or panic, the uncommited writes get flushed from the disk cache by the disk (because it doesn't know from reset in the time it takes to panic or crash). Part of this would include implementing "soft read-only" to go with the soft updates. In soft read-only, if there is nothing in the syncer queue when a sync occurs, you mark the fs "soft read-only", set the clean flag in the superblock, and write the superblock out. The marking tells you that you can write to the FS, but only after you have unset the clean flag. Basically, if a BSD system is idle, you would be able to pull the DOS-weenie trick of just turning it off, and no matter how large the disk, the thing will come back clean. This is incidently why the movement of the R/O handling code that happened a while back was a bad thing. > b. A good controller will force caches on the attacjed drives to flush > before it ACKs the shutdown command from the O/S. > > b. A UPS that will keep the disks running long enough for that. Any > descent disk cabinet/shelf/bay has redundant power supplies, either 2N, > or N+1. The second 'b' is a 'c', right? 8-). The thing is that I don't want to use a UPS. > > With disk write caching turned on, I still need a UPS to be able to > > do this reliably, since I have to (1) not add more work to the write > > cache which might potentially push out already delayed writes, and > > (2) cause the disk to flush it's write cache. > > A reasonable UPS for a pc, is less than $100.00. What if I were, say, building an appliance-type device? 8-) 8-). > > High availability can also mean "comes back up quickly, and is robust > > in the face of deleterious conditions". > > True. To some it means ``I have backup on tape someplace in the drawer'', > to others it means ``I never loose an e-mail message'', while some say ``I > cannot lose service for more than N seconds''. I think we should try and > serve them all. Yes. I'm thinking of the middle ground, where there isn't a UPS, and you want the OS to be happy in event of a sudden power loss, whether it somes from the user flipping a switch, or it comes from a line outage. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803100439.VAA27415>