[Lustre-discuss] [Lustre-devel] Integrity and corruption - can file systems be scalable?

Peter Grandi pg_lus at lus.for.sabi.co.UK
Sat Jul 3 13:18:47 PDT 2010


[ ... ]

>> Shadow copies are vulnerable to software bugs, things would
>> get better if there was something similar to page protection
>> for disk blocks.

Somewhat agreeable, but I hope that everybody involved in this
discussion has read the reports by CERN on invisible data
corruptions, and has meditated on the implications (real data
integrity can only be end-to-end).

[ ... ]

> [ ... ] you can fsck each transaction discretely and
> incrementally.  That means that you know exactly how much work
> must be done to fsck a priori.  Sure, you still have to be
> confident that N correct transactions == correct filesystem,
> but that's much easier to be confident of than software
> correctness.

That to me seems very naive like some old claims that journals
obviate the need for 'fsck'.

Nothing can obviate the need for 'fsck', ad it is essentially an
auditing tool; "proving" that a sequence of correct operations
results in a correct outcome and thus no auditing is required,
or is required only once, to me sounds extraordinarily
unrealistic (and Peter Braam uses the killer argument of bugs,
but that's not even the strongest), as it is based on this
delusion:

> [ ... ] Because only by making fscks incremental and discrete
> can we get a handle on the amount of time that must be spent
> waiting for fscks to complete.

Auditing of metadata cannot be incremental. I wonder how little
real world experience backs this kind of delusion; in the real
world existing, already checked metadata and data can be
corrupted by faulty IO directed at other data and metadata.

> Without incremental fscks there'd be no hope as storage
> capacity outstrips storage and compute bandwidth.

And it is not capacity vs. bandwidth; it is really the intrinsic
ability to parallelize data access vs. the much lesses ability
to parallelize garbage collection.  Something has got to give,
and if GoogleFS is the state of the art, what has to give is
functionality and efficiency.

[ ... ]



More information about the lustre-discuss mailing list