From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-f49.google.com ([209.85.214.49]:35563 "EHLO mail-it0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751618AbdC1M2a (ORCPT ); Tue, 28 Mar 2017 08:28:30 -0400 Received: by mail-it0-f49.google.com with SMTP id y18so109864570itc.0 for ; Tue, 28 Mar 2017 05:28:24 -0700 (PDT) Subject: Re: Qgroups are not applied when snapshotting a subvol? To: Marat Khalili , linux-btrfs@vger.kernel.org References: <4428fdc3-157a-a98e-8ca3-e3701c6c1c80@sichert.me> <279513f7-5297-cf2f-aa94-35bef1f674aa@cn.fujitsu.com> <2e816c46-7a6a-7db9-a2c3-663dc7d8e6c9@gmail.com> <8c55c034-27cc-e8b5-5317-b388cc6492f4@cn.fujitsu.com> <6e464739-5540-87ab-a46d-954a06086cba@gmail.com> <11740657-b2f9-36ab-9644-df2db29dd174@gmail.com> <1c8a021b-d258-3a50-3104-d898662c4375@rqc.ru> From: "Austin S. Hemmelgarn" Message-ID: <8c87b1fb-c7ba-5494-0ecd-b692637cdd54@gmail.com> Date: Tue, 28 Mar 2017 08:20:13 -0400 MIME-Version: 1.0 In-Reply-To: <1c8a021b-d258-3a50-3104-d898662c4375@rqc.ru> Content-Type: text/plain; charset=utf-8; format=flowed Sender: linux-btrfs-owner@vger.kernel.org List-ID: On 2017-03-28 08:00, Marat Khalili wrote: >> The default should be to inherit the qgroup of the parent subvolume. > This behaviour is only good for this particular use-case. In general > case, qgroups of subvolume and snapshots should exist separately, and > both can be included in some higher level qgroup (after all, that's what > qgroup hierarchy is for). > > In my system I found it convenient to include subvolume and its > snapshots in qgroup 1/N, where 0/N is qgroup of bare subvolume. I think > adopting this behaviour as default would be more sensible. There are a couple of reasons I'm advocating the specific behavior I outlined: 1. It doesn't require any specific qgroup setup. By definition, you can be 100% certain that the destination qgroup exists, and that you won't need to create new qgroups behind the user's back (given your suggestion, what happens when qgroup 1/N doesn't exist?). 2. Just because it's the default, doesn't mean that the subvolume can't be reassigned to a different qgroup. This also would not remove the ability to assign a specific qgroup through the snapshot creation command. This is arguably a general point in favor of having any default of course, but it's still worth pointing out. 3. Because BTRFS has COW semantics, the new snapshot should take up near zero space in the qgroup of it's parent. 4. This correlates with the behavior most people expect based on ZFS and LVM, which is that snapshots are tied to their parent. At a minimum, it should belong to _some_ qgroup. This could also be covered by having a designated 'default' qgroup that all new subvolumes created without a specified qgroup get put in, but I feel that that is somewhat orthogonal to the issue of how snapshots are handled. > -- > > With Best Regards, > Marat Khalili > > On 28/03/17 14:24, Austin S. Hemmelgarn wrote: >> On 2017-03-27 15:32, Chris Murphy wrote: >>> How about if qgroups are enabled, then non-root user is prevented from >>> creating new subvolumes? >>> >>> Or is there a way for a new nested subvolume to be included in its >>> parent's quota, rather than the new subvolume having a whole new quota >>> limit? >>> >>> Tricky problem. >> The default should be to inherit the qgroup of the parent subvolume. >> The organization of subvolumes is hierarchical, and sane people expect >> things to behave as they look. Taking another angle, on ZFS, 'nested' >> (nested in quotes because ZFS' definition of 'nested' zvols is weird) >> inherit their parent's quota and reservations (essentially reverse >> quota), and they're not even inherently nested in the filesystem like >> subvolumes are, so we're differing from the only other widely used >> system that implements things in a similar manner. >> >> As far as the subvolume thing, there should be an option to disable >> user creation of subvolumes, and ideally it should be on by default >> because: >> 1. Users can't delete subvolumes by default. This means they can >> create but not destroy a resource by default, which means that a user >> can pretty easily accidentally cause issues for the system as a whole. >> 2. Correlating with 1, users being able to delete subvolumes by >> default is not safe on multiple levels (easy accidental data loss, >> numerous other issues), and thus user subvolume removal being off by >> default is significantly safer. >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html