On Wed, 2021-04-28 at 10:09 +1000, Erwin van Londen wrote:
On Tue, 2021-04-27 at 16:41 -0400, Ewan D. Milne wrote:
On Tue, 2021-04-27 at 20:33 +0000, Martin Wilck wrote:
On Tue, 2021-04-27 at 16:14 -0400, Ewan D. Milne wrote:
There's no way to do that, in principle. Because there could be
other I/Os in flight. You might (somehow) avoid retrying an I/O
that got a UA until you figured out if something changed, but other
I/Os can already have been sent to the target, or issued before you
get to look at the status.
If something happens on a storage side where a lun gets it's attributes changed (any, doesn't matter which one) a UA should be sent. Also all outstanding IO's on that lun should be returning an Abort as it can no longer warrant the validity of any IO due to these changes. Especially when parameters are involved like reservations (PR's) etc. If that does not happen from an array side all bets are off as the only way to be able to get back in business is to start from scratch.
Perhaps an array might abort I/Os it has received in the Device Server when
something changes. I have no idea if most or any arrays actually do that.
But, what about I/O that has already been queued from the host to the
host bus adapter? I don't see how we can abort those I/Os properly.
Most high-performance HBAs have a queue of commands and a queue
of responses, there could be lots of commands queued before we
manage to notice an interesting status. And AFAIK there is no conditional
mechanism that could hold them off (and, they could be in-flight on the
wire anyway).
I get what you are saying about what SAM describes, I just don't see how
we can guarantee we don't send any further commands after the status
with the UA is sent back, before we can understand what happened.
-Ewan
Right. But in practice, a WWID change will hardly happen under full
IO
load. The storage side will probably have to block IO while this
happens, at least for a short time period. So blocking and quiescing
the queue upon an UA might still work, most of the time. Even if we
were too late already, the sooner we stop the queue, the better.
I think in most cases when something happens on an array side you will see IO's being aborted. That might be a good time to start doing TUR's and if these come back OK do a new inquiry. From a host side there is only so much you can do.
The current algorithm in multipath-tools needs to detect a path going
down and being reinstated. The time interval during which a WWID
change
will go unnoticed is one or more path checker intervals, typically on
the order of 5-30 seconds. If we could decrease this interval to a
sub-
second or even millisecond range by blocking the queue in the kernel
quickly, we'd have made a big step forward.
Yes, and in many situations this may help. But in the general case
we can't protect against a storage array misconfiguration,
where something like this can happen. So I worry about people
believing the host software will protect them against a mistake,
when we can't really do that.
My thought exactly.
All it takes is one I/O (a discard) to make a thorough mess of the LUN.
-Ewan
Regards
Martin
--
dm-devel mailing list
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel