Re: problem with degraded boot and systemd

[Duncan <1i5t5.duncan@cox.net>]

Hugo Mills posted on Tue, 20 May 2014 23:26:09 +0100 as excerpted:

> On Wed, May 21, 2014 at 12:00:24AM +0200, Goffredo Baroncelli wrote:
>> On 05/19/2014 02:54 AM, Chris Murphy wrote:
>>> 
>>> It's insufficient to pass rootflags=degraded to get the system root
>>> to mount when a device is missing. It looks like when a device is
>>> missing, udev doesn't [...]
>>> 
>>> This is the current udev rule:
>>> 
>>> # cat /usr/lib/udev/rules.d/64-btrfs.rules 
>>> # do not edit this file, it will be overwritten on update
>>> 
>>> SUBSYSTEM!="block", GOTO="btrfs_end"
>>> ACTION=="remove", GOTO="btrfs_end"
>>> ENV{ID_FS_TYPE}!="btrfs", GOTO="btrfs_end"
>>> 
>>> # let the kernel know about this btrfs filesystem, and check if it is
>>> # complete
>>> IMPORT{builtin}="btrfs ready $devnode"
>>> 
>>> # mark the device as not ready to be used by the system
>>> ENV{ID_BTRFS_READY}=="0", ENV{SYSTEMD_READY}="0"
>>> 
>>> LABEL="btrfs_end"
>> 
>> The key is the line
>> 
>> 	IMPORT{builtin}="btrfs ready $devnode"
>> 
>> This line sets ID_BTRFS_READY=0 if a filesystem is not ready; otherwise
>> set ID_BTRFS_READY=1 [1].
>> The next line
>> 
>> 	ENV{ID_BTRFS_READY}=="0", ENV{SYSTEMD_READY}="0"
>> 
>> sets SYSTEMD_READY=0 if the filesystem is not ready so the "plug" event
>> is not raised to systemd.
>> 
>> This is my understanding.

Looks correct to me. =:^)

>>> How this works with raid:
>>> 
>>> RAID assembly is separate from filesystem mount. The volume UUID
>>> isn't available until the RAID is successfully assembled.
>>> 
>>> On at least Fedora (dracut) systems with the system root on an md
>>> device, the initramfs contains 30-parse-md.sh [with a sleep loop and 
>>> a timeout]
>> 
>>> The approximate Btrfs equivalent down the road would be a similar
>>> initrd script, or maybe a user space daemon, that causes btrfs device
>>> ready to confirm/deny all devices are present. And after x number of
>>> failures, then it's issue an equivalent to mdadm -R which right now
>>> we don't seem to have.
>> 
>> I suggest to implement a mount.btrfs command, which waits all the
>> needed disks until a timeout expires. After this timeout it could try a
>> "degraded" mount until a second timeout. Only then it fails.
>> 
>> Each time a device appear, the system may start mount.btrfs. Each
>> invocation has to test if there is another instance of mount.btrfs
>> related to the same filesystem; if so it ends, otherwise it follows the
>> above behavior.
> 
> Don't we already have something approaching this functionality with
> btrfs device ready? (i.e. this is exactly what it was designed for).

Well, sort of.

btrfs device ready is used directly in the udev rule quoted above.  And 
in the non-degraded case it works as intended, checking if the filesystem 
is complete and only letting the udev plug event complete when all 
devices are available.

But this thread is about a degraded state mount, with devices missing.  
In that case, the missing devices never appear so the plug event never 
happens, so systemd will never mount the device, despite the fact that 
degraded was specifically passed as an option, indicating that the admin 
wants the mount to happen anyway.

In dracut[1] (on gentoo), the result is an eventual timeout on rootfs 
appearing and a kick to the initr* rescue shell prompt.  Where an admin 
can manually mount using the degraded option, and continue from there.

I'd actually argue that's functioning as it should, since I see forced 
manual intervention in ordered to mount degraded as a FEATURE, NOT A BUG.

But never-the-less, being able to effectively pass degraded either as 
part of rootflags or in the fstab that dracut (and systemd in dracut) 
use, such that degraded-mount could still be automated, could I suppose 
be seen as a feature, to some.

To do that would require a script with a countdown and timeout, first for 
undegraded ready (and thus mount), then if all devices don't appear, 
bypassing the ready test and plugging it anyway, to let mount try it if 
the degraded option was passed, and only if THAT fails falling back to 
the emergency shell prompt.

Note that such a script wouldn't have to actually check for degraded in 
the mount options, only fall back to plugging without all devices if the 
complete timeout triggered, since mount would then take care of success/
failure on its own based on whether the degraded option was passed, just 
as it does if a mount is attempted on an incomplete btrfs at other times.

---
[1] dracut: I use it here on gentoo as well, because my rootfs is a multi-
device btrfs and a kernel rootflags=device= line won't parse correctly, 
apparently due to splitting at the wrong =, so I must use an initr* 
despite my preference for a direct initr*-less boot, and I use dracut to 
generate it.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman