| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When killing a previous monitor be careful not to cause writes to the
filesystem until the reads necessary to get the monitor operational have
completed.
The code is already prepared for errors creating the pid and socket
files, so simply defer creation of these files until after the first
call to manage().
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
| |
Also removed 'paper' addresses.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
|
|
|
|
| |
When building container members with -IR, we need to ensure that
devices added to an active array preserve the 'in_sync' status so they
don't needlessly get rebuilt.
So allow sysfs_add_disk to do this (only works in kernels since
2.6.30) and pass the relevant flag down.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
|
| |
If mdmon sees a device added to a container, it should assume it is
a new spare. It could be a part of the array that just hadn't been
assembled yet. So check first.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
| |
Prevent duplicate disks from being sent to the monitor thread.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
| |
Use SKIP_GONE_DEVS when reading the container, and correct some confused
logic in manage_new().
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
| |
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that mdmon handles sigterm if another monitor wants to take over it
should wait until all managed arrays are clean. So make WaitClean()
available to mdmon and teach try_kill_monitor() to wait on each subarray
in the container.
...since we may be communicating with a dieing process, we need to
block SIGPIPE earlier.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We generally don't want mdmon to be terminated, but if a SIGTERM gets
through try to leave the monitored arrays in a clean state, block
attempts to mark the array dirty, and stop servicing the socket.
When we are killed by sigterm don't remove the pidfile let that be
cleaned up by the next monitor.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
| |
If initial socket creation fails, EROFS, set a periodic alarm to wake up
the manager and retry. Include a kernel patch that will wake us up if
the mount flags are changed.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variety of approaches to 'add_disk' are factored out into
a separate function, and Incremental mode benefits by being
closer to supporting the assembly of containers.
Also remove the adding-to-array-data-structure out of sysfs_add_disk
and into add_disk.
And add some tests for --incremental mode to make sure we don't break it.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
|
|
|
| |
Allow mdmon to start while /var/run/mdadm is readonly. Later a SIGHUP
can trigger mdmon to drop its pid and socket once /var/run/mdadm is
writable. Of course one needs the pid to send a HUP, that can be stored
in a distribution specific rw-init directory... For now, rely on a
killall -HUP mdmon to get the files dumped.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is currently possible to remove a device and re-add it without the
manager noticing, i.e. without detecting a mdstat->devcnt
container->devcnt mismatch. Introduce ping_manager() to arrange for
mdmon to run manage_container() prior to mdadm dropping the exclusive
open() on the container. Despite these precautions sysfs_read() may
still fail. If this happens invalidate container->devcnt to ensure
manage_container() runs at the next event.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
| |
If we started a degraded array that was previously rebuilding we may
have enough information to resume the rebuild without a trip through the
monitor.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If the metadata_version is
-mdXXX/whatever
rather than
/mdXXX/whatever
then the array is readonly and should be left alone by mdmon.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
| |
We are about to change the syntax of the version string
for 'subarray's. So factor out the test into a single function.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
|
|
| |
Adding a device updates the container and then mdmon takes action upon
noticing a change in devices. This reuses the container version of
add_to_super to create a new record for the device.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
|
| |
Once the monitor thread has kicked a drive from all managed arrays mdadm
-r is permitted. We are guaranteed that the drive is marked failed at
this point, so allow the drive to be re-added as a spare.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
| |
A metadata update may modify the data structure of the metadata
including freeing things, so it is not safe of the manager to touch
the metadata while an update is pending in the monitor.
So When an update has been submitted, don't do anything else in the
manager until it is complete.
Signed-off-by: NeilBrown <neilb@suse.de>
|
|
|
|
|
|
|
| |
manage_new is too strict in the face of failed devices. Teach it to
monitor degraded arrays.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
| |
Repair sets MD_RECOVERY_REQUESTED in md which may not result in the
spare device being recovered.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While mdadm is constructing an array mdmon may see an intermediate state
(some disks not yet added / redundancy attributes like sync_action not
available). Waiting for mdstat->active == true ensures that the array
is ready to be handled. This fixes a bug in create array via mdmon
update whereby failures are not detected in the new array.
Introduce aa_ready() to catch cases where the active_array is not
correctly initialized. Barring a kernel bug this should never trigger,
nonetheless it precludes a class of bugs like the one mentioned above
from triggering.
Cleanup the exit paths and only call replace_array when the new array is
ready to be inserted into container->arrays.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When a 'ping' (empty message) is sent to mdmon, we wait for
'monitor' to do a full loop to make sure it has caught up
with anything that needs doing.
This allows synchronisation between mdadm and mdmon.
Maybe monitor should signal managemon rather than managemon polling...
Signed-off-by: Neil Brown <neilb@suse.de>
|
|
|
|
| |
Signed-off-by: Neil Brown <neilb@suse.de>
|
|
|
|
|
|
|
| |
When we go to activate a spare for an array we expect ->info.component_size
is valid.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
| |
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
| |
1/ close a race where multiple arrays disappear at once
and monitor isn't woken up to find out that the last one
has gone.
2/ "mdadm -Ss" needs to pause briefly for mdmon to exit.
|
|
|
|
|
| |
Support creating arrays inside an active ddf container by
sending a metadata update over a pipe to mdmon.
|
|
|
|
| |
More here
|
|
|
|
|
| |
Data is being passed in shared memory, so the pipe is only being
use as a wakeup. This can more easily be done with a thread-signal.
|
|
|
|
|
|
| |
The returned value was never used, and we don't really want
this return path anyway as writing to a pipe could conceivably
block, and the monitor must not block.
|
|
|
|
|
|
|
| |
This really should be done in mdadm, not mdmon.
We ensure the device won't be suddenly commited as a hot-spare
using O_EXCL, then check the 'holders' sysfs directory
to make sure it is only in use once.
|
|
|
|
|
| |
Yes, we do want to free the buf, and the space too if it is still
there.
|
|
|
|
|
|
|
| |
for development only as console output can block leading to monitor deadlocks
in low mem situations
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
| |
Plus various bug fixes etc.
|
|
|
|
|
| |
When signalled by the monitor, the manager will find spares and
add them to the array and initiate a recovery.
|
|
|
|
|
|
| |
Code in manager can now just call queue_metadata_update with a
(freeable) buf holding the update, and it will get passed to the
monitor and written out.
|
|
|
|
| |
This give more flexability.
|
|
|
|
|
|
|
|
|
| |
"sync_complete" just tracks the current resync/recover/check/whatever pass.
"resync_start" tracks which parts of the array are known to be in-sync
(modulo active writes). So it is what we need to use to update the metadata.
Also we cannot call it when the array has stopped, as the value is no longer
available then. We must call it when the resync completes.
Possibly also call it preiodically if the array is quiescent.
|
| |
|
|
|
|
|
|
| |
When an array becomes inactive, clean up and forget it.
This involves signalling the manager.
|
|
|
|
| |
Just set it all to zeros. ->devs in particular needs to be 0.
|
|
|
|
| |
The container has an ->arrays field that we should be using.
|
|
|
|
|
|
| |
From: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
From: Dan Williams <dan.j.williams@intel.com>
Each md_message encapsulates a single command. A command includes an 'action'
member which describes what if any data comes after the action. Communication
with the monitor involves updating the active_cmd pointer and then writing to
mgr_pipe. Pass/fail status is returned via mon_pipe.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
| |
From: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
| |
From: Dan Williams <dan.j.williams@intel.com>
If they are later reassembled they will be replaced and deallocated
via replace_array.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|
|
|
|
|
|
|
| |
From: Dan Williams <dan.j.williams@intel.com>
mdadm handles setting resync_start, monitor uses this value to determine
whether to set the 'active' or 'readauto' state.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
|
|
|