On 11/25/09 15:44, malahal@xxxxxxxxxx wrote: > Takahiro Yasui [tyasui@xxxxxxxxxx] wrote: >>> The requirements are: >>> * if one of legs fail or log fails, you must automatically continue >>> without human intervention >>> * if both legs fail, you must shut it down and not pretend that something >>> was written when it wasn't (this would break durability requirement of >>> transactions). >> >> I agree with this point. lvm mirror could be used on filesystems such as >> ext3 and each filesystem and application needs to take care those situation >> to prevent data corruption. I don't think that it is realistic, and the >> underlying layer should prevent data corruption. I now understand primary >> and secondary disks need to be blocked. > > If you think that I/O needs to be blocked for first or second leg > failures, then I am afraid that there is no way to keep the failed > mirror in the system for re-integrating failed devices. > > I would like to keep the mirror as mirror when one of the legs fails as > opposed to making it linear now by dmeventd. This is to re-integrate a > failed leg into the mirror to handle transient device failures. Here is > what I am planning to do, let me know if you find any issues: > > 1. Secondary leg failure. dmeventd will NOT change the meta data at all. > It will call "lvchange --refresh" that will start resynchronization. > This will be done a few times. If the device still fails to > re-integrate, it is left the way it is and no further re-integrations > attempts are done. The number of attempts can be done at configurable > intervals. > > 2. First leg failure (aka Primary leg failure): The kernel would stop > handling any further I/O. The dmeventd will change mirror meta data > [it will re-order the legs ] so that the secondary now becomes the > primary. I will try to re-integrate the failed device few times before > giving up just as in the case "1" above. > > The kernel module will never progress with a first leg failure as you > see above. It looks very good idea for both increasing system availability and handling transient errors. I hope we could solve the issue I commented in the email: https://www.redhat.com/archives/dm-devel/2009-November/msg00253.html and adopt this method. Thanks, Taka -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel