Re: RFC: A configuration design for future-proofing fsync() configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 10, 2021 at 04:09:33PM +0100, Ævar Arnfjörð Bjarmason wrote:
> As a follow-up to various fsync topics in-flight I've been encouraging
> those involved to come up with some way to configure fsync() in a way
> that'll make holistic sense in the end-state.
> 
> Continuing a discussion from [1] currently we have:
> 
>     ; Defaults to 'false'
>     core.fsyncObjectFiles = [true|false]
> 
> In master..next this has been extended to this by Neeraj:
> 
>    core.fsyncObjectFiles = [true|false|batch]
> 
> Which, as an aside I hadn't considered before and I think we need to
> change before it lands on "master", we really don't want config users
> want to enable that makes older versions hard die. It's annoying to want
> to configure a new thing and not being able to put it in .gitconfig
> because older versions die on it:
> 
>     $ git -c core.fsyncObjectFiles=batch status; echo $?
>     fatal: bad boolean config value 'batch' for 'core.fsyncobjectfiles'
>     128
> 
> Then there's Eric Wong's proposed[2]:
> 
>     core.fsync = <bool>
> 
> And now Patrick Steinhardt has a proposal to extend Neeraj's with[3]:
> 
>     ; Like core.fsyncObjectFiles, but apparently for .git/refs, not
>     ; .git/objects (but see my confusion on that topic in [1])
>     core.fsyncRefFiles = [<bool>|batch]
> 
> I think this sort of config schema would make everyone above happy
> 
> It would:
> 
>  A) Be easy to extend for any future fsync behavior we'd reasonably
>     implement
>  
>  B) Not make older git versions die. It's fine if they warn(), but not die.
> 
>  C) Has some pretty contrived key names, but I'm trying to maintain the
>     constraint that you can set both fsck.X=Y and
>     e.g. fetch.fsck.X=Y. I.e. we should be able to configure things
>     globally *and* per-command, like color.*, fsck.* etc.
> 
> Proposal:
> 
>   ; Turns on/off all fsync, whatever the method is. I.e. allows you to
>   ; never make any fsync() calls whatsoever (which we have another
>   ; in-flight topic for).
> 
>   ; The "false" was controversial, and we could just leave it
>   ; unimplemented
>   core.fsync = <bool>
> 
>   ; Optional, by default we'd use the most pedantic (I'd call our
>   ; current "loose", whether we want to forward-support it is another
>   ; matter.
>   ;
>   ; Whatever names we pick an option like this should ignore (or at most
>   ; warn about) values it doesn't know about, not hard die on it.
>   ;
>   ; Here "bach" is what Neeraj and Patrick are pursuing, a hypothetical
>   ; POSIX would be a pedantic way of exhaustively fsyncing everything.
>   ; 
>   ; We'd leave door open to e.g. setting it to "linux:ext4" or whatever,
>   ; to do only the work needed on some specific popular FS
>   core.fsyncMethod = loose | POSIX | batch | linux:ext4 | NTFS | ...
> 
>   ; Turn on or off entire categories of files we'd like to sync. This
>   ; way Neeraj's and Patrick's approach would be to set
>   ; core.fsyncMethod=batch, and then core.fsyncGroup=files &
>   ; core.fsyncGroup=refs.
> 
>   ; If we learn about a new core.fsyncGroup = xyz in the future a <bool>
>   ; in "core.fsyncGroupDefault" will prevail. I.e. if true it's
>   ; included, if false not.
>   ;
>   ; Whether "false" or "true" is the default depends on
>   ; core.fsyncMethod. For POSIX it would be true, for "loose" it's
>   ; false.
>   core.fsyncGroup = files
>   core.fsyncGroup = refs
>   core.fsyncGroup = objects
> 
> I'm not sure I like calling it "group". Maybe "class", "category"? Doing
> it with this structure is extensible to the two-level keys, as noted
> above.
> 
>   ; Our existing config knob. When "false" synonymous with:
>   ;
>   ;     core.fsync = true
>   ;     core.fsyncMethod = loose
>   ;     core.fsyncGroup = pack
>   ;
>   ; When "true" synonymous with the same as the above, plus:
>   ;     core.fsyncGroup = loose
>   ;
>   : Or something like that. I.e. we'll fsync *.pack, *.bitmap etc, and ;
>   ; probably some other stuff, but not loose objects etc.
>   ;
>   ; Whatever we fsync now exactly this schema should be generic enough
>   ; to support it.
>   core.fsyncObjectFiles = <bool>
> 
>   ; A namespace for core.fsyncMethod = <X>. Specific methods will
>   ; own this namespace and can configure whatever they want.
>   fsyncMethod.<x>.<a> = <b>
> 
> E.g. we might have:
> 
>   fsyncMethod.POSIX.content = true
>   fsyncMethod.POSIX.metadata = false
> 
> If we know we'd like to (depending on other config) to fsync things
> exhaustively or not, but do different things depending on file content
> or metadata. I.e. maybe your FS's fsync() on a file fd always implies a
> sync of the metadata, and maybe not.
> 
>   ; Change whatever fsync configuration you want per-command, similar to
>   ; fsck.* and fetch.fsck.*
>   transfer.fsyncGroup=*
>   fetch.fsyncGroup=*
>   ...
> 
> 1. https://lore.kernel.org/git/211110.86v910gi9a.gmgdl@xxxxxxxxxxxxxxxxxxx/
> 2. https://lore.kernel.org/git/20211028002102.19384-1-e@xxxxxxxxx/
> 3. https://lore.kernel.org/git/cover.1636544377.git.ps@xxxxxx/
Hi Ævar,

Thanks for noticing the backwards compatibility issue with the 'batch' flag. I
agree that we need to fix that before committing my changes to master.

I'm hoping that we can agree to a version of what you're proposing, but my
preference would be to cut out the more granular controls. I'd prefer to see
just:
	core.fsync = [bool]   		- Turn fsyncing on or off.
	core.fsyncMethod = [string] 	- Controls how it's done (with a non-fatal warn on unrecognized values).
	core.fsyncObjectFiles = [bool]  - Sets core.fsync if that setting doesn't already have a value. For back-compat.

I don't think either we or the users should have to reason about what it means
for some parts of the repo to be fsynced and others not to be. If core.fsync is
'false' and someone gets a weird state after a system crash, no one should be
surprised. If core.fsync is 'true', and people are running on a reasonable
common filesystem, we should be trying to give decent performance and good
durability.

It would be nice to loop in some Linux fs developers to find out what can be
done on current implementations to get the durability without terrible
performance. From reading the docs and mailing threads it looks like the
sync_file_range + bulk fsync approach should actually work on the current XFS
implementation.

Thanks,
Neeraj
Windows Core Filesystem Dev



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux