----- Original Message ----- > From: "M S Vishwanath Bhat" <msvbhat@xxxxxxxxx> > To: "Rajesh Joseph" <rjoseph@xxxxxxxxxx> > Cc: "Vijay Bellur" <vbellur@xxxxxxxxxx>, "Seema Naik" <senaik@xxxxxxxxxx>, "Gluster Devel" > <gluster-devel@xxxxxxxxxxx> > Sent: Tuesday, June 3, 2014 5:55:27 PM > Subject: Re: autodelete in snapshots > > On 3 June 2014 15:21, Rajesh Joseph <rjoseph@xxxxxxxxxx> wrote: > > > > > > > ----- Original Message ----- > > From: "M S Vishwanath Bhat" <msvbhat@xxxxxxxxx> > > To: "Vijay Bellur" <vbellur@xxxxxxxxxx> > > Cc: "Seema Naik" <senaik@xxxxxxxxxx>, "Gluster Devel" < > > gluster-devel@xxxxxxxxxxx> > > Sent: Tuesday, June 3, 2014 1:02:08 AM > > Subject: Re: autodelete in snapshots > > > > > > > > > > On 2 June 2014 20:22, Vijay Bellur < vbellur@xxxxxxxxxx > wrote: > > > > > > > > On 04/23/2014 05:50 AM, Vijay Bellur wrote: > > > > > > On 04/20/2014 11:42 PM, Lalatendu Mohanty wrote: > > > > > > On 04/16/2014 11:39 AM, Avra Sengupta wrote: > > > > > > The whole purpose of introducing the soft-limit is, that at any point > > of time the number of > > snaps should not exceed the hard limit. If we trigger auto-delete on > > hitting hard-limit, then > > the purpose itself is lost, because at that point we would be taking a > > snap, making the limit > > hard-limit + 1, and then triggering auto-delete, which violates the > > sanctity of the hard-limit. > > Also what happens when we are at hard-limit + 1, and another snap is > > issued, while auto-delete > > is yet to process the first delete. At that point we end up at > > hard-limit + 1. Also what happens > > if for a particular snap the auto-delete fails. > > > > We should see the hard-limit, as something set by the admin keeping in > > mind the resource consumption > > and at no-point should we cross this limit, come what may. If we hit > > this limit, the create command > > should fail asking the user to delete snaps using the "snapshot > > delete" command. > > > > The two options Raghavendra mentioned are applicable for the > > soft-limit only, in which cases on > > hitting the soft-limit > > > > 1. Trigger auto-delete > > > > or > > > > 2. Log a warning-message, for the user saying the number of snaps is > > exceeding the snap-limit and > > display the number of available snaps > > > > Now which of these should happen also depends on the user, because the > > auto-delete option > > is configurable. > > > > So if the auto-delete option is set as true, auto-delete should be > > triggered and the above message > > should also be logged. > > > > But if the option is set as false, only the message should be logged. > > > > This is the behaviour as designed. Adding Rahul, and Seema in the > > mail, to reflect upon the > > behaviour as well. > > > > Regards, > > Avra > > > > This sounds correct. However we need to make sure that the usage or > > documentation around this should be good enough , so that users > > understand the each of the limits correctly. > > > > > > It might be better to avoid the usage of the term "soft-limit". > > soft-limit as used in quota and other places generally has an alerting > > connotation. Something like "auto-deletion-limit" might be better. > > > > > > I still see references to "soft-limit" and auto deletion seems to get > > triggered upon reaching soft-limit. > > > > Why is the ability to auto delete not configurable? It does seem pretty > > nasty to go about deleting snapshots without obtaining explicit consent > > from the user. > > > > I agree with Vijay here. It's not good to delete a snap (even though it is > > oldest) without the explicit consent from user. > > > > FYI It took me more than 2 weeks to figure out that my snaps were getting > > autodeleted after reaching "soft-limit". For all I know I had not done > > anything and my snap restore were failing. > > > > I propose to remove the terms "soft" and "hard" limit. I believe there > > should be a limit (just "limit") after which all snapshot creates should > > fail with proper error messages. And there can be a water-mark after which > > user should get warning messages. So below is my proposal. > > > > auto-delete + snap-limit: If the snap-limit is set to n , next snap create > > (n+1th) will succeed only if if auto-delete is set to on/true/1 and oldest > > snap will get deleted automatically. If autodelete is set to off/false/0 , > > (n+1)th snap create will fail with proper error message from gluster CLI > > command. But again by default autodelete should be off. > > > > snap-water-mark : This should come in picture only if autodelete is turned > > off. It should not have any meaning if auto-delete is turned ON. Basically > > it's usage is to give the user warning that limit almost being reached and > > it is time for admin to decide which snaps should be deleted (or which > > should be kept) > > > > *my two cents* > > > > -MS > > > > > > The reason for having a hard-limit is to stop snapshot creation once we > > reached this limit. This helps to have a control over the resource > > consumption. Therefore if we only have this limit (as snap-limit) then > > there is no question of auto-delete. Auto-delete can only be triggered once > > the count crosses the limit. Therefore we introduced the concept of > > soft-limit and a hard-limit. As the name suggests once the hard-limit is > > reached no more snaps will be created. > > > > Perhaps I could have been more clearer. auto-delete value does come into > picture when limit is reached. > > There is a limit 'n' (snap-limit), and when we reach this limit, what > happens to next snap create depends on the value of auto-delete ( should be > user configurable). If auto-delete is ON (n+1)th snap create will actually > delete the snap first (oldest or biggest or some other policy driven) and > then create the next snap. If the auto-delete is set to OFF, then (n+1)th > snap create will fail. Sorry I was not clear enough. We cannot delete the snap first because snapshot creation can fail for n number of reasons. And if the snapshot failed we unnecessarily delete a snapshot. Therefore always we should take a snapshot before issuing a delete. Hope this clear things. > > Now the Idea of having one more limit (water-mark or threshold-limit or > something) which is less than snap-limit n is to warn the user that his > limit is getting nearer. Now the admin will decide what snaps should be > deleted (or which ones should be kept). The sole purpose of this is to warn > the admin. > > Now 'snap-limit' can be called as hard-limit and water-mark can be called > as soft-limit. But auto-delete should *NOT* be turned on by default and it > should not delete upon reaching the soft-limit. It should be the hard-limit yes we agree that we should not turn this by-default, that's why we are planning to raise a bug to address this. > > -MS > > > > > > So the idea is to keep the number of snapshots always less than the > > hard-limit. To do so we introduced the concept of soft-limit, wherein we > > allow snapshots even when this limit is crossed and once the snapshot is > > taken we delete the oldest snap. If you consider this definition then the > > name soft-limit and hard-limit looks ok to me. > > > > In phase II we are planning to have auto-delete feature configurable with > > different policies, e.g. delete oldest, delete with more space consumption, > > etc. I think it is good to have the auto-delete feature enable & disable > > with an user controllable option. We will raise a bug to address this. > > > > Best Regards, > > Rajesh > > > _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-devel
