That makes sense. In the case of "file damage," it would show up as files that could not be healed in logfiles or gluster volume heal [volume] info?
Say we have acceptable backups, are there procedures to somehow overwrite the bad gfid with a copy from a good backup?
Hi Victor,
On Sun, Mar 18, 2018 at 3:47 AM, Victor T <hero_of_nothing_1@xxxxxxxxxxx> wrote:
No. After bringing up one brick and before stopping the next one, you need to be sure that there are no damaged files. You shouldn't reboot a node if "gluster volume heal <volname> info" shows damaged files.
What happens in this case then? I'm thinking about a situation where the servers are kept in an environment that we don't control - i.e. the cloud. If the VMs are forcibly rebooted without enough time to complete a heal before the next one goes down, then it cannot be guaranteed that the data is safe? This has happened to me with Azure before, during the Meltdown/Spectre incident.
This is something that needs to be considered before deploying a dispersed volume (in fact any kind of volume). If multiple bricks can be restarted at *any* time, without *any* prior notification, then it's hard to guarantee much. You can think about this as if it were similar to a RAID. If someone starts removing and adding disks without control, you will surely lose the entire volume if there is not enough time between disk removals to rebuild newly added or reconnected disks. In the case of Gluster you won't lose the entire volume, but some files could get some damage.
If you can't control the sequence of reboots but you know when they will happen, the best thing you can do is to stop volume access (at least write access). This will prevent any corruption, even if multiple bricks are restarted at the same time. Note that in this situation it's possible that you lose quorum, so the volume would be inaccessible anyway.
Xavi
On Fri, Mar 16, 2018 at 4:57 AM, Victor T <hero_of_nothing_1@xxxxxxxxxxx> wrote:
Xavi, does that mean that even if every node was rebooted one at a time even without issuing a heal that the volume would have no issues after running gluster volume heal [volname] when all bricks are back online?
No. After bringing up one brick and before stopping the next one, you need to be sure that there are no damaged files. You shouldn't reboot a node if "gluster volume heal <volname> info" shows damaged files.
The command "gluster volume heal <volname>" is only a tool to force heal to progress (until the bug is fixed).
Xavi
From: Xavi Hernandez <jahernan@xxxxxxxxxx>
Sent: Thursday, March 15, 2018 12:09:05 AM
To: Victor T
Cc: gluster-users@xxxxxxxxxxx
Subject: Re: Disperse volume recovery and healingHi Victor,
On Wed, Mar 14, 2018 at 12:30 AM, Victor T <hero_of_nothing_1@xxxxxxxxxxx> wrote:
I have a question about how disperse volumes handle brick failure. I'm running version 3.10.10 on all systems. If I have a disperse volume in a 4+2 configuration with 6 servers each serving 1 brick, and maintenance needs to be performed on all systems, are there any general steps that need to be taken to ensure data is not lost or service interrupted? For example, can I just reboot each system sequentially after making sure sure the service is running on all servers before rebooting the next system? Or is there a need to force/wait for a heal after each brick comes back online? If I have two bricks down for multiple days and then bring them back in, is there a need to issue a heal or something like a rebalance before rebooting the other servers? There's lots of documentation about other volume types, but it seems information specific to dispersed volumes is a bit hard to find. Thanks a bunch.
On a 4+2 configuration you could bring down up to 2 bricks simultaneously for maintenance. However if something happens to one of the remaining 4 bricks, the volume would stop working. So in this case I would recommend to not have more than one server down for maintenance at the same time unless the down time is very very small.
Once the stopped servers come back up again, you need to wait until all files are healed before proceeding with the next server. Failing to do so means that some files could have more than 2 non-healthy versions, what will make the file inaccessible until enough healthy versions are available again.
Self-heal should be automatically triggered once the bricks come online, however there was a bug (https://bugzilla.redhat.com/show_bug.cgi?id=1547662 ) that could cause delays in the self-heal process. This bug should be fixed in the next version. Meantime you can force self-heal to progress by issuing "gluster volume heal <volname>" commands each time it seems to have stopped.
Once the output of "gluster volume heal <volname> info" reports 0 pending files on all bricks, you can proceed with the maintenance of the next server.
No need to do any rebalance for down bricks. Rebalance is basically needed when volume is expanded with more bricks.
Xavi
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-users
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-users