On Mon, Apr 09, 2012 at 08:08:57PM +0400, Stanislav Kinsbursky wrote: > 09.04.2012 19:27, Jeff Layton пишет: > > > >If you allow one container to hand out conflicting locks while another > >container is allowing reclaims, then you can end up with some very > >difficult to debug silent data corruption. That's the worst possible > >outcome, IMO. We really need to actively keep people from shooting > >themselves in the foot here. > > > >One possibility might be to only allow filesystems to be exported from > >a single container at a time (and allow that to be overridable somehow > >once we have a working active/active serving solution). With that, you > >may be able limp along with a per-container grace period handling > >scheme like you're proposing. > > > > Ok then. Keeping people from shooting themselves here sounds reasonable. > And I like the idea of exporting a filesystem only from once per > network namespace. Unfortunately that's not going to get us very far, especially not in the v4 case where we've got the common read-only pseudoroot that everyone has to share. --b. > Looks like there should be a list of pairs > "exported superblock - network namespace". And if superblock is > exported already in other namespace, then export in new namespace > have to be skipped (replaced?) with appropriate warning (error?) > message shown in log. > Or maybe we even should deny starting of NFS server if one of it's > exports is shared already by other NFS server "instance"? > But any of these ideas would be easy to implement in RAM, and thus > it suits only for containers... > > -- > Best regards, > Stanislav Kinsbursky -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
