> On Jan 31, 2023, at 9:42 AM, Andrew J. Romero <romero@xxxxxxxx> wrote: > > > >> From: Jeff Layton <jlayton@xxxxxxxxxx> > >> What do you mean by "zombie / orphan" here? Do you mean files that have >> been sillyrenamed [1] to ".nfsXXXXXXX" ? Or are you simply talking about >> clients that are holding files open for a long time? > > Hi Jeff > > .... clients that are holding files open for a long time > > Here's a complete summary: > > On my NAS appliances , I noticed that average usage of the relevant memory pool > never went down. I suspected some sort of "leak" or "file-stuck-open" scenario. > > I hypothesized that if NFS-client to NFS-server communications were frequently disrupted, > this would explain the memory-pool behavior I was seeing. > I felt that Kerberos credential expiration was the most likely frequent disruptor. > > I ran a simple python test script that (1) opened enough files that I could see an obvious jump > in the relevant NAS memory pool metric, then (2) went to sleep for shorter than the > Kerberos ticket lifetime, then (3) exited without explicitly closing the files. > The result: After the script exited, usage of the relevant server-side memory pool decreased by > the expected amount. > > Then I ran a simple python test script that (1) opened enough files that I could see an obvious jump > in the relevant NAS memory pool metric, then (2) went to sleep for longer than the > Kerberos ticket lifetime, then (3) exited without explicitly closing the files. > The result: After the script exited, usage of the relevant server-side memory pool did not decrease. > ( the files opened by the script were permanently "stuck open" ... depleting the server-side pool resource) > > In a large campus environment, usage of the relevant memory pool will eventually get so > high that a server-side reboot will be needed. > > I'm working with my NAS vendor ( who is very helpful ); however, if the NFS server and client specifications > don't specify an official way to handle this very real problem, there is not much a NAS server vendor can safely / responsibly do. Yes, there is: the NAS vendor can report the problem to the people they get their server code from :-) > If there currently is no formal/official way of handling this issue ( server-side pool exhaustion due to "disappearing" client ) > is this a problem worth solving ( at a level lower than the application level )? Yes, this is IMO unwelcome behavior, and a real problem for large scale deployment, as you describe above. But let's be careful: a "disappearing client" should be handled properly: its lease will expire and the server will eventually close out any OPEN state that client was responsible for. If the client continues to renew its state, and the appplication doesn't quit or close its files, neither the client or server can tell easily that there is a problem. Moreover, ticket expiry is not necessarily an indication that the application is done with a file. > If client applications were all well behaved ( didn't leave files open for long periods of time ) we wouldn't have a significant issue. > Assuming applications aren't going to be well behaved, are there good general ways of solving this on either the client or server side ? The server needs to manage its resource pools appropriately, otherwise it is exposed to DoS or DDoS attacks. That will improve over time, but I'm not seeing an immediate way to fairly address this on the server side. As Jeff said, the server is just doing what clients are asking of it. The client-side needs to clean up when it can, so we need to explore that. Actually that might be where you have a little more immediate control of this situation. The applications need to either re-authenticate or close files they no longer need. I think you'd have this problem with long-lived applications running on one big system as well. -- Chuck Lever