safety first
play

Safety First New Features in Linux File & Storage Systems Ric - PowerPoint PPT Presentation

Oct 25, 2023 •254 likes •503 views

Safety First New Features in Linux File & Storage Systems Ric Wheeler rwheeler@redhat.com September 27, 2010 Overview Why Care about Data Integrity Common Causes of Data Loss Data Loss Exposure Timeline Reliability

  1. Safety First New Features in Linux File & Storage Systems Ric Wheeler rwheeler@redhat.com September 27, 2010

  2. Overview Why Care about Data Integrity  Common Causes of Data Loss  Data Loss Exposure Timeline  Reliability Building Blocks  Examples  Grading our Progress  Questions?  2

  3. Why Care about Data Integrity Linux is used to store critical personal data  ● On Linux based desktops and laptops ● Linux based devices like Tivo, cell phones or a home NAS storage device ● Remote backup providers use Linux systems to backup your personal data Linux servers are very common in corporate data centers  ● Financial services ● Medical images ● Banks Used as the internal OS for appliances  3

  4. Linux has one IO & FS Stack One IO stack has to run on critical and non-critical devices  ● Data integrity is the only “safe” default configuration ● Sophisticated users can choose non-default options that might disable data reliability features Trade offs need to be done with care  ● Some configurations can hurt data integrity (like ext3 writeback mode) ● Some expose data integrity issues (non-default support for write barriers) Where possible, the system should auto-configure these options  ● Detection of battery or UPS can allow for mounting without write barriers ● Special tunings for SSD's and high end arrays to avoid barrier operations ● Similar to the way we auto-configure features for other types of hardware 4

  5. Common Causes of Data Loss Uncountable ways to lose data  ● Honesty requires vendors that sell you a storage device should provide some disclaimer about when – not if - you will lose data Storage device manufacturers work hard to  ● Track the causes of data loss or system unavailability of real, deployed systems ● Classify those instances into discrete buckets ● Carefully select the key issues that are most critical (or common) to fix first Tracking real world issues and focusing on fixing high priority issues requires  really good logging and reporting from deployed systems ● Voluntary methods like the kernel-oops project ● Critical insight comes from being able to gather good data, do real analysis and then monitor how your fixes impact the deployed base 5

  6. User Errors Accidental destruction or deletion of data  ● Overwriting good data with bad ● Restoring old backups to good data Service errors  ● Replacing the wrong drive in a RAID array ● Not plugging in the UPS Losing track of where you put it  ● Too many places to store a photo, MP3, etc Misunderstanding or lack of knowledge about how to configure the system  properly Developers need to be responsible for providing easy to use system in order to  minimize this kind of error! 6

  7. Application Developer Errors Some application coders do not worry about data integrity to begin with  ● Occasionally on purpose – speed is critical, data is not (can be rerun) ● Occasionally by ignorance ● Occasionally by mistake For application authors that do care, we make data integrity difficult by giving  them poor documentation: ● rename: How many fsync() calls should we use when renaming a file? ● fsync: just the file? File and parent directory? ● Best practices that change with type of storage, file system type and file system journal mode Primitives need to be clearly understood & well documented  ● Too many choices make it next to impossible for application developers to deliver reliable software “Mostly works” is not good enough for data integrity  7

  8. OS & Configuration Errors Configuration Errors  ● Does the system have the write barrier enabled if needed? Bugs in the IO Stack  ● Do we use write barriers correctly to flush volatile write caches? ● Do we properly return error codes so the application can handle failures? ● Do we log the correct failure in /var/log/messages in a way that can point the user to a precise component? 8

  9. Hardware Failures Hard disk failures  Power supply failures  DRAM failures  Cable failures  9

  10. Disasters Name your favorite disaster  ● Fire, Flood, Blizzards.... ● Power outage ● Terrorism No single point of failure requires that any site has a method to have a copy at  some secondary location ● Remote data mirroring can be done at the file level or block level ● Backup and storage of backup images off site ● Buy expensive hardware support for remote replication, etc 10

  11. Data Loss ExposureTimeline Rough Timeline:  ● State 0: Data creation ● State 1: Stored to persistent storage ● State 2: Component failure in your system ● State 3: Detection of the failed component ● State 4: Data repair started ● State 5: Data repair completed Minimizing the time spent out of State 1 is what storage designers lose sleep  over! 11

  12. What is the expected frequency of disk failure? Hard failures  ● Total disk failure ● Read or write failure ● Usually instantaneously detected Soft failures  ● Can happen at any time ● Usually detection requires scrubbing or scanning the storage ● Unfortunately, can be discovered during RAID rebuild Note that this is not just a rotating disk issue  ● SSDs wear out, paper and ink fade, CDs deteriorate, etc 12

  13. How long does it take you to detect a failure? Does your storage system detect latent errors in  ● Hours? Days? Weeks? ● Only when you try to read the data back? Most storage systems do several levels of data scanning and scrubbing  ● Periodic reads (proper read or read_verify commands) to insure that any latent errors are detected ● File servers and object based storage systems can do whole file reads and compare data to a digital hash for example ● Balance is needed between frequent scanning/scrubbing and system performance for its normal workload 13

  14. How long does it take you to repair a failure? Repair the broken storage physically  ● Rewrite a few bad sectors (multiple seconds)? ● Replace a broken drive and rebuild the RAID group (multiple hours)? Can we repair the damage done to the file system?  ● Are any files present but damaged? ● Do I need to run fsck? ● Very useful to be able to map an IO error back to a user file, metadata or unallocated space Repair the logical structure of the file system metadata  ● Fsck time can take hours or days ● Restore any data lost from backup Users like to be able to verify file system integrity after a repair  ● Are all of my files still on the system? ● Is the data in those files intact and unchanged? ● Can you tell me precisely what I lost? 14

  15. Exposure to Permanent Data Loss Combination of the factors described:  ● Robustness of storage system ● Rate of failure of components ● Time to detect the failure ● Time to repair the physical media ● Time to repair the file system metadata (fsck) ● Time to summarize for the user any permanent loss If the time required to detect and repair is larger than your failure rate, you will  lose data! 15

  16. Storage Downtime without Data Loss Counts Unavailable data loses money  ● Banking transactions ● Online transactions Data unavailability can be really mission critical  ● X-rays are digital and used in operations ● Digital maps used in search Horrible performance during repair is downtime in many cases  ● Minimizing repair time minimizing this loss as well 16

  17. How Many Concurrent Failures Can Your Data Survive? Protection against failure is expensive  Storage systems performance  Utilized capacity  Extra costs for hardware, power and cooling for less efficient storage systems  Single drive can survive soft failures  A single disk is 100% efficient  RAID5 can survive 1 hard failure & soft failures  RAID5 with 5 data disks and 1 parity disk is 83% efficient  RAID6 can survive 2 hard failures & soft failures  RAID6 with 4 data disks and 2 parity disks is only 66% efficient!  Fancy schemes (erasure encoding schemes) can survive many failures  Any “k” drives out of “n” are sufficient to recovery data  Popular in cloud and object storage systems  17

  18. Example: MD RAID5 & EXT3 RAID5 gives us the ability to survive 1 hard failure  ● Any second soft failure during RAID rebuild can cause data loss since we need to read each sector of all other disks during rebuild ● Rebuild can begin only when we have a new or spare drive to use for rebuild Concurrent hard drive failures in a RAID group are rare  ● ... but detecting latent (soft) errors during rebuild are increasingly common! MD has the ability to “check” RAID members on demand  ● Useful to be able to de-prioritize this background scan ● Should run once every 2 to 4 weeks RAID rebuild times are linear with drive size  ● Can run up to 1 day for a healthy set of disk drives EXT3 fsck times can run a long time  ● 1TB FS fsck with 45 million files ran 1 hour (reports in the field of run time up to 1 week!) ● Hard (not impossible) to map bad sectors back to user files using ncheck/icheck 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SAFETY Act Webinar What is the SAFETY Act and how do you apply? Office of SAFETY Act

SAFETY Act Webinar What is the SAFETY Act and how do you apply? Office of SAFETY Act

SAFETY Act Webinar What is the SAFETY Act and how do you apply? Office of SAFETY Act Implementation (OSAI) February 11, 2015 Presenters Name June 17, 2003 What is the SAFETY Act? Congress enacted the Support Anti-terrorism by

582 views • 24 slides
Community Safety Office Community Safety Forum (Safety coordinator) Safety initiative/Crime

Community Safety Office Community Safety Forum (Safety coordinator) Safety initiative/Crime

Community Safety Models Background information The Usalama Safety Audit and Assessment of Police Stations revealed the absence of a platform in the community where community, especially the most at risk could articulate; negotiate and frame their

220 views • 5 slides
What is School Safety? 1 5/20/2020 What is School Safety is a basic human need Safety

What is School Safety? 1 5/20/2020 What is School Safety is a basic human need Safety

5/20/2020 Define school safety Review research on safety and academic success Review association between behavioral health issues and the perception of safety Consider impact of mental health, COVID-19 and future school safety

321 views • 16 slides
Aviation Safety Cases The Safety Case and Safety Argument Dr Tim Fowler 29 November 2005

Aviation Safety Cases The Safety Case and Safety Argument Dr Tim Fowler 29 November 2005

Aviation Safety Cases The Safety Case and Safety Argument Dr Tim Fowler 29 November 2005 Overview Why Consider Safety? Safety Assessment: What is Required? Safety and the System Life Cycle. The Safety Argument. Goal

198 views • 17 slides
Safety Safety is a primary concern when it comes to onsite wastewater. Safety doesnt

Safety Safety is a primary concern when it comes to onsite wastewater. Safety doesnt

Safety Safety is a primary concern when it comes to onsite wastewater. Safety doesnt always get the attention it deserves. Sadly, it often takes a tragedy to educate people on the importance of taking safety precautions. Get

628 views • 19 slides
1 AGENDA Safety Production Overview Safety Standards Overview Safety Devices

1 AGENDA Safety Production Overview Safety Standards Overview Safety Devices

1 AGENDA Safety Production Overview Safety Standards Overview Safety Devices Applications According to Reference Standards Safety Limit Switches With Rope and Manual Reset FEP: Safety Electromagnetic Switch With Separate

700 views • 20 slides
Safety in the Construction Industry z Anthony Reynoso z The Importance of Safety Safety

Safety in the Construction Industry z Anthony Reynoso z The Importance of Safety Safety

Safety in the Construction Industry z Anthony Reynoso z The Importance of Safety Safety should be taken into account no matter what place, job, or assignment. Safety rules are needed to protect yourself and others from the danger of what

253 views • 8 slides
NAIL GUN SAFETY NAIL GUN SAFETY Nail Guns Safety Nail Guns Safety A nail gun is an aptly

NAIL GUN SAFETY NAIL GUN SAFETY Nail Guns Safety Nail Guns Safety A nail gun is an aptly

NAIL GUN SAFETY NAIL GUN SAFETY Nail Guns Safety Nail Guns Safety A nail gun is an aptly named tool it operates like a hand gun, but shoots nails instead of bullets. Some Nail gun Facts: Powerful tools can fire up to nine

657 views • 36 slides
Agenda Safety Culture Online Safety Reporting Site Safety Committee / Chief Pilot

Agenda Safety Culture Online Safety Reporting Site Safety Committee / Chief Pilot

Safety Meeting 2017 Agenda Safety Culture Online Safety Reporting Site Safety Committee / Chief Pilot Other o Online Quiz o Launch Procedures o Transition to High Performance Gliders Page - 1 GBSC - Flight Safety Discussion

647 views • 17 slides
Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections Among the most hazardous components of the highway system for all users (planned points of conflict) Complex speed-distance judgments under time

601 views • 24 slides
E- SAFETY INTRODUCTION TO E SAFETY Outlined in the government education strategy that e-safety

E- SAFETY INTRODUCTION TO E SAFETY Outlined in the government education strategy that e-safety

E- SAFETY INTRODUCTION TO E SAFETY Outlined in the government education strategy that e-safety work must be completed with children and young people in school. Sexting (whilst not universally relevant for our particular age group at

536 views • 14 slides
Job Safety Analysis February 2013 Safety Meeting PPT-SM-JSA V.A.0.0 Job Safety Analysis A

Job Safety Analysis February 2013 Safety Meeting PPT-SM-JSA V.A.0.0 Job Safety Analysis A

Job Safety Analysis February 2013 Safety Meeting PPT-SM-JSA V.A.0.0 Job Safety Analysis A job safety analysis, JSA, is a process of systematically identifying workplace hazards by breaking down a particular job into a series of relatively

617 views • 23 slides
Welcome! Hangar Safety Awareness People and property Aviation Hangar Safety Safety 2 Rev.

Welcome! Hangar Safety Awareness People and property Aviation Hangar Safety Safety 2 Rev.

Welcome! Hangar Safety Awareness People and property Aviation Hangar Safety Safety 2 Rev. 11/1/11 Definition safety /sefti / Show Spelled [seyf-tee] Show IPA noun, plural safeties. 1. the state of being safe; freedom from the

1.23k views • 97 slides
San Diego Mesa College Safety Committee Safety Committee Overview The Mesa College Safety

San Diego Mesa College Safety Committee Safety Committee Overview The Mesa College Safety

San Diego Mesa College Safety Committee Safety Committee Overview The Mesa College Safety Committee provides a venue to address safety issues and promote safety in all areas across the campus. It also provides planning related to safety

620 views • 12 slides
Household Safety Household Safety Objectives Statistics on household safety Common

Household Safety Household Safety Objectives Statistics on household safety Common

Household Safety Household Safety Objectives Statistics on household safety Common injuries and accidents at home Falls Poisoning Fires and Burns Choking Environmental Hazards Emergency preparedness

410 views • 15 slides
Household Safety Household Safety Objectives Statistics on household safety Common

Household Safety Household Safety Objectives Statistics on household safety Common

Household Safety Household Safety Objectives Statistics on household safety Common injuries and accidents at home Falls Poisoning Fires and burns Choking and suffocation Environmental hazards Drowning

264 views • 22 slides
for E34 collaboration 2015/8/11 1. Introduction 2. E34 experiment 3. Status of each

for E34 collaboration 2015/8/11 1. Introduction 2. E34 experiment 3. Status of each

g-2 J-PARC (E34) M. . Ota tani (KEK) for E34 collaboration 2015/8/11 1. Introduction 2. E34 experiment 3. Status of each experimental components 4. Summary 1 Muon g-2 and EDM As already introduced, muon g- 2 has a 3 discrepancy

434 views • 27 slides
Are Caste Categories Mis isleading? The Relationship Between Gender and Jati in in Three In

Are Caste Categories Mis isleading? The Relationship Between Gender and Jati in in Three In

Are Caste Categories Mis isleading? The Relationship Between Gender and Jati in in Three In Indian States Shareen Joshi (Georgetown University) Nishtha Kochhar (Georgetown University) Vijayendra Rao (World Bank) September 2018 What is

685 views • 23 slides
CLAIMS DATA SET (MN APCD) Annual Meeting National Association of Health Data Organizations

CLAIMS DATA SET (MN APCD) Annual Meeting National Association of Health Data Organizations

USE OF THE MINNESOTA ALL PAYER CLAIMS DATA SET (MN APCD) Annual Meeting National Association of Health Data Organizations October 30, 2015 Stefan Gildemeister Director, Health Economics Program 2 Overview Purposes the MN APCD has been

385 views • 12 slides
Getting started with Isabelle/Isar Makarius Wenzel TU M unchen August 2007 1. Foundations:

Getting started with Isabelle/Isar Makarius Wenzel TU M unchen August 2007 1. Foundations:

Getting started with Isabelle/Isar Makarius Wenzel TU M unchen August 2007 1. Foundations: logical framework 2. Forward reasoning: proof context 3. Backward reasoning: proof state PRELUDE: Notions of proof Isabelle tactic scripts lemma A

1.02k views • 63 slides
Click to edit Master title State of Michigan School style Based Services and Presenter Name

Click to edit Master title State of Michigan School style Based Services and Presenter Name

Click to edit Master title State of Michigan School style Based Services and Presenter Name Expansion Presenter Date October 28, 2020 Session Overview Click to edit Master title Todays presentation is jointly presented by Healthy

708 views • 42 slides
Innovation in Pharma: Policies to Lower Prescription Drug Prices while Maintaining Incentives for

Innovation in Pharma: Policies to Lower Prescription Drug Prices while Maintaining Incentives for

Innovation in Pharma: Policies to Lower Prescription Drug Prices while Maintaining Incentives for Innovation Louise Sheiner March 15, 2019 Motivation Lots of policy discussion surrounding prescription drug prices. Difficult to analyze welfare

262 views • 7 slides
Overview of the 2016- 17 Governors Budget January 2016 Michael Cohen Director, Department of

Overview of the 2016- 17 Governors Budget January 2016 Michael Cohen Director, Department of

Overview of the 2016- 17 Governors Budget January 2016 Michael Cohen Director, Department of Finance Balanced Budgets Have Been Quickly Followed by Huge Deficits 2 2016-17 General Fund Revenues vs Expenditures 3 Unpredictable Capital

537 views • 14 slides
S TATE ACTI VI TI E S I N H E ALTH CAR E P R I N C E T O N C O N F E R E N C E X X V I W I

S TATE ACTI VI TI E S I N H E ALTH CAR E P R I N C E T O N C O N F E R E N C E X X V I W I

1 S TATE ACTI VI TI E S I N H E ALTH CAR E P R I N C E T O N C O N F E R E N C E X X V I W I L L F E D E R A L I S M I M P R O V E T H E U . S . H E A L T H C A R E S Y S T E M ? M AY 2 2 , 2 0 19 P R E S E N T E D B Y T R I S H

238 views • 4 slides

More recommend