summaryrefslogtreecommitdiffstats
path: root/doc/replicate.lyx
blob: 2bbcb652aaaeb90ca8e644be5a9b9113131c8928 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
#LyX 1.4.2 created this file. For more info see http://www.lyx.org/
\lyxformat 245
\begin_document
\begin_header
\textclass article
\language english
\inputencoding auto
\fontscheme default
\graphics default
\paperfontsize default
\spacing single
\papersize default
\use_geometry false
\use_amsmath 1
\cite_engine basic
\use_bibtopic false
\paperorientation portrait
\secnumdepth 3
\tocdepth 3
\paragraph_separation skip
\defskip medskip
\quotes_language english
\papercolumns 1
\papersides 1
\paperpagestyle default
\tracking_changes false
\output_changes false
\end_header

\begin_body

\begin_layout Title

\size larger
Automatic File Replication (replicate) in GlusterFS
\end_layout

\begin_layout Author
Vikas Gorur 
\family typewriter
\size larger
<vikas@zresearch.com>
\end_layout

\begin_layout Standard
\begin_inset ERT
status open

\begin_layout Standard


\backslash
hrule
\end_layout

\end_inset


\end_layout

\begin_layout Section*
Overview
\end_layout

\begin_layout Standard
This document describes the design and usage of the replicate translator in GlusterFS.
 This document is valid for the 1.4.x releases, and not earlier ones.
\end_layout

\begin_layout Standard
The replicate translator of GlusterFS aims to keep identical copies of a file
 on all its subvolumes, as far as possible.
 It tries to do this by performing all filesystem mutation operations (writing
 data, creating files, changing ownership, etc.) on all its subvolumes in
 such a way that if an operation succeeds on atleast one subvolume, all
 other subvolumes can later be brought up to date.
\end_layout

\begin_layout Standard
In the rest of the document the terms 
\begin_inset Quotes eld
\end_inset

subvolume
\begin_inset Quotes erd
\end_inset

 and 
\begin_inset Quotes eld
\end_inset

server
\begin_inset Quotes erd
\end_inset

 are used interchangeably, trusting that it will cause no confusion to the
 reader.
\end_layout

\begin_layout Section*
Usage
\end_layout

\begin_layout Standard
A sample volume declaration for replicate looks like this:
\end_layout

\begin_layout Standard
\begin_inset ERT
status open

\begin_layout Standard


\backslash
begin{verbatim}
\end_layout

\begin_layout Standard

volume replicate
\end_layout

\begin_layout Standard

 type cluster/replicate
\end_layout

\begin_layout Standard

 # options, see below for description
\end_layout

\begin_layout Standard

 subvolumes brick1 brick2
\end_layout

\begin_layout Standard

end-volume
\end_layout

\begin_layout Standard


\backslash
end{verbatim}
\end_layout

\begin_layout Standard

\end_layout

\begin_layout Standard

\end_layout

\begin_layout Standard

\end_layout

\end_inset


\end_layout

\begin_layout Standard
This defines an replicate volume with two subvolumes, brick1, and brick2.
 For replicate to work properly, it is essential that its subvolumes support 
\series bold
extended attributes
\series default
.
 This means that you should choose a backend filesystem that supports extended
 attributes, like XFS, ReiserFS, or Ext3.
\end_layout

\begin_layout Standard
The storage volumes used as backend for replicate 
\emph on
must
\emph default
 have a posix-locks volume loaded above them.
\end_layout

\begin_layout Standard
\begin_inset ERT
status open

\begin_layout Standard


\backslash
begin{verbatim}
\end_layout

\begin_layout Standard

volume brick1
\end_layout

\begin_layout Standard

 type features/posix-locks
\end_layout

\begin_layout Standard

 subvolumes brick1-ds
\end_layout

\begin_layout Standard

end-volume
\end_layout

\begin_layout Standard


\backslash
end{verbatim}
\end_layout

\end_inset


\end_layout

\begin_layout Section*
Design
\end_layout

\begin_layout Subsection*
Read algorithm
\end_layout

\begin_layout Standard
All operations that do not modify the file or directory are sent to all
 the subvolumes and the first successful reply is returned to the application.
\end_layout

\begin_layout Standard
The read() system call (reading data from a file) is an exception.
 For read() calls, replicate tries to do load balancing by sending all reads from
 a particular file to a particular server.
\end_layout

\begin_layout Standard
The read algorithm is also affected by the option read-subvolume; see below
 for details.
\end_layout

\begin_layout Subsection*
Classes of file operations
\end_layout

\begin_layout Standard
replicate divides all filesystem write operations into three classes:
\end_layout

\begin_layout Itemize

\series bold
data: 
\series default
Operations that modify the contents of a file (write, truncate).
\end_layout

\begin_layout Itemize

\series bold
metadata: 
\series default
Operations that modify attributes of a file or directory (permissions, ownership
, etc.).
\end_layout

\begin_layout Itemize

\series bold
entry: 
\series default
Operations that create or delete directory entries (mkdir, create, rename,
 rmdir, unlink, etc.).
\end_layout

\begin_layout Subsection*
Locking and Change Log
\end_layout

\begin_layout Standard
To ensure consistency across subvolumes, replicate holds a lock whenever a modificatio
n is being made to a file or directory.
 By default, replicate considers the first subvolume as the sole lock server.
 However, the number of lock servers can be increased upto the total number
 of subvolumes.
\end_layout

\begin_layout Standard
The change log is a set of extended attributes associated with files and
 directories that replicate maintains.
 The change log keeps track of the changes made to files and directories
 (data, metadata, entry) so that the self-heal algorithm knows which copy
 of a file or directory is the most recent one.
\end_layout

\begin_layout Subsection*
Write algorithm
\end_layout

\begin_layout Standard
The algorithm for all write operations (data, metadata, entry) is:
\end_layout

\begin_layout Enumerate
Lock the file (or directory) on all of the lock servers (see options below).
\end_layout

\begin_layout Enumerate
Write change log entries on all servers.
\end_layout

\begin_layout Enumerate
Perform the operation.
\end_layout

\begin_layout Enumerate
Erase change log entries.
\end_layout

\begin_layout Enumerate
Unlock the file (or directory) on all of the lock servers.
\end_layout

\begin_layout Standard
The above algorithm is a simplified version intended for general users.
 Please refer to the source code for the full details.
\end_layout

\begin_layout Subsection*
Self-Heal
\end_layout

\begin_layout Standard
replicate automatically tries to fix any inconsistencies it detects among different
 copies of a file.
 It uses information in the change log to determine which copy is the 
\begin_inset Quotes eld
\end_inset

correct
\begin_inset Quotes erd
\end_inset

 version.
\end_layout

\begin_layout Standard
Self-heal is triggered when a file or directory is first 
\begin_inset Quotes eld
\end_inset

accessed
\begin_inset Quotes erd
\end_inset

, that is, the first time any operation is attempted on it.
 The self-heal algorithm does the following things:
\end_layout

\begin_layout Standard
If the entry being accessed is a directory:
\end_layout

\begin_layout Itemize
The contents of the 
\begin_inset Quotes eld
\end_inset

correct
\begin_inset Quotes erd
\end_inset

 version is replicated on all subvolumes, by deleting entries and creating
 entries as necessary.
\end_layout

\begin_layout Standard
If the entry being accessed is a file:
\end_layout

\begin_layout Itemize
If the file does not exist on some subvolumes, it is created.
\end_layout

\begin_layout Itemize
If there is a mismatch in the size of the file, or ownership, or permission,
 it is fixed.
\end_layout

\begin_layout Itemize
If the change log indicates that some copies need updating, they are updated.
\end_layout

\begin_layout Subsection*
Split-brain
\end_layout

\begin_layout Standard
It may happen that one replicate client can access only some of the servers in
 a cluster and another replicate client can access the remaining servers.
 Or it may happen that in a cluster of two servers, one server goes down
 and comes back up, but the other goes down immediately.
 Both these scenarios result in a 
\begin_inset Quotes eld
\end_inset

split-brain
\begin_inset Quotes erd
\end_inset

.
\end_layout

\begin_layout Standard
In a split-brain situation, there will be two or more copies of a file,
 all of which are 
\begin_inset Quotes eld
\end_inset

correct
\begin_inset Quotes erd
\end_inset

 in some sense.
 replicate without manual intervention has no way of knowing what to do, since
 it cannot consider any single copy as definitive, nor does it know of any
 meaningful way to merge the copies.
\end_layout

\begin_layout Standard
If replicate detects that a split-brain has happened on a file, it disallows opening
 of that file.
 You will have to manually resolve the conflict by deleting all but one
 copy of the file.
 Alternatively you can set an automatic split-brain resolution policy by
 using the `favorite-child' option (see below).
\end_layout

\begin_layout Section*
Translator Options
\end_layout

\begin_layout Standard
replicate accepts the following options:
\end_layout

\begin_layout Subsection*
read-subvolume (default: none)
\end_layout

\begin_layout Standard
The value of this option must be the name of a subvolume.
 If given, all read operations are sent to only the specified subvolume,
 instead of being balanced across all subvolumes.
\end_layout

\begin_layout Subsection*
favorite-child (default: none)
\end_layout

\begin_layout Standard
The value of this option must be the name of a subvolume.
 If given, the specified subvolume will be preferentially used in resolving
 conflicts (
\begin_inset Quotes eld
\end_inset

split-brain
\begin_inset Quotes erd
\end_inset

).
 This means if a discrepancy is noticed in the attributes or content of
 a file, the copy on the `favorite-child' will be considered the definitive
 version and its contents will 
\emph on
overwrite 
\emph default
the contents of all other copies.
 Use this option with caution! It is possible to 
\emph on
lose data
\emph default
 with this option.
 If you are in doubt, do not specify this option.
\end_layout

\begin_layout Subsection*
Self-heal options
\end_layout

\begin_layout Standard
Setting any of these options to 
\begin_inset Quotes eld
\end_inset

off
\begin_inset Quotes erd
\end_inset

 prevents that kind of self-heal from being done on a file or directory.
 For example, if metadata self-heal is turned off, permissions and ownership
 are no longer fixed automatically.
\end_layout

\begin_layout Subsubsection*
data-self-heal (default: on)
\end_layout

\begin_layout Standard
Enable/disable self-healing of file contents.
\end_layout

\begin_layout Subsubsection*
metadata-self-heal (default: off)
\end_layout

\begin_layout Standard
Enable/disable self-healing of metadata (permissions, ownership, modification
 times).
\end_layout

\begin_layout Subsubsection*
entry-self-heal (default: on)
\end_layout

\begin_layout Standard
Enable/disable self-healing of directory entries.
\end_layout

\begin_layout Subsection*
Change Log options
\end_layout

\begin_layout Standard
If any of these options is turned off, it disables writing of change log
 entries for that class of file operations.
 That is, steps 2 and 4 of the write algorithm (see above) are not done.
 Note that if the change log is not written, the self-heal algorithm cannot
 determine the 
\begin_inset Quotes eld
\end_inset

correct
\begin_inset Quotes erd
\end_inset

 version of a file and hence self-heal will only be able to fix 
\begin_inset Quotes eld
\end_inset

obviously
\begin_inset Quotes erd
\end_inset

 wrong things (such as a file existing on only one node).
\end_layout

\begin_layout Subsubsection*
data-change-log (default: on)
\end_layout

\begin_layout Standard
Enable/disable writing of change log for data operations.
\end_layout

\begin_layout Subsubsection*
metadata-change-log (default: on)
\end_layout

\begin_layout Standard
Enable/disable writing of change log for metadata operations.
\end_layout

\begin_layout Subsubsection*
entry-change-log (default: on)
\end_layout

\begin_layout Standard
Enable/disable writing of change log for entry operations.
\end_layout

\begin_layout Subsection*
Locking options
\end_layout

\begin_layout Standard
These options let you specify the number of lock servers to use for each
 class of file operations.
 The default values are satisfactory in most cases.
 If you are extra paranoid, you may want to increase the values.
 However, be very cautious if you set the data- or entry- lock server counts
 to zero, since this can result in 
\emph on
lost data.

\emph default
 For example, if you set the data-lock-server-count to zero, and two application
s write to the same region of a file, there is a possibility that none of
 your servers will have all the data.
 In other words, the copies will be 
\emph on
inconsistent
\emph default
, and 
\emph on
incomplete
\emph default
.
 Do not set data- and entry- lock server counts to zero unless you absolutely
 know what you are doing and agree to not hold GlusterFS responsible for
 any lost data.
\end_layout

\begin_layout Subsubsection*
data-lock-server-count (default: 1)
\end_layout

\begin_layout Standard
Number of lock servers to use for data operations.
\end_layout

\begin_layout Subsubsection*
metadata-lock-server-count (default: 0)
\end_layout

\begin_layout Standard
Number of lock servers to use for metadata operations.
\end_layout

\begin_layout Subsubsection*
entry-lock-server-count (default: 1)
\end_layout

\begin_layout Standard
Number of lock servers to use for entry operations.
\end_layout

\begin_layout Section*
Known Issues
\end_layout

\begin_layout Subsection*
Self-heal of file with more than one link (hard links):
\end_layout

\begin_layout Standard
Consider two servers, A and B.
 Assume A is down, and the user creates a file `new' as a hard link to a
 file `old'.
 When A comes back up, replicate will see that the file `new' does not exist on
 A, and self-heal will create the file and copy the contents from B.
 However, now on server A the file `new' is not a link to the file `old'
 but an entirely different file.
\end_layout

\begin_layout Standard
We know of no easy way to fix this problem, but we will try to fix it in
 forthcoming releases.
\end_layout

\begin_layout Subsection*
File re-opening after a server comes back up:
\end_layout

\begin_layout Standard
If a server A goes down and comes back up, any files which were opened while
 A was down and are still open will not have their writes replicated on
 A.
 In other words, data replication only happens on those servers which were
 alive when the file was opened.
\end_layout

\begin_layout Standard
This is a rather tricky issue but we hope to fix it very soon.
\end_layout

\begin_layout Section*
Frequently Asked Questions
\end_layout

\begin_layout Subsection*
1.
 How can I force self-heal to happen?
\end_layout

\begin_layout Standard
You can force self-heal to happen on your cluster by running a script or
 a command that accesses every file.
 A simple way to do it would be:
\end_layout

\begin_layout Standard
\begin_inset ERT
status open

\begin_layout Standard

\end_layout

\begin_layout Standard


\backslash
begin{verbatim}
\end_layout

\begin_layout Standard

$ ls -lR
\end_layout

\begin_layout Standard


\backslash
end{verbatim}
\end_layout

\begin_layout Standard

\end_layout

\end_inset


\end_layout

\begin_layout Standard
Run the command in all directories which you want to forcibly self-heal.
\end_layout

\begin_layout Subsection*
2.
 Which backend filesystem should I use for replicate?
\end_layout

\begin_layout Standard
You can use any backend filesystem that supports extended attributes.
 We know of users successfully using XFR, ReiserFS, and Ext3.
\end_layout

\begin_layout Subsection*
3.
 What can I do to improve replicate performance?
\end_layout

\begin_layout Standard
Try loading performance translators such as io-threads, write-behind, io-cache,
 and read-ahead depending on your workload.
 If you are willing to sacrifice correctness in corner cases, you can experiment
 with the lock-server-count and the change-log options (see above).
 As warned earlier, be very careful!
\end_layout

\begin_layout Subsection*
4.
 How can I selectively replicate files?
\end_layout

\begin_layout Standard
There is no support for selective replication in replicate itself.
 You can achieve selective replication by loading the unify translator over
 replicate, and using the switch scheduler.
 Configure unify with two subvolumes, one of them being replicate.
 Using the switch scheduler, schedule all files for which you need replication
 to the replicate subvolume.
 Consult unify and switch documentation for more details.
\end_layout

\begin_layout Section*
Contact
\end_layout

\begin_layout Standard
If you need more assistance on replicate, contact us on the mailing list <gluster-user
s@gluster.org> (visit gluster.org for details on how to subscribe).
\end_layout

\begin_layout Standard
Send you comments and suggestions about this document to <vikas@zresearch.com>.
\end_layout

\end_body
\end_document