[Linux-cluster] Re: Some ideas on changes to the lvm.sh agent (or new agents).

Jonathan Brassow jbrassow at redhat.com
Wed Oct 3 14:57:17 UTC 2007 

Great stuff!  Much of what you are describing I've thought about in  
the past, but just haven't had the cycles to work on.  You can see in  
the script itself, the comments at the top mention the desire to  
operate on the VG level.  You can also see a couple vg_* functions  
that simply return error right now, but were intended to be filled in.

Comments in-line.

On Sep 28, 2007, at 11:14 AM, Simone Gotti wrote:

> Hi,
>
> Trying to use a non cluster vg in redhat cluster I noticed that  
> lvm.sh,
> to avoid metadata corruption, is forcing the need of only one lv  
> per vg.
>
> I was thinking that other clusters don't have this limitation as they
> let you just use a vg only on one node at a time (and also on one
> service group at a time).
>
> To test if this was possible with lvm2 I made little changes to lvm.sh
> (just variables renames, use of vgchange instead of lvchange for tag
> adding) and using the same changes needed to /etc/lvm/lvm.conf
> (volume_list = [ "rootvgname", "@my_hostname" ]) looks like this idea
> was working.
>
> I can activate the vg and all of its volume only on the node with  
> the vg
> tagged with its hostname and the start on the other nodes is refused.
>
> Now, will this idea be accepted? If so these are a list of possible
> needed changes and other ideas:
>
> *) Make <parameter name="vg_name" required="1"> also unique="1" or
> better primary="1" and remove the parameter "name" as only one service
> can use a vg.

Sounds reasonable.  Be careful when using those parameters though,  
they often result in cryptic error messages that are tough to  
follow.  I do checks in lvm.sh where possible to be able to give the  
user more information on what went wrong.

>
> *) What vg_status should do?
> a) Monitor all the LVs
> 	or
> b) Check only the VG and use ANOTHER resource agent for every lv  
> used by
> the cluster? So I can create/remove/modify lvs on that vg that aren't
> under rgmanager control without any error reported by the status
> functions of the lvm.sh agent.
> Also other clusters distinguish between vg and lv and they have 2
> different agents for them.

This is were things get difficult.  It would be ok to modify lvs on  
that vg as long as it's on the same machine that has ownership.  Tags  
should prevent otherwise, so should be ok.

User would have to be careful (or barriers would have to prevent)  
users from assigning different LVs in the same VG to different  
services.  Otherwise, if a service fails (application level) and must  
be moved to a different machine, we would have to find a way to move  
all services associated with the VG to the next machine.  I think  
there are ways to mandate this (that service A stick with service B),  
but we would have to have a way to enforce it.

> Creating two new agents will also leave the actual lvm.sh without
> changes and keep backward compatibility for who is already using it.
>
> Something like this (lets call lvm_vg and lvm_lv respectively the  
> agents
> for the vg and the lv):
>
> <service name="foo">
>   <lvm_vg vgname="vg01">
>      <lvm_lv lvname="lv01/>
>      <lvm_lv lvname="lv01/>
>      <script .... />
>   </lvm_vg>
> </service>

I'd have to be convinced of this...  I'd hate to see two 'lvm_lv's  
that refer to the same VG in different services... or would lvm_lv  
somehow require a parent lvm_vg, and make lvm_vg have a 'unique=1'?   
In any case, we are forced to move an entire VG at a time, so I'm not  
sure it would make sense to break it up.

> *) Another problem that is present just now is that lvm should be
> changed to avoid any operation on a non activable vg or lv. In these
> days you cannot be able to start a vg/lv as its not tagged with the
> hostname but you can remove/resize it without any problem. :D

Yes, tags need to be tightened-up.  You should never be able to alter  
metadata of LVM from a machine that does not have permission.

Another improvement I'd like to see is automatic VG ownership.   
Basically, tighten-up the tagging as stated above and add a unique  
machine specific tag to new VGs by default.  (For clusters, this tag  
could be the cluster name.)  This does a number of things, but  
primarily:
1) restricts access to the machine (or cluster) that created the VG.
- now if you move a hard drive to a different machine, it won't  
conflict with the other hard drives there (which might cause  
confusion over which device is the actual root volume).
2) simplifies HA LVM (lvm.sh + rgmanager)
- there would no longer be a need to edit lvm.conf to add the machine  
name, etc...
One of the questions surrounding this is how do you generate the  
unique id and when?  You would probably need it upon installation...

There are many kinds of fault scenarios.  Thinking through each one  
of them will be important when trying to implement a by-VG model vs a  
by-LV model.  I usually stumble across an issue that gives me pause  
before hastily adding a new feature, but I would welcome further  
thought/code.

  brassow

More information about the Linux-cluster mailing list