[Linux-cluster] Re: Some ideas on changes to the lvm.sh agent (or new agents).

Simone Gotti simone.gotti at email.it
Wed Oct 3 22:18:53 UTC 2007 

Hi,

thanks for the answer! I added little comments in-line too.

[sorry for this top post]
After I wrote the mail last day, I started implementing my ideas. I used
lvm.sh as a base, but after some changed I discovered more and more
corner cases and issues so in the end it changed quite a lot.

I'll write a new mail attaching this new script. I did some tests with
various scenarios. For example: All Machines that lost the same PVs;
only one machine that lost PVs; removing an LVs, removing the whole VG
etc... But to be sure that there aren't problem I have to do more and
more tests and also try to document them.

Thanks!
Bye!

On Wed, 2007-10-03 at 09:57 -0500, Jonathan Brassow wrote:
> Great stuff!  Much of what you are describing I've thought about in  
> the past, but just haven't had the cycles to work on.  You can see in  
> the script itself, the comments at the top mention the desire to  
> operate on the VG level.  You can also see a couple vg_* functions  
> that simply return error right now, but were intended to be filled in.
> 
> Comments in-line.
> 
> On Sep 28, 2007, at 11:14 AM, Simone Gotti wrote:
> 
> > Hi,
> >
> > Trying to use a non cluster vg in redhat cluster I noticed that  
> > lvm.sh,
> > to avoid metadata corruption, is forcing the need of only one lv  
> > per vg.
> >
> > I was thinking that other clusters don't have this limitation as they
> > let you just use a vg only on one node at a time (and also on one
> > service group at a time).
> >
> > To test if this was possible with lvm2 I made little changes to lvm.sh
> > (just variables renames, use of vgchange instead of lvchange for tag
> > adding) and using the same changes needed to /etc/lvm/lvm.conf
> > (volume_list = [ "rootvgname", "@my_hostname" ]) looks like this idea
> > was working.
> >
> > I can activate the vg and all of its volume only on the node with  
> > the vg
> > tagged with its hostname and the start on the other nodes is refused.
> >
> > Now, will this idea be accepted? If so these are a list of possible
> > needed changes and other ideas:
> >
> > *) Make <parameter name="vg_name" required="1"> also unique="1" or
> > better primary="1" and remove the parameter "name" as only one service
> > can use a vg.
> 
> Sounds reasonable.  Be careful when using those parameters though,  
> they often result in cryptic error messages that are tough to  
> follow.  I do checks in lvm.sh where possible to be able to give the  
> user more information on what went wrong.
My idea was that a VG can be owned by a single service. The check you
added in lvm.sh forced to a single LV in the VG, but one was able anyway
to use multiple lvm.sh with the same vg_name in different services
leading to problems anyway. Probably I missed something... :D

> 
> >
> > *) What vg_status should do?
> > a) Monitor all the LVs
> > 	or
> > b) Check only the VG and use ANOTHER resource agent for every lv  
> > used by
> > the cluster? So I can create/remove/modify lvs on that vg that aren't
> > under rgmanager control without any error reported by the status
> > functions of the lvm.sh agent.
> > Also other clusters distinguish between vg and lv and they have 2
> > different agents for them.
> 
> This is were things get difficult.  It would be ok to modify lvs on  
> that vg as long as it's on the same machine that has ownership.  Tags  
> should prevent otherwise, so should be ok.
> 
> User would have to be careful (or barriers would have to prevent)  
> users from assigning different LVs in the same VG to different  
> services.  Otherwise, if a service fails (application level) and must  
> be moved to a different machine, we would have to find a way to move  
> all services associated with the VG to the next machine.  I think  
> there are ways to mandate this (that service A stick with service B),  
> but we would have to have a way to enforce it.
> 
> > Creating two new agents will also leave the actual lvm.sh without
> > changes and keep backward compatibility for who is already using it.
> >
> > Something like this (lets call lvm_vg and lvm_lv respectively the  
> > agents
> > for the vg and the lv):
> >
> > <service name="foo">
> >   <lvm_vg vgname="vg01">
> >      <lvm_lv lvname="lv01/>
> >      <lvm_lv lvname="lv01/>
> >      <script .... />
> >   </lvm_vg>
> > </service>
> 
> I'd have to be convinced of this...  I'd hate to see two 'lvm_lv's  
> that refer to the same VG in different services... or would lvm_lv  
> somehow require a parent lvm_vg, and make lvm_vg have a 'unique=1'?   
> In any case, we are forced to move an entire VG at a time, so I'm not  
> sure it would make sense to break it up.
I thinked about the same problem so for now I tried implementing it in a
unique script.

> 
> > *) Another problem that is present just now is that lvm should be
> > changed to avoid any operation on a non activable vg or lv. In these
> > days you cannot be able to start a vg/lv as its not tagged with the
> > hostname but you can remove/resize it without any problem. :D
> 
> Yes, tags need to be tightened-up.  You should never be able to alter  
> metadata of LVM from a machine that does not have permission.
That's what I was hoping. Good to know is in program to be implemented.

> 
> Another improvement I'd like to see is automatic VG ownership.   
> Basically, tighten-up the tagging as stated above and add a unique  
> machine specific tag to new VGs by default.  (For clusters, this tag  
> could be the cluster name.)  This does a number of things, but  
> primarily:
> 1) restricts access to the machine (or cluster) that created the VG.
> - now if you move a hard drive to a different machine, it won't  
> conflict with the other hard drives there (which might cause  
> confusion over which device is the actual root volume).
> 2) simplifies HA LVM (lvm.sh + rgmanager)
> - there would no longer be a need to edit lvm.conf to add the machine  
> name, etc...
> One of the questions surrounding this is how do you generate the  
> unique id and when?  You would probably need it upon installation...
This looks a great idea! (also if I cannot understand well how this
should be implemented :D )
> 
> There are many kinds of fault scenarios.  Thinking through each one  
> of them will be important when trying to implement a by-VG model vs a  
> by-LV model.  I usually stumble across an issue that gives me pause  
> before hastily adding a new feature, but I would welcome further  
> thought/code.
> 
>   brassow
> 
-- 
Simone Gotti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20071004/07a9d197/attachment.sig>

More information about the Linux-cluster mailing list