From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Fossil+Venti on Linux
Date: Sun, 25 May 2008 16:24:13 -0400 [thread overview]
Message-ID: <1902d3f01b81b65009a4326d51d88197@quanstro.net> (raw)
In-Reply-To: <8ccc8ba40805250848x16f054b8y71b46ff1c346eda4@mail.gmail.com>
> You could adapt Plan B's bns to fail over between different FSs. But...
> We learned that although you can let he FS fail over nicely, many other
> things stand in the way making it unnecessary to fail over. For example,
> on Plan 9, cs and dns have problems after a fail over, your IP address
> may change, etc. All that is to say that when you experience tolerance
> to FS failures, you still face other things that do not fail over.
>
> To tolerate failures what we do is to run venti on
> a raid. If fossil gets corrupted somehow we'd just format the partition
> using the last vac. To survive crashes of the machine with the venti we
> copy its arenas to another machine, aso keeping a raid.
forgive a bit of off-topicness. this is about ken's filesystem, not
venti or fossil.
the coraid fs maintains its cache on a local AoE-based raid10 and it
automaticlly mirrors its worm on two AoE-based raid5 targets. the
secondary worm target is in a seperate building with a backup fs.
since reads always start with the first target, the slow offsite link
is not noticed. (we frequently exceed the bandwidth of the
backup link -- now 100Mbps --- to the cache, so replicating the cache
would be impractical.)
we can sustain the loss of a disk drive with only a small and
temporary performance hit. the storage targets may be rebooted with a
small pause in service.
more severe machine failues can be recovered with varing degrees of
pain. only if both raid targets were lost simultainously would more than
24hrs of data be lost.
we don't do any failover. we try to keep the fs up instead. we have
had two unplanned fs outages in 2 years. one was due to a corrupt
sector leading to a bad tag. the other was a network problem due to
an electrical storm that could have been avoided if i'd been on the
ball.
the "diskless fileserver" paper from iwp9 has the gory details.
- erik
next prev parent reply other threads:[~2008-05-25 20:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-25 7:56 Enrico Weigelt
2008-05-25 14:59 ` a
2008-05-25 15:48 ` Francisco J Ballesteros
2008-05-25 20:24 ` erik quanstrom [this message]
2008-05-26 12:58 ` Enrico Weigelt
2008-05-26 14:01 ` erik quanstrom
[not found] ` <78feb60ec33f8a38ccbc38625b6ea653@quanstro.net>
2008-05-29 9:12 ` Enrico Weigelt
2008-05-29 9:27 ` Christian Kellermann
2008-05-29 12:17 ` Enrico Weigelt
2008-05-29 13:51 ` Russ Cox
2008-05-29 12:26 ` erik quanstrom
2008-05-29 13:33 ` Wes Kussmaul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1902d3f01b81b65009a4326d51d88197@quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).