clear metadata using dd?

Rick C. Petty rick-freebsd at kiwi-computer.com
Fri Jan 26 05:59:34 UTC 2007 

On Tue, Jan 23, 2007 at 08:08:00PM -0300, Fernan Aguero wrote:
> +----[ Oliver Fromme <olli at lurza.secnetix.de> (23.Jan.2007 15:41):
> |
> | As far as I can tell, the purpose of gmirror is to provide
> | redundancy in the case of drive failure.  I.e. if one
> | drive fails, the system keeps running happily instead of
> | crashing.

Exactly.  I don't understand why anyone would use mirror if it didn't cover
the whole disk.  I *know* the other setups, I just don't "understand why".
=)

> well, I beg to differ, but with this setup I don't see why
> the system will crash if one disk fails ... I did several
> tests, removed one disk, and the system booted and worked
> fine in degraded mode ...

Obviously you've never had a disk go bad.  FreeBSD doesn't handle hardware
failures well (at all?).  If a disk crashes while powered up and running
(a highly likely time such a failure would happen), FreeBSD removes the
disk device completely, no questions asked.  It does this sometimes when
the drive is working just fine too.  If such a thing happens and you have a
filesystem mounted using that disk, you're boned.  Prepare to kiss data
goodbye, because you probably weren't prepared to be running the kernel in
debug mode.  And why should you have to, on a production system?

Removing the disk while the system is off, that's such a trivial test and
certainly doesn't replicate what could happen in a really bad situation.
Think:  hundreds of Terabytes of disks, using mirrors, RAID cards, whatnot.
If a disk "goes bad" (or FreeBSD pretends such), and part of the disk was
*not* completely mirrored (or otherwise RAID'd) and had a filesystem
mounted on it, kernel panic..  file server down for hours if not days.

Thankfully, gmirror (at least) handles this case gracefully, provided the
whole disk is mirrored.  Those people who aren't full-disk-mirroring their
"important data" are taking quite a gamble.  They should talk to those of
us who have seen lots of drives fail in otherwise perfectly-working
systems.  Or assume the drive can't fail, I mean because it's still under
warranty so why would it fail?  And assume that even a slight vibration
won't wiggle a SATA cable free, because you've hot-glued it in place.

> Of course I'm not putting essential stuff in the gstriped
> device. Here's how my setup looks like:
> 
> ad4s1b, ad6s1b => swap
> ad4s2, ad6s2 => gmirror (/, /var, /tmp, /usr) (i.e. base OS)
> ad4s3, ad6s3 => gstripe (/freebsd, /usr/obj, /distfiles, /scratch)

You described the perfect scenario for a nifty kernel panic.  Don't believe
me?  Put the system into an "idle state" (no planned I/O) and pull the data
cable out of one of the drives...  just for five seconds, then plug it back
in.  It should survive, right?  Now let's just hope the drives always play
fair...

-- Rick C. Petty

More information about the freebsd-geom mailing list