Should gmirrored gjournal provider have auto-synchronization?

Carl k0802647 at telus.net
Fri Oct 8 03:22:17 UTC 2010 

On 2010-10-07 3:21 PM, Hywel Mallett wrote:
> On 7 Oct 2010, at 08:35, Carl<k0802647 at telus.net>  wrote:
>> Then, should I be enabling or disabling auto-synchronization for
>> the mirrored journal provider partition? It is clear to me that it
>> should be disabled for the mirrored data provider partition because
>> the journaling will ensure data consistency, but is the content of
>> the journal provider itself guaranteed consistent under all
>> circumstances?
>
> That's an interesting question. I think you're correct that you
> should be able to disable auto-sync for the data slice, provided that
> gmirror returns a write as succeeded only when it has been written to
> both parts of the mirror. If not, then you could theoretically end up
> with a situation where data has only been written to one half of the
> mirror, but the write has been returned as successful, and gjournal
> won't re-write the data, which would leave you with an unsynchronized
> mirror. With gmirror, when you say "guaranteed consistent", you may
> need to qualify that more. gmirror guarantees that a collection of
> writes either happens in it's entirety, or not at all.

My admittedly limited understanding of gmirror is that it makes no such 
guarantee. I think it is gjournal that guarantees the consistency of the 
file system that sits on top of it, not gmirror, and this would be true 
even if there were no gmirror below it. The gjournal(8) man page tells 
us that when gmirror does exist below gjournal that gmirror's auto-sync 
need not be enabled because of that consistency guarantee. But again, 
we've been given a guarantee that the file system is consistent, but no 
where (that I can find) are we told whether the design of the journal 
itself is such that it too is guaranteed consistent.

My best guess is that a separate journal provider is inherently 
guaranteed consistent. My reasoning is that when it is not separate (ie. 
data and journal share same provider) we are told that we can disable 
auto-sync if gmirror is below it, which seems like bad advice if the 
consistency guarantee applies only to the data and not the journal. It 
would nonetheless be nice to have a confirmation that 
auto-synchronization can be disabled safely for a separate journal provider.

Carl                                             / K0802647

More information about the freebsd-fs mailing list