-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict addition of namespaces with RBD images which are already part of other NVMeOF GW groups as namespaces to avoid data corruption #833
Comments
At the RBD level, this can be done with Another option is to employ advisory locking at the RADOS level, placing a lock on image's Yet another option might to be use RBD per-image metadata, but it wouldn't be atomic unlike an approach that involves locks. How any of these approaches would interact with HA and images being potentially moved between groups would need to be investigated. |
@idryomov I think that the request is more about the configuration. Not about which gw is using the image to do IO. Even if a all GWs in the group are in maintenance for example, the request is to not allow the user to use the same images for other nvmeof namespaces in another group. Given that, do yo still think that Does it make sense in this case to use RBD namespaces? I.e. a namespaces per gw group? |
Likely not. If so, I think it should be enforced through OMAP state files^Wobjects, even if that is not entirely trivial. |
(Rahul reached out to me asking specifically for input from the RBD perspective on "setting a flag/lock on a image", so I may have misinterpreted this.)
An RBD namespace can be thought of as a directory within a pool. If the concern is an operator exporting an image that they shouldn't be exporting at that moment (because it's already exported), but in general they should be able to (meaning that it's not a matter of access control), I don't see how placing images in namespaces would make a difference. |
I'm not familiar with rbd namespaces. But my thinking was that if in each state file (omap) of a group, we access different rbd namespace (i.e. we look in a namespace), then maybe we could avoid the mix. But then it probably means that nvmeof users will need to create the images in the right rbd namespace. |
This might be too restrictive. Would a scenario of images being "moved" between groups be common? An operator wanting to e.g. export an image through group1 today and through group2 tomorrow seems reasonable to me. |
A partial solution could be to add some unique prefix to the image name in case we create it in the gateway. Similar to what we do when we create a subsystem. |
This might be tough to implement as RBD image metadata are part of different omap state files but we need to find a way to restrict creation of namespaces with RBD images which are already part of other GW groups as namespaces, as these volumes can be accessed by multiple initiators causing data inconsistency. With huge scale, say 1K to 4K RBD images, it will be difficult for user to keep track of used/unused images to create namespaces . Please let me know your thoughts.
The text was updated successfully, but these errors were encountered: