Add -unsafe-nosalvage fileserver option

Provide a runtime flag to the DAFS fileserver to allow for
fast-restart-like behavior for DAFS. Call the flag -unsafe-nosalvage, and
document it, warning against its use.

Change-Id: I342c58745b7e2e1d1a2066b4fb08941b02c660f9
Reviewed-on: http://gerrit.openafs.org/2277
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

diff --git a/doc/man-pages/pod8/fileserver.pod b/doc/man-pages/pod8/fileserver.pod
index 285a6d4..31450d8 100644 (file)
--- a/doc/man-pages/pod8/fileserver.pod
+++ b/doc/man-pages/pod8/fileserver.pod
@@ -58,6 +58,7 @@ B<fileserver> S<<< [B<-auditlog> <I<path to log file>>] >>>
     S<<< [B<-vlruthresh> <I<minutes before eligibility for soft detach>>] >>>
     S<<< [B<-vlruinterval> <I<seconds between VLRU scans>>] >>>
     S<<< [B<-vlrumax> <I<max volumes to soft detach in one VLRU scan>>] >>>
+    S<<< [B<-unsafe-nosalvage>] >>>
     S<<< [B<-vattachpar> <I<number of volume attach threads>>] >>>
     S<<< [B<-m> <I<min percentage spare in partition>>] >>>
     S<<< [B<-lock>] >>>
@@ -600,6 +601,21 @@ of the scanner.  Default is 8 volumes.
 
 This option is only supported by the demand-attach file server.
 
+=item B<-unsafe-nosalvage>
+
+This option causes the fileserver to bypass the normal safety check when
+attaching volumes that checks the inUse field in the volume header. With
+this option, volumes that were in use at the time of an unclean shutdown
+will not be salvaged immediately the next time they are accessed, and thus
+risk (possibly silent and/or irrevocable) corruption. Volumes will still
+be salvaged when an internal inconsistency is detected or other cases
+where a salvage would normally occur.
+
+Due to the increased risk of data corruption, the use of this flag is
+strongly discouraged. Only use it if you really know what you are doing.
+
+This option is only supported by the demand-attach file server.
+
 =item B<-vattachpar> <I<number of volume attach threads>>
 
 The number of threads assigned to attach and detach volumes.  The default

diff --git a/src/viced/viced.c b/src/viced/viced.c
index 93a6b29..2c259c0 100644 (file)
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@@ -201,6 +201,7 @@ int abort_threshold = 10;
 int udpBufSize = 0;            /* UDP buffer size for receive */
 int sendBufSize = 16384;       /* send buffer size */
 int saneacls = 0;              /* Sane ACLs Flag */
+static int unsafe_attach = 0;   /* avoid inUse check on vol attach? */
 
 struct timeval tp;
 
@@ -925,6 +926,7 @@ FlagMsg(void)
     fputs("[-vlruthresh <minutes before unused volumes become eligible for soft detach> (default is 2 hours)] ", stdout);
     fputs("[-vlruinterval <seconds between VLRU scans> (default is 2 minutes)] ", stdout);
     fputs("[-vlrumax <max volumes to soft detach in one VLRU scan> (default is 8)] ", stdout);
+    fputs("[-unsafe-nosalvage (bypass volume inUse safety check on attach, bypassing salvage)] ", stdout);
 #elif AFS_PTHREAD_ENV
     fputs("[-vattachpar <number of volume attach threads> (default is 1)] ", stdout);
 #endif
@@ -1205,6 +1207,8 @@ ParseArgs(int argc, char *argv[])
                return -1; 
            }
            VLRU_SetOptions(VLRU_SET_MAX, atoi(argv[++i]));
+       } else if (!strcmp(argv[i], "-unsafe-nosalvage")) {
+           unsafe_attach = 1;
 #endif /* AFS_DEMAND_ATTACH_FS */
        } else if (!strcmp(argv[i], "-s")) {
            Sawsmall = 1;
@@ -2226,6 +2230,7 @@ main(int argc, char *argv[])
     opts.nLargeVnodes = large;
     opts.nSmallVnodes = nSmallVns;
     opts.volcache = volcache;
+    opts.unsafe_attach = unsafe_attach;
 
     if (VInitVolumePackage2(fileServer, &opts)) {
        ViceLog(0,

diff --git a/src/vol/volume.c b/src/vol/volume.c
index a8baa1a..8df6bd2 100644 (file)
--- a/src/vol/volume.c
+++ b/src/vol/volume.c
@@ -489,6 +489,12 @@ bit32 VolumeCacheCheck;            /* Incremented everytime a volume goes on line--
 /***************************************************/
 /* Startup routines                                */
 /***************************************************/
+
+#if defined(FAST_RESTART) && defined(AFS_DEMAND_ATTACH_FS)
+# error FAST_RESTART and DAFS are incompatible. For the DAFS equivalent \
+        of FAST_RESTART, use the -unsafe-nosalvage fileserver argument
+#endif
+
 /**
  * assign default values to a VolumePackageOptions struct.
  *
@@ -508,6 +514,12 @@ VOptDefaults(ProgramType pt, VolumePackageOptions *opts)
     opts->canUseFSSYNC = 0;
     opts->canUseSALVSYNC = 0;
 
+#ifdef FAST_RESTART
+    opts->unsafe_attach = 1;
+#else /* !FAST_RESTART */
+    opts->unsafe_attach = 0;
+#endif /* !FAST_RESTART */
+
     switch (pt) {
     case fileServer:
        opts->canScheduleSalvage = 1;
@@ -3201,7 +3213,6 @@ attach2(Error * ec, VolId volumeId, char *path, struct DiskPartition64 *partp,
     VOL_LOCK;
     vp->nextVnodeUnique = V_uniquifier(vp);
 
-#ifndef FAST_RESTART
     if (VShouldCheckInUse(mode) && V_inUse(vp) && VolumeWriteable(vp)) {
        if (!V_needsSalvaged(vp)) {
            V_needsSalvaged(vp) = 1;
@@ -3221,7 +3232,6 @@ attach2(Error * ec, VolId volumeId, char *path, struct DiskPartition64 *partp,
 
        goto error;
     }
-#endif /* FAST_RESTART */
 
     if (programType == fileServer && V_destroyMe(vp) == DESTROY_ME) {
        /* Only check destroyMe if we are the fileserver, since the
@@ -8515,3 +8525,9 @@ VCanUseSALVSYNC(void)
 {
     return vol_opts.canUseSALVSYNC;
 }
+
+afs_int32
+VCanUnsafeAttach(void)
+{
+    return vol_opts.unsafe_attach;
+}

diff --git a/src/vol/volume.h b/src/vol/volume.h
index ddfd868..426a40a 100644 (file)
--- a/src/vol/volume.h
+++ b/src/vol/volume.h
@@ -249,6 +249,8 @@ typedef struct VolumePackageOptions {
                                    * find a bad vol) */
     afs_int32 canUseFSSYNC;       /**< can we use the FSSYNC channel? */
     afs_int32 canUseSALVSYNC;     /**< can we use the SALVSYNC channel? (DAFS) */
+    afs_int32 unsafe_attach;      /**< can we bypass checking the inUse vol
+                                   *   header on attach? */
 } VolumePackageOptions;
 
 /* Magic numbers and version stamps for each type of file */
@@ -871,6 +873,7 @@ extern void VPurgeVolume(Error * ec, Volume * vp);
 extern afs_int32 VCanScheduleSalvage(void);
 extern afs_int32 VCanUseFSSYNC(void);
 extern afs_int32 VCanUseSALVSYNC(void);
+extern afs_int32 VCanUnsafeAttach(void);
 extern afs_int32 VReadVolumeDiskHeader(VolumeId volid,
                                       struct DiskPartition64 * dp,
                                       VolumeDiskHeader_t * hdr);

diff --git a/src/vol/volume_inline.h b/src/vol/volume_inline.h
index e63708e..3049fc3 100644 (file)
--- a/src/vol/volume_inline.h
+++ b/src/vol/volume_inline.h
@@ -105,6 +105,9 @@ VMustCheckoutVolume(int mode)
 static_inline int
 VShouldCheckInUse(int mode)
 {
+    if (VCanUnsafeAttach()) {
+       return 0;
+    }
     if (programType == fileServer) {
        return 1;
     }