[sled-agent] Disk Detection, Partition Management, and U.2 formatting #2176
Conversation
smklein
changed the title
sled-agent/src/sled_agent.rs
Outdated
| .ensure_using_exactly_these_disks(self.inner.hardware.disks()) | ||
| .await | ||
| { | ||
| warn!(log, "Failed to add disk: {e}"); |
There was a problem hiding this comment.
This warning might be misleading, because there are a bunch of possible failures from ensure_using_exactly_these_disks (including at least failure to remove a disk in addition to adding one). Is failure to ensure the disk set we expect just a warning? I'm early in the PR review so maybe this will become clear later, but - what are the ramifications of continuing to run if the set of disks we think we're using aren't the disks we're actually using?
There was a problem hiding this comment.
Failure to ensure any disks results in an error, not a warning. However, we still try to insert /remove everything else that needs to be changed.
I didn't want "one bad U.2" to cause a whole sled to eject itself, which is sorta the motivation behind "continuing when we've already seen an error anyway".
| }) | ||
| .map(|(key, _)| key); | ||
| for key in keys_to_be_removed { | ||
| if let Err(e) = self.delete_disk_locked(&mut disks, &key).await { |
There was a problem hiding this comment.
I don't think this is right - at this point disks is empty (because we swapped it on line 940), so delete_disk_locked won't do anything. Fixing this seems tricky. Playing with it a bit.
There was a problem hiding this comment.
My short-term workaround: I'm going back to my old mechanism of updating the set of disks in place.
This desperately needs to be refactored to have some better unit tests without the tight coupling to real hardware
There was a problem hiding this comment.
Hi Sean!
With my apologies for the interminable delay, I have taken an initial look through this. I think the shape is about right on the Nexus/Omicron end. There are some things about the interaction with devinfo and NVMe and programs that we're running that I think might merit some changes.
Let me know if anything I've said needs more explanation. There are a lot of complex moving pieces which I am always happy to talk through if you'd like.
Thanks for picking this up, it's extremely critical!
sled-agent/src/illumos/fstyp.rs
Outdated
| let cmd = command.arg(FSTYP).arg("-a").arg(path); | ||
|
|
||
| let output = execute(cmd).map_err(Error::from)?; | ||
| let stdout = String::from_utf8_lossy(&output.stdout); |
There was a problem hiding this comment.
I don't think we should use from_utf8_lossy() here, but rather from_utf8() and propagate an error out if one should occur. We definitely don't expect an error at this moment.
In general I think we should use String::from_utf8() (and handle failures) on any stdout output that we intend to inspect programatically. If you're just including stderr in a diagnostic message, then the lossy version seems fine (even preferable!).
There was a problem hiding this comment.
Sure, sounds good. Updated.
| // TODO: If we see a completely empty M.2, should we create | ||
| // the expected partitions? Or would it be wiser to infer | ||
| // that this indicates an unexpected error conditions that | ||
| // needs mitigation? | ||
| return Err(DiskError::CannotFormatM2NotImplemented); |
There was a problem hiding this comment.
I'm not sure, but it feels like this will be in the purvue of installinator; at least initially -- at least in the cases where manufacturing has failed to get it done.
There was a problem hiding this comment.
Yeah, that makes sense. I figured the sled agent could support it, but I'd rather just exit early for now, since it's not a priority now.
| // For some reason, libdevfs doesn't prepend "/devices" when | ||
| // referring to the path, but it still returns an absolute path. |
There was a problem hiding this comment.
This is because libdevinfo is working with the kernel-visible device node path. The devfs file system, which exposes this tree, is traditionally mounted at /devices -- but in theory it could also be mounted elsewhere, and is a construct of the user mode environment, etc.
There was a problem hiding this comment.
Updated the comment with this detail
| Self { tofino: TofinoSnapshot::new() } | ||
| // Walk the device tree to capture a view of the current hardware. | ||
| fn new(log: &Logger) -> Result<Self, Error> { | ||
| let mut device_info = DevInfo::new().map_err(Error::DevInfo)?; |
There was a problem hiding this comment.
I think we should probably be doing DevInfo::new_force_load() here, rather than new(). How often is this polling being done? Perhaps we should do a force load occasionally, or just the first time we start up. I'm concerned that we might not see all of the disks if we don't, because they might not be attached when they are not already in use by a ZFS pool, etc.
There was a problem hiding this comment.
We are currently scanning the hardware every five seconds (though that polling choice is arbitrary). I figured we'd eventually switch to a sysevent-style interface, and only do a full scan if we missed an event, but for now, the "scanning devinfo" tries to do very little, and hand off work to a different tokio task.
I can update this to new_force_load anyway?
|
(The current CI failures are due to ghcr being down) We pretty desperately need this PR in as the foundation for some follow-up work, so I'm going to merge. I'm still very open to follow-ups and additional feedback, but I'm prioritizing urgency in this particular case. |
Depends on #2176 - Restructure sled agent's "storage manager" to be better at reporting notifications to Nexus - Report notifications of disk attachment and removal to Nexus - Create DB structures to represent physical disks - Expose some information about those disks in the public API TODO, potentially after this PR: - [ ] Record a better history of "which disks have been attached to which sleds" - [ ] Make "Physical Disks" the parents of "Zpools", rather than their current "parent" (which is just "sled"). Part of #2036
Depends on a refactor made in #2176 - Uses `libdevinfo` to grab `baseboard-*` fields about Gimlets - Plumbs that information up to Nexus Fixes #2211 TODO: - [ ] Add tests - [ ] Make it easier to "inject fake values" here, possibly via sled agent configuration - [ ] Actually index on these values in Nexus, rather than storing them as arbitrary strings. E.g., we should probably ensure there aren't duplicates across the fleet.
Features
Enables the Sled Agent to identify physical disks, format zpools on U.2 devices, and use those zpools as allocation targets for datasets within Nexus.
For anyone familiar with the hard-coded list of zpools in sled agent's
config.toml, these hook into the same mechanism, but come from real devices. As such, specifying them ahead-of-time is no longer required.Mechanism
Implements the mechanism described in RFD 352 to detect disks, partitions, and zpools within.
libdevinfofor device informationlibefifor partition informationTesting
Tested manually on
gimlet-sn21on the following device layout:nvmeadm secure-eraseto fully wipe U.2 devices, observed that the sled-agent detects and correctly formats them.zpool destroyto wipe the zpool off the U.2 device while leaving the GPT partition, observed that the sled-agent correctly detects the partition and adds the zpool to it.