Off-Topic Question

Matthew Dillon dillon at apollo.backplane.com
Mon Mar 7 12:09:55 PST 2005 

    Right... there will be no background fsck in DFly.

    Our filesystem work can be broken down into two major areas:

    * High level journaling.

	I'm about 1/3 of the way through.  People can play with the current
	high level journaling code using mountctl(8) and jscan(8).  High 
	level journaling is operations-level journaling.  It is NOT suitable
	for fast recovery after a crash, it is designed to do things like, 
	oh, real time off-site backups, undo, redo, infinitely fine grained
	incremental backups, mirroring, file versioning, security audits,
	system monitoring, acting as a data transport layer for the later
	clustering work, and a billion other useful things.

	When used as a backup medium the typical methodology would be to
	use the journal to keep a running mirror on a different system and
	to use any remaining disk space on the target to hold as much of
	the historical journaling stream as possible to give you the ability
	to restore anything as of any point in history (that you still have
	journaled data for).

	When used as a security/audit medium you would backup the journaling
	stream itself, pretty much forever.

	When used for undo/redo/versioning you would index the journal on
	the fly to quickly be able to access data related to directory
	subhierarchies and then use that to access the necessary data quickly.

    * Generic Low level journaling (a few months away at least, probably
      longer)

	This is actually easier to accomplish but is only really useful for
	fast crash recovery so I'm doing it second.  The idea here is to
	have a block level layer to generate a reversable block level journal
	and then have the filesytem provide hints to it as to where the
	good restore-to points are.

	With this methodology the filesystem would be able to operate fully
	asynchronously and the block level journal layer would ensure that
	the undo information is synchronized out to the journal prior to
	the actual block write being performed.  Fast recovery is then a
	matter of re-running the last 30-60 seconds worth of the journal
	to the most recent hinted-at recovery point.

	Only around ~5 minutes worth of the journal would have to be kept.

	If someone else wants to work on this, it's completely independant
	of the HL journaling work so it wouldn't intefere with what I am
	currently working on.  There are a bunch of side issues, especially
	related to how the hinting should work to deal with certain
	inter-dependant data situations (that occur most often when one is
	renaming and rm -rf'ing lots of files simultaniously), but those
	don't have to be dealt with immediately.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

More information about the Bugs mailing list