1 <?xml version='1.0' encoding='UTF-8'?>
2 <!-- This document was created with Syntext Serna Free. -->
3 <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en-US" xml:id="troubleshootingrecovery">
5 <title xml:id="troubleshootingrecovery.title">Troubleshooting Recovery</title>
7 <para>This chapter describes what to do if something goes wrong during recovery. It describes:</para>
10 <para><xref linkend="dbdoclet.50438225_71141"/></para>
13 <para><xref linkend="dbdoclet.50438225_37365"/></para>
16 <para><xref linkend="dbdoclet.50438225_12316"/></para>
19 <section xml:id="dbdoclet.50438225_71141">
20 <title>27.1 Recovering from Errors or Corruption on a Backing File System</title>
21 <para>When an OSS, MDS, or MGS server crash occurs, it is not necessary to run e2fsck on the file system. <literal>ldiskfs</literal> journaling ensures that the file system remains coherent. The backing file systems are never accessed directly from the client, so client crashes are not relevant.</para>
22 <para>The only time it is REQUIRED that <literal>e2fsck</literal> be run on a device is when an event causes problems that ldiskfs journaling is unable to handle, such as a hardware device failure or I/O error. If the ldiskfs kernel code detects corruption on the disk, it mounts the file system as read-only to prevent further corruption, but still allows read access to the device. This appears as error "-30" (<literal>EROFS</literal>) in the syslogs on the server, e.g.:</para>
23 <screen>Dec 29 14:11:32 mookie kernel: LDISKFS-fs error (device sdz):
24 ldiskfs_lookup: unlinked inode 5384166 in dir #145170469</screen>
25 <para>Dec 29 14:11:32 mookie kernel: Remounting filesystem read-only</para>
26 <para>In such a situation, it is normally required that e2fsck only be run on the bad device before placing the device back into service.</para>
27 <para>In the vast majority of cases, Lustre can cope with any inconsistencies it finds on the disk and between other devices in the file system.</para>
29 <para><literal>lfsck</literal> is rarely required for Lustre operation.</para>
31 <para>For problem analysis, it is strongly recommended that <literal>e2fsck</literal> be run under a logger, like script, to record all of the output and changes that are made to the file system in case this information is needed later.</para>
32 <para>If time permits, it is also a good idea to first run <literal>e2fsck</literal> in non-fixing mode (-n option) to assess the type and extent of damage to the file system. The drawback is that in this mode, <literal>e2fsck</literal> does not recover the file system journal, so there may appear to be file system corruption when none really exists.</para>
33 <para>To address concern about whether corruption is real or only due to the journal not being replayed, you can briefly mount and unmount the <literal>ldiskfs</literal> filesystem directly on the node with Lustre stopped (NOT via Lustre), using a command similar to:</para>
34 <screen>mount -t ldiskfs /dev/{ostdev} /mnt/ost; umount /mnt/ost</screen>
35 <para>This causes the journal to be recovered.</para>
36 <para>The <literal>e2fsck</literal> utility works well when fixing file system corruption (better than similar file system recovery tools and a primary reason why <literal>ldiskfs</literal> was chosen over other file systems for Lustre). However, it is often useful to identify the type of damage that has occurred so an <literal>ldiskfs</literal> expert can make intelligent decisions about what needs fixing, in place of <literal>e2fsck</literal>.</para>
37 <screen>root# {stop lustre services for this device, if running}
38 root# script /tmp/e2fsck.sda
39 Script started, file is /tmp/e2fsck.sda
40 root# mount -t ldiskfs /dev/sda /mnt/ost
42 root# e2fsck -fn /dev/sda # don't fix file system, just check for corruption
46 root# e2fsck -fp /dev/sda # fix filesystem using "prudent" answers (usually 'y')
48 <para>In addition, the <literal>e2fsprogs</literal> package contains the <literal>lfsck</literal> tool, which does distributed coherency checking for the Lustre file system after <literal>e2fsck</literal> has been run. Running <literal>lfsck</literal> is NOT required in a large majority of cases, at a small risk of having some leaked space in the file system. To avoid a lengthy downtime, it can be run (with care) after Lustre is started.</para>
50 <section xml:id="dbdoclet.50438225_37365">
51 <title>27.2 Recovering from Corruption in the Lustre File System</title>
52 <para>In cases where the MDS or an OST becomes corrupt, you can run a distributed check on the file system to determine what sort of problems exist. Use <literal>lfsck</literal> to correct any defects found.</para>
55 <para>Stop the Lustre file system.</para>
58 <para>Run <literal>e2fsck -f</literal> on the individual MDS / OST that had problems to fix any local file system damage.</para>
59 <para>We recommend running <literal>e2fsck</literal> under script, to create a log of changes made to the file system in case it is needed later. After <literal>e2fsck</literal> is run, bring up the file system, if necessary, to reduce the outage window.</para>
62 <para>Run a full <literal>e2fsck</literal> of the MDS to create a database for <literal>lfsck</literal>. You <emphasis>must</emphasis> use the <literal>-n</literal> option for a mounted file system, otherwise you will corrupt the file system.</para>
63 <screen>e2fsck -n -v --mdsdb /tmp/mdsdb /dev/{mdsdev}
65 <para>The <literal>mds</literal>db file can grow fairly large, depending on the number of files in the file system (10 GB or more for millions of files, though the actual file size is larger because the file is sparse). It is quicker to write the file to a local file system due to seeking and small writes. Depending on the number of files, this step can take several hours to complete.</para>
66 <para><emphasis role="bold">Example</emphasis></para>
67 <screen>e2fsck -n -v --mdsdb /tmp/mdsdb /dev/sdb
68 e2fsck 1.39.cfs1 (29-May-2006)
69 Warning: skipping journal recovery because doing a read-only filesystem check.
70 lustre-MDT0000 contains a file system with errors, check forced.
71 Pass 1: Checking inodes, blocks, and sizes
72 MDS: ost_idx 0 max_id 288
73 MDS: got 8 bytes = 1 entries in lov_objids
76 mds info db file written
77 Pass 2: Checking directory structure
78 Pass 3: Checking directory connectivity
79 Pass 4: Checking reference counts
80 Pass 5: Checking group summary information
81 Free blocks count wrong (656160, counted=656058).
84 Free inodes count wrong (786419, counted=786036).
87 Pass 6: Acquiring information for lfsck
90 MDS: 'lustre-MDT0000_UUID' mdt idx 0: compat 0x4 rocomp 0x1 incomp 0x4
91 lustre-MDT0000: ******* WARNING: Filesystem still has errors *******
93 2 non-contiguous inodes (15.4%)
94 # of inodes with ind/dind/tind blocks: 0/0/0
95 130272 blocks used (16%)
100 0 character device files
104 0 symbolic links (0 fast symbolic links)
111 <para>Make this file accessible on all OSTs, either by using a shared file system or copying the file to the OSTs. The <literal>pdcp</literal> command is useful here.</para>
112 <para>The <literal>pdcp</literal> command (installed with <literal>pdsh</literal>), can be used to copy files to groups of hosts. <literal>pdcp</literal> is available here:</para>
113 <para><ulink xl:href="http://sourceforge.net/projects/pdsh">http://sourceforge.net/projects/pdsh</ulink></para>
116 <para>Run a similar <literal>e2fsck</literal> step on the OSTs. The <literal>e2fsck --ostdb</literal> command can be run in parallel on all OSTs.</para>
117 <screen>e2fsck -n -v --mdsdb /tmp/mdsdb --ostdb /tmp/{ostNdb} \/dev/{ostNdev}
119 <para>The <literal>mdsdb</literal> file is read-only in this step; a single copy can be shared by all OSTs.</para>
121 <para>If the OSTs do not have shared file system access to the MDS, a stub <literal>mdsdb</literal> file, <literal>{mdsdb}.mdshdr</literal>, is generated. This can be used instead of the full <literal>mdsdb</literal> file.</para>
123 <para><emphasis role="bold">Example:</emphasis></para>
124 <screen>[root@oss161 ~]# e2fsck -n -v --mdsdb /tmp/mdsdb --ostdb \ /tmp/ostdb /dev/sda
125 e2fsck 1.39.cfs1 (29-May-2006)
126 Warning: skipping journal recovery because doing a read-only filesystem check.
127 lustre-OST0000 contains a file system with errors, check forced.
128 Pass 1: Checking inodes, blocks, and sizes
129 Pass 2: Checking directory structure
130 Pass 3: Checking directory connectivity
131 Pass 4: Checking reference counts
132 Pass 5: Checking group summary information
133 Free blocks count wrong (989015, counted=817968).
136 Free inodes count wrong (262088, counted=261767).
139 Pass 6: Acquiring information for lfsck
140 OST: 'lustre-OST0000_UUID' ost idx 0: compat 0x2 rocomp 0 incomp 0x2
144 lustre-OST0000: ******* WARNING: Filesystem still has errors *******
147 27 non-contiguous inodes (48.2%)
148 # of inodes with ind/dind/tind blocks: 13/0/0
149 59561 blocks used (5%)
154 0 character device files
158 0 symbolic links (0 fast symbolic links)
165 <para>Make the <literal>mdsdb</literal> file and all <literal>ostdb</literal> files available on a mounted client and run <literal>lfsck</literal> to examine the file system. Optionally, correct the defects found by <literal>lfsck</literal>.</para>
166 <screen>script /root/lfsck.lustre.log
167 lfsck -n -v --mdsdb /tmp/mdsdb --ostdb /tmp/{ost1db} /tmp/{ost2db} ... /lustre/mount/point\</screen>
168 <para><emphasis role="bold">Example:</emphasis></para>
169 <screen>script /root/lfsck.lustre.log
170 lfsck -n -v --mdsdb /home/mdsdb --ostdb /home/{ost1db} /mnt/lustre/client/
172 OSTDB[0]: /home/ostdb
173 MOUNTPOINT: /mnt/lustre/client/
174 MDS: max_id 288 OST: max_id 321
175 lfsck: ost_idx 0: pass1: check for duplicate objects
176 lfsck: ost_idx 0: pass1 OK (287 files total)
177 lfsck: ost_idx 0: pass2: check for missing inode objects
178 lfsck: ost_idx 0: pass2 OK (287 objects)
179 lfsck: ost_idx 0: pass3: check for orphan objects
180 [0] uuid lustre-OST0000_UUID
182 [0] zero-length orphan objid 1
183 lfsck: ost_idx 0: pass3 OK (321 files total)
184 lfsck: pass4: check for duplicate object references
185 lfsck: pass4 OK (no duplicates)
186 lfsck: fixed 0 errors</screen>
187 <para>By default, <literal>lfsck</literal> reports errors, but it does not repair any inconsistencies found. <literal>lfsck</literal> checks for three kinds of inconsistencies:</para>
190 <para>Inode exists but has missing objects (dangling inode). This normally happens if there was a problem with an OST.</para>
193 <para>Inode is missing but OST has unreferenced objects (orphan object). Normally, this happens if there was a problem with the MDS.</para>
196 <para>Multiple inodes reference the same objects. This can happen if the MDS is corrupted or if the MDS storage is cached and loses some, but not all, writes.</para>
199 <para>If the file system is in use and being modified while the <literal>--mdsdb</literal> and <literal>--ostdb</literal> steps are running, <literal>lfsck</literal> may report inconsistencies where none exist due to files and objects being created/removed after the database files were collected. Examine the <literal>lfsck</literal> results closely. You may want to re-run the test.</para>
202 <section xml:id='dbdoclet.50438225_13916'>
203 <title>27.2.1 Working with Orphaned Objects</title>
204 <para>The easiest problem to resolve is that of orphaned objects. When the <literal>-l</literal> option for <literal>lfsck</literal> is used, these objects are linked to new files and put into <literal>lost+found</literal> in the Lustre file system, where they can be examined and saved or deleted as necessary. If you are certain the objects are not useful, run <literal>lfsck</literal> with the <literal>-d</literal> option to delete orphaned objects and free up any space they are using.</para>
205 <para>To fix dangling inodes, use <literal>lfsck</literal> with the <literal>-c</literal> option to create new, zero-length objects on the OSTs. These files read back with binary zeros for stripes that had objects re-created. Even without <literal>lfsck</literal> repair, these files can be read by entering:</para>
206 <screen>dd if=/lustre/bad/file of=/new/file bs=4k conv=sync,noerror</screen>
207 <para>Because it is rarely useful to have files with large holes in them, most users delete these files after reading them (if useful) and/or restoring them from backup.</para>
209 <para>You cannot write to the holes of such files without having <literal>lfsck</literal> re-create the objects. Generally, it is easier to delete these files and restore them from backup.</para>
211 <para>To fix inodes with duplicate objects, use <literal>lfsck</literal> with the <literal>-c</literal> option to copy the duplicate object to a new object and assign it to a file. One file will be okay and the duplicate will likely contain garbage. By itself, <literal>lfsck</literal> cannot tell which file is the usable one.</para>
214 <section xml:id="dbdoclet.50438225_12316">
215 <title>27.3 Recovering from an Unavailable OST</title>
216 <para>One of the most common problems encountered in a Lustre environment is when an OST becomes unavailable, because of a network partition, OSS node crash, etc. When this happens, the OST's clients pause and wait for the OST to become available again, either on the primary OSS or a failover OSS. When the OST comes back online, Lustre starts a recovery process to enable clients to reconnect to the OST. Lustre servers put a limit on the time they will wait in recovery for clients to reconnect. The timeout length is determined by the <literal>obd_timeout</literal> parameter.</para>
217 <para>During recovery, clients reconnect and replay their requests serially, in the same order they were done originally. Until a client receives a confirmation that a given transaction has been written to stable storage, the client holds on to the transaction, in case it needs to be replayed. Periodically, a progress message prints to the log, stating how_many/expected clients have reconnected. If the recovery is aborted, this log shows how many clients managed to reconnect. When all clients have completed recovery, or if the recovery timeout is reached, the recovery period ends and the OST resumes normal request processing.</para>
218 <para>If some clients fail to replay their requests during the recovery period, this will not stop the recovery from completing. You may have a situation where the OST recovers, but some clients are not able to participate in recovery (e.g. network problems or client failure), so they are evicted and their requests are not replayed. This would result in any operations on the evicted clients failing, including in-progress writes, which would cause cached writes to be lost. This is a normal outcome; the recovery cannot wait indefinitely, or the file system would be hung any time a client failed. The lost transactions are an unfortunate result of the recovery process.</para>
220 <para>The version-based recovery (VBR) feature enables a failed client to be ''skipped'', so remaining clients can replay their requests, resulting in a more successful recovery from a downed OST. For more information about the VBR feature, see <xref linkend="lustrerecovery"/>(Version-based Recovery).</para>
git://git.whamcloud.com / doc / manual.git / blob