K 10
svn:author
V 5
gibbs
K 8
svn:date
V 27
2011-07-20T22:48:48.076718Z
K 7
svn:log
V 3008
Allow ZFS asynchronous event handling to proceed even if the
root file system is mounted read-only.  This restriction appears
to have been put in place to avoid errors with updating the
configuration cache file.  However:

  o The majority of asynchronous event handling does not involve
    configuration cache file updates.
  o The configuration cache file need not be on the root file system,
    so the check was not complete.
  o Other classes of errors (e.g. file system full) can also prevent
    a successful update yet do not prevent asynchronous event
    processing.
  o Configurations such as NanoBSD never have a read-write root,
    so ZFS event processing is permanently disabled in these
    systems.
  o Failure to handle asynchronous events promptly can extend the
    window of time that a pool is in a critical state.

At worst, a missed configuration cache update will force the
operator to perform a manual "zfs import" (note -f is not required)
to inform the system about a newly created pool.  To minimize the
likelihood of this rare occurrence, configuration cache write failures
now emit FMA events so the operator can take corrective
action, and the write is retried every 5 minutes.  The retry interval,
in seconds, is tunable via the sysctl "vfs.zfs.ccw_retry_interval".

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:
    o Add the sysctl "vfs.zfs.ccw_retry_interval".  The value
      defaults to 5 minutes and is used to rate limit, on a
      per-pool basis, configuration cache file write attempts.
    o Modify spa_async_dispatch to honor configuration cache
      write limiting.  If other events are pending, a configuration
      cache write will be attempted at the same time, so the
      rate limiting only applies when the asynchronous dispatch
      system is otherwise idle.  Async events should be rare
      (e.g. device arrival/departure) and configuration cache
      writes rarer, so a more complicated system to strictly
      honor the retry limit seems unwarranted.
    o Remove check in spa_async_dispatch() for the root file
      system being read-write.

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_config.c:
    Instead of silently ignoring configuration cache write
    failures, report them via a new FMA event as well as
    to the console.  The current zfs_ereport_post() doesn't
    allow arbitrary name=value pairs to be appended to the
    report, so the configuration cache file name is only
    available on the console output.  This limitation should
    be addressed in a future update.

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/spa_impl.h:
    Add a uint64_t to the spa data structure to track the
    time (via LBOLT) of the last configuration cache file
    write failure.  This is referenced in spa_async_dispatch()
    to effect the rate limiting.

sys/cddl/contrib/opensolaris/uts/common/sys/fm/fs/zfs.h:
    Add FM_EREPORT_ZFS_CONFIG_CACHE_WRITE as an ereport class.

Sponsored by:	 Spectra Logic Corporation

END