wfvining
commented
7 years ago We have a rebuild utility implemented and tested that handles the following situations:
- If a capacity unit was down during a write the objects that were written without a full stripe are logged to a file in gpfs. The utility will read these log files and repair the incomplete objects.
- If a capacity unit goes down completely and all of its data is lost the utility will scan the remaining components to identify and repair the objects that were damaged by the failure.
The rebuild utility can also be used to scan all of the objects in a component and verify their checksums, rebuilding those that are damaged as it goes. It is unaware of the marfs metadata, and cannot identify marfs files that are damaged, and I am not sure why we need to link the damaged objects back to their namespace.
When a capability unit fails, we need to figure out what files in what namespaces are affected and reconstruct the missing parts.
Garret finished adding support to the library and Will has a new version that will rebuild all objects affected by a given component failure (the admin will have to specify which component failed). It now outputs failure statistics from the log-based rebuilds to tell admins where a lot of degraded objects were found. Also, it is multi-threaded so we should (hopefully) see decent performance with objects spread across multiple file systems/servers/jobds.
We may need a recursive checksum checker too. Check with the admin folks to see what else might be needed to ensure data integrity and reconstruct in the case of failure.