draft-ietf-nfsv4-scsi-layout-00.txt   draft-ietf-nfsv4-scsi-layout-01.txt 
NFSv4 C. Hellwig NFSv4 C. Hellwig
Internet-Draft April 25, 2015 Internet-Draft July 25, 2015
Intended status: Standards Track Intended status: Standards Track
Expires: October 27, 2015 Expires: January 26, 2016
Parallel NFS (pNFS) SCSI Layout Parallel NFS (pNFS) SCSI Layout
draft-ietf-nfsv4-scsi-layout-00.txt draft-ietf-nfsv4-scsi-layout-01.txt
Abstract Abstract
Parallel NFS (pNFS) extends Network File Sharing version 4 (RFC5661) The Parallel Network File System (pNFS) allows a separation between
to allow clients to directly access file data on the storage used by the metadata (onto a metadata server) and data (onto a storage
the NFSv4 server. This ability to bypass the server for data access device) for a file. The SCSI Layout Type is defined in this document
can increase both performance and parallelism, but requires as an extension to pNFS to allow the use SCSI based block storage
additional client functionality for data access, some of which is devices.
dependent on the class of storage used. The main pNFS operations
document specifies storage-class-independent extensions to NFS, the
pNFS Block/Volume Layout (RFC5663) specifies the additional
extensions for use of pNFS with block-and volume-based storage, while
this document provides extensions to the pNFS Block/Volume Layout
document to provide reliable fencing and better device
discoverability for SCSI based shared storage devices.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 27, 2015. This Internet-Draft will expire on January 26, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Conventions Used in This Document . . . . . . . . . . . . 4
1.2. Conventions Used in This Document . . . . . . . . . . . . 3 1.2. General Definitions . . . . . . . . . . . . . . . . . . . 4
1.3. Code Components Licensing Notice . . . . . . . . . . . . . 3 1.3. Code Components Licensing Notice . . . . . . . . . . . . . 4
1.4. XDR Description . . . . . . . . . . . . . . . . . . . . . 3 1.4. XDR Description . . . . . . . . . . . . . . . . . . . . . 4
2. SCSI Layout Description . . . . . . . . . . . . . . . . . . . 5 2. Block Layout Description . . . . . . . . . . . . . . . . . . . 6
2.1. GETDEVICEINFO . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Background and Architecture . . . . . . . . . . . . . . . 6
2.1.1. Model . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. layouttype4 . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.2. Volume Identification . . . . . . . . . . . . . . . . 7 2.3. GETDEVICEINFO . . . . . . . . . . . . . . . . . . . . . . 8
2.1.3. Volume Topology . . . . . . . . . . . . . . . . . . . 7 2.3.1. Volume Identification . . . . . . . . . . . . . . . . 8
2.2. Client Fencing . . . . . . . . . . . . . . . . . . . . . . 9 2.3.2. Volume Topology . . . . . . . . . . . . . . . . . . . 9
2.2.1. PRs - Key Generation . . . . . . . . . . . . . . . . . 9 2.4. Data Structures: Extents and Extent Lists . . . . . . . . 12
2.2.2. PRs - MDS Registration and Reservation . . . . . . . . 9 2.4.1. Layout Requests and Extent Lists . . . . . . . . . . . 14
2.2.3. PRs - Client Registration . . . . . . . . . . . . . . 9 2.4.2. Layout Commits . . . . . . . . . . . . . . . . . . . . 15
2.2.4. PRs - Fencing Action . . . . . . . . . . . . . . . . . 10 2.4.3. Layout Returns . . . . . . . . . . . . . . . . . . . . 16
2.2.5. Client Recovery After a Fence Action . . . . . . . . . 10 2.4.4. Client Copy-on-Write Processing . . . . . . . . . . . 16
3. Security Considerations . . . . . . . . . . . . . . . . . . . 10 2.4.5. Extents are Permissions . . . . . . . . . . . . . . . 17
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 2.4.6. End-of-file Processing . . . . . . . . . . . . . . . . 19
5. Normative References . . . . . . . . . . . . . . . . . . . . . 11 2.4.7. Layout Hints . . . . . . . . . . . . . . . . . . . . . 19
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 11 2.4.8. Client Fencing . . . . . . . . . . . . . . . . . . . . 19
Appendix B. RFC Editor Notes . . . . . . . . . . . . . . . . . . 12 2.5. Crash Recovery Issues . . . . . . . . . . . . . . . . . . 21
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.6. Recalling Resources: CB_RECALL_ANY . . . . . . . . . . . . 22
2.7. Transient and Permanent Errors . . . . . . . . . . . . . . 22
2.8. Volatile write caches . . . . . . . . . . . . . . . . . . 23
3. Security Considerations . . . . . . . . . . . . . . . . . . . 23
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
5. Normative References . . . . . . . . . . . . . . . . . . . . . 25
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 26
Appendix B. RFC Editor Notes . . . . . . . . . . . . . . . . . . 26
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction 1. Introduction
In the parallel Network File System (pNFS), the metadata server Figure 1 shows the overall architecture of a Parallel NFS (pNFS)
returns Layout Type structures that describe where file data is system:
located. There are different Layout Types for different storage
systems and methods of arranging data on storage devices. This
document extends the pNFS Block/Volume Layout [RFC5663] with a closer
integration into the the SCSI Architecture Model ([SAM-4]) to provide
a generic fencing method and more scalable device discovery.
1.1. Scope +-----------+
|+-----------+ +-----------+
||+-----------+ | |
||| | NFSv4.1 + pNFS | |
+|| Clients |<------------------------------>| Server |
+| | | |
+-----------+ | |
||| +-----------+
||| |
||| |
||| Storage +-----------+ |
||| Protocol |+-----------+ |
||+----------------||+-----------+ Control |
|+-----------------||| | Protocol|
+------------------+|| Storage |------------+
+| Systems |
+-----------+
This document only specifies an updated version of the layout- Figure 1
specific GETDEVICEINFO XDR response, and a new mandatory fencing
method for SCSI devices, but refers to [RFC5663] for the basic
principle of operation, as well as the layout specific XDR data
structures for the LAYOUTGET and LAYOUTCOMMIT operations. This
document does not directly interact with [RFC6688], although the
mechanisms described in this document also achieve the goals of
[RFC6688], and do so in a more robust fashion that does not depend on
the cooperation of the systems involved. Thus, the mechanisms
specified in [RFC6688] are not necessary for a pNFS SCSI layout type
implementation.
1.2. Conventions Used in This Document The overall approach is that pNFS-enhanced clients obtain sufficient
information from the server to enable them to access the underlying
storage (on the storage systems) directly. See the pNFS portion of
[RFC5661] for more details. This document is concerned with access
from pNFS clients to storage devices over block storage protocols
based on the the SCSI Architecture Model ([SAM-4]), e.g., Fibre
Channel Protocol (FCP) for Fibre Channel, Internet SCSI (iSCSI) or
Serial Attached SCSI (SAS). pNFS SCSI layout requires block based
SCSI command sets, for example SCSI Block Commands ([SBC3]). While
SCSI command set for non-block based access exist these are not
supported by the SCSI layout type, and all future references to SCSI
storage devices will imply a block based SCSI command set.
The Server to Storage System protocol, called the "Control Protocol",
is not of concern for interoperability, although it will typically be
the same SCSI based storage protocol.
This document is based on and updates [RFC5663] to provide a better
pNFS layout protocol for SCSI based storage devices, and functionally
obsoletes [RFC6688] by providing mandatory disk access protection as
part of the protocol.
1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. General Definitions
The following definitions are provided for the purpose of providing
an appropriate context for the reader.
Byte This document defines a byte as an octet, i.e., a datum exactly
8 bits in length.
Client The "client" is the entity that accesses the NFS server's
resources. The client may be an application that contains the
logic to access the NFS server directly. The client may also be
the traditional operating system client that provides remote file
system services for a set of applications.
Server The "server" is the entity responsible for coordinating
client access to a set of file systems and is identified by a
server owner.
1.3. Code Components Licensing Notice 1.3. Code Components Licensing Notice
The external data representation (XDR) description and scripts for The external data representation (XDR) description and scripts for
extracting the XDR description are Code Components as described in extracting the XDR description are Code Components as described in
Section 4 of "Legal Provisions Relating to IETF Documents" [LEGAL]. Section 4 of "Legal Provisions Relating to IETF Documents" [LEGAL].
These Code Components are licensed according to the terms of Section These Code Components are licensed according to the terms of Section
4 of "Legal Provisions Relating to IETF Documents". 4 of "Legal Provisions Relating to IETF Documents".
1.4. XDR Description 1.4. XDR Description
skipping to change at page 4, line 10 skipping to change at page 5, line 5
following shell script to produce the machine readable XDR following shell script to produce the machine readable XDR
description of the NFSv4.1 SCSI layout: description of the NFSv4.1 SCSI layout:
#!/bin/sh #!/bin/sh
grep '^ *///' $* | sed 's?^ */// ??' | sed 's?^ *///$??' grep '^ *///' $* | sed 's?^ */// ??' | sed 's?^ *///$??'
That is, if the above script is stored in a file called "extract.sh", That is, if the above script is stored in a file called "extract.sh",
and this document is in a file called "spec.txt", then the reader can and this document is in a file called "spec.txt", then the reader can
do: do:
sh extract.sh < spec.txt > flex_files_prot.x sh extract.sh < spec.txt > scsi_prot.x
The effect of the script is to remove leading white space from each The effect of the script is to remove leading white space from each
line, plus a sentinel sequence of "///". line, plus a sentinel sequence of "///".
The embedded XDR file header follows. Subsequent XDR descriptions, The embedded XDR file header follows. Subsequent XDR descriptions,
with the sentinel sequence are embedded throughout the document. with the sentinel sequence are embedded throughout the document.
Note that the XDR code contained in this document depends on types Note that the XDR code contained in this document depends on types
from the NFSv4.1 nfs4_prot.x file [RFC5662]. This includes both nfs from the NFSv4.1 nfs4_prot.x file [RFC5662]. This includes both nfs
types that end with a 4, such as offset4, length4, etc., as well as types that end with a 4, such as offset4, length4, etc., as well as
more generic types such as uint32_t and uint64_t. more generic types such as uint32_t and uint64_t.
/// /* /// /*
/// * This code was derived from draft-ieft-nfsv4-scsi-layout /// * This code was derived from RFCTBD10
/// * Please reproduce this note if possible. /// * Please reproduce this note if possible.
/// */ /// */
/// /* /// /*
/// * Copyright (c) 2015 IETF Trust and the persons identified /// * Copyright (c) 2010,2015 IETF Trust and the persons identified
/// * as the document authors. All rights reserved. /// * as the document authors. All rights reserved.
/// * /// *
/// * Redistribution and use in source and binary forms, with /// * Redistribution and use in source and binary forms, with
/// * or without modification, are permitted provided that the /// * or without modification, are permitted provided that the
/// * following conditions are met: /// * following conditions are met:
/// * /// *
/// * - Redistributions of source code must retain the above /// * - Redistributions of source code must retain the above
/// * copyright notice, this list of conditions and the /// * copyright notice, this list of conditions and the
/// * following disclaimer. /// * following disclaimer.
/// * /// *
/// * - Redistributions in binary form must reproduce the above /// * - Redistributions in binary form must reproduce the above
/// * copyright notice, this list of conditions and the /// * copyright notice, this list of conditions and the
/// * following disclaimer in the documentation and/or other /// * following disclaimer in the documentation and/or other
/// * materials provided with the distribution. /// * materials provided with the distribution.
/// * /// *
/// * - Neither the name of Internet Society, IETF or IETF /// * - Neither the name of Internet Society, IETF or IETF
/// * Trust, nor the names of specific contributors, may be /// * Trust, nor the names of specific contributors, may be
/// * used to endorse or promote products derived from this /// * used to endorse or promote products derived from this
/// * software without specific prior written permission. /// * software without specific prior written permission.
/// * /// *
/// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS /// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
/// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED /// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
/// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE /// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
/// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS /// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
/// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO /// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
/// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE /// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
/// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, /// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
/// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT /// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
/// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR /// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
/// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS /// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
/// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF /// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
/// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, /// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
/// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING /// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
/// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF /// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
/// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
/// */ /// */
/// ///
/// /* /// /*
/// * nfs4_scsi_layout_prot.x /// * nfs4_scsi_layout_prot.x
/// */ /// */
/// ///
/// %#include "nfs4_block_layout_prot.x" /// %#include "nfsv41.h"
/// %#include "nfsv41.h" ///
///
2. SCSI Layout Description 2. Block Layout Description
2.1. Background and Architecture
The fundamental storage abstraction supported by SCSI storage devices
is a Logical Unit (LU) consisting of a sequential series of fixed-
size blocks. This can be thought of as a logical disk; it may be
realized by the storage system as a physical disk, a portion of a
physical disk, or something more complex (e.g., concatenation,
striping, RAID, and combinations thereof) involving multiple physical
disks or portions thereof.
A pNFS layout for this SCSI class of storage is responsible for
mapping from an NFS file (or portion of a file) to the blocks of
storage volumes that contain the file. The blocks are expressed as
extents with 64-bit offsets and lengths using the existing NFSv4
offset4 and length4 types. Clients must be able to perform I/O to
the block extents without affecting additional areas of storage
(especially important for writes); therefore, extents MUST be aligned
to 512-byte boundaries, and writable extents MUST be aligned to the
block size used by the NFSv4 server in managing the actual file
system (4 kilobytes and 8 kilobytes are common block sizes). This
block size is available as the NFSv4.1 layout_blksize attribute.
[RFC5661]. Readable extents SHOULD be aligned to the block size used
by the NFSv4 server, but in order to support legacy file systems with
fragments, alignment to 512-byte boundaries is acceptable.
The pNFS operation for requesting a layout (LAYOUTGET) includes the
"layoutiomode4 loga_iomode" argument, which indicates whether the
requested layout is for read-only use or read-write use. A read-only
layout may contain holes that are read as zero, whereas a read-write
layout will contain allocated, but un-initialized storage in those
holes (read as zero, can be written by client). This document also
supports client participation in copy-on-write (e.g., for file
systems with snapshots) by providing both read-only and un-
initialized storage for the same range in a layout. Reads are
initially performed on the read-only storage, with writes going to
the un-initialized storage. After the first write that initializes
the un-initialized storage, all reads are performed to that now-
initialized writable storage, and the corresponding read-only storage
is no longer used.
The SCSI layout solution expands the security responsibilities of the
pNFS clients, and there are a number of environments where the
mandatory to implement security properties for NFS cannot be
satisfied. The additional security responsibilities of the client
follow, and a full discussion is present im Section 3, "Security
Considerations".
o Typically, SCSI storage devices provide access control mechanisms
(e.g., Logical Unit Number (LUN) mapping and/or masking), which
operate at the granularity of individual hosts, not individual
blocks. For this reason, block-based protection must be provided
by the client software.
o Similarly, SCSI storage devices typically are not able to validate
NFS locks that apply to file regions. For instance, if a file is
covered by a mandatory read-only lock, the server can ensure that
only readable layouts for the file are granted to pNFS clients.
However, it is up to each pNFS client to ensure that the readable
layout is used only to service read requests, and not to allow
writes to the existing parts of the file.
Since SCSI storage devices are generally not capable of enforcing
such file-based security, in environments where pNFS clients cannot
be trusted to enforce such policies, pNFS SCSI layouts SHOULD NOT be
used.
2.2. layouttype4
The layout4 type defined in [RFC5662] is extended with a new value as The layout4 type defined in [RFC5662] is extended with a new value as
follows: follows:
enum layouttype4 { enum layouttype4 {
LAYOUT4_NFSV4_1_FILES = 1, LAYOUT4_NFSV4_1_FILES = 1,
LAYOUT4_OSD2_OBJECTS = 2, LAYOUT4_OSD2_OBJECTS = 2,
LAYOUT4_BLOCK_VOLUME = 3, LAYOUT4_BLOCK_VOLUME = 3,
LAYOUT4_SCSI = 0x80000005 LAYOUT4_SCSI = 0x80000005
[[RFC Editor: please modify the LAYOUT4_SCSI [[RFC Editor: please modify the LAYOUT4_SCSI
to be the layouttype assigned by IANA]] to be the layouttype assigned by IANA]]
}; };
struct layout_content4 {
layouttype4 loc_type;
opaque loc_body<>;
};
struct layout4 {
offset4 lo_offset;
length4 lo_length;
layoutiomode4 lo_iomode;
layout_content4 lo_content;
};
This document defines structure associated with the layouttype4 value This document defines structure associated with the layouttype4 value
LAYOUT4_SCSI. [RFC5661] specifies the loc_body structure as an XDR LAYOUT4_SCSI. [RFC5661] specifies the loc_body structure as an XDR
type "opaque". The opaque layout is uninterpreted by the generic type "opaque". The opaque layout is uninterpreted by the generic
pNFS client layers, but obviously must be interpreted by the Layout pNFS client layers, but obviously must be interpreted by the Layout
Type implementation. All structures behind this opaque value are Type implementation.
identical to those defined in [RFC5663].
2.1. GETDEVICEINFO
/// /*
/// * Code sets from SPC-3.
/// */
/// enum pnfs_scsi_code_set {
/// PS_CODE_SET_BINARY = 1,
/// PS_CODE_SET_ASCII = 2,
/// PS_CODE_SET_UTF8 = 3
/// };
///
/// /*
/// * Designator types from taken from SPC-3.
/// *
/// * Other values are allocated in SPC-3, but not mandatory to
/// * implement or aren't logical unit names.
/// */
/// enum pnfs_scsi_designator_type {
/// PS_DESIGNATOR_EUI64 = 2,
/// PS_DESIGNATOR_NAA = 3,
/// PS_DESIGNATOR_NAME = 8
/// };
///
/// /*
/// * Logical unit name + reservation key.
/// */
/// struct pnfs_scsi_base_volume_info4 {
/// pnfs_scsi_code_set sbv_code_set;
/// pnfs_scsi_designator_type sbv_designator_type;
/// opaque sbv_designator<>;
/// uint32_t sbv_pr_key;
/// };
///
2.1.1. Model
GETDEVICEINFO calls are handled exactly the same way as specified in 2.3. GETDEVICEINFO
[RFC5663]. The "pnfs_scsi_volume_type4" data structure returned by
the server as the storage-protocol-specific opaque field da_addr_body
in the "device_addr4" structure by a successful GETDEVICEINFO
operation [RFC5661] is a strict superset of the
"pnfs_block_volume_type" structured defined by [RFC5663].
2.1.2. Volume Identification 2.3.1. Volume Identification
SCSI targets implementing [SPC3] export unique logical unit names for SCSI targets implementing [SPC3] export unique LU names for each LU
each logical unit through the Device Identification VPD page which through the Device Identification VPD page, which can be obtained
can be obtained using the INQUIRY command. This document uses a using the INQUIRY command. This document uses a subset of this
subset of this information to identify logical units backing pNFS information to identify LUs backing pNFS SCSI layouts. It is similar
SCSI layouts. It is similar to the "Identification Descriptor Target to the "Identification Descriptor Target Descriptor" specified in
Descriptor" specified in [SPC3], but limits the allowed values to [SPC3], but limits the allowed values to those that uniquely identify
those that uniquely identify a logical unit. Device Identification a LU. Device Identification VPD page descriptors used to identify
VPD page descriptors used to identify logical units for use with pNFS LUs for use with pNFS SCSI layouts must adhere to the following
SCSI layouts must adhere to the following restrictions: restrictions:
1. The "ASSOCIATION" must be set to 0 (The DESIGNATOR field is 1. The "ASSOCIATION" must be set to 0 (The DESIGNATOR field is
associated with the addressed logical unit). associated with the addressed logical unit).
2. The "DESIGNATOR TYPE" must be set to one of three values 2. The "DESIGNATOR TYPE" must be set to one of three values
explicitly listed in the "pnfs_scsi_designator_type" explicitly listed in the "pnfs_scsi_designator_type"
enumerations. enumerations.
The "CODE SET" VPD page field is stored in the "sbv_code_set" field The "CODE SET" VPD page field is stored in the "sbv_code_set" field
of the "pnfs_scsi_base_volume_info4" structure, the "DESIGNATOR TYPE" of the "pnfs_scsi_base_volume_info4" structure, the "DESIGNATOR TYPE"
skipping to change at page 7, line 39 skipping to change at page 8, line 47
LENGTH" field does not need to be set separately. Only certain LENGTH" field does not need to be set separately. Only certain
combinations of "sbv_code_set" and "sbv_designator_type" are valid, combinations of "sbv_code_set" and "sbv_designator_type" are valid,
please refer to [SPC3] for details, and note that ASCII may be used please refer to [SPC3] for details, and note that ASCII may be used
as the code set for UTF-8 text that contains only ASCII characters. as the code set for UTF-8 text that contains only ASCII characters.
Note that a Device Identification VPD page MAY contain multiple Note that a Device Identification VPD page MAY contain multiple
descriptors with the same association, code set and designator type. descriptors with the same association, code set and designator type.
NFS clients thus MUST iterate the descriptors until a match for NFS clients thus MUST iterate the descriptors until a match for
"sbv_code_set", "sbv_designator_type" and "sbv_designator" is found, "sbv_code_set", "sbv_designator_type" and "sbv_designator" is found,
or until the end of VPD page. or until the end of VPD page.
Storage devices such as storage arrays can have multiple physical
network ports that need not be connected to a common network,
resulting in a pNFS client having simultaneous multipath access to
the same storage volumes via different ports on different networks.
Selection of one or multiple ports to access the storage device is
left up to the client.
Additionally the server returns a Persistent Reservation key in the Additionally the server returns a Persistent Reservation key in the
"sbv_pr_key" field. See Section 2.2 for more details on the use of "sbv_pr_key" field. See Section 2.4.8 for more details on the use of
Persistent Reservations. Persistent Reservations.
2.1.3. Volume Topology 2.3.2. Volume Topology
The pNFS SCSI server volume topology is expressed as an arbitrary The pNFS SCSI layout volume topology is expressed as an arbitrary
combination of base volume types enumerated in the following data combination of base volume types enumerated in the following data
structures. The individual components of the topology are contained structures. The individual components of the topology are contained
in an array and components may refer to other components by using in an array and components may refer to other components by using
array indices. array indices.
/// enum pnfs_scsi_volume_type4 { /// enum pnfs_scsi_volume_type4 {
/// PNFS_SCSI_VOLUME_SIMPLE = /// PNFS_SCSI_VOLUME_BASE = 0, /* volume maps to a single
/// PNFS_BLOCK_VOLUME_SIMPLE , /* invalid */ /// LU */
/// PNFS_SCSI_VOLUME_SLICE = /* see RFC5663 */ /// PNFS_SCSI_VOLUME_SLICE = 1, /* volume is a slice of
/// PNFS_BLOCK_VOLUME_SLICE, /// another volume */
/// PNFS_SCSI_VOLUME_CONCAT = /* see RFC5663 */ /// PNFS_SCSI_VOLUME_CONCAT = 2, /* volume is a
/// PNFS_BLOCK_VOLUME_CONCAT, /// concatenation of
/// PNFS_SCSI_VOLUME_STRIPE = /* see RFC5663 */ /// multiple volumes */
/// PNFS_BLOCK_VOLUME_STRIPE, /// PNFS_SCSI_VOLUME_STRIPE = 3 /* volume is striped across
/// PNFS_SCSI_VOLUME_BASE = 4 /* SCSI LU */ /// multiple volumes */
/// }; /// };
/// ///
/// /*
/// * Code sets from SPC-3.
/// */
/// enum pnfs_scsi_code_set {
/// PS_CODE_SET_BINARY = 1,
/// PS_CODE_SET_ASCII = 2,
/// PS_CODE_SET_UTF8 = 3
/// };
///
/// /*
/// * Designator types from taken from SPC-3.
/// *
/// * Other values are allocated in SPC-3, but not mandatory to
/// * implement or aren't Logical Unit names.
/// */
/// enum pnfs_scsi_designator_type {
/// PS_DESIGNATOR_EUI64 = 2,
/// PS_DESIGNATOR_NAA = 3,
/// PS_DESIGNATOR_NAME = 8
/// };
///
/// /*
/// * Logical Unit name + reservation key.
/// */
/// struct pnfs_scsi_base_volume_info4 {
/// pnfs_scsi_code_set sbv_code_set;
/// pnfs_scsi_designator_type sbv_designator_type;
/// opaque sbv_designator<>;
/// uint32_t sbv_pr_key;
/// };
///
///
/// struct pnfs_scsi_slice_volume_info4 {
/// offset4 ssv_start; /* offset of the start of the
/// slice in bytes */
/// length4 ssv_length; /* length of slice in bytes */
/// uint32_t ssv_volume; /* array index of sliced
/// volume */
/// };
///
/// struct pnfs_scsi_concat_volume_info4 {
/// uint32_t scv_volumes<>; /* array indices of volumes
/// which are concatenated */
/// };
///
/// struct pnfs_scsi_stripe_volume_info4 {
/// length4 ssv_stripe_unit; /* size of stripe in bytes */
/// uint32_t ssv_volumes<>; /* array indices of volumes
/// which are striped across --
/// MUST be same size */
/// };
/// ///
/// union pnfs_scsi_volume4 switch (pnfs_scsi_volume_type4 type) { /// union pnfs_scsi_volume4 switch (pnfs_scsi_volume_type4 type) {
/// case PNFS_SCSI_VOLUME_SIMPLE: /// case PNFS_SCSI_VOLUME_BASE:
/// pnfs_block_simple_volume_info4 sv_simple_info; /// pnfs_scsi_base_volume_info4 sv_simple_info;
/// case PNFS_SCSI_VOLUME_SLICE: /// case PNFS_SCSI_VOLUME_SLICE:
/// pnfs_block_slice_volume_info4 sv_slice_info; /// pnfs_scsi_slice_volume_info4 sv_slice_info;
/// case PNFS_SCSI_VOLUME_CONCAT: /// case PNFS_SCSI_VOLUME_CONCAT:
/// pnfs_block_concat_volume_info4 sv_concat_info; /// pnfs_scsi_concat_volume_info4 sv_concat_info;
/// case PNFS_SCSI_VOLUME_STRIPE: /// case PNFS_SCSI_VOLUME_STRIPE:
/// pnfs_block_stripe_volume_info4 sv_stripe_info; /// pnfs_scsi_stripe_volume_info4 sv_stripe_info;
/// case PNFS_SCSI_VOLUME_BASE:
/// pnfs_scsi_base_volume_info4 sv_base_info;
/// }; /// };
/// ///
/// /* scsi layout specific type for da_addr_body */ /// /* SCSI layout specific type for da_addr_body */
/// struct pnfs_scsi_deviceaddr4 { /// struct pnfs_scsi_deviceaddr4 {
/// pnfs_scsi_volume4 sda_volumes<>; /* array of volumes */ /// pnfs_scsi_volume4 sda_volumes<>; /* array of volumes */
/// }; /// };
/// ///
All rules for ordering and formation of a "pnfs_scsi_deviceaddr4" The "pnfs_scsi_deviceaddr4" data structure is a structure that allows
structure are identical to those for a "pnfs_block_deviceaddr4" arbitrarily complex nested volume structures to be encoded. The
structure in [RFC5663], except that the new types of aggregations that are allowed are stripes, concatenations,
pnfs_scsi_base_volume_info4 PNFS_SCSI_VOLUME_BASE case is used in and slices. Note that the volume topology expressed in the
place of the pnfs_block_simple_volume_info4 PNFS_BLOCK_VOLUME_SIMPLE pnfs_scsi_deviceaddr4 data structure will always resolve to a set of
case as the base structure. A PNFS_BLOCK_VOLUME_SIMPLE element MUST pnfs_scsi_volume_type4 PNFS_SCSI_VOLUME_BASE. The array of volumes
NOT be referenced by a pnfs_scsi_deviceaddr4, but is preserved for is ordered such that the root of the volume hierarchy is the last
XDR level compatibility. element of the array. Concat, slice, and stripe volumes MUST refer
to volumes defined by lower indexed elements of the array.
2.2. Client Fencing The "pnfs_scsi_device_addr4" data structure is returned by the server
as the storage-protocol-specific opaque field da_addr_body in the
"device_addr4" structure by a successful GETDEVICEINFO operation
[RFC5661].
[RFC5663] suggests using either LUN masking or cooperative clients to As noted above, all device_addr4 structures eventually resolve to a
implement client fencing. The first implementation requires the set of volumes of type PNFS_SCSI_VOLUME_BASE. Complicated volume
server and the storage device to have a common way to address a hierarchies may be composed of dozens of volumes each with several
client, which is impossible when the NFS and storage connection don't signature components; thus, the device address may require several
share a network, and requires a non-standardized control protocol kilobytes. The client SHOULD be prepared to allocate a large buffer
between the MDS and the storage device. The second implementation to contain the result. In the case of the server returning
relies on a cooperative client, which is not robust. NFS4ERR_TOOSMALL, the client SHOULD allocate a buffer of at least
gdir_mincount_bytes to contain the expected result and retry the
GETDEVICEINFO request.
Instead this document specifies a new SCSI-specific fencing protocol 2.4. Data Structures: Extents and Extent Lists
using Persistent Reservations (PRs), similar to the fencing method
used by existing shared disk file systems. By placing a PR of type
"Exclusive Access - All Registrants" on each SCSI logical unit
exported to pNFS clients the MDS prevents access from any client that
does not have an outstanding device device ID that gives the client a
reservation key to access the logical unit, and allows the MDS to
revoke access to the logic unit at any time.
2.2.1. PRs - Key Generation A pNFS SCSI layout is a list of extents within a flat array of data
blocks in a logical volume. The details of the volume topology can
be determined by using the GETDEVICEINFO operation. The SCSI layout
describes the individual block extents on the volume that make up the
file. The offsets and length contained in an extent are specified in
units of bytes.
/// enum pnfs_scsi_extent_state4 {
/// PNFS_SCSI_READ_WRITE_DATA = 0, /* the data located by this
/// extent is valid
/// for reading and writing. */
/// PNFS_SCSI_READ_DATA = 1, /* the data located by this
/// extent is valid for reading
/// only; it may not be
/// written. */
/// PNFS_SCSI_INVALID_DATA = 2, /* the location is valid; the
/// data is invalid. It is a
/// newly (pre-) allocated
/// extent. There is physical
/// space on the volume. */
/// PNFS_SCSI_NONE_DATA = 3 /* the location is invalid.
/// It is a hole in the file.
/// There is no physical space
/// on the volume. */
/// };
///
/// struct pnfs_scsi_extent4 {
/// deviceid4 se_vol_id; /* id of logical volume on
/// which extent of file is
/// stored. */
/// offset4 se_file_offset; /* starting byte offset
/// in the file */
/// length4 se_length; /* size in bytes of the
/// extent */
/// offset4 se_storage_offset; /* starting byte offset
/// in the volume */
/// pnfs_scsi_extent_state4 se_state;
/// /* state of this extent */
/// };
///
/// /* SCSI layout specific type for loc_body */
/// struct pnfs_scsi_layout4 {
/// pnfs_scsi_extent4 sl_extents<>;
/// /* extents which make up this
/// layout. */
/// };
///
The SCSI layout consists of a list of extents that map the logical
regions of the file to physical locations on a volume. The
"se_storage_offset" field within each extent identifies a location on
the logical volume specified by the "se_vol_id" field in the extent.
The se_vol_id itself is shorthand for the whole topology of the
logical volume on which the file is stored. The client is
responsible for translating this logical offset into an offset on the
appropriate underlying SCSI LU. In most cases, all extents in a
layout will reside on the same volume and thus have the same
se_vol_id. In the case of copy-on-write file systems, the
PNFS_SCSI_READ_DATA extents may have a different se_vol_id from the
writable extents.
Each extent maps a logical region of the file onto a portion of the
specified LU. The se_file_offset, se_length, and se_state fields for
an extent returned from the server are valid for all extents. In
contrast, the interpretation of the se_storage_offset field depends
on the value of se_state as follows (in increasing order):
PNFS_SCSI_READ_WRITE_DATA means that se_storage_offset is valid, and
points to valid/initialized data that can be read and written.
PNFS_SCSI_READ_DATA means that se_storage_offset is valid andpoints
to valid/initialized data that can only be read. Write operations
are prohibited; the client may need to request a read-write
layout.
PNFS_SCSI_INVALID_DATA means that se_storage_offset is valid, but
points to invalid un-initialized data. This data must not be
physically read from the disk until it has been initialized. A
read request for a PNFS_SCSI_INVALID_DATA extent must fill the
user buffer with zeros, unless the extent is covered by a
PNFS_SCSI_READ_DATA extent of a copy-on-write file system. Write
requests must write whole server-sized blocks to the disk; bytes
not initialized by the user must be set to zero. Any write to
storage in a PNFS_SCSI_INVALID_DATA extent changes the written
portion of the extent to PNFS_SCSI_READ_WRITE_DATA; the pNFS
client is responsible for reporting this change via LAYOUTCOMMIT.
PNFS_SCSI_NONE_DATA means that se_storage_offset is not valid, and
this extent may not be used to satisfy write requests. Read
requests may be satisfied by zero-filling as for
PNFS_SCSI_INVALID_DATA. PNFS_SCSI_NONE_DATA extents may be
returned by requests for readable extents; they are never returned
if the request was for a writable extent.
An extent list contains all relevant extents in increasing order of
the se_file_offset of each extent; any ties are broken by increasing
order of the extent state (se_state).
2.4.1. Layout Requests and Extent Lists
Each request for a layout specifies at least three parameters: file
offset, desired size, and minimum size. If the status of a request
indicates success, the extent list returned must meet the following
criteria:
o A request for a readable (but not writable) layout returns only
PNFS_SCSI_READ_DATA or PNFS_SCSI_NONE_DATA extents (but not
PNFS_SCSI_INVALID_DATA or PNFS_SCSI_READ_WRITE_DATA extents).
o A request for a writable layout returns PNFS_SCSI_READ_WRITE_DATA
or PNFS_SCSI_INVALID_DATA extents (but not PNFS_SCSI_NONE_DATA
extents). It may also return PNFS_SCSI_READ_DATA extents only
when the offset ranges in those extents are also covered by
PNFS_SCSI_INVALID_DATA extents to permit writes.
o The first extent in the list MUST contain the requested starting
offset.
o The total size of extents within the requested range MUST cover at
least the minimum size. One exception is allowed: the total size
MAY be smaller if only readable extents were requested and EOF is
encountered.
o Extents in the extent list MUST be logically contiguous for a
read-only layout. For a read-write layout, the set of writable
extents (i.e., excluding PNFS_SCSI_READ_DATA extents) MUST be
logically contiguous. Every PNFS_SCSI_READ_DATA extent in a read-
write layout MUST be covered by one or more PNFS_SCSI_INVALID_DATA
extents. This overlap of PNFS_SCSI_READ_DATA and
PNFS_SCSI_INVALID_DATA extents is the only permitted extent
overlap.
o Extents MUST be ordered in the list by starting offset, with
PNFS_SCSI_READ_DATA extents preceding PNFS_SCSI_INVALID_DATA
extents in the case of equal se_file_offsets.
If the minimum requested size, loga_minlength, is zero, this is an
indication to the metadata server that the client desires any layout
at offset loga_offset or less that the metadata server has "readily
available". Readily is subjective, and depends on the layout type
and the pNFS server implementation. For SCSI layout servers, readily
available SHOULD be interpreted such that readable layouts are always
available, even if some extents are in the PNFS_SCSI_NONE_DATA state.
When processing requests for writable layouts, a layout is readily
available if extents can be returned in the PNFS_SCSI_READ_WRITE_DATA
state.
2.4.2. Layout Commits
///
/// /* SCSI layout specific type for lou_body */
///
/// struct pnfs_scsi_range4 {
/// offset4 sr_file_offset; /* starting byte offset
/// in the file */
/// length4 sr_length; /* size in bytes of the
/// };
///
/// struct pnfs_scsi_layoutupdate4 {
/// pnfs_scsi_range4 slu_commit_list<>;
/// /* list of extents which
/// * now contain valid data.
/// */
/// };
The "pnfs_scsi_layoutupdate4" structure is used by the client as the
SCSI layout specific argument in a LAYOUTCOMMIT operation. The
"slu_commit_list" field is a list covering regions of the file layout
that were previously in the PNFS_SCSI_INVALID_DATA state, but have
been written by the client and should now be considered in the
PNFS_SCSI_READ_WRITE_DATA state. The extents in the commit list MUST
be disjoint and MUST be sorted by sr_file_offset. Implementors
should be aware that a server may be unable to commit regions at a
granularity smaller than a file-system block (typically 4 KB or 8
KB). As noted above, the block-size that the server uses is
available as an NFSv4 attribute, and any extents included in the
"slu_commit_list" MUST be aligned to this granularity and have a size
that is a multiple of this granularity. If the client believes that
its actions have moved the end-of-file into the middle of a block
being committed, the client MUST write zeroes from the end-of-file to
the end of that block before committing the block. Failure to do so
may result in junk (un-initialized data) appearing in that area if
the file is subsequently extended by moving the end-of-file.
2.4.3. Layout Returns
The LAYOUTRETURN operation is done without any SCSI layout specific
data. When the LAYOUTRETURN operation specifies a
LAYOUTRETURN4_FILE_return type, then the layoutreturn_file4 data
structure specifies the region of the file layout that is no longer
needed by the client. The opaque "lrf_body" field of the
"layoutreturn_file4" data structure MUST have length zero. A
LAYOUTRETURN operation represents an explicit release of resources by
the client, usually done for the purpose of avoiding unnecessary
CB_LAYOUTRECALL operations in the future. The client may return
disjoint regions of the file by using multiple LAYOUTRETURN
operations within a single COMPOUND operation.
Note that the SCSI layout supports unilateral layout revocation.
When a layout is unilaterally revoked by the server, usually due to
the client's lease time expiring, or a delegation being recalled, or
the client failing to return a layout in a timely manner, it is
important for the sake of correctness that any in- flight I/Os that
the client issued before the layout was revoked are rejected at the
storage. For the SCSI protocol, this is possible by fencing a client
with an expired layout timer from the physical storage. Note,
however, that the granularity of this operation can only be at the
host/LU level. Thus, if one of a client's layouts is unilaterally
revoked by the server, it will effectively render useless *all* of
the client's layouts for files located on the storage units
comprising the logical volume. This may render useless the client's
layouts for files in other file systems.
2.4.4. Client Copy-on-Write Processing
Copy-on-write is a mechanism used to support file and/or file system
snapshots. When writing to unaligned regions, or to regions smaller
than a file system block, the writer must copy the portions of the
original file data to a new location on disk. This behavior can
either be implemented on the client or the server. The paragraphs
below describe how a pNFS SCSI layout client implements access to a
file that requires copy-on-write semantics.
Distinguishing the PNFS_SCSI_READ_WRITE_DATA and PNFS_SCSI_READ_DATA
extent types in combination with the allowed overlap of
PNFS_SCSI_READ_DATA extents with PNFS_SCSI_INVALID_DATA extents
allows copy-on-write processing to be done by pNFS clients. In
classic NFS, this operation would be done by the server. Since pNFS
enables clients to do direct block access, it is useful for clients
to participate in copy-on-write operations. All SCSI pNFS clients
MUST support this copy-on-write processing.
When a client wishes to write data covered by a PNFS_SCSI_READ_DATA
extent, it MUST have requested a writable layout from the server;
that layout will contain PNFS_SCSI_INVALID_DATA extents to cover all
the data ranges of that layout's PNFS_SCSI_READ_DATA extents. More
precisely, for any se_file_offset range covered by one or more
PNFS_SCSI_READ_DATA extents in a writable layout, the server MUST
include one or more PNFS_SCSI_INVALID_DATA extents in the layout that
cover the same se_file_offset range. When performing a write to such
an area of a layout, the client MUST effectively copy the data from
the PNFS_SCSI_READ_DATA extent for any partial blocks of
se_file_offset and range, merge in the changes to be written, and
write the result to the PNFS_SCSI_INVALID_DATA extent for the blocks
for that se_file_offset and range. That is, if entire blocks of data
are to be overwritten by an operation, the corresponding
PNFS_SCSI_READ_DATA blocks need not be fetched, but any partial-
block writes must be merged with data fetched via PNFS_SCSI_READ_DATA
extents before storing the result via PNFS_SCSI_INVALID_DATA extents.
For the purposes of this discussion, "entire blocks" and "partial
blocks" refer to the server's file-system block size. Storing of
data in a PNFS_SCSI_INVALID_DATA extent converts the written portion
of the PNFS_SCSI_INVALID_DATA extent to a PNFS_SCSI_READ_WRITE_DATA
extent; all subsequent reads MUST be performed from this extent; the
corresponding portion of the PNFS_SCSI_READ_DATA extent MUST NOT be
used after storing data in a PNFS_SCSI_INVALID_DATA extent. If a
client writes only a portion of an extent, the extent may be split at
block aligned boundaries.
When a client wishes to write data to a PNFS_SCSI_INVALID_DATA extent
that is not covered by a PNFS_SCSI_READ_DATA extent, it MUST treat
this write identically to a write to a file not involved with copy-
on-write semantics. Thus, data must be written in at least block-
sized increments, aligned to multiples of block-sized offsets, and
unwritten portions of blocks must be zero filled.
2.4.5. Extents are Permissions
Layout extents returned to pNFS clients grant permission to read or
write; PNFS_SCSI_READ_DATA and PNFS_SCSI_NONE_DATA are read-only
(PNFS_SCSI_NONE_DATA reads as zeroes), PNFS_SCSI_READ_WRITE_DATA and
PNFS_SCSI_INVALID_DATA are read/write, (PNFS_SCSI_INVALID_DATA reads
as zeros, any write converts it to PNFS_SCSI_READ_WRITE_DATA). This
is the only means a client has of obtaining permission to perform
direct I/O to storage devices; a pNFS client MUST NOT perform direct
I/O operations that are not permitted by an extent held by the
client. Client adherence to this rule places the pNFS server in
control of potentially conflicting storage device operations,
enabling the server to determine what does conflict and how to avoid
conflicts by granting and recalling extents to/from clients.
SCSI storage devices do not provide byte granularity access and can
only perform read and write operations atomically on a block
granularity, and thus require read-modify-write cycles to write data
smaller than the block size. Overlapping concurrent read and write
operations to the same data thus will cause the read to return a
mixture of before-write and after-write data. Additionally, data
corruption can occur if the underlying storage is striped and the
operations complete in different orders on different stripes. When
there are multiple clients who wish to access the same data, a pNFS
server MUST avoid these conflicts by implementing a concurrency
control policy of single writer XOR multiple readers for a given data
region.
If a client makes a layout request that conflicts with an existing
layout delegation, the request will be rejected with the error
NFS4ERR_LAYOUTTRYLATER. This client is then expected to retry the
request after a short interval. During this interval, the server
SHOULD recall the conflicting portion of the layout delegation from
the client that currently holds it. This reject-and-retry approach
does not prevent client starvation when there is contention for the
layout of a particular file. For this reason, a pNFS server SHOULD
implement a mechanism to prevent starvation. One possibility is that
the server can maintain a queue of rejected layout requests. Each
new layout request can be checked to see if it conflicts with a
previous rejected request, and if so, the newer request can be
rejected. Once the original requesting client retries its request,
its entry in the rejected request queue can be cleared, or the entry
in the rejected request queue can be removed when it reaches a
certain age.
NFSv4 supports mandatory locks and share reservations. These are
mechanisms that clients can use to restrict the set of I/O operations
that are permissible to other clients. Since all I/O operations
ultimately arrive at the NFSv4 server for processing, the server is
in a position to enforce these restrictions. However, with pNFS
layouts, I/Os will be issued from the clients that hold the layouts
directly to the storage devices that host the data. These devices
have no knowledge of files, mandatory locks, or share reservations,
and are not in a position to enforce such restrictions. For this
reason the NFSv4 server MUST NOT grant layouts that conflict with
mandatory locks or share reservations. Further, if a conflicting
mandatory lock request or a conflicting open request arrives at the
server, the server MUST recall the part of the layout in conflict
with the request before granting the request.
2.4.6. End-of-file Processing
The end-of-file location can be changed in two ways: implicitly as
the result of a WRITE or LAYOUTCOMMIT beyond the current end-of-file,
or explicitly as the result of a SETATTR request. Typically, when a
file is truncated by an NFSv4 client via the SETATTR call, the server
frees any disk blocks belonging to the file that are beyond the new
end-of-file byte, and MUST write zeros to the portion of the new end-
of-file block beyond the new end-of-file byte. These actions render
any pNFS layouts that refer to the blocks that are freed or written
semantically invalid. Therefore, the server MUST recall from clients
the portions of any pNFS layouts that refer to blocks that will be
freed or written by the server before processing the truncate
request. These recalls may take time to complete; as explained in
[RFC5661], if the server cannot respond to the client SETATTR request
in a reasonable amount of time, it SHOULD reply to the client with
the error NFS4ERR_DELAY.
Blocks in the PNFS_SCSI_INVALID_DATA state that lie beyond the new
end-of-file block present a special case. The server has reserved
these blocks for use by a pNFS client with a writable layout for the
file, but the client has yet to commit the blocks, and they are not
yet a part of the file mapping on disk. The server MAY free these
blocks while processing the SETATTR request. If so, the server MUST
recall any layouts from pNFS clients that refer to the blocks before
processing the truncate. If the server does not free the
PNFS_SCSI_INVALID_DATA blocks while processing the SETATTR request,
it need not recall layouts that refer only to the
PNFS_SCSI_INVALID_DATA blocks.
When a file is extended implicitly by a WRITE or LAYOUTCOMMIT beyond
the current end-of-file, or extended explicitly by a SETATTR request,
the server need not recall any portions of any pNFS layouts.
2.4.7. Layout Hints
The SETATTR operation supports a layout hint attribute [RFC5661].
Clients MUST NOT set a layout hint with a layout type (the loh_type
field) of LAYOUT4_SCSI_VOLUME.
2.4.8. Client Fencing
The pNFS SCSI protocol must handle situations in which a system
failure, typically a network connectivity issue, requires the server
to unilaterally revoke extents from one client in order to transfer
the extents to another client. The pNFS server implementation MUST
ensure that when resources are transferred to another client, they
are not used by the client originally owning them, and this must be
ensured against any possible combination of partitions and delays
among all of the participants to the protocol (server, storage and
client).
The pNFS SCSI protocol implements fencing using Persistent
Reservations (PRs), similar to the fencing method used by existing
shared disk file systems. By placing a PR of type "Exclusive Access
- All Registrants" on each SCSI LU exported to pNFS clients the MDS
prevents access from any client that does not have an outstanding
device device ID that gives the client a reservation key to access
the LU, and allows the MDS to revoke access to the logic unit at any
time.
2.4.8.1. PRs - Key Generation
To allow fencing individual systems, each system must use a unique To allow fencing individual systems, each system must use a unique
Persistent Reservation key. [SPC3] does not specify a way to Persistent Reservation key. [SPC3] does not specify a way to
generate keys. This document assigns the burden to generate unique generate keys. This document assigns the burden to generate unique
keys to the MDS, which must generate a key for itself before keys to the MDS, which must generate a key for itself before
exporting a volume, and one for each client that accesses a volume. exporting a volume, and one for each client that accesses a volume.
The MDS MAY either generate a key for each client that accesses logic The MDS MAY either generate a key for each client that accesses logic
units exported by the MDS, or generate a key for each [logical unit, units exported by the MDS, or generate a key for each [LU, client]
client] combination. If using a single key per client, the MDS needs combination. If using a single key per client, the MDS needs to be
to be aware of the per-client fencing granularity. aware of the per-client fencing granularity.
2.2.2. PRs - MDS Registration and Reservation 2.4.8.2. PRs - MDS Registration and Reservation
Before returning a PNFS_SCSI_VOLUME_BASE volume to the client, the Before returning a PNFS_SCSI_VOLUME_BASE volume to the client, the
MDS needs to prepare the volume for fencing using PRs. This is done MDS needs to prepare the volume for fencing using PRs. This is done
by registering the reservation generated for the MDS with the device by registering the reservation generated for the MDS with the device
using the "PERSISTENT RESERVE OUT" command with a service action of using the "PERSISTENT RESERVE OUT" command with a service action of
"REGISTER", followed by a "PERSISTENT RESERVE OUT" command, with a "REGISTER", followed by a "PERSISTENT RESERVE OUT" command, with a
service action of "RESERVE" and the type field set to 8h (Exclusive service action of "RESERVE" and the type field set to 8h (Exclusive
Access - All Registrants). To make sure all I_T nexuses are Access - All Registrants). To make sure all I_T nexuses are
registered, the MDS SHOULD set the "All Target Ports" (ALL_TG_PT) bit registered, the MDS SHOULD set the "All Target Ports" (ALL_TG_PT) bit
when registering the key, or otherwise ensure the registration is when registering the key, or otherwise ensure the registration is
performed for each initiator port. performed for each initiator port.
2.2.3. PRs - Client Registration 2.4.8.3. PRs - Client Registration
Before performing the first IO to a device returned from a Before performing the first IO to a device returned from a
GETDEVICEINFO operation the client will register the registration key GETDEVICEINFO operation the client will register the registration key
returned in sbv_pr_key with the storage device by issuing a returned in sbv_pr_key with the storage device by issuing a
"PERSISTENT RESERVE OUT" command with a service action of REGISTER "PERSISTENT RESERVE OUT" command with a service action of REGISTER
with the "SERVICE ACTION RESERVATION KEY" set to the reservation key with the "SERVICE ACTION RESERVATION KEY" set to the reservation key
returned in sbv_pr_key. To make sure all I_T nexus are registered, returned in sbv_pr_key. To make sure all I_T nexus are registered,
the client SHOULD set the "All Target Ports" (ALL_TG_PT) bit when the client SHOULD set the "All Target Ports" (ALL_TG_PT) bit when
registering the key, or otherwise ensure the registration is registering the key, or otherwise ensure the registration is
performed for each initiator port. performed for each initiator port.
When a client stops using a device earlier returned by GETDEVICEINFO When a client stops using a device earlier returned by GETDEVICEINFO
it MUST unregister the earlier registered key by issuing a it MUST unregister the earlier registered key by issuing a
"PERSISTENT RESERVE OUT" command with a service action of "REGISTER" "PERSISTENT RESERVE OUT" command with a service action of "REGISTER"
with the "RESERVATION KEY" set to the earlier registered reservation with the "RESERVATION KEY" set to the earlier registered reservation
key. key.
2.2.4. PRs - Fencing Action 2.4.8.4. PRs - Fencing Action
In case of a non-responding client the MDS MUST fence the client by In case of a non-responding client the MDS MUST fence the client by
issuing a "PERSISTENT RESERVE OUT" command with the service action issuing a "PERSISTENT RESERVE OUT" command with the service action
set to "PREEMPT" or "PREEMPT AND ABORT", the reservation key field set to "PREEMPT" or "PREEMPT AND ABORT", the reservation key field
set to the server's reservation key, the service action reservation set to the server's reservation key, the service action reservation
key field set to the reservation key associated with the non- key field set to the reservation key associated with the non-
responding client, and the type field set to 8h (Exclusive Access - responding client, and the type field set to 8h (Exclusive Access -
All Registrants). All Registrants).
After the MDS preempts a client, all client I/O to the logical unit After the MDS preempts a client, all client I/O to the LU fails. The
fails. The client should at this point return any layout that refers client should at this point return any layout that refers to the
to the device ID that points to the logical unit. Note that the device ID that points to the LU. Note that the client can
client can distinguish I/O errors due to fencing from other errors distinguish I/O errors due to fencing from other errors based on the
based on the "RESERVATION CONFLICT" status. Refer to [SPC3] for "RESERVATION CONFLICT" status. Refer to [SPC3] for details.
details.
2.2.5. Client Recovery After a Fence Action 2.4.8.5. Client Recovery After a Fence Action
A client that detects I/O errors on the storage devices MUST commit A client that detects I/O errors on the storage devices MUST commit
through the MDS, return all outstanding layouts for the device, through the MDS, return all outstanding layouts for the device,
forget the device ID and unregister the reservation key. Future forget the device ID and unregister the reservation key. Future
GETDEVICEINFO calls may refer to the storage device again, in which GETDEVICEINFO calls may refer to the storage device again, in which
case a new registration will be performed. case a new registration will be performed.
2.5. Crash Recovery Issues
A critical requirement in crash recovery is that both the client and
the server know when the other has failed. Additionally, it is
required that a client sees a consistent view of data across server
restarts. These requirements and a full discussion of crash recovery
issues are covered in the "Crash Recovery" section of the NFSv41
specification [RFC5661]. This document contains additional crash
recovery material specific only to the SCSI layout.
When the server crashes while the client holds a writable layout, and
the client has written data to blocks covered by the layout, and the
blocks are still in the PNFS_SCSI_INVALID_DATA state, the client has
two options for recovery. If the data that has been written to these
blocks is still cached by the client, the client can simply re-write
the data via NFSv4, once the server has come back online. However,
if the data is no longer in the client's cache, the client MUST NOT
attempt to source the data from the data servers. Instead, it should
attempt to commit the blocks in question to the server during the
server's recovery grace period, by sending a LAYOUTCOMMIT with the
"loca_reclaim" flag set to true. This process is described in detail
in Section 18.42.4 of [RFC5661].
2.6. Recalling Resources: CB_RECALL_ANY
The server may decide that it cannot hold all of the state for
layouts without running out of resources. In such a case, it is free
to recall individual layouts using CB_LAYOUTRECALL to reduce the
load, or it may choose to request that the client return any layout.
The NFSv4.1 spec [RFC5661] defines the following types:
const RCA4_TYPE_MASK_BLK_LAYOUT = 4;
struct CB_RECALL_ANY4args {
uint32_t craa_objects_to_keep;
bitmap4 craa_type_mask;
};
When the server sends a CB_RECALL_ANY request to a client specifying
the RCA4_TYPE_MASK_BLK_LAYOUT bit in craa_type_mask, the client
should immediately respond with NFS4_OK, and then asynchronously
return complete file layouts until the number of files with layouts
cached on the client is less than craa_object_to_keep.
2.7. Transient and Permanent Errors
The server may respond to LAYOUTGET with a variety of error statuses.
These errors can convey transient conditions or more permanent
conditions that are unlikely to be resolved soon.
The transient errors, NFS4ERR_RECALLCONFLICT and NFS4ERR_TRYLATER,
are used to indicate that the server cannot immediately grant the
layout to the client. In the former case, this is because the server
has recently issued a CB_LAYOUTRECALL to the requesting client,
whereas in the case of NFS4ERR_TRYLATER, the server cannot grant the
request possibly due to sharing conflicts with other clients. In
either case, a reasonable approach for the client is to wait several
milliseconds and retry the request. The client SHOULD track the
number of retries, and if forward progress is not made, the client
SHOULD send the READ or WRITE operation directly to the server.
The error NFS4ERR_LAYOUTUNAVAILABLE may be returned by the server if
layouts are not supported for the requested file or its containing
file system. The server may also return this error code if the
server is the progress of migrating the file from secondary storage,
or for any other reason that causes the server to be unable to supply
the layout. As a result of receiving NFS4ERR_LAYOUTUNAVAILABLE, the
client SHOULD send future READ and WRITE requests directly to the
server. It is expected that a client will not cache the file's
layoutunavailable state forever, particular if the file is closed,
and thus eventually, the client MAY reissue a LAYOUTGET operation.
2.8. Volatile write caches
Many storage devices implement volatile write caches that require an
explicit flush to persist the data from write operations to stable
storage. When a volatile write cache is used, the pNFS server must
ensure the volatile write cache has been committed to stable storage
before the LAYOUTCOMMIT operation returns.
3. Security Considerations 3. Security Considerations
The security considerations in [RFC5663] apply to this document as The functionality provided by SCSI Persistent Reservations makes it
well. possible for the MDS to "fence" individual client machines from
specific LUs -- that is to say, to prevent individual client machines
from reading or writing to certain block devices. Finer-grained
access control methods are not generally available. For this reason,
certain security responsibilities are delegated to pNFS clients for
SCSI layouts. SCSI storage devices generally control access at a LU
granularity, and hence pNFS clients have to be trusted to only
perform accesses allowed by the layout extents they currently hold
(e.g., and not access storage for files on which a layout extent is
not held). In general, the server will not be able to prevent a
client that holds a layout for a file from accessing parts of the
physical disk not covered by the layout. Similarly, the server will
not be able to prevent a client from accessing blocks covered by a
layout that it has already returned. This block-based level of
protection must be provided by the client software.
An alternative method of SCSI protocol use is for the storage devices
to export virtualized block addresses, which do reflect the files to
which blocks belong. These virtual block addresses are exported to
pNFS clients via layouts. This allows the storage device to make
appropriate access checks, while mapping virtual block addresses to
physical block addresses. In environments where the security
requirements are such that client-side protection from access to
storage outside of the authorized layout extents is not sufficient,
pNFS SCSI layouts SHOULD NOT be used unless the storage device is
able to implement the appropriate access checks, via use of
virtualized block addresses or other means. In contrast, an
environment where client-side protection may suffice consists of co-
located clients, server and storage devices in a data center with a
physically isolated SAN under control of a single system
administrator or small group of system administrators.
This also has implications for some NFSv4 functionality outside pNFS.
For instance, if a file is covered by a mandatory read-only lock, the
server can ensure that only readable layouts for the file are granted
to pNFS clients. However, it is up to each pNFS client to ensure
that the readable layout is used only to service read requests, and
not to allow writes to the existing parts of the file. Similarly,
SCSI storage devices are unable to validate NFS Access Control Lists
(ACLs) and file open modes, so the client must enforce the policies
before sending a READ or WRITE request to the storage device. Since
SCSI storage devices are generally not capable of enforcing such
file-based security, in environments where pNFS clients cannot be
trusted to enforce such policies, pNFS SCSI layouts SHOULD NOT be
used.
Access to SCSI storage devices is logically at a lower layer of the
I/O stack than NFSv4, and hence NFSv4 security is not directly
applicable to protocols that access such storage directly. Depending
on the protocol, some of the security mechanisms provided by NFSv4
(e.g., encryption, cryptographic integrity) may not be available or
may be provided via different means. At one extreme, pNFS with SCSI
layouts can be used with storage access protocols (e.g., parallel
SCSI) that provide essentially no security functionality. At the
other extreme, pNFS may be used with storage protocols such as iSCSI
that can provide significant security functionality. It is the
responsibility of those administering and deploying pNFS with a SCSI
storage access protocol to ensure that appropriate protection is
provided to that protocol (physical security is a common means for
protocols not based on IP). In environments where the security
requirements for the storage protocol cannot be met, pNFS SCSI
layouts SHOULD NOT be used.
When security is available for a storage protocol, it is generally at
a different granularity and with a different notion of identity than
NFSv4 (e.g., NFSv4 controls user access to files, iSCSI controls
initiator access to volumes). The responsibility for enforcing
appropriate correspondences between these security layers is placed
upon the pNFS client. As with the issues in the first paragraph of
this section, in environments where the security requirements are
such that client-side protection from access to storage outside of
the layout is not sufficient, pNFS SCSI layouts SHOULD NOT be used.
4. IANA Considerations 4. IANA Considerations
IANA is requested to assign a new pNFS layout type in the pNFS Layout IANA is requested to assign a new pNFS layout type in the pNFS Layout
Types Registry as follows (the value 5 is suggested): Layout Type Types Registry as follows (the value 5 is suggested): Layout Type
Name: LAYOUT4_SCSI Value: 0x00000005 RFC: RFCTBD10 How: L (new layout Name: LAYOUT4_SCSI Value: 0x00000005 RFC: RFCTBD10 How: L (new layout
type) Minor Versions: 1 type) Minor Versions: 1
5. Normative References 5. Normative References
skipping to change at page 11, line 43 skipping to change at page 25, line 43
[RFC5663] Black, D., Ed., Fridella, S., Ed., and J. Glasgow, Ed., [RFC5663] Black, D., Ed., Fridella, S., Ed., and J. Glasgow, Ed.,
"Parallel NFS (pNFS) Block/Volume Layout", RFC 5663, "Parallel NFS (pNFS) Block/Volume Layout", RFC 5663,
January 2010. January 2010.
[RFC6688] Black, D., Ed., Glasgow, J., and S. Faibish, "Parallel NFS [RFC6688] Black, D., Ed., Glasgow, J., and S. Faibish, "Parallel NFS
(pNFS) Block Disk Protection", RFC 6688, July 2012. (pNFS) Block Disk Protection", RFC 6688, July 2012.
[SAM-4] INCITS Technical Committee T10, "SCSI Architecture Model - [SAM-4] INCITS Technical Committee T10, "SCSI Architecture Model -
4 (SAM-4)", ANSI INCITS 447-2008, ISO/IEC 14776-414, 2008. 4 (SAM-4)", ANSI INCITS 447-2008, ISO/IEC 14776-414, 2008.
[SBC3] INCITS Technical Committee T10, "SCSI Block Commands-3",
ANSI INCITS INCITS 514-2014, ISO/IEC 14776-323, 2014.
[SPC3] INCITS Technical Committee T10, "SCSI Primary Commands-3", [SPC3] INCITS Technical Committee T10, "SCSI Primary Commands-3",
ANSI INCITS 408-2005, ISO/IEC 14776-453, 2005. ANSI INCITS 408-2005, ISO/IEC 14776-453, 2005.
Appendix A. Acknowledgments Appendix A. Acknowledgments
Large parts of this document were copied verbatim, and others were
inspired by [RFC5663]. Thank to David Black, Stephen Fridella and
Jason Glasgow for their work on the pNFS block/volume layout
protocol.
David Black, Robert Elliott and Tom Haynes provided a throughout David Black, Robert Elliott and Tom Haynes provided a throughout
review of early drafts of this document, and their input lead to the review of early drafts of this document, and their input lead to the
current form of the document. current form of the document.
Appendix B. RFC Editor Notes Appendix B. RFC Editor Notes
[RFC Editor: please remove this section prior to publishing this [RFC Editor: please remove this section prior to publishing this
document as an RFC] document as an RFC]
[RFC Editor: prior to publishing this document as an RFC, please [RFC Editor: prior to publishing this document as an RFC, please
 End of changes. 45 change blocks. 
235 lines changed or deleted 897 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/