| Tools that manage md devices can be found at |
| http://www.kernel.org/pub/linux/utils/raid/ |
| |
| |
| Boot time assembly of RAID arrays |
| --------------------------------- |
| |
| You can boot with your md device with the following kernel command |
| lines: |
| |
| for old raid arrays without persistent superblocks: |
| md=<md device no.>,<raid level>,<chunk size factor>,<fault level>,dev0,dev1,...,devn |
| |
| for raid arrays with persistent superblocks |
| md=<md device no.>,dev0,dev1,...,devn |
| or, to assemble a partitionable array: |
| md=d<md device no.>,dev0,dev1,...,devn |
| |
| md device no. = the number of the md device ... |
| 0 means md0, |
| 1 md1, |
| 2 md2, |
| 3 md3, |
| 4 md4 |
| |
| raid level = -1 linear mode |
| 0 striped mode |
| other modes are only supported with persistent super blocks |
| |
| chunk size factor = (raid-0 and raid-1 only) |
| Set the chunk size as 4k << n. |
| |
| fault level = totally ignored |
| |
| dev0-devn: e.g. /dev/hda1,/dev/hdc1,/dev/sda1,/dev/sdb1 |
| |
| A possible loadlin line (Harald Hoyer <HarryH@Royal.Net>) looks like this: |
| |
| e:\loadlin\loadlin e:\zimage root=/dev/md0 md=0,0,4,0,/dev/hdb2,/dev/hdc3 ro |
| |
| |
| Boot time autodetection of RAID arrays |
| -------------------------------------- |
| |
| When md is compiled into the kernel (not as module), partitions of |
| type 0xfd are scanned and automatically assembled into RAID arrays. |
| This autodetection may be suppressed with the kernel parameter |
| "raid=noautodetect". As of kernel 2.6.9, only drives with a type 0 |
| superblock can be autodetected and run at boot time. |
| |
| The kernel parameter "raid=partitionable" (or "raid=part") means |
| that all auto-detected arrays are assembled as partitionable. |
| |
| Boot time assembly of degraded/dirty arrays |
| ------------------------------------------- |
| |
| If a raid5 or raid6 array is both dirty and degraded, it could have |
| undetectable data corruption. This is because the fact that it is |
| 'dirty' means that the parity cannot be trusted, and the fact that it |
| is degraded means that some datablocks are missing and cannot reliably |
| be reconstructed (due to no parity). |
| |
| For this reason, md will normally refuse to start such an array. This |
| requires the sysadmin to take action to explicitly start the array |
| despite possible corruption. This is normally done with |
| mdadm --assemble --force .... |
| |
| This option is not really available if the array has the root |
| filesystem on it. In order to support this booting from such an |
| array, md supports a module parameter "start_dirty_degraded" which, |
| when set to 1, bypassed the checks and will allows dirty degraded |
| arrays to be started. |
| |
| So, to boot with a root filesystem of a dirty degraded raid[56], use |
| |
| md-mod.start_dirty_degraded=1 |
| |
| |
| Superblock formats |
| ------------------ |
| |
| The md driver can support a variety of different superblock formats. |
| Currently, it supports superblock formats "0.90.0" and the "md-1" format |
| introduced in the 2.5 development series. |
| |
| The kernel will autodetect which format superblock is being used. |
| |
| Superblock format '0' is treated differently to others for legacy |
| reasons - it is the original superblock format. |
| |
| |
| General Rules - apply for all superblock formats |
| ------------------------------------------------ |
| |
| An array is 'created' by writing appropriate superblocks to all |
| devices. |
| |
| It is 'assembled' by associating each of these devices with an |
| particular md virtual device. Once it is completely assembled, it can |
| be accessed. |
| |
| An array should be created by a user-space tool. This will write |
| superblocks to all devices. It will usually mark the array as |
| 'unclean', or with some devices missing so that the kernel md driver |
| can create appropriate redundancy (copying in raid1, parity |
| calculation in raid4/5). |
| |
| When an array is assembled, it is first initialized with the |
| SET_ARRAY_INFO ioctl. This contains, in particular, a major and minor |
| version number. The major version number selects which superblock |
| format is to be used. The minor number might be used to tune handling |
| of the format, such as suggesting where on each device to look for the |
| superblock. |
| |
| Then each device is added using the ADD_NEW_DISK ioctl. This |
| provides, in particular, a major and minor number identifying the |
| device to add. |
| |
| The array is started with the RUN_ARRAY ioctl. |
| |
| Once started, new devices can be added. They should have an |
| appropriate superblock written to them, and then be passed in with |
| ADD_NEW_DISK. |
| |
| Devices that have failed or are not yet active can be detached from an |
| array using HOT_REMOVE_DISK. |
| |
| |
| Specific Rules that apply to format-0 super block arrays, and |
| arrays with no superblock (non-persistent). |
| ------------------------------------------------------------- |
| |
| An array can be 'created' by describing the array (level, chunksize |
| etc) in a SET_ARRAY_INFO ioctl. This must have major_version==0 and |
| raid_disks != 0. |
| |
| Then uninitialized devices can be added with ADD_NEW_DISK. The |
| structure passed to ADD_NEW_DISK must specify the state of the device |
| and its role in the array. |
| |
| Once started with RUN_ARRAY, uninitialized spares can be added with |
| HOT_ADD_DISK. |
| |
| |
| |
| MD devices in sysfs |
| ------------------- |
| md devices appear in sysfs (/sys) as regular block devices, |
| e.g. |
| /sys/block/md0 |
| |
| Each 'md' device will contain a subdirectory called 'md' which |
| contains further md-specific information about the device. |
| |
| All md devices contain: |
| level |
| a text file indicating the 'raid level'. e.g. raid0, raid1, |
| raid5, linear, multipath, faulty. |
| If no raid level has been set yet (array is still being |
| assembled), the value will reflect whatever has been written |
| to it, which may be a name like the above, or may be a number |
| such as '0', '5', etc. |
| |
| raid_disks |
| a text file with a simple number indicating the number of devices |
| in a fully functional array. If this is not yet known, the file |
| will be empty. If an array is being resized this will contain |
| the new number of devices. |
| Some raid levels allow this value to be set while the array is |
| active. This will reconfigure the array. Otherwise it can only |
| be set while assembling an array. |
| A change to this attribute will not be permitted if it would |
| reduce the size of the array. To reduce the number of drives |
| in an e.g. raid5, the array size must first be reduced by |
| setting the 'array_size' attribute. |
| |
| chunk_size |
| This is the size in bytes for 'chunks' and is only relevant to |
| raid levels that involve striping (0,4,5,6,10). The address space |
| of the array is conceptually divided into chunks and consecutive |
| chunks are striped onto neighbouring devices. |
| The size should be at least PAGE_SIZE (4k) and should be a power |
| of 2. This can only be set while assembling an array |
| |
| layout |
| The "layout" for the array for the particular level. This is |
| simply a number that is interpretted differently by different |
| levels. It can be written while assembling an array. |
| |
| array_size |
| This can be used to artificially constrain the available space in |
| the array to be less than is actually available on the combined |
| devices. Writing a number (in Kilobytes) which is less than |
| the available size will set the size. Any reconfiguration of the |
| array (e.g. adding devices) will not cause the size to change. |
| Writing the word 'default' will cause the effective size of the |
| array to be whatever size is actually available based on |
| 'level', 'chunk_size' and 'component_size'. |
| |
| This can be used to reduce the size of the array before reducing |
| the number of devices in a raid4/5/6, or to support external |
| metadata formats which mandate such clipping. |
| |
| reshape_position |
| This is either "none" or a sector number within the devices of |
| the array where "reshape" is up to. If this is set, the three |
| attributes mentioned above (raid_disks, chunk_size, layout) can |
| potentially have 2 values, an old and a new value. If these |
| values differ, reading the attribute returns |
| new (old) |
| and writing will effect the 'new' value, leaving the 'old' |
| unchanged. |
| |
| component_size |
| For arrays with data redundancy (i.e. not raid0, linear, faulty, |
| multipath), all components must be the same size - or at least |
| there must a size that they all provide space for. This is a key |
| part or the geometry of the array. It is measured in sectors |
| and can be read from here. Writing to this value may resize |
| the array if the personality supports it (raid1, raid5, raid6), |
| and if the component drives are large enough. |
| |
| metadata_version |
| This indicates the format that is being used to record metadata |
| about the array. It can be 0.90 (traditional format), 1.0, 1.1, |
| 1.2 (newer format in varying locations) or "none" indicating that |
| the kernel isn't managing metadata at all. |
| Alternately it can be "external:" followed by a string which |
| is set by user-space. This indicates that metadata is managed |
| by a user-space program. Any device failure or other event that |
| requires a metadata update will cause array activity to be |
| suspended until the event is acknowledged. |
| |
| resync_start |
| The point at which resync should start. If no resync is needed, |
| this will be a very large number (or 'none' since 2.6.30-rc1). At |
| array creation it will default to 0, though starting the array as |
| 'clean' will set it much larger. |
| |
| new_dev |
| This file can be written but not read. The value written should |
| be a block device number as major:minor. e.g. 8:0 |
| This will cause that device to be attached to the array, if it is |
| available. It will then appear at md/dev-XXX (depending on the |
| name of the device) and further configuration is then possible. |
| |
| safe_mode_delay |
| When an md array has seen no write requests for a certain period |
| of time, it will be marked as 'clean'. When another write |
| request arrives, the array is marked as 'dirty' before the write |
| commences. This is known as 'safe_mode'. |
| The 'certain period' is controlled by this file which stores the |
| period as a number of seconds. The default is 200msec (0.200). |
| Writing a value of 0 disables safemode. |
| |
| array_state |
| This file contains a single word which describes the current |
| state of the array. In many cases, the state can be set by |
| writing the word for the desired state, however some states |
| cannot be explicitly set, and some transitions are not allowed. |
| |
| Select/poll works on this file. All changes except between |
| active_idle and active (which can be frequent and are not |
| very interesting) are notified. active->active_idle is |
| reported if the metadata is externally managed. |
| |
| clear |
| No devices, no size, no level |
| Writing is equivalent to STOP_ARRAY ioctl |
| inactive |
| May have some settings, but array is not active |
| all IO results in error |
| When written, doesn't tear down array, but just stops it |
| suspended (not supported yet) |
| All IO requests will block. The array can be reconfigured. |
| Writing this, if accepted, will block until array is quiessent |
| readonly |
| no resync can happen. no superblocks get written. |
| write requests fail |
| read-auto |
| like readonly, but behaves like 'clean' on a write request. |
| |
| clean - no pending writes, but otherwise active. |
| When written to inactive array, starts without resync |
| If a write request arrives then |
| if metadata is known, mark 'dirty' and switch to 'active'. |
| if not known, block and switch to write-pending |
| If written to an active array that has pending writes, then fails. |
| active |
| fully active: IO and resync can be happening. |
| When written to inactive array, starts with resync |
| |
| write-pending |
| clean, but writes are blocked waiting for 'active' to be written. |
| |
| active-idle |
| like active, but no writes have been seen for a while (safe_mode_delay). |
| |
| bitmap/location |
| This indicates where the write-intent bitmap for the array is |
| stored. |
| It can be one of "none", "file" or "[+-]N". |
| "file" may later be extended to "file:/file/name" |
| "[+-]N" means that many sectors from the start of the metadata. |
| This is replicated on all devices. For arrays with externally |
| managed metadata, the offset is from the beginning of the |
| device. |
| bitmap/chunksize |
| The size, in bytes, of the chunk which will be represented by a |
| single bit. For RAID456, it is a portion of an individual |
| device. For RAID10, it is a portion of the array. For RAID1, it |
| is both (they come to the same thing). |
| bitmap/time_base |
| The time, in seconds, between looking for bits in the bitmap to |
| be cleared. In the current implementation, a bit will be cleared |
| between 2 and 3 times "time_base" after all the covered blocks |
| are known to be in-sync. |
| bitmap/backlog |
| When write-mostly devices are active in a RAID1, write requests |
| to those devices proceed in the background - the filesystem (or |
| other user of the device) does not have to wait for them. |
| 'backlog' sets a limit on the number of concurrent background |
| writes. If there are more than this, new writes will by |
| synchronous. |
| bitmap/metadata |
| This can be either 'internal' or 'external'. |
| 'internal' is the default and means the metadata for the bitmap |
| is stored in the first 256 bytes of the allocated space and is |
| managed by the md module. |
| 'external' means that bitmap metadata is managed externally to |
| the kernel (i.e. by some userspace program) |
| bitmap/can_clear |
| This is either 'true' or 'false'. If 'true', then bits in the |
| bitmap will be cleared when the corresponding blocks are thought |
| to be in-sync. If 'false', bits will never be cleared. |
| This is automatically set to 'false' if a write happens on a |
| degraded array, or if the array becomes degraded during a write. |
| When metadata is managed externally, it should be set to true |
| once the array becomes non-degraded, and this fact has been |
| recorded in the metadata. |
| |
| |
| |
| |
| As component devices are added to an md array, they appear in the 'md' |
| directory as new directories named |
| dev-XXX |
| where XXX is a name that the kernel knows for the device, e.g. hdb1. |
| Each directory contains: |
| |
| block |
| a symlink to the block device in /sys/block, e.g. |
| /sys/block/md0/md/dev-hdb1/block -> ../../../../block/hdb/hdb1 |
| |
| super |
| A file containing an image of the superblock read from, or |
| written to, that device. |
| |
| state |
| A file recording the current state of the device in the array |
| which can be a comma separated list of |
| faulty - device has been kicked from active use due to |
| a detected fault, or it has unacknowledged bad |
| blocks |
| in_sync - device is a fully in-sync member of the array |
| writemostly - device will only be subject to read |
| requests if there are no other options. |
| This applies only to raid1 arrays. |
| blocked - device has failed, and the failure hasn't been |
| acknowledged yet by the metadata handler. |
| Writes that would write to this device if |
| it were not faulty are blocked. |
| spare - device is working, but not a full member. |
| This includes spares that are in the process |
| of being recovered to |
| write_error - device has ever seen a write error. |
| want_replacement - device is (mostly) working but probably |
| should be replaced, either due to errors or |
| due to user request. |
| replacement - device is a replacement for another active |
| device with same raid_disk. |
| |
| |
| This list may grow in future. |
| This can be written to. |
| Writing "faulty" simulates a failure on the device. |
| Writing "remove" removes the device from the array. |
| Writing "writemostly" sets the writemostly flag. |
| Writing "-writemostly" clears the writemostly flag. |
| Writing "blocked" sets the "blocked" flag. |
| Writing "-blocked" clears the "blocked" flags and allows writes |
| to complete and possibly simulates an error. |
| Writing "in_sync" sets the in_sync flag. |
| Writing "write_error" sets writeerrorseen flag. |
| Writing "-write_error" clears writeerrorseen flag. |
| Writing "want_replacement" is allowed at any time except to a |
| replacement device or a spare. It sets the flag. |
| Writing "-want_replacement" is allowed at any time. It clears |
| the flag. |
| Writing "replacement" or "-replacement" is only allowed before |
| starting the array. It sets or clears the flag. |
| |
| |
| This file responds to select/poll. Any change to 'faulty' |
| or 'blocked' causes an event. |
| |
| errors |
| An approximate count of read errors that have been detected on |
| this device but have not caused the device to be evicted from |
| the array (either because they were corrected or because they |
| happened while the array was read-only). When using version-1 |
| metadata, this value persists across restarts of the array. |
| |
| This value can be written while assembling an array thus |
| providing an ongoing count for arrays with metadata managed by |
| userspace. |
| |
| slot |
| This gives the role that the device has in the array. It will |
| either be 'none' if the device is not active in the array |
| (i.e. is a spare or has failed) or an integer less than the |
| 'raid_disks' number for the array indicating which position |
| it currently fills. This can only be set while assembling an |
| array. A device for which this is set is assumed to be working. |
| |
| offset |
| This gives the location in the device (in sectors from the |
| start) where data from the array will be stored. Any part of |
| the device before this offset is not touched, unless it is |
| used for storing metadata (Formats 1.1 and 1.2). |
| |
| size |
| The amount of the device, after the offset, that can be used |
| for storage of data. This will normally be the same as the |
| component_size. This can be written while assembling an |
| array. If a value less than the current component_size is |
| written, it will be rejected. |
| |
| recovery_start |
| When the device is not 'in_sync', this records the number of |
| sectors from the start of the device which are known to be |
| correct. This is normally zero, but during a recovery |
| operation it will steadily increase, and if the recovery is |
| interrupted, restoring this value can cause recovery to |
| avoid repeating the earlier blocks. With v1.x metadata, this |
| value is saved and restored automatically. |
| |
| This can be set whenever the device is not an active member of |
| the array, either before the array is activated, or before |
| the 'slot' is set. |
| |
| Setting this to 'none' is equivalent to setting 'in_sync'. |
| Setting to any other value also clears the 'in_sync' flag. |
| |
| bad_blocks |
| This gives the list of all known bad blocks in the form of |
| start address and length (in sectors respectively). If output |
| is too big to fit in a page, it will be truncated. Writing |
| "sector length" to this file adds new acknowledged (i.e. |
| recorded to disk safely) bad blocks. |
| |
| unacknowledged_bad_blocks |
| This gives the list of known-but-not-yet-saved-to-disk bad |
| blocks in the same form of 'bad_blocks'. If output is too big |
| to fit in a page, it will be truncated. Writing to this file |
| adds bad blocks without acknowledging them. This is largely |
| for testing. |
| |
| |
| |
| An active md device will also contain an entry for each active device |
| in the array. These are named |
| |
| rdNN |
| |
| where 'NN' is the position in the array, starting from 0. |
| So for a 3 drive array there will be rd0, rd1, rd2. |
| These are symbolic links to the appropriate 'dev-XXX' entry. |
| Thus, for example, |
| cat /sys/block/md*/md/rd*/state |
| will show 'in_sync' on every line. |
| |
| |
| |
| Active md devices for levels that support data redundancy (1,4,5,6,10) |
| also have |
| |
| sync_action |
| a text file that can be used to monitor and control the rebuild |
| process. It contains one word which can be one of: |
| resync - redundancy is being recalculated after unclean |
| shutdown or creation |
| recover - a hot spare is being built to replace a |
| failed/missing device |
| idle - nothing is happening |
| check - A full check of redundancy was requested and is |
| happening. This reads all blocks and checks |
| them. A repair may also happen for some raid |
| levels. |
| repair - A full check and repair is happening. This is |
| similar to 'resync', but was requested by the |
| user, and the write-intent bitmap is NOT used to |
| optimise the process. |
| |
| This file is writable, and each of the strings that could be |
| read are meaningful for writing. |
| |
| 'idle' will stop an active resync/recovery etc. There is no |
| guarantee that another resync/recovery may not be automatically |
| started again, though some event will be needed to trigger |
| this. |
| 'resync' or 'recovery' can be used to restart the |
| corresponding operation if it was stopped with 'idle'. |
| 'check' and 'repair' will start the appropriate process |
| providing the current state is 'idle'. |
| |
| This file responds to select/poll. Any important change in the value |
| triggers a poll event. Sometimes the value will briefly be |
| "recover" if a recovery seems to be needed, but cannot be |
| achieved. In that case, the transition to "recover" isn't |
| notified, but the transition away is. |
| |
| degraded |
| This contains a count of the number of devices by which the |
| arrays is degraded. So an optimal array will show '0'. A |
| single failed/missing drive will show '1', etc. |
| This file responds to select/poll, any increase or decrease |
| in the count of missing devices will trigger an event. |
| |
| mismatch_count |
| When performing 'check' and 'repair', and possibly when |
| performing 'resync', md will count the number of errors that are |
| found. The count in 'mismatch_cnt' is the number of sectors |
| that were re-written, or (for 'check') would have been |
| re-written. As most raid levels work in units of pages rather |
| than sectors, this my be larger than the number of actual errors |
| by a factor of the number of sectors in a page. |
| |
| bitmap_set_bits |
| If the array has a write-intent bitmap, then writing to this |
| attribute can set bits in the bitmap, indicating that a resync |
| would need to check the corresponding blocks. Either individual |
| numbers or start-end pairs can be written. Multiple numbers |
| can be separated by a space. |
| Note that the numbers are 'bit' numbers, not 'block' numbers. |
| They should be scaled by the bitmap_chunksize. |
| |
| sync_speed_min |
| sync_speed_max |
| This are similar to /proc/sys/dev/raid/speed_limit_{min,max} |
| however they only apply to the particular array. |
| If no value has been written to these, of if the word 'system' |
| is written, then the system-wide value is used. If a value, |
| in kibibytes-per-second is written, then it is used. |
| When the files are read, they show the currently active value |
| followed by "(local)" or "(system)" depending on whether it is |
| a locally set or system-wide value. |
| |
| sync_completed |
| This shows the number of sectors that have been completed of |
| whatever the current sync_action is, followed by the number of |
| sectors in total that could need to be processed. The two |
| numbers are separated by a '/' thus effectively showing one |
| value, a fraction of the process that is complete. |
| A 'select' on this attribute will return when resync completes, |
| when it reaches the current sync_max (below) and possibly at |
| other times. |
| |
| sync_max |
| This is a number of sectors at which point a resync/recovery |
| process will pause. When a resync is active, the value can |
| only ever be increased, never decreased. The value of 'max' |
| effectively disables the limit. |
| |
| |
| sync_speed |
| This shows the current actual speed, in K/sec, of the current |
| sync_action. It is averaged over the last 30 seconds. |
| |
| suspend_lo |
| suspend_hi |
| The two values, given as numbers of sectors, indicate a range |
| within the array where IO will be blocked. This is currently |
| only supported for raid4/5/6. |
| |
| sync_min |
| sync_max |
| The two values, given as numbers of sectors, indicate a range |
| within the array where 'check'/'repair' will operate. Must be |
| a multiple of chunk_size. When it reaches "sync_max" it will |
| pause, rather than complete. |
| You can use 'select' or 'poll' on "sync_completed" to wait for |
| that number to reach sync_max. Then you can either increase |
| "sync_max", or can write 'idle' to "sync_action". |
| |
| |
| Each active md device may also have attributes specific to the |
| personality module that manages it. |
| These are specific to the implementation of the module and could |
| change substantially if the implementation changes. |
| |
| These currently include |
| |
| stripe_cache_size (currently raid5 only) |
| number of entries in the stripe cache. This is writable, but |
| there are upper and lower limits (32768, 16). Default is 128. |
| strip_cache_active (currently raid5 only) |
| number of active entries in the stripe cache |
| preread_bypass_threshold (currently raid5 only) |
| number of times a stripe requiring preread will be bypassed by |
| a stripe that does not require preread. For fairness defaults |
| to 1. Setting this to 0 disables bypass accounting and |
| requires preread stripes to wait until all full-width stripe- |
| writes are complete. Valid values are 0 to stripe_cache_size. |