[systemd-devel] How to set a limit for mounting roofs?

Wed Jul 6 09:36:45 UTC 2016

On Wed, Jul 6, 2016 at 7:26 AM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Tue, 05.07.16 14:00, Chris Murphy (lists at colorremedies.com) wrote:
>
>> On Tue, Jul 5, 2016 at 12:45 PM, Chris Murphy <lists at colorremedies.com> wrote:
>> > OK it must be this.
>> >
>> > :/# cat /usr/lib/udev/rules.d/64-btrfs.rules
>> > # do not edit this file, it will be overwritten on update
>> >
>> > SUBSYSTEM!="block", GOTO="btrfs_end"
>> > ACTION=="remove", GOTO="btrfs_end"
>> > ENV{ID_FS_TYPE}!="btrfs", GOTO="btrfs_end"
>> >
>> > # let the kernel know about this btrfs filesystem, and check if it is complete
>> > IMPORT{builtin}="btrfs ready $devnode"
>> >
>> > # mark the device as not ready to be used by the system
>> > ENV{ID_BTRFS_READY}=="0", ENV{SYSTEMD_READY}="0"
>> >
>> > LABEL="btrfs_end"
>>
>> Yep.
>> https://lists.freedesktop.org/archives/systemd-commits/2012-September/002503.html
>>
>> The problem is that with rootflags=degraded it still indefinitely
>> hangs. And even without the degraded option, I don't think the
>> indefinite hang waiting for missing devices is the best way to find
>> out there's been device failures. I think it's better to fail to
>> mount, and end up at a dracut shell.
>
> I figure it would be OK to merge a patch that makes the udev rules
> above set SYSTEMD_READY immediately if the device popped up in case
> some new kernel command line option is set.
>

That won't work. This will make it impossible to mount any btrfs that
needs more than 1 device to actually be mountable (even degraded).
Because then it will announce btrfs as soon as any device is seen and
filesystem will be incomplete and won't mount. And we do not retry
later.

The situation is the same as we had with Linux MD assembly. What is required, is

a) we need a way to query btrfs whether it is mountable (may be degraded)
b) we need some way to define external policy whether we want to mount
degraded btrfs or not. In general case, not just special case of root
filesystem
c) we need some way to wait for more devices to appear before we
attempt degraded mount
d) finally we need some way to actually perform degraded mount when we
decide to do it

This cannot be implemented using current unit dependencies at all. The
only implementation that could be squeezed into existing framework is
separate program that listens to udev events and waits for all devices
to be present. btrfs mount units must then depend on this program.
Then mount unit will depend on this program and wait for it to
complete; successful completion means filesystem can be mounted.

As far as I understand btrfs must be mounted with special option (-o
degraded), so this can be used as policy decision.

This will also make existing udev rules obsolete (and we finally stop
lying about devices availability).

> Hooking up rootflags=degraded with this is unlikely to work I fear, as
> by the time the udev rules run we have no idea yet what systemd wants
> to make from the device in the end. That means knowing this early the
> fact that system wants to mount it as root disk with some specific
> mount options is not really sensible in the design...
>

This fits well in my suggestion if we use "degraded" in fs flags as
indicator that we are allowed to mount filesystem in degraded mode.