Only send flushes when Downstairs is idle; send Barrier otherwise #1505
Conversation
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
2 times, most recently
from
b0c092b
to
3a7e2f8
Compare
mkeeter
changed the base branch from
main
to
mkeeter/io-state-job-and-byte-count
|
Rebased to stage on top of #1507, because we want to only send |
mkeeter
force-pushed
the
mkeeter/io-state-job-and-byte-count
branch
from
7b7ec22
to
1e4cc53
Compare
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
from
d3e9973
to
5f94966
Compare
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
2 times, most recently
from
796a397
to
2d9dba3
Compare
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
from
2d9dba3
to
2709712
Compare
| panic!("expected Barrier, got message {m:?}"); | ||
| } | ||
| harness.ds2.ack_barrier().await; | ||
| harness.ds3.ack_barrier().await; |
There was a problem hiding this comment.
Do we have any way to check that replay is no longer available to this downstairs? I'm not sure if the test has access at this layer to it.
There was a problem hiding this comment.
The end of this unit test is checking that live-repair works, so I think we're implicitly testing that we don't do replay.
There was a problem hiding this comment.
Ah, I was thinking more that the sending of a barrier operation has also flipped the can_replay in the Downstairs struct. I'm not sure if we can do that though here (or in a test elsewhere), as can_replay might not be exposed like that.
There was a problem hiding this comment.
Yeah, it's not easy to check from the outside (when we only have the Guest handle). If you really want it, we could probably add it to the downstairs_state helper function.
There was a problem hiding this comment.
I don't think it's worth adding it to the downstairs_state helper function.
I don't see anywhere else that seems like a good place either. Nothing in the upstairs tests cover this case.
|
With this, we can probably close #1358 as fixed |
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
2 times, most recently
from
5cc9448
to
be0f66d
Compare
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
from
be0f66d
to
bcd4ba2
Compare
There was a problem hiding this comment.
We should probably tighten up IO_CACHED_MAX_BYTES soon. Right now we can theoretically buffer up to 1GiB of jobs for replay, and that feels like quite a lot to me. We usually won't- we will only get to that point if the guest is doing large amounts of IO, continuously so we never go idle, and the guest never sends a flush. That's unlikely/rare during normal filesystem operations (but will be easier to hit when writing to the raw block device like iodriver does). Because of that, we shouldn't expect more than a few VMs to hit this under normal operation. But in interest in not overcommitting resources, I think that bound should be lower.
mkeeter
force-pushed
the
mkeeter/no-auto-flush
branch
from
bcd4ba2
to
bcad542
Compare
This PR removes automatic flushes, per RFD 518. Instead, the new
Barrieroperation is sent. If the system is idle for a particular amount of time, we send a finalFlushto put everything into a known state.When the Upstairs retires jobs after a barrier operation, the system as a whole becomes ineligible for replay. This state determines whether the new Downstairs reconnects through
Offline(which does replay) orFaulted(which does live-repair instead).Removing automatic flushes is a noticeable performance improvement:
(tested on the London mini-cluster, with Upstairs and 3x Downstairs on different sleds)