[Lsf-pc] [LSF/MM ATTEND] FS jitter testing, network caching, Lustre, cluster filesystems.
Oleg Drokin
green at linuxhacker.ru
Mon Jan 16 18:39:30 UTC 2017
On Jan 16, 2017, at 1:21 PM, James Bottomley wrote:
> On Mon, 2017-01-16 at 13:02 -0500, Oleg Drokin wrote:
>> On Jan 16, 2017, at 12:32 PM, James Bottomley wrote:
>>
>>> On Sun, 2017-01-15 at 18:38 -0500, Oleg Drokin wrote:
>>>> A container support from filesystems is also very relevant to
>>>> us
>>>> since Lustre is used more and more in such settings.
>>>
>>> I've added the containers ML to the cc just in case. Can you add
>>> more
>>> colour to this, please? What container support for filesystems do
>>> you
>>> think we need beyond the user namespace in the superblock?
>>
>> Namespace access is necessary, we might need it before the superblock
>> is there too (say during mount we might need kerberos credentials
>> fetched to properly authenticate this mount instance to the server).
>
> The superblock namespace is mostly for uid/gid changes across the
> kernel <-> filesystem boundary.
That's on the kernel<->filesystem, but inside of the FS there might be other
considerations that you might want to attach there.
Say when you are encrypting the traffic to the server you want
to use the right keys.
It's all relatively easy when you have a separate mount there, so
you can store the credentials in the superblock, but we lose on the
cache sharing, for example (I don't know how important that is).
> The actual container namespaces will already be set up by the time the
> mount is done (assuming mount within a container), so you have them all
> present. Usually you get the information for credentials from a
> combination of the UTS namespace (host/domain name) and the mount
> namespace (credentials provisioned to container filesystem).
Yes, when mounting from a container it's possible to fetch this info
and pass it around, is mounting from outside of the container important too?
> Perhaps if you described the actual problem you're seeing rather than
> try to relate it to what I said about superblock namespace (which is
> probably irrelevant), we could figure out what the issue is.
Right now the deployments are simple and we do not have any major issues
(other than certain caching overzealousness that throws cgroup memory
accounting off), but learning what other problems are there in this space
and what we should be looking for.
More information about the Containers
mailing list