On 2019-01-29 18:15, Hans van Kranenburg wrote:
Hi,
Thought experiment time...
I have an HP z820 workstation here (with ECC memory, yay!) and 4x250G
10k SAS disks (and some spare disks). It's donated hardware, and I'm
going to use it to replace the current server in the office of a
non-profit organization (so it's not work stuff this time).
The machine is going to run Debian/Xen and a few virtual machines
(current one also does, but the hardware is now really starting to fall
apart).
I have been thinking a bit how to (re)organize disk storage in this
scenario.
1. Let's use btrfs everywhere. \:D/
2. For running Xen virtual machines, I prefer block devices on LVM. No
image files, no btrfs-on-btrfs etc...
3. Oh, and there's also 1 MS Windows VM that will be in the mix.
Obviously I can't start using multi-device btrfs in each and every
virtual machine (a big pile of horror when one disk dies or starts
misbehaving).
So, what I was thinking of is:
* Use dm-integrity on partitions on the individual disks
* Use mdadm RAID10 on top (which is then able to repair bitrot)
* Use LVM on top
* Etc...
For all of the filesystems, I would be doing backups to a remote
location outside of the building with send/receive.
The Windows VM will be an image file on a btrfs filesystem in the Xen
dom0. It's idle most of the time, and I think cow+autodefrag can easily
handle it. I'd like to be able to take snapshots of it which can be sent
to a remote location.
I would suggest against this. NTFS is a pathologically bad case even
when using it from inside Linux and leaving it almost completely idle.
When used from Windows, it has horrible performance and trashes
performance of _all_ other VM images on the same disk.
Also, just in general, I've only seen at best mediocre results from
using BTRFS for VM image storage when using Xen. I'm not sure exactly
why, but I think it has something to do with how the Xen block backend
access the filesystem.
Now, to finally throw in the big question: If I use btrfs everywhere,
can I run dm-integrity without a journal?
As far as I can reason about.. I could. As long as there's no 'nocow'
happening, the only thing that needs to happen correctly is superblock
writes, right?
Running dm-integrity without a journal is roughly equivalent to using
the nobarrier mount option (the journal is used to provide the same
guarantees that barriers do). IOW, don't do this unless you are willing
to lose the whole volume.
