2012-12-13 23:24:15 +00:00
|
|
|
'\" te
|
2016-06-15 22:47:05 +00:00
|
|
|
.\" Copyright (c) 2012, 2015 by Delphix. All rights reserved.
|
2013-01-23 09:54:30 +00:00
|
|
|
.\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
|
2015-04-01 13:07:48 +00:00
|
|
|
.\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
|
2012-12-13 23:24:15 +00:00
|
|
|
.\" The contents of this file are subject to the terms of the Common Development
|
|
|
|
.\" and Distribution License (the "License"). You may not use this file except
|
|
|
|
.\" in compliance with the License. You can obtain a copy of the license at
|
|
|
|
.\" usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
|
|
|
|
.\"
|
|
|
|
.\" See the License for the specific language governing permissions and
|
|
|
|
.\" limitations under the License. When distributing Covered Code, include this
|
|
|
|
.\" CDDL HEADER in each file and include the License file at
|
|
|
|
.\" usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this
|
|
|
|
.\" CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your
|
|
|
|
.\" own identifying information:
|
|
|
|
.\" Portions Copyright [yyyy] [name of copyright owner]
|
Illumos #4101, #4102, #4103, #4105, #4106
4101 metaslab_debug should allow for fine-grained control
4102 space_maps should store more information about themselves
4103 space map object blocksize should be increased
4105 removing a mirrored log device results in a leaked object
4106 asynchronously load metaslab
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Sebastien Roy <seb@delphix.com>
Approved by: Garrett D'Amore <garrett@damore.org>
Prior to this patch, space_maps were preferred solely based on the
amount of free space left in each. Unfortunately, this heuristic didn't
contain any information about the make-up of that free space, which
meant we could keep preferring and loading a highly fragmented space map
that wouldn't actually have enough contiguous space to satisfy the
allocation; then unloading that space_map and repeating the process.
This change modifies the space_map's to store additional information
about the contiguous space in the space_map, so that we can use this
information to make a better decision about which space_map to load.
This requires reallocating all space_map objects to increase their
bonus buffer size sizes enough to fit the new metadata.
The above feature can be enabled via a new feature flag introduced by
this change: com.delphix:spacemap_histogram
In addition to the above, this patch allows the space_map block size to
be increase. Currently the block size is set to be 4K in size, which has
certain implications including the following:
* 4K sector devices will not see any compression benefit
* large space_maps require more metadata on-disk
* large space_maps require more time to load (typically random reads)
Now the space_map block size can adjust as needed up to the maximum size
set via the space_map_max_blksz variable.
A bug was fixed which resulted in potentially leaking an object when
removing a mirrored log device. The previous logic for vdev_remove() did
not deal with removing top-level vdevs that are interior vdevs (i.e.
mirror) correctly. The problem would occur when removing a mirrored log
device, and result in the DTL space map object being leaked; because
top-level vdevs don't have DTL space map objects associated with them.
References:
https://www.illumos.org/issues/4101
https://www.illumos.org/issues/4102
https://www.illumos.org/issues/4103
https://www.illumos.org/issues/4105
https://www.illumos.org/issues/4106
https://github.com/illumos/illumos-gate/commit/0713e23
Porting notes:
A handful of kmem_alloc() calls were converted to kmem_zalloc(). Also,
the KM_PUSHPAGE and TQ_PUSHPAGE flags were used as necessary.
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #2488
2013-10-01 21:25:53 +00:00
|
|
|
.TH ZPOOL-FEATURES 5 "Aug 27, 2013"
|
2012-12-13 23:24:15 +00:00
|
|
|
.SH NAME
|
|
|
|
zpool\-features \- ZFS pool feature descriptions
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
ZFS pool on\-disk format versions are specified via "features" which replace
|
|
|
|
the old on\-disk format numbers (the last supported on\-disk format number is
|
2012-12-14 23:00:45 +00:00
|
|
|
28). To enable a feature on a pool use the \fBupgrade\fR subcommand of the
|
2013-02-04 20:35:25 +00:00
|
|
|
\fBzpool\fR(8) command, or set the \fBfeature@\fR\fIfeature_name\fR property
|
2012-12-14 23:00:45 +00:00
|
|
|
to \fBenabled\fR.
|
2012-12-13 23:24:15 +00:00
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
The pool format does not affect file system version compatibility or the ability
|
|
|
|
to send file systems between pools.
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
Since most features can be enabled independently of each other the on\-disk
|
|
|
|
format of the pool is specified by the set of all features marked as
|
|
|
|
\fBactive\fR on the pool. If the pool was created by another software version
|
|
|
|
this set may include unsupported features.
|
|
|
|
.SS "Identifying features"
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
Every feature has a guid of the form \fIcom.example:feature_name\fR. The reverse
|
|
|
|
DNS name ensures that the feature's guid is unique across all ZFS
|
|
|
|
implementations. When unsupported features are encountered on a pool they will
|
|
|
|
be identified by their guids. Refer to the documentation for the ZFS
|
|
|
|
implementation that created the pool for information about those features.
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
Each supported feature also has a short name. By convention a feature's short
|
|
|
|
name is the portion of its guid which follows the ':' (e.g.
|
|
|
|
\fIcom.example:feature_name\fR would have the short name \fIfeature_name\fR),
|
|
|
|
however a feature's short name may differ across ZFS implementations if
|
|
|
|
following the convention would result in name conflicts.
|
|
|
|
.SS "Feature states"
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
Features can be in one of three states:
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBactive\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 12n
|
|
|
|
This feature's on\-disk format changes are in effect on the pool. Support for
|
|
|
|
this feature is required to import the pool in read\-write mode. If this
|
|
|
|
feature is not read-only compatible, support is also required to import the pool
|
|
|
|
in read\-only mode (see "Read\-only compatibility").
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBenabled\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 12n
|
|
|
|
An administrator has marked this feature as enabled on the pool, but the
|
|
|
|
feature's on\-disk format changes have not been made yet. The pool can still be
|
|
|
|
imported by software that does not support this feature, but changes may be made
|
|
|
|
to the on\-disk format at any time which will move the feature to the
|
|
|
|
\fBactive\fR state. Some features may support returning to the \fBenabled\fR
|
|
|
|
state after becoming \fBactive\fR. See feature\-specific documentation for
|
|
|
|
details.
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fBdisabled\fR
|
|
|
|
.ad
|
|
|
|
.RS 12n
|
|
|
|
This feature's on\-disk format changes have not been made and will not be made
|
|
|
|
unless an administrator moves the feature to the \fBenabled\fR state. Features
|
|
|
|
cannot be disabled once they have been enabled.
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
The state of supported features is exposed through pool properties of the form
|
|
|
|
\fIfeature@short_name\fR.
|
|
|
|
.SS "Read\-only compatibility"
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
Some features may make on\-disk format changes that do not interfere with other
|
|
|
|
software's ability to read from the pool. These features are referred to as
|
|
|
|
"read\-only compatible". If all unsupported features on a pool are read\-only
|
|
|
|
compatible, the pool can be imported in read\-only mode by setting the
|
2013-02-04 20:35:25 +00:00
|
|
|
\fBreadonly\fR property during import (see \fBzpool\fR(8) for details on
|
2012-12-13 23:24:15 +00:00
|
|
|
importing pools).
|
|
|
|
.SS "Unsupported features"
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
For each unsupported feature enabled on an imported pool a pool property
|
|
|
|
named \fIunsupported@feature_guid\fR will indicate why the import was allowed
|
|
|
|
despite the unsupported feature. Possible values for this property are:
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBinactive\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 12n
|
|
|
|
The feature is in the \fBenabled\fR state and therefore the pool's on\-disk
|
|
|
|
format is still compatible with software that does not support this feature.
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBreadonly\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 12n
|
|
|
|
The feature is read\-only compatible and the pool has been imported in
|
|
|
|
read\-only mode.
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.SS "Feature dependencies"
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
Some features depend on other features being enabled in order to function
|
|
|
|
properly. Enabling a feature will automatically enable any features it
|
|
|
|
depends on.
|
|
|
|
.SH FEATURES
|
|
|
|
.sp
|
|
|
|
.LP
|
|
|
|
The following features are supported on this system:
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBasync_destroy\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:async_destroy
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
Destroying a file system requires traversing all of its data in order to
|
|
|
|
return its used space to the pool. Without \fBasync_destroy\fR the file system
|
|
|
|
is not fully removed until all space has been reclaimed. If the destroy
|
|
|
|
operation is interrupted by a reboot or power outage the next attempt to open
|
|
|
|
the pool will need to complete the destroy operation synchronously.
|
|
|
|
|
|
|
|
When \fBasync_destroy\fR is enabled the file system's data will be reclaimed
|
|
|
|
by a background process, allowing the destroy operation to complete without
|
|
|
|
traversing the entire file system. The background process is able to resume
|
|
|
|
interrupted destroys after the pool has been opened, eliminating the need
|
|
|
|
to finish interrupted destroys as part of the open operation. The amount
|
|
|
|
of space remaining to be reclaimed by the background process is available
|
|
|
|
through the \fBfreeing\fR property.
|
|
|
|
|
|
|
|
This feature is only \fBactive\fR while \fBfreeing\fR is non\-zero.
|
|
|
|
.RE
|
2012-12-23 23:57:14 +00:00
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBempty_bpobj\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:empty_bpobj
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature increases the performance of creating and using a large
|
|
|
|
number of snapshots of a single filesystem or volume, and also reduces
|
|
|
|
the disk space required.
|
|
|
|
|
|
|
|
When there are many snapshots, each snapshot uses many Block Pointer
|
|
|
|
Objects (bpobj's) to track blocks associated with that snapshot.
|
|
|
|
However, in common use cases, most of these bpobj's are empty. This
|
|
|
|
feature allows us to create each bpobj on-demand, thus eliminating the
|
|
|
|
empty bpobjs.
|
|
|
|
|
|
|
|
This feature is \fBactive\fR while there are any filesystems, volumes,
|
|
|
|
or snapshots which were created after enabling this feature.
|
|
|
|
.RE
|
|
|
|
|
2015-04-01 13:07:48 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBfilesystem_limits\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.joyent:filesystem_limits
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES extensible_dataset
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature enables filesystem and snapshot limits. These limits can be used
|
|
|
|
to control how many filesystems and/or snapshots can be created at the point in
|
|
|
|
the tree on which the limits are set.
|
|
|
|
|
|
|
|
This feature is \fBactive\fR once either of the limit properties has been
|
|
|
|
set on a dataset. Once activated the feature is never deactivated.
|
|
|
|
.RE
|
|
|
|
|
2013-01-23 09:54:30 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBlz4_compress\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.illumos:lz4_compress
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
\fBlz4\fR is a high-performance real-time compression algorithm that
|
|
|
|
features significantly faster compression and decompression as well as a
|
|
|
|
higher compression ratio than the older \fBlzjb\fR compression.
|
|
|
|
Typically, \fBlz4\fR compression is approximately 50% faster on
|
|
|
|
compressible data and 200% faster on incompressible data than
|
|
|
|
\fBlzjb\fR. It is also approximately 80% faster on decompression, while
|
|
|
|
giving approximately 10% better compression ratio.
|
|
|
|
|
|
|
|
When the \fBlz4_compress\fR feature is set to \fBenabled\fR, the
|
|
|
|
administrator can turn on \fBlz4\fR compression on any dataset on the
|
2013-02-04 20:35:25 +00:00
|
|
|
pool using the \fBzfs\fR(8) command. Please note that doing so will
|
2013-01-23 09:54:30 +00:00
|
|
|
immediately activate the \fBlz4_compress\fR feature on the underlying
|
2014-10-18 15:58:11 +00:00
|
|
|
pool using the \fBzfs\fR(1M) command. Also, all newly written metadata
|
|
|
|
will be compressed with \fBlz4\fR algorithm. Since this feature is not
|
|
|
|
read-only compatible, this operation will render the pool unimportable
|
|
|
|
on systems without support for the \fBlz4_compress\fR feature. Booting
|
|
|
|
off of \fBlz4\fR-compressed root pools is supported.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR as soon as it is enabled and will
|
|
|
|
never return to being \fBenabled\fB.
|
Illumos #4101, #4102, #4103, #4105, #4106
4101 metaslab_debug should allow for fine-grained control
4102 space_maps should store more information about themselves
4103 space map object blocksize should be increased
4105 removing a mirrored log device results in a leaked object
4106 asynchronously load metaslab
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Sebastien Roy <seb@delphix.com>
Approved by: Garrett D'Amore <garrett@damore.org>
Prior to this patch, space_maps were preferred solely based on the
amount of free space left in each. Unfortunately, this heuristic didn't
contain any information about the make-up of that free space, which
meant we could keep preferring and loading a highly fragmented space map
that wouldn't actually have enough contiguous space to satisfy the
allocation; then unloading that space_map and repeating the process.
This change modifies the space_map's to store additional information
about the contiguous space in the space_map, so that we can use this
information to make a better decision about which space_map to load.
This requires reallocating all space_map objects to increase their
bonus buffer size sizes enough to fit the new metadata.
The above feature can be enabled via a new feature flag introduced by
this change: com.delphix:spacemap_histogram
In addition to the above, this patch allows the space_map block size to
be increase. Currently the block size is set to be 4K in size, which has
certain implications including the following:
* 4K sector devices will not see any compression benefit
* large space_maps require more metadata on-disk
* large space_maps require more time to load (typically random reads)
Now the space_map block size can adjust as needed up to the maximum size
set via the space_map_max_blksz variable.
A bug was fixed which resulted in potentially leaking an object when
removing a mirrored log device. The previous logic for vdev_remove() did
not deal with removing top-level vdevs that are interior vdevs (i.e.
mirror) correctly. The problem would occur when removing a mirrored log
device, and result in the DTL space map object being leaked; because
top-level vdevs don't have DTL space map objects associated with them.
References:
https://www.illumos.org/issues/4101
https://www.illumos.org/issues/4102
https://www.illumos.org/issues/4103
https://www.illumos.org/issues/4105
https://www.illumos.org/issues/4106
https://github.com/illumos/illumos-gate/commit/0713e23
Porting notes:
A handful of kmem_alloc() calls were converted to kmem_zalloc(). Also,
the KM_PUSHPAGE and TQ_PUSHPAGE flags were used as necessary.
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #2488
2013-10-01 21:25:53 +00:00
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBspacemap_histogram\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:spacemap_histogram
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This features allows ZFS to maintain more information about how free space
|
|
|
|
is organized within the pool. If this feature is \fBenabled\fR, ZFS will
|
|
|
|
set this feature to \fBactive\fR when a new space map object is created or
|
|
|
|
an existing space map is upgraded to the new format. Once the feature is
|
|
|
|
\fBactive\fR, it will remain in that state until the pool is destroyed.
|
2013-01-23 09:54:30 +00:00
|
|
|
|
|
|
|
.RE
|
|
|
|
|
2017-04-06 15:25:47 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBmulti_vdev_crash_dump\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.joyent:multi_vdev_crash_dump
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature allows a dump device to be configured with a pool comprised
|
|
|
|
of multiple vdevs. Those vdevs may be arranged in any mirrored or raidz
|
|
|
|
configuration.
|
|
|
|
|
|
|
|
When the \fBmulti_vdev_crash_dump\fR feature is set to \fBenabled\fR,
|
|
|
|
the administrator can use the \fBdumpadm\fR(1M) command to configure a
|
|
|
|
dump device on a pool comprised of multiple vdevs.
|
|
|
|
|
|
|
|
Under Linux this feature is registered for compatibility but not used.
|
|
|
|
New pools created under Linux will have the feature \fBenabled\fR but
|
|
|
|
will never transition to \fB\fBactive\fR. This functionality is not
|
|
|
|
required in order to support crash dumps under Linux. Existing pools
|
|
|
|
where this feature is \fB\fBactive\fR can be imported.
|
|
|
|
.RE
|
|
|
|
|
2013-10-08 17:13:05 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBextensible_dataset\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:extensible_dataset
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature allows more flexible use of internal ZFS data structures,
|
|
|
|
and exists for other features to depend on.
|
|
|
|
|
|
|
|
This feature will be \fBactive\fR when the first dependent feature uses it,
|
|
|
|
and will be returned to the \fBenabled\fR state when all datasets that use
|
|
|
|
this feature are destroyed.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
2013-12-11 22:33:41 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBbookmarks\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:bookmarks
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES extensible_dataset
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature enables use of the \fBzfs bookmark\fR subcommand.
|
|
|
|
|
|
|
|
This feature is \fBactive\fR while any bookmarks exist in the pool.
|
|
|
|
All bookmarks in the pool can be listed by running
|
|
|
|
\fBzfs list -t bookmark -r \fIpoolname\fR\fR.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
2013-12-09 18:37:51 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBenabled_txg\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:enabled_txg
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
Once this feature is enabled ZFS records the transaction group number
|
|
|
|
in which new features are enabled. This has no user-visible impact,
|
|
|
|
but other features may depend on this feature.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR as soon as it is enabled and will
|
|
|
|
never return to being \fBenabled\fB.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBhole_birth\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:hole_birth
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES enabled_txg
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature improves performance of incremental sends ("zfs send -i")
|
|
|
|
and receives for objects with many holes. The most common case of
|
|
|
|
hole-filled objects is zvols.
|
|
|
|
|
|
|
|
An incremental send stream from snapshot \fBA\fR to snapshot \fBB\fR
|
|
|
|
contains information about every block that changed between \fBA\fR and
|
|
|
|
\fBB\fR. Blocks which did not change between those snapshots can be
|
|
|
|
identified and omitted from the stream using a piece of metadata called
|
|
|
|
the 'block birth time', but birth times are not recorded for holes (blocks
|
|
|
|
filled only with zeroes). Since holes created after \fBA\fR cannot be
|
|
|
|
distinguished from holes created before \fBA\fR, information about every
|
|
|
|
hole in the entire filesystem or zvol is included in the send stream.
|
|
|
|
|
|
|
|
For workloads where holes are rare this is not a problem. However, when
|
|
|
|
incrementally replicating filesystems or zvols with many holes (for
|
|
|
|
example a zvol formatted with another filesystem) a lot of time will
|
|
|
|
be spent sending and receiving unnecessary information about holes that
|
|
|
|
already exist on the receiving side.
|
|
|
|
|
|
|
|
Once the \fBhole_birth\fR feature has been enabled the block birth times
|
|
|
|
of all new holes will be recorded. Incremental sends between snapshots
|
|
|
|
created after this feature is enabled will use this new metadata to avoid
|
|
|
|
sending information about holes that already exist on the receiving side.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR as soon as it is enabled and will
|
|
|
|
never return to being \fBenabled\fB.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
2014-06-05 21:19:08 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBembedded_data\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.delphix:embedded_data
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES none
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature improves the performance and compression ratio of
|
|
|
|
highly-compressible blocks. Blocks whose contents can compress to 112 bytes
|
|
|
|
or smaller can take advantage of this feature.
|
|
|
|
|
|
|
|
When this feature is enabled, the contents of highly-compressible blocks are
|
|
|
|
stored in the block "pointer" itself (a misnomer in this case, as it contains
|
2015-12-17 01:45:15 +00:00
|
|
|
the compressed data, rather than a pointer to its location on disk). Thus
|
2014-06-05 21:19:08 +00:00
|
|
|
the space of the block (one sector, typically 512 bytes or 4KB) is saved,
|
|
|
|
and no additional i/o is needed to read and write the data block.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR as soon as it is enabled and will
|
|
|
|
never return to being \fBenabled\fR.
|
|
|
|
|
|
|
|
.RE
|
2013-12-09 18:37:51 +00:00
|
|
|
|
2014-11-03 20:15:08 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBlarge_blocks\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.open-zfs:large_block
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES extensible_dataset
|
|
|
|
.TE
|
|
|
|
|
|
|
|
The \fBlarge_block\fR feature allows the record size on a dataset to be
|
|
|
|
set larger than 128KB.
|
|
|
|
|
2018-01-29 23:10:32 +00:00
|
|
|
This feature becomes \fBactive\fR once a dataset contains a file with
|
|
|
|
a block size larger than 128KB, and will return to being \fBenabled\fR once all
|
2014-11-03 20:15:08 +00:00
|
|
|
filesystems that have ever had their recordsize larger than 128KB are destroyed.
|
|
|
|
.RE
|
|
|
|
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBlarge_dnode\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.zfsonlinux:large_dnode
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES extensible_dataset
|
|
|
|
.TE
|
|
|
|
|
|
|
|
The \fBlarge_dnode\fR feature allows the size of dnodes in a dataset to be
|
|
|
|
set larger than 512B.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR once a dataset contains an object with
|
|
|
|
a dnode larger than 512B, which occurs as a result of setting the
|
|
|
|
\fBdnodesize\fR dataset property to a value other than \fBlegacy\fR. The
|
|
|
|
feature will return to being \fBenabled\fR once all filesystems that
|
|
|
|
have ever contained a dnode larger than 512B are destroyed. Large dnodes
|
|
|
|
allow more data to be stored in the bonus buffer, thus potentially
|
|
|
|
improving performance by avoiding the use of spill blocks.
|
|
|
|
.RE
|
|
|
|
|
2016-06-15 22:47:05 +00:00
|
|
|
\fB\fBsha512\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.illumos:sha512
|
|
|
|
READ\-ONLY COMPATIBLE no
|
OpenZFS 6585 - sha512, skein, and edonr have an unenforced dependency on extensible dataset
Authored by: ilovezfs <ilovezfs@icloud.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Ported by: Tony Hutter <hutter2@llnl.gov>
In any pool without the extensible dataset feature flag already enabled,
creating a dataset with dedup set to use one of the new checksums would
result in the following panic as soon as any data was added:
panic[cpu0]/thread=ffffff0006761c40: feature_get_refcount(spa, feature,
&refcount) != 48 (0x30 != 0x30), file: ../../common/fs/zfs/zfeature.c
line 390
Inpsection showed that feature->fi_feature was 7, which is the value of
SPA_FEATURE_EXTENSIBLE_DATASET in the spa_feature enum. This commit
adds extensible dataset as a dependency for the sha512, edonr, and skein
feature flags, which prevents the panic.
OpenZFS-issue: https://www.illumos.org/issues/6585
OpenZFS-commit: https://github.com/illumos/illumos-gate/commit/892586e8a147c02d7f4053cc405229a13e796928
Porting Notes:
This code was originally from Illumos, but I actually ported it from:
openzfsonosx/zfs@b62a652
2016-01-28 12:51:19 +00:00
|
|
|
DEPENDENCIES extensible_dataset
|
2016-06-15 22:47:05 +00:00
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature enables the use of the SHA-512/256 truncated hash algorithm
|
|
|
|
(FIPS 180-4) for checksum and dedup. The native 64-bit arithmetic of
|
|
|
|
SHA-512 provides an approximate 50% performance boost over SHA-256 on
|
|
|
|
64-bit hardware and is thus a good minimum-change replacement candidate
|
|
|
|
for systems where hash performance is important, but these systems
|
|
|
|
cannot for whatever reason utilize the faster \fBskein\fR and
|
|
|
|
\fBedonr\fR algorithms.
|
|
|
|
|
|
|
|
When the \fBsha512\fR feature is set to \fBenabled\fR, the administrator
|
|
|
|
can turn on the \fBsha512\fR checksum on any dataset using the
|
|
|
|
\fBzfs set checksum=sha512\fR(1M) command. This feature becomes
|
|
|
|
\fBactive\fR once a \fBchecksum\fR property has been set to \fBsha512\fR,
|
|
|
|
and will return to being \fBenabled\fR once all filesystems that have
|
|
|
|
ever had their checksum set to \fBsha512\fR are destroyed.
|
|
|
|
|
|
|
|
Booting off of pools utilizing SHA-512/256 is supported (provided that
|
|
|
|
the updated GRUB stage2 module is installed).
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBskein\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.illumos:skein
|
|
|
|
READ\-ONLY COMPATIBLE no
|
OpenZFS 6585 - sha512, skein, and edonr have an unenforced dependency on extensible dataset
Authored by: ilovezfs <ilovezfs@icloud.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Ported by: Tony Hutter <hutter2@llnl.gov>
In any pool without the extensible dataset feature flag already enabled,
creating a dataset with dedup set to use one of the new checksums would
result in the following panic as soon as any data was added:
panic[cpu0]/thread=ffffff0006761c40: feature_get_refcount(spa, feature,
&refcount) != 48 (0x30 != 0x30), file: ../../common/fs/zfs/zfeature.c
line 390
Inpsection showed that feature->fi_feature was 7, which is the value of
SPA_FEATURE_EXTENSIBLE_DATASET in the spa_feature enum. This commit
adds extensible dataset as a dependency for the sha512, edonr, and skein
feature flags, which prevents the panic.
OpenZFS-issue: https://www.illumos.org/issues/6585
OpenZFS-commit: https://github.com/illumos/illumos-gate/commit/892586e8a147c02d7f4053cc405229a13e796928
Porting Notes:
This code was originally from Illumos, but I actually ported it from:
openzfsonosx/zfs@b62a652
2016-01-28 12:51:19 +00:00
|
|
|
DEPENDENCIES extensible_dataset
|
2016-06-15 22:47:05 +00:00
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature enables the use of the Skein hash algorithm for checksum
|
|
|
|
and dedup. Skein is a high-performance secure hash algorithm that was a
|
|
|
|
finalist in the NIST SHA-3 competition. It provides a very high security
|
|
|
|
margin and high performance on 64-bit hardware (80% faster than
|
|
|
|
SHA-256). This implementation also utilizes the new salted checksumming
|
|
|
|
functionality in ZFS, which means that the checksum is pre-seeded with a
|
|
|
|
secret 256-bit random key (stored on the pool) before being fed the data
|
|
|
|
block to be checksummed. Thus the produced checksums are unique to a
|
|
|
|
given pool, preventing hash collision attacks on systems with dedup.
|
|
|
|
|
|
|
|
When the \fBskein\fR feature is set to \fBenabled\fR, the administrator
|
|
|
|
can turn on the \fBskein\fR checksum on any dataset using the
|
|
|
|
\fBzfs set checksum=skein\fR(1M) command. This feature becomes
|
|
|
|
\fBactive\fR once a \fBchecksum\fR property has been set to \fBskein\fR,
|
|
|
|
and will return to being \fBenabled\fR once all filesystems that have
|
|
|
|
ever had their checksum set to \fBskein\fR are destroyed.
|
|
|
|
|
|
|
|
Booting off of pools using \fBskein\fR is \fBNOT\fR supported
|
|
|
|
-- any attempt to enable \fBskein\fR on a root pool will fail with an
|
|
|
|
error.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBedonr\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.illumos:edonr
|
|
|
|
READ\-ONLY COMPATIBLE no
|
OpenZFS 6585 - sha512, skein, and edonr have an unenforced dependency on extensible dataset
Authored by: ilovezfs <ilovezfs@icloud.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Ported by: Tony Hutter <hutter2@llnl.gov>
In any pool without the extensible dataset feature flag already enabled,
creating a dataset with dedup set to use one of the new checksums would
result in the following panic as soon as any data was added:
panic[cpu0]/thread=ffffff0006761c40: feature_get_refcount(spa, feature,
&refcount) != 48 (0x30 != 0x30), file: ../../common/fs/zfs/zfeature.c
line 390
Inpsection showed that feature->fi_feature was 7, which is the value of
SPA_FEATURE_EXTENSIBLE_DATASET in the spa_feature enum. This commit
adds extensible dataset as a dependency for the sha512, edonr, and skein
feature flags, which prevents the panic.
OpenZFS-issue: https://www.illumos.org/issues/6585
OpenZFS-commit: https://github.com/illumos/illumos-gate/commit/892586e8a147c02d7f4053cc405229a13e796928
Porting Notes:
This code was originally from Illumos, but I actually ported it from:
openzfsonosx/zfs@b62a652
2016-01-28 12:51:19 +00:00
|
|
|
DEPENDENCIES extensible_dataset
|
2016-06-15 22:47:05 +00:00
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature enables the use of the Edon-R hash algorithm for checksum,
|
|
|
|
including for nopwrite (if compression is also enabled, an overwrite of
|
|
|
|
a block whose checksum matches the data being written will be ignored).
|
|
|
|
In an abundance of caution, Edon-R can not be used with dedup
|
|
|
|
(without verification).
|
|
|
|
|
|
|
|
Edon-R is a very high-performance hash algorithm that was part
|
|
|
|
of the NIST SHA-3 competition. It provides extremely high hash
|
|
|
|
performance (over 350% faster than SHA-256), but was not selected
|
|
|
|
because of its unsuitability as a general purpose secure hash algorithm.
|
|
|
|
This implementation utilizes the new salted checksumming functionality
|
|
|
|
in ZFS, which means that the checksum is pre-seeded with a secret
|
|
|
|
256-bit random key (stored on the pool) before being fed the data block
|
|
|
|
to be checksummed. Thus the produced checksums are unique to a given
|
|
|
|
pool.
|
|
|
|
|
|
|
|
When the \fBedonr\fR feature is set to \fBenabled\fR, the administrator
|
|
|
|
can turn on the \fBedonr\fR checksum on any dataset using the
|
|
|
|
\fBzfs set checksum=edonr\fR(1M) command. This feature becomes
|
|
|
|
\fBactive\fR once a \fBchecksum\fR property has been set to \fBedonr\fR,
|
|
|
|
and will return to being \fBenabled\fR once all filesystems that have
|
|
|
|
ever had their checksum set to \fBedonr\fR are destroyed.
|
|
|
|
|
|
|
|
Booting off of pools using \fBedonr\fR is \fBNOT\fR supported
|
|
|
|
-- any attempt to enable \fBedonr\fR on a root pool will fail with an
|
|
|
|
error.
|
|
|
|
|
2017-07-26 01:57:00 +00:00
|
|
|
.RE
|
|
|
|
|
2016-10-04 18:46:10 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBuserobj_accounting\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID org.zfsonlinux:userobj_accounting
|
|
|
|
READ\-ONLY COMPATIBLE yes
|
|
|
|
DEPENDENCIES extensible_dataset
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature allows administrators to account the object usage information
|
|
|
|
by user and group.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR as soon as it is enabled and will never
|
|
|
|
return to being \fBenabled\fR. Each filesystem will be upgraded automatically
|
|
|
|
when remounted, or when new files are created under that filesystem.
|
|
|
|
The upgrade can also be started manually on filesystems by running
|
|
|
|
`zfs set version=current <pool/fs>`. The upgrade process runs in the background
|
|
|
|
and may take a while to complete for filesystems containing a large number of
|
|
|
|
files.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
.sp
|
|
|
|
.ne 2
|
|
|
|
.na
|
|
|
|
\fB\fBencryption\fR\fR
|
|
|
|
.ad
|
|
|
|
.RS 4n
|
|
|
|
.TS
|
|
|
|
l l .
|
|
|
|
GUID com.datto:encryption
|
|
|
|
READ\-ONLY COMPATIBLE no
|
|
|
|
DEPENDENCIES extensible_dataset
|
|
|
|
.TE
|
|
|
|
|
|
|
|
This feature enables the creation and management of natively encrypted datasets.
|
|
|
|
|
|
|
|
This feature becomes \fBactive\fR when an encrypted dataset is created and will
|
|
|
|
be returned to the \fBenabled\fR state when all datasets that use this feature
|
|
|
|
are destroyed.
|
|
|
|
|
|
|
|
.RE
|
|
|
|
|
2012-12-13 23:24:15 +00:00
|
|
|
.SH "SEE ALSO"
|
2013-02-04 20:35:25 +00:00
|
|
|
\fBzpool\fR(8)
|