Boot time assembly of RAID arrays¶

Tools that manage md devices can be found at

https://www.kernel.org/pub/linux/utils/raid/

You can boot with your md device with the following kernel commandlines:

for old raid arrays without persistent superblocks:

md=<md device no.>,<raid level>,<chunk size factor>,<fault level>,dev0,dev1,...,devn

for raid arrays with persistent superblocks:

md=<md device no.>,dev0,dev1,...,devn

or, to assemble a partitionable array:

md=d<md device no.>,dev0,dev1,...,devn

e:\loadlin\loadlin e:\zimage root=/dev/md0 md=0,0,4,0,/dev/hdb2,/dev/hdc3 ro

Boot time autodetection of RAID arrays¶

When md is compiled into the kernel (not as module), partitions oftype 0xfd are scanned and automatically assembled into RAID arrays.This autodetection may be suppressed with the kernel parameterraid=noautodetect. As of kernel 2.6.9, only drives with a type 0superblock can be autodetected and run at boot time.

The kernel parameterraid=partitionable (orraid=part) meansthat all auto-detected arrays are assembled as partitionable.

Boot time assembly of degraded/dirty arrays¶

If a raid5 or raid6 array is both dirty and degraded, it could haveundetectable data corruption. This is because the fact that it isdirty means that the parity cannot be trusted, and the fact that itis degraded means that some datablocks are missing and cannot reliablybe reconstructed (due to no parity).

For this reason, md will normally refuse to start such an array. Thisrequires the sysadmin to take action to explicitly start the arraydespite possible corruption. This is normally done with:

mdadm --assemble --force ....

This option is not really available if the array has the rootfilesystem on it. In order to support this booting from such anarray, md supports a module parameterstart_dirty_degraded which,when set to 1, bypassed the checks and will allows dirty degradedarrays to be started.

So, to boot with a root filesystem of a dirty degraded raid 5 or 6, use:

md-mod.start_dirty_degraded=1

Superblock formats¶

The md driver can support a variety of different superblock formats.Currently, it supports superblock formats0.90.0 and themd-1 formatintroduced in the 2.5 development series.

The kernel will autodetect which format superblock is being used.

Superblock format0 is treated differently to others for legacyreasons - it is the original superblock format.

General Rules - apply for all superblock formats¶

An array iscreated by writing appropriate superblocks to alldevices.

It isassembled by associating each of these devices with anparticular md virtual device. Once it is completely assembled, it canbe accessed.

An array should be created by a user-space tool. This will writesuperblocks to all devices. It will usually mark the array asunclean, or with some devices missing so that the kernel md drivercan create appropriate redundancy (copying in raid 1, paritycalculation in raid 4/5).

When an array is assembled, it is first initialized with theSET_ARRAY_INFO ioctl. This contains, in particular, a major and minorversion number. The major version number selects which superblockformat is to be used. The minor number might be used to tune handlingof the format, such as suggesting where on each device to look for thesuperblock.

Then each device is added using the ADD_NEW_DISK ioctl. Thisprovides, in particular, a major and minor number identifying thedevice to add.

The array is started with the RUN_ARRAY ioctl.

Once started, new devices can be added. They should have anappropriate superblock written to them, and then be passed in withADD_NEW_DISK.

Devices that have failed or are not yet active can be detached from anarray using HOT_REMOVE_DISK.

Specific Rules that apply to format-0 super block arrays, and arrays with no superblock (non-persistent)¶

An array can becreated by describing the array (level, chunksizeetc) in a SET_ARRAY_INFO ioctl. This must havemajor_version==0 andraid_disks!=0.

Then uninitialized devices can be added with ADD_NEW_DISK. Thestructure passed to ADD_NEW_DISK must specify the state of the deviceand its role in the array.

Once started with RUN_ARRAY, uninitialized spares can be added withHOT_ADD_DISK.

MD devices in sysfs¶

md devices appear in sysfs (/sys) as regular block devices,e.g.:

/sys/block/md0

Eachmd device will contain a subdirectory calledmd whichcontains further md-specific information about the device.

All md devices contain:

level

a text file indicating theraidlevel. e.g. raid0, raid1,raid5, linear, multipath, faulty.If no raid level has been set yet (array is still beingassembled), the value will reflect whatever has been writtento it, which may be a name like the above, or may be a numbersuch as0,5, etc.

raid_disks

a text file with a simple number indicating the number of devicesin a fully functional array. If this is not yet known, the filewill be empty. If an array is being resized this will containthe new number of devices.Some raid levels allow this value to be set while the array isactive. This will reconfigure the array. Otherwise it can onlybe set while assembling an array.A change to this attribute will not be permitted if it wouldreduce the size of the array. To reduce the number of drivesin an e.g. raid5, the array size must first be reduced bysetting thearray_size attribute.

chunk_size

This is the size in bytes forchunks and is only relevant toraid levels that involve striping (0,4,5,6,10). The address spaceof the array is conceptually divided into chunks and consecutivechunks are striped onto neighbouring devices.The size should be at least PAGE_SIZE (4k) and should be a powerof 2. This can only be set while assembling an array

layout

Thelayout for the array for the particular level. This issimply a number that is interpretted differently by differentlevels. It can be written while assembling an array.

array_size

This can be used to artificially constrain the available space inthe array to be less than is actually available on the combineddevices. Writing a number (in Kilobytes) which is less thanthe available size will set the size. Any reconfiguration of thearray (e.g. adding devices) will not cause the size to change.Writing the worddefault will cause the effective size of thearray to be whatever size is actually available based onlevel,chunk_size andcomponent_size.

This can be used to reduce the size of the array before reducingthe number of devices in a raid4/5/6, or to support externalmetadata formats which mandate such clipping.

reshape_position

This is eithernone or a sector number within the devices ofthe array wherereshape is up to. If this is set, the threeattributes mentioned above (raid_disks, chunk_size, layout) canpotentially have 2 values, an old and a new value. If thesevalues differ, reading the attribute returns:

new (old)

and writing will effect thenew value, leaving theoldunchanged.

component_size

For arrays with data redundancy (i.e. not raid0, linear, faulty,multipath), all components must be the same size - or at leastthere must a size that they all provide space for. This is a keypart or the geometry of the array. It is measured in sectorsand can be read from here. Writing to this value may resizethe array if the personality supports it (raid1, raid5, raid6),and if the component drives are large enough.

metadata_version

This indicates the format that is being used to record metadataabout the array. It can be 0.90 (traditional format), 1.0, 1.1,1.2 (newer format in varying locations) ornone indicating thatthe kernel isn’t managing metadata at all.Alternately it can beexternal: followed by a string whichis set by user-space. This indicates that metadata is managedby a user-space program. Any device failure or other event thatrequires a metadata update will cause array activity to besuspended until the event is acknowledged.

resync_start

The point at which resync should start. If no resync is needed,this will be a very large number (ornone since 2.6.30-rc1). Atarray creation it will default to 0, though starting the array asclean will set it much larger.

new_dev

This file can be written but not read. The value written shouldbe a block device number as major:minor. e.g. 8:0This will cause that device to be attached to the array, if it isavailable. It will then appear at md/dev-XXX (depending on thename of the device) and further configuration is then possible.

safe_mode_delay

When an md array has seen no write requests for a certain periodof time, it will be marked asclean. When another writerequest arrives, the array is marked asdirty before the writecommences. This is known assafe_mode.Thecertainperiod is controlled by this file which stores theperiod as a number of seconds. The default is 200msec (0.200).Writing a value of 0 disables safemode.

array_state

This file contains a single word which describes the currentstate of the array. In many cases, the state can be set bywriting the word for the desired state, however some statescannot be explicitly set, and some transitions are not allowed.

Select/poll works on this file. All changes except betweenActive_idle and active (which can be frequent and are notvery interesting) are notified. active->active_idle isreported if the metadata is externally managed.

clear

No devices, no size, no level

Writing is equivalent to STOP_ARRAY ioctl

inactive

May have some settings, but array is not activeall IO results in error

When written, doesn’t tear down array, but just stops it

suspended (not supported yet)

All IO requests will block. The array can be reconfigured.

Writing this, if accepted, will block until array is quiessent

readonly

no resync can happen. no superblocks get written.

Write requests fail

read-auto

like readonly, but behaves likeclean on a write request.

clean

no pending writes, but otherwise active.

When written to inactive array, starts without resync

If a write request arrives thenif metadata is known, markdirty and switch toactive.if not known, block and switch to write-pending

If written to an active array that has pending writes, then fails.

active

fully active: IO and resync can be happening.When written to inactive array, starts with resync

write-pending

clean, but writes are blocked waiting foractive to be written.

active-idle

like active, but no writes have been seen for a while (safe_mode_delay).

bitmap/location

This indicates where the write-intent bitmap for the array isstored.

It can be one ofnone,file or[+-]N.file may later be extended tofile:/file/name[+-]N means that many sectors from the start of the metadata.

This is replicated on all devices. For arrays with externallymanaged metadata, the offset is from the beginning of thedevice.

bitmap/chunksize

The size, in bytes, of the chunk which will be represented by asingle bit. For RAID456, it is a portion of an individualdevice. For RAID10, it is a portion of the array. For RAID1, itis both (they come to the same thing).

bitmap/time_base

The time, in seconds, between looking for bits in the bitmap tobe cleared. In the current implementation, a bit will be clearedbetween 2 and 3 timestime_base after all the covered blocksare known to be in-sync.

bitmap/backlog

When write-mostly devices are active in a RAID1, write requeststo those devices proceed in the background - the filesystem (orother user of the device) does not have to wait for them.backlog sets a limit on the number of concurrent backgroundwrites. If there are more than this, new writes will bysynchronous.

bitmap/metadata

This can be eitherinternal orexternal.

internal

is the default and means the metadata for the bitmapis stored in the first 256 bytes of the allocated space and ismanaged by the md module.

external

means that bitmap metadata is managed externally tothe kernel (i.e. by some userspace program)

bitmap/can_clear

This is eithertrue orfalse. Iftrue, then bits in thebitmap will be cleared when the corresponding blocks are thoughtto be in-sync. Iffalse, bits will never be cleared.This is automatically set tofalse if a write happens on adegraded array, or if the array becomes degraded during a write.When metadata is managed externally, it should be set to trueonce the array becomes non-degraded, and this fact has beenrecorded in the metadata.

consistency_policy

This indicates how the array maintains consistency in case of unexpectedshutdown. It can be:

none

Array has no redundancy information, e.g. raid0, linear.

resync

Full resync is performed and all redundancy is regenerated when thearray is started after unclean shutdown.

bitmap

Resync assisted by a write-intent bitmap.

journal

For raid4/5/6, journal device is used to log transactions and replayafter unclean shutdown.

ppl

For raid5 only, Partial Parity Log is used to close the write hole andeliminate resync.

The accepted values when writing to this file areppl andresync,used to enable and disable PPL.

uuid

This indicates the UUID of the array in the following format:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

As component devices are added to an md array, they appear in themddirectory as new directories named:

dev-XXX

whereXXX is a name that the kernel knows for the device, e.g. hdb1.Each directory contains:

block

a symlink to the block device in /sys/block, e.g.:

/sys/block/md0/md/dev-hdb1/block -> ../../../../block/hdb/hdb1

super

A file containing an image of the superblock read from, orwritten to, that device.

state

A file recording the current state of the device in the arraywhich can be a comma separated list of:

faulty

device has been kicked from active use due toa detected fault, or it has unacknowledged badblocks

in_sync

device is a fully in-sync member of the array

writemostly

device will only be subject to readrequests if there are no other options.

This applies only to raid1 arrays.

blocked

device has failed, and the failure hasn’t beenacknowledged yet by the metadata handler.

Writes that would write to this device ifit were not faulty are blocked.

spare

device is working, but not a full member.

This includes spares that are in the processof being recovered to

write_error

device has ever seen a write error.

want_replacement

device is (mostly) working but probablyshould be replaced, either due to errors ordue to user request.

replacement

device is a replacement for another activedevice with same raid_disk.

This list may grow in future.

This can be written to.

Writingfaulty simulates a failure on the device.

Writingremove removes the device from the array.

Writingwritemostly sets the writemostly flag.

Writing-writemostly clears the writemostly flag.

Writingblocked sets theblocked flag.

Writing-blocked clears theblocked flags and allows writesto complete and possibly simulates an error.

Writingin_sync sets the in_sync flag.

Writingwrite_error sets writeerrorseen flag.

Writing-write_error clears writeerrorseen flag.

Writingwant_replacement is allowed at any time except to areplacement device or a spare. It sets the flag.

Writing-want_replacement is allowed at any time. It clearsthe flag.

Writingreplacement or-replacement is only allowed beforestarting the array. It sets or clears the flag.

This file responds to select/poll. Any change tofaultyorblocked causes an event.

errors

An approximate count of read errors that have been detected onthis device but have not caused the device to be evicted fromthe array (either because they were corrected or because theyhappened while the array was read-only). When using version-1metadata, this value persists across restarts of the array.

This value can be written while assembling an array thusproviding an ongoing count for arrays with metadata managed byuserspace.

slot

This gives the role that the device has in the array. It willeither benone if the device is not active in the array(i.e. is a spare or has failed) or an integer less than theraid_disks number for the array indicating which positionit currently fills. This can only be set while assembling anarray. A device for which this is set is assumed to be working.

offset

This gives the location in the device (in sectors from thestart) where data from the array will be stored. Any part ofthe device before this offset is not touched, unless it isused for storing metadata (Formats 1.1 and 1.2).

size

The amount of the device, after the offset, that can be usedfor storage of data. This will normally be the same as thecomponent_size. This can be written while assembling anarray. If a value less than the current component_size iswritten, it will be rejected.

recovery_start

When the device is notin_sync, this records the number ofsectors from the start of the device which are known to becorrect. This is normally zero, but during a recoveryoperation it will steadily increase, and if the recovery isinterrupted, restoring this value can cause recovery toavoid repeating the earlier blocks. With v1.x metadata, thisvalue is saved and restored automatically.

This can be set whenever the device is not an active member ofthe array, either before the array is activated, or beforetheslot is set.

Setting this tonone is equivalent to settingin_sync.Setting to any other value also clears thein_sync flag.

bad_blocks

This gives the list of all known bad blocks in the form ofstart address and length (in sectors respectively). If outputis too big to fit in a page, it will be truncated. Writingsectorlength to this file adds new acknowledged (i.e.recorded to disk safely) bad blocks.

unacknowledged_bad_blocks

This gives the list of known-but-not-yet-saved-to-disk badblocks in the same form ofbad_blocks. If output is too bigto fit in a page, it will be truncated. Writing to this fileadds bad blocks without acknowledging them. This is largelyfor testing.

ppl_sector, ppl_size

Location and size (in sectors) of the space used for Partial Parity Logon this device.

An active md device will also contain an entry for each active devicein the array. These are named:

rdNN

whereNN is the position in the array, starting from 0.So for a 3 drive array there will be rd0, rd1, rd2.These are symbolic links to the appropriatedev-XXX entry.Thus, for example:

cat /sys/block/md*/md/rd*/state

will showin_sync on every line.

Active md devices for levels that support data redundancy (1,4,5,6,10)also have

sync_action

a text file that can be used to monitor and control the rebuildprocess. It contains one word which can be one of:

resync

redundancy is being recalculated after uncleanshutdown or creation

recover

a hot spare is being built to replace afailed/missing device

idle

nothing is happening

check

A full check of redundancy was requested and ishappening. This reads all blocks and checksthem. A repair may also happen for some raidlevels.

repair

A full check and repair is happening. This issimilar toresync, but was requested by theuser, and the write-intent bitmap is NOT used tooptimise the process.

This file is writable, and each of the strings that could beread are meaningful for writing.

idle will stop an active resync/recovery etc. There is noguarantee that another resync/recovery may not be automaticallystarted again, though some event will be needed to triggerthis.

resync orrecovery can be used to restart thecorresponding operation if it was stopped withidle.

check andrepair will start the appropriate processproviding the current state isidle.

This file responds to select/poll. Any important change in the valuetriggers a poll event. Sometimes the value will briefly berecover if a recovery seems to be needed, but cannot beachieved. In that case, the transition torecover isn’tnotified, but the transition away is.

degraded

This contains a count of the number of devices by which thearrays is degraded. So an optimal array will show0. Asingle failed/missing drive will show1, etc.

This file responds to select/poll, any increase or decreasein the count of missing devices will trigger an event.

mismatch_count

When performingcheck andrepair, and possibly whenperformingresync, md will count the number of errors that arefound. The count inmismatch_cnt is the number of sectorsthat were re-written, or (forcheck) would have beenre-written. As most raid levels work in units of pages ratherthan sectors, this may be larger than the number of actual errorsby a factor of the number of sectors in a page.

bitmap_set_bits

If the array has a write-intent bitmap, then writing to thisattribute can set bits in the bitmap, indicating that a resyncwould need to check the corresponding blocks. Either individualnumbers or start-end pairs can be written. Multiple numberscan be separated by a space.

Note that the numbers arebit numbers, notblock numbers.They should be scaled by the bitmap_chunksize.

sync_speed_min, sync_speed_max

This are similar to/proc/sys/dev/raid/speed_limit_{min,max}however they only apply to the particular array.

If no value has been written to these, or if the wordsystemis written, then the system-wide value is used. If a value,in kibibytes-per-second is written, then it is used.

When the files are read, they show the currently active valuefollowed by(local) or(system) depending on whether it isa locally set or system-wide value.

sync_completed

This shows the number of sectors that have been completed ofwhatever the current sync_action is, followed by the number ofsectors in total that could need to be processed. The twonumbers are separated by a/ thus effectively showing onevalue, a fraction of the process that is complete.

Aselect on this attribute will return when resync completes,when it reaches the current sync_max (below) and possibly atother times.

sync_speed

This shows the current actual speed, in K/sec, of the currentsync_action. It is averaged over the last 30 seconds.

suspend_lo, suspend_hi

The two values, given as numbers of sectors, indicate a rangewithin the array where IO will be blocked. This is currentlyonly supported for raid4/5/6.

sync_min, sync_max

The two values, given as numbers of sectors, indicate a rangewithin the array wherecheck/repair will operate. Must bea multiple of chunk_size. When it reachessync_max it willpause, rather than complete.You can useselect orpoll onsync_completed to wait forthat number to reach sync_max. Then you can either increasesync_max, or can writeidle tosync_action.

The value ofmax forsync_max effectively disables the limit.When a resync is active, the value can only ever be increased,never decreased.The value of0 is the minimum forsync_min.

Each active md device may also have attributes specific to thepersonality module that manages it.These are specific to the implementation of the module and couldchange substantially if the implementation changes.

These currently include:

stripe_cache_size (currently raid5 only)

number of entries in the stripe cache. This is writable, butthere are upper and lower limits (32768, 17). Default is 256.

strip_cache_active (currently raid5 only)

number of active entries in the stripe cache

preread_bypass_threshold (currently raid5 only)

number of times a stripe requiring preread will be bypassed bya stripe that does not require preread. For fairness defaultsto 1. Setting this to 0 disables bypass accounting andrequires preread stripes to wait until all full-width stripe-writes are complete. Valid values are 0 to stripe_cache_size.

journal_mode (currently raid5 only)

The cache mode for raid5. raid5 could include an extra disk forcaching. The mode can be “write-throuth” and “write-back”. Thedefault is “write-through”.

ppl_write_hint

NVMe stream ID to be set for each PPL write request.