Single-node failure
In DMAPI for GPFS, single-node failure means that DMAPI resources are lost on the failing node, but not on any other node.
The most common single-node failure is when the local GPFS daemon fails. This renders any GPFS file system at that node inaccessible. Another possible single-node failure is file system forced unmount. When just an individual file system is forced unmounted on some node, its resources are lost, but the sessions on that node, if any, survive.
- session node failure
- When the GPFS daemon fails,
all session queues are lost, as well as all nonpersistent local file system resources, particularly
DM access rights. The DM application may or may not have failed. The missing resources may in turn
cause DMAPI function calls to fail with errors such as ENOTREADY or ESRCH.
Events generated at other source nodes remain pending despite any failure at the session node. Also, client threads remain blocked on such events.
- source node failure
- Events generated by that node are obsolete. If such events have already been enqueued at the session node, the DM application will process them, even though this may be redundant since no client is waiting for the response.
According to the XDSM standard, sessions are not persistent. This is inadequate for GPFS. Sessions must be persistent to the extent of enabling recovery from single-node failures. This is in compliance with a basic GPFS premise that single-node failures do not affect file access on surviving nodes. Consequently, after session node failure, the session queue and the events on it must be reconstructed, possibly on another node.
Session recovery is triggered by the actions of the DM application. The scenario depends on whether or not the DM application itself has failed.
If the DM application has failed, it must be restarted, possibly on another node, and assume the old session by id. This will trigger reconstruction of the session queue and the events on it, using backup information replicated on surviving nodes. The DM application may then continue handling events. The session id is never changed when a session is assumed.
If the DM application itself survives, it will notice that the session has failed by getting certain error codes from DMAPI function calls (ENOTREADY, ESRCH). The application could then be moved to another node and recover the session queue and events on it. Alternatively, the application could wait for the GPFS daemon to recover. There is also a possibility that the daemon will recover before the DM application even notices the failure. In these cases, session reconstruction is triggered when the DM application invokes the first DMAPI function after daemon recovery.