zpool history

ZFS - now with history!

When disaster strikes and you'd really like to know what people have been doing to your pool, what do you do? Until now, there was nothing elegant. Enter 'zpool history'.

# zpool create hewitt c1d0
# zfs create hewitt/jen
# zfs create hewitt/jen/love
# zpool history
History for 'hewitt':
2006-10-16.17:54:02 zpool create hewitt c1d0
2006-10-16.17:54:11 zfs create hewitt/jen
2006-10-16.17:54:15 zfs create hewitt/jen/love

#

All subcommands of zfs(1M) and zpool(1M) that modify the state of the pool get logged persistently to disk. That means no matter where you take your pool or what machine is currently accessing it (such as in the SunCluster failover case), your history follows. Sorta like your permanent record.

Now you have a convenient way of finding out if someone did something bad to your pool...

bad_admin# zfs set checksum=off hewitt
bad_admin# zfs destroy hewitt/jen/love

good_admin# zpool history              
History for 'hewitt':
2006-10-16.17:54:02 zpool create hewitt c1d0
2006-10-16.17:54:11 zfs create hewitt/jen
2006-10-16.17:54:15 zfs create hewitt/jen/love
2006-10-16.17:54:35 zfs set checksum=off hewitt
2006-10-16.17:57:29 zfs destroy hewitt/jen/love

# 

The history log is implemented using a ring buffer of <packed record length, record nvlist> tuples. More details can be found in spa_history.c, which contains the main kernel code changes for 'zpool history'. The history log's size is 1% of your pool, with a maximum of 32MB and a minimum of 128KB. Note: the original creation of the pool via 'zpool create' is never overwritten.

If you add a new subcommand to zfs(1m) or zpool(1M), all you need to do is call zpool_log_history(). If you build a new consumer of 'zpool history' (such as a GUI), then you need to call zpool_get_history(), and parse the nvlist. A good example of that is in get_history_one().

In the future, we will add the ability to also log uid, hostname, and zonename. We're also looking at adding "internal events" to the log since some subcommands actually take more than one txg, and we'd like to log history every txg (this would be more for developers and debuggers than admins).

These changes are in snv_51, and i would expect s10_u4 (though that schedule hasn't been decided yet).

Enjoy making history.

Comments:

but if userspace applications need to explicitly call zpool_log_history() to log events, what's preventing the bad admin from simply using recompiled versions of "zfs" and "zpool" with those logging calls removed?

Posted by guest on November 03, 2006 at 01:38 AM PST #

We can't stop bad admins from that. You own the box, so you own the software that you install on it. Much like we can't stop someone from modifying the kernel via source code, via something like mdb, or dd. That sounds more like an evil admin rather than a bad admin :)

Posted by eric kustarz on November 03, 2006 at 05:19 AM PST #

You are right. I assumed that by bad_admin in the example above you meant an evil_admin and claiming that this somehow protects from them, when you merely meant an incompetent_admin. Thanks for the clarification.

Posted by guest on November 09, 2006 at 02:20 PM PST #

Post a Comment:
Comments are closed for this entry.
About

erickustarz

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today