9434d3733d
* mount: async flush on close() when writebackCache is enabled When -writebackCache is enabled, defer data upload and metadata flush from Flush() (triggered by close()) to a background goroutine in Release(). This allows processes like rsync that write many small files to proceed to the next file immediately instead of blocking on two network round-trips (volume upload + filer metadata) per file. Fixes #8718 * mount: add retry with backoff for async metadata flush The metadata flush in completeAsyncFlush now retries up to 3 times with exponential backoff (1s, 2s, 4s) on transient gRPC errors. Since the chunk data is already safely on volume servers at this point, only the filer metadata reference needs persisting — retrying is both safe and effective. Data flush (FlushData) is not retried externally because UploadWithRetry already handles transient HTTP/gRPC errors internally; if it still fails, the chunk memory has been freed. * test: add integration tests for writebackCache async flush Add comprehensive FUSE integration tests for the writebackCache async flush feature (issue #8718): - Basic operations: write/read, sequential files, large files, empty files, overwrites - Fsync correctness: fsync forces synchronous flush even in writeback mode, immediate read-after-fsync - Concurrent small files: multi-worker parallel writes (rsync-like workload), multi-directory, rapid create/close - Data integrity: append after close, partial writes, file size correctness, binary data preservation - Performance comparison: writeback vs synchronous flush throughput - Stress test: 16 workers x 100 files with content verification - Mixed concurrent operations: reads, writes, creates running together Also fix pre-existing test infrastructure issues: - Rename framework.go to framework_test.go (fixes Go package conflict) - Fix undefined totalSize variable in concurrent_operations_test.go * ci: update fuse-integration workflow to run full test suite The workflow previously only ran placeholder tests (simple_test.go, working_demo_test.go) in a temp directory due to a Go module conflict. Now that framework.go is renamed to framework_test.go, the full test suite compiles and runs correctly from test/fuse_integration/. Changes: - Run go test directly in test/fuse_integration/ (no temp dir copy) - Install weed binary to /usr/local/bin for test framework discovery - Configure /etc/fuse.conf with user_allow_other for FUSE mounts - Install fuse3 for modern FUSE support - Stream test output to log file for artifact upload * mount: fix three P1 races in async flush P1-1: Reopen overwrites data still flushing in background ReleaseByHandle removes the old handle from fhMap before the deferred flush finishes. A reopen of the same inode during that window would build from stale filer metadata, overwriting the async flush. Fix: Track in-flight async flushes per inode via pendingAsyncFlush map. AcquireHandle now calls waitForPendingAsyncFlush(inode) to block until any pending flush completes before reading filer metadata. P1-2: Deferred flush races rename and unlink after close completeAsyncFlush captured the path once at entry, but rename or unlink after close() could cause metadata to be written under the wrong name or recreate a deleted file. Fix: Re-resolve path from inode via GetPath right before metadata flush. GetPath returns the current path (reflecting renames) or ENOENT (if unlinked), in which case we skip the metadata flush. P1-3: SIGINT/SIGTERM bypasses the async-flush drain grace.OnInterrupt runs hooks then calls os.Exit(0), so WaitForAsyncFlush after server.Serve() never executes on signal. Fix: Add WaitForAsyncFlush (with 10s timeout) to the WFS interrupt handler, before cache cleanup. The timeout prevents hanging on Ctrl-C when the filer is unreachable. * mount: fix P1 races — draining handle stays in fhMap P1-1: Reopen TOCTOU The gap between ReleaseByHandle removing from fhMap and submitAsyncFlush registering in pendingAsyncFlush allowed a concurrent AcquireHandle to slip through with stale metadata. Fix: Hold pendingAsyncFlushMu across both the counter decrement (ReleaseByHandle) and the pending registration. The handle is registered as pending before the lock is released, so waitForPendingAsyncFlush always sees it. P1-2: Rename/unlink can't find draining handle ReleaseByHandle deleted from fhMap immediately. Rename's FindFileHandle(inode) at line 251 could not find the handle to update entry.Name. Unlink could not coordinate either. Fix: When asyncFlushPending is true, ReleaseByHandle/ReleaseByInode leave the handle in fhMap (counter=0 but maps intact). The handle stays visible to FindFileHandle so rename can update entry.Name. completeAsyncFlush re-resolves the path from the inode (GetPath) right before metadata flush for correctness after rename/unlink. After drain, RemoveFileHandle cleans up the maps. Double-return prevention: ReleaseByHandle/ReleaseByInode return nil if counter is already <= 0, so Forget after Release doesn't start a second drain goroutine. P1-3: SIGINT deletes swap files under running goroutines After the 10s timeout, os.RemoveAll deleted the write cache dir (containing swap files) while FlushData goroutines were still reading from them. Fix: Increase timeout to 30s. If timeout expires, skip write cache dir removal so in-flight goroutines can finish reading swap files. The OS (or next mount) cleans them up. Read cache is always removed. * mount: never skip metadata flush when Forget drops inode mapping Forget removes the inode→path mapping when the kernel's lookup count reaches zero, but this does NOT mean the file was unlinked — it only means the kernel evicted its cache entry. completeAsyncFlush was treating GetPath failure as "file unlinked" and skipping the metadata flush, which orphaned the just-uploaded chunks for live files. Fix: Save dir and name at doFlush defer time. In completeAsyncFlush, try GetPath first to pick up renames; if the mapping is gone, fall back to the saved dir/name. Always attempt the metadata flush — the filer is the authority on whether the file exists, not the local inode cache. * mount: distinguish Forget from Unlink in async flush path fallback The saved-path fallback (from the previous fix) always flushed metadata when GetPath failed, which recreated files that were explicitly unlinked after close(). The same stale fallback could recreate the pre-rename path if Forget dropped the inode mapping after a rename. Root cause: GetPath failure has two meanings: 1. Forget — kernel evicted the cache entry (file still exists) 2. Unlink — file was explicitly deleted (should not recreate) Fix (three coordinated changes): Unlink (weedfs_file_mkrm.go): Before RemovePath, look up the inode and find any draining handle via FindFileHandle. Set fh.isDeleted = true so the async flush knows the file was explicitly removed. Rename (weedfs_rename.go): When renaming a file with a draining handle, update asyncFlushDir/asyncFlushName to the post-rename location. This keeps the saved-path fallback current so Forget after rename doesn't flush to the old (pre-rename) path. completeAsyncFlush (weedfs_async_flush.go): Check fh.isDeleted first — if true, skip metadata flush (file was unlinked, chunks become orphans for volume.fsck). Otherwise, try GetPath for the current path (renames); fall back to saved path if Forget dropped the mapping (file is live, just evicted from kernel cache). * test/ci: address PR review nitpicks concurrent_operations_test.go: - Restore precise totalSize assertion instead of info.Size() > 0 writeback_cache_test.go: - Check rand.Read errors in all 3 locations (lines 310, 512, 757) - Check os.MkdirAll error in stress test (line 752) - Remove dead verifyErrors variable (line 332) - Replace both time.Sleep(5s) with polling via waitForFileContent to avoid flaky tests under CI load (lines 638, 700) fuse-integration.yml: - Add set -o pipefail so go test failures propagate through tee * ci: fix fuse3/fuse package conflict on ubuntu-22.04 runner fuse3 is pre-installed on ubuntu-22.04 runners and conflicts with the legacy fuse package. Only install libfuse3-dev for the headers. * mount/page_writer: remove debug println statements Remove leftover debug println("read new data1/2") from ReadDataAt in MemChunk and SwapFileChunk. * test: fix findWeedBinary matching source directory instead of binary findWeedBinary() matched ../../weed (the source directory) via os.Stat before checking PATH, then tried to exec a directory which fails with "permission denied" on the CI runner. Fix: Check PATH first (reliable in CI where the binary is installed to /usr/local/bin). For relative paths, verify the candidate is a regular file (!info.IsDir()). Add ../../weed/weed as a candidate for in-tree builds. * test: fix framework — dynamic ports, output capture, data dirs The integration test framework was failing in CI because: 1. All tests used hardcoded ports (19333/18080/18888), so sequential tests could conflict when prior processes hadn't fully released their ports yet. 2. Data subdirectories (data/master, data/volume) were not created before starting processes. 3. Master was started with -peers=none which is not a valid address. 4. Process stdout/stderr was not captured, making failures opaque ("service not ready within timeout" with no diagnostics). 5. The unmount fallback used 'umount' instead of 'fusermount -u'. 6. The mount used -cacheSizeMB (nonexistent) instead of -cacheCapacityMB and was missing -allowOthers=false for unprivileged CI runners. Fixes: - Dynamic port allocation via freePort() (net.Listen ":0") - Explicit gRPC ports via -port.grpc to avoid default port conflicts - Create data/master and data/volume directories in Setup() - Remove invalid -peers=none and -raftBootstrap flags - Capture process output to logDir/*.log via startProcess() helper - dumpLog() prints tail of log file on service startup failure - Use fusermount3/fusermount -u for unmount - Fix mount flag names (-cacheCapacityMB, -allowOthers=false) * test: remove explicit -port.grpc flags from test framework SeaweedFS convention: gRPC port = HTTP port + 10000. Volume and filer discover the master gRPC port by this convention. Setting explicit -port.grpc on master/volume/filer broke inter-service communication because the volume server computed master gRPC as HTTP+10000 but the actual gRPC was on a different port. Remove all -port.grpc flags and let the default convention work. Dynamic HTTP ports already ensure uniqueness; the derived gRPC ports (HTTP+10000) will also be unique. --------- Co-authored-by: Copilot <copilot@github.com>
282 lines
9.2 KiB
Go
282 lines
9.2 KiB
Go
package mount
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"strings"
|
|
"syscall"
|
|
|
|
"github.com/seaweedfs/go-fuse/v2/fs"
|
|
"github.com/seaweedfs/go-fuse/v2/fuse"
|
|
"github.com/seaweedfs/seaweedfs/weed/glog"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/util"
|
|
)
|
|
|
|
/** Rename a file
|
|
*
|
|
* If the target exists it should be atomically replaced. If
|
|
* the target's inode's lookup count is non-zero, the file
|
|
* system is expected to postpone any removal of the inode
|
|
* until the lookup count reaches zero (see description of the
|
|
* forget function).
|
|
*
|
|
* If this request is answered with an error code of ENOSYS, this is
|
|
* treated as a permanent failure with error code EINVAL, i.e. all
|
|
* future bmap requests will fail with EINVAL without being
|
|
* send to the filesystem process.
|
|
*
|
|
* *flags* may be `RENAME_EXCHANGE` or `RENAME_NOREPLACE`. If
|
|
* RENAME_NOREPLACE is specified, the filesystem must not
|
|
* overwrite *newname* if it exists and return an error
|
|
* instead. If `RENAME_EXCHANGE` is specified, the filesystem
|
|
* must atomically exchange the two files, i.e. both must
|
|
* exist and neither may be deleted.
|
|
*
|
|
* Valid replies:
|
|
* fuse_reply_err
|
|
*
|
|
* @param req request handle
|
|
* @param parent inode number of the old parent directory
|
|
* @param name old name
|
|
* @param newparent inode number of the new parent directory
|
|
* @param newname new name
|
|
*/
|
|
/*
|
|
renameat2()
|
|
renameat2() has an additional flags argument. A renameat2() call
|
|
with a zero flags argument is equivalent to renameat().
|
|
|
|
The flags argument is a bit mask consisting of zero or more of
|
|
the following flags:
|
|
|
|
RENAME_EXCHANGE
|
|
Atomically exchange oldpath and newpath. Both pathnames
|
|
must exist but may be of different types (e.g., one could
|
|
be a non-empty directory and the other a symbolic link).
|
|
|
|
RENAME_NOREPLACE
|
|
Don't overwrite newpath of the rename. Return an error if
|
|
newpath already exists.
|
|
|
|
RENAME_NOREPLACE can't be employed together with
|
|
RENAME_EXCHANGE.
|
|
|
|
RENAME_NOREPLACE requires support from the underlying
|
|
filesystem. Support for various filesystems was added as
|
|
follows:
|
|
|
|
* ext4 (Linux 3.15);
|
|
|
|
* btrfs, tmpfs, and cifs (Linux 3.17);
|
|
|
|
* xfs (Linux 4.0);
|
|
|
|
* Support for many other filesystems was added in Linux
|
|
4.9, including ext2, minix, reiserfs, jfs, vfat, and
|
|
bpf.
|
|
|
|
RENAME_WHITEOUT (since Linux 3.18)
|
|
This operation makes sense only for overlay/union
|
|
filesystem implementations.
|
|
|
|
Specifying RENAME_WHITEOUT creates a "whiteout" object at
|
|
the source of the rename at the same time as performing
|
|
the rename. The whole operation is atomic, so that if the
|
|
rename succeeds then the whiteout will also have been
|
|
created.
|
|
|
|
A "whiteout" is an object that has special meaning in
|
|
union/overlay filesystem constructs. In these constructs,
|
|
multiple layers exist and only the top one is ever
|
|
modified. A whiteout on an upper layer will effectively
|
|
hide a matching file in the lower layer, making it appear
|
|
as if the file didn't exist.
|
|
|
|
When a file that exists on the lower layer is renamed, the
|
|
file is first copied up (if not already on the upper
|
|
layer) and then renamed on the upper, read-write layer.
|
|
At the same time, the source file needs to be "whiteouted"
|
|
(so that the version of the source file in the lower layer
|
|
is rendered invisible). The whole operation needs to be
|
|
done atomically.
|
|
|
|
When not part of a union/overlay, the whiteout appears as
|
|
a character device with a {0,0} device number. (Note that
|
|
other union/overlay implementations may employ different
|
|
methods for storing whiteout entries; specifically, BSD
|
|
union mount employs a separate inode type, DT_WHT, which,
|
|
while supported by some filesystems available in Linux,
|
|
such as CODA and XFS, is ignored by the kernel's whiteout
|
|
support code, as of Linux 4.19, at least.)
|
|
|
|
RENAME_WHITEOUT requires the same privileges as creating a
|
|
device node (i.e., the CAP_MKNOD capability).
|
|
|
|
RENAME_WHITEOUT can't be employed together with
|
|
RENAME_EXCHANGE.
|
|
|
|
RENAME_WHITEOUT requires support from the underlying
|
|
filesystem. Among the filesystems that support it are
|
|
tmpfs (since Linux 3.18), ext4 (since Linux 3.18), XFS
|
|
(since Linux 4.1), f2fs (since Linux 4.2), btrfs (since
|
|
Linux 4.7), and ubifs (since Linux 4.9).
|
|
*/
|
|
const (
|
|
RenameEmptyFlag = 0
|
|
RenameNoReplace = 1
|
|
RenameExchange = fs.RENAME_EXCHANGE
|
|
RenameWhiteout = 3
|
|
)
|
|
|
|
func (wfs *WFS) Rename(cancel <-chan struct{}, in *fuse.RenameIn, oldName string, newName string) (code fuse.Status) {
|
|
if wfs.IsOverQuotaWithUncommitted() {
|
|
return fuse.Status(syscall.ENOSPC)
|
|
}
|
|
|
|
if s := checkName(newName); s != fuse.OK {
|
|
return s
|
|
}
|
|
|
|
switch in.Flags {
|
|
case RenameEmptyFlag:
|
|
case RenameNoReplace:
|
|
case RenameExchange:
|
|
case RenameWhiteout:
|
|
return fuse.ENOTSUP
|
|
default:
|
|
return fuse.EINVAL
|
|
}
|
|
|
|
oldDir, code := wfs.inodeToPath.GetPath(in.NodeId)
|
|
if code != fuse.OK {
|
|
return
|
|
}
|
|
oldPath := oldDir.Child(oldName)
|
|
newDir, code := wfs.inodeToPath.GetPath(in.Newdir)
|
|
if code != fuse.OK {
|
|
return
|
|
}
|
|
newPath := newDir.Child(newName)
|
|
|
|
oldEntry, status := wfs.maybeLoadEntry(oldPath)
|
|
if status != fuse.OK {
|
|
return status
|
|
}
|
|
|
|
if wormEnforced, _ := wfs.wormEnforcedForEntry(oldPath, oldEntry); wormEnforced {
|
|
return fuse.EPERM
|
|
}
|
|
|
|
glog.V(4).Infof("dir Rename %s => %s", oldPath, newPath)
|
|
|
|
// update remote filer
|
|
err := wfs.WithFilerClient(true, func(client filer_pb.SeaweedFilerClient) error {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
request := &filer_pb.StreamRenameEntryRequest{
|
|
OldDirectory: string(oldDir),
|
|
OldName: oldName,
|
|
NewDirectory: string(newDir),
|
|
NewName: newName,
|
|
Signatures: []int32{wfs.signature},
|
|
}
|
|
|
|
stream, err := client.StreamRenameEntry(ctx, request)
|
|
if err != nil {
|
|
code = fuse.EIO
|
|
return fmt.Errorf("dir AtomicRenameEntry %s => %s : %v", oldPath, newPath, err)
|
|
}
|
|
|
|
for {
|
|
resp, recvErr := stream.Recv()
|
|
if recvErr != nil {
|
|
if recvErr == io.EOF {
|
|
break
|
|
} else {
|
|
if strings.Contains(recvErr.Error(), "not empty") {
|
|
code = fuse.Status(syscall.ENOTEMPTY)
|
|
} else if strings.Contains(recvErr.Error(), "not directory") {
|
|
code = fuse.ENOTDIR
|
|
}
|
|
return fmt.Errorf("dir Rename %s => %s receive: %v", oldPath, newPath, recvErr)
|
|
}
|
|
}
|
|
|
|
if err = wfs.handleRenameResponse(ctx, resp); err != nil {
|
|
glog.V(0).Infof("dir Rename %s => %s : %v", oldPath, newPath, err)
|
|
return err
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
|
if err != nil {
|
|
glog.V(0).Infof("Link: %v", err)
|
|
return
|
|
}
|
|
wfs.inodeToPath.TouchDirectory(oldDir)
|
|
wfs.inodeToPath.TouchDirectory(newDir)
|
|
|
|
return fuse.OK
|
|
|
|
}
|
|
|
|
func (wfs *WFS) handleRenameResponse(ctx context.Context, resp *filer_pb.StreamRenameEntryResponse) error {
|
|
// comes from filer StreamRenameEntry, can only be create or delete entry
|
|
|
|
glog.V(4).Infof("dir Rename %+v", resp.EventNotification)
|
|
|
|
if resp.EventNotification.NewEntry != nil {
|
|
if err := wfs.applyLocalMetadataEvent(ctx, metadataEventFromRenameResponse(resp)); err != nil {
|
|
glog.Warningf("rename apply metadata event: %v", err)
|
|
wfs.inodeToPath.InvalidateChildrenCache(util.FullPath(resp.Directory))
|
|
if resp.EventNotification.NewParentPath != "" {
|
|
wfs.inodeToPath.InvalidateChildrenCache(util.FullPath(resp.EventNotification.NewParentPath))
|
|
}
|
|
}
|
|
|
|
oldParent, newParent := util.FullPath(resp.Directory), util.FullPath(resp.EventNotification.NewParentPath)
|
|
oldName, newName := resp.EventNotification.OldEntry.Name, resp.EventNotification.NewEntry.Name
|
|
|
|
oldPath := oldParent.Child(oldName)
|
|
newPath := newParent.Child(newName)
|
|
|
|
sourceInode, targetInode := wfs.inodeToPath.MovePath(oldPath, newPath)
|
|
if sourceInode != 0 {
|
|
fh, foundFh := wfs.fhMap.FindFileHandle(sourceInode)
|
|
if foundFh {
|
|
if entry := fh.GetEntry(); entry != nil {
|
|
entry.Name = newName
|
|
}
|
|
// Keep the saved async-flush path current so the fallback
|
|
// after Forget uses the post-rename location, not the old one.
|
|
if fh.asyncFlushPending {
|
|
fh.asyncFlushDir = string(newParent)
|
|
fh.asyncFlushName = newName
|
|
}
|
|
}
|
|
// invalidate attr and data
|
|
// wfs.fuseServer.InodeNotify(sourceInode, 0, -1)
|
|
}
|
|
if targetInode != 0 {
|
|
// invalidate attr and data
|
|
// wfs.fuseServer.InodeNotify(targetInode, 0, -1)
|
|
}
|
|
|
|
} else if resp.EventNotification.OldEntry != nil {
|
|
// without new entry, only old entry name exists. This is the second step to delete old entry
|
|
if err := wfs.applyLocalMetadataEvent(ctx, metadataEventFromRenameResponse(resp)); err != nil {
|
|
glog.Warningf("rename apply delete event: %v", err)
|
|
wfs.inodeToPath.InvalidateChildrenCache(util.FullPath(resp.Directory))
|
|
}
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|