docs/design/StratisSoftwareDesign.lyx

#LyX 2.3 created this file. For more info see http://www.lyx.org/
\lyxformat 544
\begin_document
\begin_header
\save_transient_properties false
\origin unavailable
\textclass article
\begin_preamble

\end_preamble
\use_default_options true
\begin_modules
logicalmkup
\end_modules
\maintain_unincluded_children false
\language english
\language_package default
\inputencoding auto
\fontencoding global
\font_roman "default" "default"
\font_sans "default" "default"
\font_typewriter "default" "default"
\font_math "auto" "auto"
\font_default_family default
\use_non_tex_fonts false
\font_sc false
\font_osf false
\font_sf_scale 100 100
\font_tt_scale 100 100
\use_microtype false
\use_dash_ligatures false
\graphics default
\default_output_format default
\output_sync 0
\bibtex_command default
\index_command default
\paperfontsize default
\spacing single
\use_hyperref false
\papersize default
\use_geometry false
\use_package amsmath 1
\use_package amssymb 1
\use_package cancel 1
\use_package esint 1
\use_package mathdots 1
\use_package mathtools 1
\use_package mhchem 1
\use_package stackrel 1
\use_package stmaryrd 1
\use_package undertilde 1
\cite_engine basic
\cite_engine_type default
\biblio_style plain
\use_bibtopic false
\use_indices false
\paperorientation portrait
\suppress_date false
\justification true
\use_refstyle 1
\use_minted 0
\index Index
\shortcut idx
\color #008000
\end_index
\leftmargin 1.5in
\topmargin 1in
\rightmargin 1.5in
\bottommargin 1in
\secnumdepth 3
\tocdepth 3
\paragraph_separation indent
\paragraph_indentation default
\is_math_indent 0
\math_numbering_side default
\quotes_style english
\dynamic_quotes 0
\papercolumns 1
\papersides 1
\paperpagestyle default
\tracking_changes false
\output_changes false
\html_math_output 0
\html_css_as_file 0
\html_be_strict false
\end_header

\begin_body

\begin_layout Title
Stratis Software Design
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0
 International License.
\end_layout

\end_inset


\end_layout

\begin_layout Standard
\begin_inset CommandInset toc
LatexCommand tableofcontents

\end_inset


\end_layout

\begin_layout Standard
\begin_inset Note Note
status collapsed

\begin_layout Plain Layout
Before saving this file preparatory to a commit, make sure that all insets
 are closed.
 If you are able to read this note, you haven't performed this essential
 step.
\end_layout

\end_inset


\end_layout

\begin_layout Section*
About this Document
\end_layout

\begin_layout Standard
This document can be found 
\begin_inset CommandInset href
LatexCommand href
name "in the stratis-docs repo"
target "https://github.com/stratis-storage/stratis-docs/blob/master/docs/design/StratisSoftwareDesign.lyx"
literal "false"

\end_inset

, and is written using \SpecialChar LyX
.
\end_layout

\begin_layout Section*
Summary
\end_layout

\begin_layout Standard
Stratis is an easily configured, tightly integrated solution for storage
 that works within the existing Linux storage management stack.
 To achieve this, Stratis prioritizes a straightforward command-line experience,
 a rich API, and a fully automated, externally-opaque approach to storage
 management.
 It builds upon elements of the existing storage stack as much as possible.
\end_layout

\begin_layout Part
Background
\end_layout

\begin_layout Section
Problem Statement
\end_layout

\begin_layout Standard
Linux has gained many storage-related features over the years, but each
 of these features has required the user to manage the configuration of
 these features in a layered, additive manner.
 Genuinely new and useful features such as thin provisioning, RAID, and
 multipath are dependent on the user correctly configuring many different
 layers via different tools to achieve a complete result.
 Furthermore, since each layer's configuration tool only has a command-line
 interface (CLI), higher-level management tools must each construct input
 and parse the human-oriented output for each of these layers' CLIs.
 This causes a waste of effort and opportunity for bugs, as each higher-level
 tool builds its own internal API for the feature on top of the lower level
 tool's CLI.
\end_layout

\begin_layout Subsection
Goal: Bring advanced features to users in a simpler form
\end_layout

\begin_layout Standard
Linux storage features are modular and stackable.
 This promotes flexibility and allows independent development efforts, but
 leads to a huge number of possible configurations.
 This requires the user to manage the stack because there's not enough commonali
ty to enable effective automation.
\end_layout

\begin_layout Standard
But really, there 
\emph on
is
\emph default
 a single configuration that can work for most use cases.
 By assuming a fixed layering of storage features (some perhaps optional),
 we enable software to effectively manage these on behalf of the user.
\end_layout

\begin_layout Standard
Automated management then leads to less administrative burden placed on
 the user.
 The user still specifies resources, desired features, and results – what
 hardware resources to use, what features to enable, how storage should
 be logically presented – using a smaller number of concepts with well-defined
 relations.
 Software manages the rest, and handles most runtime issues without user
 involvement.
\end_layout

\begin_layout Subsection
Proposal: Implement a hybrid Volume Managing Filesystem
\end_layout

\begin_layout Standard
In the past ten years, 
\emph on
volume-managing filesystems
\emph default
 (VMFs) such as ZFS and Btrfs have come into vogue and gained users, after
 being previously available only on other UNIX-based operating systems.
 These incorporate what would be handled by multiple tools under traditional
 Linux into a single tool.
 Redundancy, thin provisioning, volume management, and filesystems become
 features within a single comprehensive, consistent configuration system.
 Where a traditional Linux storage stack exposes the layers of block devices
 to the user to manage, VMFs hide everything in a 
\emph on
pool
\emph default
.
 The user puts raw storage in the pool, the VMF manages the storage in the
 pool, providing the features the user wants, and allows the user to create
 filesystems from the pool without being concerned with the details.
\end_layout

\begin_layout Standard
Unfortunately, existing VMFs aren't easily used on enterprise Linux distribution
s like RHEL.
 ZFS isn't an option RHEL can embrace due to licensing, Ubuntu notwithstanding.
 Btrfs has no licensing issues, but maintaining up-to-date support for it
 in enterprise kernels proved difficult.
\end_layout

\begin_layout Standard
We can see from the many developer-years of effort that have gone into these
 two projects that writing a VMF is a tremendous, time-consuming undertaking.
 We also can hear our users demanding their features and ease of use.
\end_layout

\begin_layout Standard
Rather than writing a new VMF from scratch, Stratis proposes to satisfy
 VMF-like requirements by managing existing technologies on behalf of the
 user, so that users can manage their storage using high-level concepts
 like 
\begin_inset Quotes eld
\end_inset

pool
\begin_inset Quotes erd
\end_inset

 and 
\begin_inset Quotes eld
\end_inset

filesystem
\begin_inset Quotes erd
\end_inset

, and remain unconcerned with the more complex details under the covers.
\end_layout

\begin_layout Standard
This is also a chance to learn from the benefits and shortcomings of existing
 solutions.
 We should not just copy ZFS.
 ZFS is now fifteen years old and the storage landscape has changed since
 its design.
 We seek to satisfy the same needs that ZFS does, but also integrate more
 tightly into today's increasingly automated storage management solutions
 that span the data center as well as the local machine.
 This is made possible by a hybrid, userspace-based approach.
\end_layout

\begin_layout Subsection
Requirements
\end_layout

\begin_layout Enumerate

\emph on
Make features easier to use in combination with each other
\emph default
: thin provisioning, snapshots, multipath, encryption, hardware reconfiguration,
 monitoring, and a caching tier
\end_layout

\begin_layout Enumerate
Simple and comprehensive command-line interface
\end_layout

\begin_deeper
\begin_layout Enumerate
Simple
\end_layout

\begin_deeper
\begin_layout Enumerate
Single way to do things
\end_layout

\begin_layout Enumerate
Do not expose internal implementation details.
 Gives Stratis more implementation freedom, and of little value since internals
 are too complex to make manual user repairs practical
\end_layout

\begin_layout Enumerate
User typically will not use on a daily basis
\end_layout

\begin_deeper
\begin_layout Enumerate
Consistent commands that a user can guess at, and probably be right
\end_layout

\begin_layout Enumerate
Require explicitness from the user for potentially data-losing operations,
 such as giving a 
\begin_inset Quotes eld
\end_inset

–force
\begin_inset Quotes erd
\end_inset

 option.
\end_layout

\end_deeper
\end_deeper
\begin_layout Enumerate
Comprehensive
\end_layout

\begin_deeper
\begin_layout Enumerate
User must master only one tool
\end_layout

\begin_layout Enumerate
Helps user learn: if task not possible through tool, it must not be worth
 doing (or a good idea)
\end_layout

\end_deeper
\end_deeper
\begin_layout Enumerate
Programmatic language-neutral API for higher-level management tool integration
\end_layout

\begin_deeper
\begin_layout Enumerate
A clear next step for users after hitting the limitations of scripting the
 CLI
\end_layout

\begin_layout Enumerate
Encourages tight integration and use of all features by higher-level tools
\end_layout

\end_deeper
\begin_layout Enumerate
Event-driven monitoring and alerts
\end_layout

\begin_deeper
\begin_layout Enumerate
Monitoring and alert messages expressed in terms of Stratis user-visible
 simple concepts, not implementation details
\end_layout

\begin_layout Enumerate
Low CPU/memory overhead to monitoring
\end_layout

\begin_layout Enumerate
Only alert when action really is needed
\end_layout

\begin_layout Enumerate
Fail gracefully if alerts are unheeded
\end_layout

\end_deeper
\begin_layout Enumerate
Eliminate manual resizing of filesystems
\end_layout

\begin_deeper
\begin_layout Enumerate
Numerous problem reports throughout the years indicate that resizing filesystems
 is an area where users feel unease, due to potential data loss if a mistake
 is made.
 No real reason to require the user do this any more.
\end_layout

\begin_layout Enumerate
Simpler for DevOps
\end_layout

\begin_layout Enumerate
Makes storage 
\begin_inset Quotes eld
\end_inset

demand-allocated
\begin_inset Quotes erd
\end_inset

, similar to virtual memory.
 Current technology allows us to manage a filesystem's actual usage up (growfs)
 or down (thin provisioning).
\end_layout

\end_deeper
\begin_layout Enumerate
Initrd-capable
\end_layout

\begin_deeper
\begin_layout Enumerate
Allows root fs, all other filesystems except /boot to use Stratis.
 Needed for ease of use
\end_layout

\begin_layout Enumerate
Limited environment – alternate IPC mechanism that works in the initrd is
 available
\end_layout

\end_deeper
\begin_layout Enumerate
Adaptable to emerging storage technologies
\end_layout

\begin_deeper
\begin_layout Enumerate
Persistent memory
\end_layout

\begin_deeper
\begin_layout Enumerate
Block-appearing pmem can be used by Stratis
\end_layout

\end_deeper
\end_deeper
\begin_layout Enumerate
Implementable in 1-2 years
\end_layout

\begin_deeper
\begin_layout Enumerate
We're already behind, waiting another 10 years isn't an option
\end_layout

\end_deeper
\begin_layout Part
Solution Overview
\end_layout

\begin_layout Section
Introduction
\end_layout

\begin_layout Standard
Stratis is a local storage solution that lets multiple logical filesystems
 share a pool of storage that is allocated from one or more block devices.
 Instead of an entirely in-kernel approach like ZFS or Btrfs, Stratis uses
 a hybrid user/kernel approach that builds upon existing block capabilities
 like device-mapper, existing filesystem capabilities like XFS, and a user
 space daemon for monitoring and control.
\end_layout

\begin_layout Standard
The goal of Stratis is to provide the conceptual simplicity of volume-managing
 filesystems, and surpass them in areas such as monitoring and notification,
 automatic reconfiguration, and integration with higher-level storage management
 frameworks.
\end_layout

\begin_layout Section
Stratis and the Linux storage stack
\end_layout

\begin_layout Standard
Stratis simplifies many aspects of local storage provisioning and configuration.
 This, along with its API, would let projects dependent on configuring local
 storage do so much more easily.
\end_layout

\begin_layout Standard
For example, installing the OS to a Stratis pool using Anaconda.
 After selecting the disks to use for the pool, the first benefit would
 be the complex flow around sizing of filesystems could be omitted.
 Second, since Stratis has an API, Anaconda could use it, instead of needing
 work in Blivet to build an API on top of command line tools.
\end_layout

\begin_layout Standard
Other management tools like Cockpit, virtualization products like RHEV,
 or container products like Atomic would find it much simpler and less error-pro
ne to use storage and snapshots with Stratis, for the same two reasons:
 don't need to worry about per-filesystem sizing (only that the pool has
 enough 
\begin_inset Quotes eld
\end_inset

backing store
\begin_inset Quotes erd
\end_inset

); and the API, which allows better tool-to-tool integration than using
 CLI programmatically.
\end_layout

\begin_layout Standard
\begin_inset Float figure
placement H
wide false
sideways false
status collapsed

\begin_layout Plain Layout
\begin_inset Graphics
	filename stratis-interactions.svg
	scale 80

\end_inset


\begin_inset Caption Standard

\begin_layout Plain Layout
Future Stratis Position in the Linux Storage Management Stack
\end_layout

\end_inset


\end_layout

\begin_layout Plain Layout

\end_layout

\end_inset


\end_layout

\begin_layout Section
Conceptual Model
\end_layout

\begin_layout Subsection
Blockdevs, pools, and filesystems
\end_layout

\begin_layout Standard
Stratis’s conceptual model consists of 
\emph on
blockdevs
\emph default
, 
\emph on
pools
\emph default
, and 
\emph on
filesystems
\emph default
.
 A pool is created from one or more blockdevs (block devices), and then
 filesystems are created from the pool.
 Filesystems are mountable hierarchical collections of files that allocate
 backing storage from the pool as it is needed.
 The key difference between a Stratis filesystem and a conventional Unix
 filesystem is that Stratis filesystem sizing and maintenance are not managed
 by the user, but by Stratis.
\end_layout

\begin_layout Subsection
Attributes and features of a pool
\end_layout

\begin_layout Standard
A pool is created with an initial set of one or more blockdevs.
 Blockdevs may also be added after the pool is created.
 The pool's primary collection of blockdevs is called the 
\emph on
data tier
\emph default
.
\end_layout

\begin_layout Standard
A pool also optionally has a 
\emph on
cache tier
\emph default
 that uses a separate collection of faster blockdevs to improve performance
 instead of increasing the pool's capacity.
\end_layout

\begin_layout Standard
Since a single system may have multiple pools, each pool has a name, as
 does each filesystem within a pool.
 These are both settable by the user.
 Blockdevs, pools, and filesystems also have UUIDs, which are not settable
 by the user.
\end_layout

\begin_layout Standard
Stratis supports large numbers of blockdevs and up to 
\begin_inset Formula $2^{24}$
\end_inset

filesystems per pool.
 However, practical limits on these values may compel users to restrict
 themselves to smaller numbers of blockdevs and filesystems.
\end_layout

\begin_layout Standard
A new filesystem is either a new empty filesystem or a snapshot of an existing
 filesystem within the pool.
 Stratis currently does not distinguish between snapshots and filesystems.
\end_layout

\begin_layout Section
Scalability and Performance Considerations
\end_layout

\begin_layout Standard
Stratis doesn't optimize performance within its data tier, instead focusing
 there on flexibility and integrity.
 Improved performance is the job of caching tier, or perhaps building the
 pool using blockdevs with higher IOPs, such as SSDs.
\end_layout

\begin_layout Part
\begin_inset CommandInset label
LatexCommand label
name "part:Implementation"

\end_inset

Implementation
\end_layout

\begin_layout Section
Software Components
\end_layout

\begin_layout Standard
Stratis consists of a command-line tool,
\emph on
 stratis
\emph default
, and a service,
\emph on
 stratisd
\emph default
.
\end_layout

\begin_layout Standard
stratis implements the command-line interface, and converts commands into
 D-Bus API calls to stratisd.
\end_layout

\begin_layout Standard
stratisd implements the D-Bus interface, and manages and monitors Stratis
 internal pool blockdevs, as described below.
 It is started by the system and continues to run as long as Stratis pools
 or blockdevs are present in the system.
\end_layout

\begin_layout Standard
stratisd includes a simulator engine.
 The simulator engine is purely computational and does not affect the environmen
t, although it does communicate over the D-Bus.
\end_layout

\begin_layout Standard
Figure 
\begin_inset CommandInset ref
LatexCommand ref
reference "fig:stratis"
plural "false"
caps "false"
noprefix "false"

\end_inset

 shows the basic Stratis architecture.
\end_layout

\begin_layout Standard
\begin_inset Float figure
wide false
sideways false
status collapsed

\begin_layout Plain Layout
\begin_inset Graphics
	filename stratis.svg
	scale 50

\end_inset


\end_layout

\begin_layout Plain Layout
\begin_inset Caption Standard

\begin_layout Plain Layout
Stratis Architecture
\end_layout

\end_inset


\begin_inset CommandInset label
LatexCommand label
name "fig:stratis"

\end_inset


\end_layout

\begin_layout Plain Layout

\end_layout

\end_inset


\end_layout

\begin_layout Section
User Experience
\end_layout

\begin_layout Standard
Stratis has a command-line tool that enables the administrator to create
 a Stratis pool from one or more blockdevs, and then allocate filesystems
 from the pool.
\end_layout

\begin_layout Standard
See reference implementation at 
\begin_inset Flex URL
status collapsed

\begin_layout Plain Layout

https://github.com/stratis-storage/stratis-cli
\end_layout

\end_inset

 for the most up-to-date status of the CLI design.
\end_layout

\begin_layout Standard
This component is not required to be installed, in cases such as an appliance
 where a higher-level application such as Cockpit or Ansible uses the D-Bus
 API directly.
\end_layout

\begin_layout Subsection
Known shortcomings
\end_layout

\begin_layout Standard
Stratis' goal is to hide the complexity of its implementation from the user,
 but by using a reuse/layering approach to its implementation, there will
 be places where Stratis' implementation details will peek through.
 This could cause user confusion, and also could threaten Stratis integrity
 if the user makes changes.
\end_layout

\begin_layout Itemize
For Stratis filesystems, 'df' will report the current used and free sizes
 as seen and reported by XFS.
 This is not useful information, because the filesystem's actual storage
 usage will be less due to thin provisioning, and also because Stratis will
 automatically grow the filesystem if it nears XFS's currently sized capacity.
\end_layout

\begin_layout Itemize
Users should not try to reformat or reconfigure XFS filesystems that are
 managed by Stratis.
 Stratis has no way to enforce this or warn the user to avoid this, other
 than in the documentation.
\end_layout

\begin_layout Itemize
Stratis will use many device-mapper devices, which will show up in `dmsetup`
 listings and /proc/partitions.
 Similarly, `lsblk` output on a Stratis system will reflect Stratis' internal
 workings and layers.
\end_layout

\begin_layout Itemize
Stratis requires a userspace daemon, which must remain running at all times
 for proper monitoring and pool maintenance.
\end_layout

\begin_layout Section
D-Bus Programmatic API
\end_layout

\begin_layout Standard
The Stratis service process exposes a D-Bus interface, for other programs
 to integrate support for Stratis.
 This is considered the primary Stratis interface.
 The command-line tool uses the D-Bus API.
\end_layout

\begin_layout Subsection
Overview
\end_layout

\begin_layout Standard
The D-Bus API is part of stratisd.
 It is a thin layer that receives messages on the D-Bus, processes them,
 transmits them to the Stratis engine, receives the results from the engine,
 and returns the result to the invoker of the API.
 When processing method calls, its responsibilities are confined to:
\end_layout

\begin_layout Itemize
Receiving arguments and verifying that they conform to the signature of
 the invoked method.
\end_layout

\begin_layout Itemize
Transforming method arguments received on the D-Bus to arguments of the
 appropriate type to be passed to engine methods.
\end_layout

\begin_layout Itemize
Converting tuple arguments used to represent non-mandatory arguments to
 values which inhabit the Rust Option type.
\end_layout

\begin_layout Itemize
Invoking the appropriate engine methods and capturing their return values.
\end_layout

\begin_layout Itemize
Marshalling the appropriate return values to place on the D-Bus along with
 the return code and message.
\end_layout

\begin_layout Itemize
Adding or removing objects from the D-Bus tree.
\end_layout

\begin_layout Standard
The D-Bus API is implemented using the dbus-rs library
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
\begin_inset Flex URL
status collapsed

\begin_layout Plain Layout

https://github.com/diwic/dbus-rs
\end_layout

\end_inset


\end_layout

\end_inset

.
\end_layout

\begin_layout Standard
The Stratisd D-Bus API Reference Manual contains a description of the API.
\end_layout

\begin_layout Subsection
D-Bus Access Control
\end_layout

\begin_layout Subsubsection
Security Policy
\end_layout

\begin_layout Standard
Most stratisd D-Bus methods require root permissions.
 However, listing operations do not; these can be done by an unprivileged
 user.
 The default permissions are specified in the policy file, stratisd.conf,
 included in the stratisd distribution.
 These defaults permit all actions by root users but restrict unprivileged
 users to read-only actions.
 Systems administrators can adjust permissions by editing the stratisd D-Bus
 policy files.
\end_layout

\begin_layout Subsection
Querying stratisd state via D-Bus
\end_layout

\begin_layout Standard
stratisd exposes a reporting interface that allows users to query the state
 of stratisd's internal data structures for debugging and error reporting.
 The D-Bus query returns a JSON string that can be parsed to detect state
 programmatically; however, the report interface is unstable, and consequently
 the names and schemas of provided reports do not follow the semantic versioning
 rules to which the rest of stratisd's API conforms.
\end_layout

\begin_layout Section
JSON RPC IPC mechanism
\end_layout

\begin_layout Subsection
Overview
\end_layout

\begin_layout Standard
Due to restrictions in the initramfs where D-Bus is not currently present,
 there is an alternate mechanism for IPC in the initramfs.
 This IPC mechanism implements a JSON RPC framework passed over Unix sockets.
 The motivation for using Unix sockets is that:
\end_layout

\begin_layout Enumerate
They are available in the initramfs as a form of IPC
\end_layout

\begin_layout Enumerate
They allow passing file descriptors from process to process in the same
 network packet as the JSON
\end_layout

\begin_layout Standard
The JSON RPC IPC mechanism uses the exact same code for the stratisd storage
 engine and is simply a thin layer that handles all of the network operations
 and input parsing to provide arguments to the engine.
 The initramfs IPC API is more limited than that of the D-Bus API and is
 not versioned for backwards compatibility given that it is expected that
 the corresponding CLI will be used to communicate with the minimal daemon.
\end_layout

\begin_layout Section
Internals
\end_layout

\begin_layout Standard
Stratis internals aim to be opaque to the user.
 This allows its implementation maximum flexibility to do whatever it needs
 in Stratis version 1, as well as to be extended in later versions without
 violating any user-visible expectations.
\end_layout

\begin_layout Subsection
Data Tier Requirements
\end_layout

\begin_layout Standard
The data tier of Stratis must manage blockdevs on behalf of the user to
 provide the following:
\end_layout

\begin_layout Enumerate
Managed filesystems that consume only as much space as the files they contain
\end_layout

\begin_layout Enumerate
Fast snapshots of existing filesystems
\end_layout

\begin_layout Enumerate
The ability to add individual blockdevs to grow the physical space available
 to filesystems
\end_layout

\begin_layout Enumerate
Encryption
\end_layout

\begin_layout Subsection
Data Tier
\end_layout

\begin_layout Standard
The data tier achieves these requirements by layering device-mapper (DM)
 devices on top of the pool's blockdevs.
 The topmost layer consists of thin devices allocated from a thinpool.
 Stratis initializes these thin devices with a filesystem, and manages the
 DM devices and filesystems to meet the above requirements.
\end_layout

\begin_layout Subsubsection
Blockdevs
\end_layout

\begin_layout Standard
This layer is responsible for discovering existing blockdevs in a pool,
 initializing and labeling new blockdevs unambiguously as part of the pool,
 setting up any disk-specific parameters, and storing pool metadata on each
 blockdev.
 The minimum blockdev size Stratis will accept is 1 GiB.
 Blockdevs may be encrypted or unencrypted.
 See 
\begin_inset CommandInset ref
LatexCommand ref
reference "subsec:Encryption"
plural "false"
caps "false"
noprefix "false"

\end_inset

 for details on the implementation of encryption.
\end_layout

\begin_layout Subsubsection
Flex
\end_layout

\begin_layout Standard
Pools need to cope with the addition of block devices.
\end_layout

\begin_layout Standard
Stratis allows adding a blockdev to an existing pool, and using it to grow
 the pool's allocated space.
\end_layout

\begin_layout Standard
The flexibility layer contains four linear DM devices made up of segments
 from lower-level devices.
 The first two devices will be used by Layer 4 (Thin Provisioning) as metadata
 and data devices.
 The flex layer will track what lower-level devices these are allocated
 from, and allow the two devices to grow as needed.
\end_layout

\begin_layout Standard
The third linear DM device is a spare metadata device to be used in the
 case that the metadata device requires offline repair.
 It will not usually be instantiated on the system, but guarantees there
 is room if needed.
 This device's size tracks the size of the metadata device, both as initially
 allocated, and as the metadata device is extended.
\end_layout

\begin_layout Standard
The fourth and final linear DM device is used for the Metadata Volume (MDV,
 see 
\begin_inset CommandInset ref
LatexCommand ref
reference "subsec:Metadata-Volume-(MDV)"

\end_inset

).
 The MDV is used to store metadata about upper layers, layer five and above.
\end_layout

\begin_layout Standard
The initial sizes of all flex layer devices should be chosen to allow an
 entire pool to fit within a single blockdev of the minimum size (1 GiB).
\end_layout

\begin_layout Subsubsection
Thin Provisioning
\end_layout

\begin_layout Standard
The two linear targets from L3 are used as a metadata device and data device
 for a DM thinpool device.
 The thinpool device implements a copy-on-write (CoW) algorithm, so that
 blocks in the data device are only allocated as needed to back the thin
 volumes created from the thinpool.
\end_layout

\begin_layout Standard
Stratis manages the thinpool device by extending the two subdevices in the
 thinpool when either runs low on available blocks.
 If the pool approaches a point where it no longer has empty lower-level
 space to extend onto, Stratis alerts the user and takes action to avoid
 data corruption.
\end_layout

\begin_layout Subsubsection
Thin Volumes
\end_layout

\begin_layout Standard
Stratis creates thin volumes from the thin pool.
 It will automatically give a new volume a default size, format it with
 a filesystem, and make it available to the user.
\end_layout

\begin_layout Standard
Stratis also enables creating a new volume as a read/write snapshot of an
 existing volume.
 Although the underlying implementation does not require maintaining the
 relation between a snapshot and its origin, Stratis records this relation
 in its metadata.
 This relation may be of use to users who may, for example, use snapshots
 for backups and may make use of the origin information to identify a particular
 backup snapshot to restore from.
\end_layout

\begin_layout Subsubsection
Filesystem
\end_layout

\begin_layout Standard
Stratis monitors each filesystem’s usage against its capacity and automatically
 extends them online without user intervention.
 Extending involves changing the thin dev's logical size, and then using
 a tool such as xfs_growfs to grow the filesystem.
\end_layout

\begin_layout Subsection
Data Tier Metadata
\end_layout

\begin_layout Standard
Stratis must track the blockdevs that make up the data tier of the pool,
 the three linear targets that span the block devices, the thinpool device
 and the attributes of the thin devices and filesystems created from the
 thinpool.
\end_layout

\begin_layout Subsubsection
Requirements
\end_layout

\begin_layout Enumerate
Uniquely identify a blockdev as used by Stratis, which pool it is a member
 of, and parameters needed to recreate all layers
\end_layout

\begin_layout Enumerate
Detect incomplete or corrupted metadata and recover via second copy
\end_layout

\begin_layout Enumerate
Allow for blockdevs being expanded underneath Stratis
\end_layout

\begin_layout Enumerate
Redundant on each blockdev to tolerate unreadable sectors
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
Recovery from accidental start-of-blockdev overwrite by placing a second
 copy at the end of the disk was also considered, but raised other issues
 that outweighed its benefit.
\end_layout

\end_inset


\end_layout

\begin_layout Enumerate
Redundant across blockdevs to handle missing or damaged members.
 Can provide metadata of missing blockdevs
\end_layout

\begin_layout Enumerate
Handle thousand+ blockdevs in a pool
\end_layout

\begin_layout Enumerate
Handle million+ filesystems in a pool and updates without writing to each
 blockdev
\end_layout

\begin_layout Enumerate
Extensible/upgradable metadata format
\end_layout

\begin_layout Subsubsection
Conventions
\end_layout

\begin_layout Standard
Sectors are 512 bytes in length
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
Historically this is the minimum storage unit of a hard drive.
 Many Linux kernel APIs assume this value is constant (as does this document),
 and use another term such as 'block size' for dealing with cases where
 the minimum storage unit is different.
\end_layout

\end_inset

.
\end_layout

\begin_layout Standard
UUIDs are written as un-hyphenated ASCII encodings of their lower-case hexadecim
al representation
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
UUIDs are 128-bit values and therefore require only 16 bytes to represent
 their numeric value.
 However, since each ASCII value requires a byte, and the hexadecimal representa
tion of an 128-bit value requires 32 hexadecimal digits, the chosen encoding
 requires 32 bytes.
\end_layout

\end_inset

 except in JSON-formatted metadata where they are unhyphenated.
\end_layout

\begin_layout Standard
All checksums are calculated using an implementation of the CRC-32C (Castagnoli)
 algorithm.
\end_layout

\begin_layout Subsubsection
Design Overview
\end_layout

\begin_layout Standard
Stratis metadata is in three places:
\end_layout

\begin_layout Enumerate
Blockdev Data Area (BDA)
\end_layout

\begin_deeper
\begin_layout Enumerate
Signature Block within Static Header
\end_layout

\begin_layout Enumerate
Metadata Area (MDA)
\end_layout

\end_deeper
\begin_layout Enumerate
Metadata Volume (MDV)
\end_layout

\begin_layout Standard
(Specific DM targets such as the thinpool also place their own metadata
 on disk.)
\end_layout

\begin_layout Standard
Information is duplicated across all blockdevs within an on-disk metadata
 format called the Blockdev Data Area (BDA).
 The BDA consists of a binary Signature Block, and the Metadata Area (MDA),
 which stores information in a text-based JSON format.
 Both the binary and text-based portions of the BDA define redundancy and
 integrity-checking measures.
\end_layout

\begin_layout Standard
The Metadata Volume (MDV) stores metadata on Layers 5 and up in a conventional
 block device and filesystem that is part of the Flex layer.
 Choosing to split overall metadata storage into two schemes allows upper
 layers' metadata to be free of limitations that would apply if a single
 scheme was used.
 For example, on-disk metadata formats find it hard to support runtime size
 extension, may keep redundant copies to ensure reliability, and aggressively
 check for corruption.
 This can work well with small amounts of data that is infrequently changed,
 but has trouble as data grows, or we wish to do updates in-place.
\end_layout

\begin_layout Standard
Upper-level metadata can achieve redundancy and integrity by building on
 the pre-existing lower layers, and work under looser restrictions around
 updating in place, and the total size to which it may grow.
 It can reuse an existing, well-tested solution for solving data organization
 and storage issues – a general-purpose filesystem.
\end_layout

\begin_layout Subsubsection
BlockDev Data Area (BDA)
\end_layout

\begin_layout Standard
\begin_inset Float figure
placement H
wide false
sideways false
status collapsed

\begin_layout Plain Layout
\begin_inset Graphics
	filename stratis-bda.svg
	scale 50

\end_inset


\begin_inset Caption Standard

\begin_layout Plain Layout
BDA format
\end_layout

\end_inset


\end_layout

\end_inset


\end_layout

\begin_layout Standard
The BDA consists of a fixed-length Static Header of sixteen sectors, which
 contains two copies of the Signature Block; and the metadata area (MDA),
 whose length is specified in the Signature Block.
 These are written to the beginning of the blockdev as described below.
\end_layout

\begin_layout Standard
Stratis reserves the first 16 sectors of each blockdev for the Static Header.
 When initializing or modifying the Signature Block, identical data is written
 to locations 1 and 2.
\end_layout

\begin_layout Standard

\emph on
Static Header
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="6" columns="3">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
sector offset
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
length (sectors)
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
contents
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
0
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
unused
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Signature Block location 1
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
2
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
7
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
unused
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
9
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Signature Block location 2
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
10
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
6
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
unused
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Standard

\emph on
Signature Block
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="13" columns="3">
<features tabularvalignment="middle">
<column alignment="center" valignment="top" width="0pt">
<column alignment="center" valignment="top" width="0pt">
<column alignment="left" valignment="top" width="60col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
byte offset
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
length (bytes)
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
0
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
checksum of signature block (bytes at offset 4 length 508)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
16
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Stratis signature: '!Stra0tis
\backslash
x86
\backslash
xff
\backslash
x02^
\backslash
x41rh'
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
20
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Device size in 512-byte sectors (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
28
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Signature Block version (u8) (value = 1)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
29
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
3
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
unused
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
32
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
32
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
UUID of the Stratis pool
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
64
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
32
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
UUID of the blockdev
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
96
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
sector length of blockdev metadata area (MDA) (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
104
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
sector length of reserved space (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
112
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
flags (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
120
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
initialization time: UNIX timestamp (seconds since Jan 1 1970) using UTC
 (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
128
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
384
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
unused
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Itemize
No flags are yet defined, so 'flags' field is zeroed.
\end_layout

\begin_layout Itemize
All 'unused' fields are zeroed, and are reserved for future use.
\end_layout

\begin_layout Itemize
If not zero, blockdev metadata area length (offset 96) must be a number
 divisible by four of at least 2032.
\end_layout

\begin_layout Itemize
The BDA is followed immediately by 
\emph on
reserved space
\emph default
, whose size is specified in the signature block (offset 104).
\end_layout

\begin_layout Itemize
Minimum length of BDA (static header and MDA) plus Reserved Space is 2048
 sectors (1 MiB).
\end_layout

\begin_layout Itemize
When a blockdev is removed from a pool, or is part of a pool that is destroyed,
 Stratis wipes the Static Header.
\end_layout

\begin_layout Itemize
The purpose of the unused sectors is twofold.
 First, placing the Signature Block copy locations in two separate 4K blocks
 helps to prevent a single bad write operation on 4K-block disks from corrupting
 both copies.
 Second, using a single sector for the Signature Block helps to minimize
 the likelihood of corruption on disks with 512 byte blocks.
\end_layout

\begin_layout Itemize
Each time that Stratis writes one or both Signature Block locations, it
 also zeroes the unused sectors that share the same 4K block.
\end_layout

\begin_layout Standard
The MDA is divided into four equal-size regions, numbered 0-3.
 When updating metadata, identical data is written to either the odd (1
 and 3) or even (0 and 2) regions, chosen by examining the timestamps and
 overwriting the older of two pairs.
\end_layout

\begin_layout Standard
Each MDA region's update consists of a fixed-length MDA Region Header, followed
 by variable-length JSON data.
\end_layout

\begin_layout Standard

\emph on
MDA Region Header
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="10" columns="3">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="left" valignment="top" width="60col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
byte offset
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
length (bytes)
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
0
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
checksum covering remainder of MDA header
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
checksum covering JSON data
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
length of JSON data in bytes (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
16
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
8
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
UNIX timestamp (seconds since Jan 1 1970) using UTC (u64)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
24
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
nanoseconds (u32)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
28
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Region Header version (u8) (value = 1)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
29
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Variable-length metadata version (u8) (value = 1)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
30
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
2
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
unused
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
32
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
variable
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON data
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Itemize
Metadata updates write to the older of the odd or even MDA regions.
 This is determined by lowest timestamp, and then lowest nanoseconds if
 timestamps are equal.
\end_layout

\begin_layout Itemize
MDA updates include the MDA Header, which includes the current time.
 However, if using the current time would not result in the update having
 the latest time across all MDA regions on all blockdevs in the pool, instead
 use a time of one nanosecond later than the latest MDA region time across
 all blockdevs.
\end_layout

\begin_layout Itemize
The procedure for updating metadata is:
\end_layout

\begin_deeper
\begin_layout Enumerate
Determine which regions in the MDA to use (odd or even) as described above.
\end_layout

\begin_layout Enumerate
Write MDA header and JSON data to the first MDA region (0 or 1)
\end_layout

\begin_layout Enumerate
Perform a Flush/FUA
\end_layout

\begin_layout Enumerate
Write MDA header and JSON data to the second MDA region (2 or 3)
\end_layout

\begin_layout Enumerate
Perform a Flush/FUA
\end_layout

\begin_layout Enumerate
Repeat for additional blockdevs.
 Also see 
\begin_inset CommandInset ref
LatexCommand ref
reference "subsec:The-MDA-and"

\end_inset


\end_layout

\end_deeper
\begin_layout Itemize
Multiple blockdevs being updated with the same metadata must write identical
 data to each MDA region, but which regions (odd or even) is used may vary,
 if the blockdevs have received differing numbers of metadata updates over
 time.
\end_layout

\begin_layout Subsubsection
Metadata Area (MDA)
\end_layout

\begin_layout Standard
The MDA contains a JSON object that represents the pool's overall configuration
 from L0 to L4.
\end_layout

\begin_layout Description
Top
\begin_inset space \space{}
\end_inset

level
\begin_inset space \space{}
\end_inset

objects:
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="6" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="45col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
name
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
string
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the name of the pool
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
backstore
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the block devices in the pool
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
flex_devs
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
layout of the data and metadata linear devices
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
thinpool_dev
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
parameters of the thinpool device
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
started
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
boolean
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
as of stratisd 3.2.0
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
indicates whether a pool is started or stopped
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
backstore: An object describing the data tier and the cache tier.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="4" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="45col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
data_tier
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the block devices in the data tier
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
cap
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the cap device, from which segments are allocated to the flex layer
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
cache_tier
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
n
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the block devices in the cache tier
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
data_tier: An object describing the data tier.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="2" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="45col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
blockdev
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
object
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Settings and mappings describing block devices that make up the tier
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
blockdev: An object describing physical block devices that make up the tier.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="3" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="50col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
devs
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of 
\series bold
base_block_dev
\series default
 objects
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
allocs
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of arrays of 
\series bold
base_dev
\series default
 objects
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
base_dev: An object describing an allocation from a block device.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="4" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="50col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
parent
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
string
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
UUID of the device the segment is created from
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
start
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
integer
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the starting sector offset within the parent device
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
length
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
integer
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the length in sectors of the segment
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
base_block_dev: An object describing a block device in the lowest layer.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="4" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="50col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
uuid
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
string
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
The UUID of the block device, as recorded in its Signature Block
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
user_info
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
string
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
n
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
user-provided information for tracking the device
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
hardware_info
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
string
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
n
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
uniquely identifying information for the blockdev, such as SCSI VPD83 or
 serial number
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
cap: An object describing a view of the top-level linear device provided
 by the backstore to the flex layer.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="2" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="45col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
allocs
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of pairs of integers representing the starting offset and length
 of an allocation in sectors
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
cache_tier: An object describing the cache tier.
 Identical format to 
\series bold
data_tier
\series default
 except VDO layer is not supported.
\end_layout

\begin_layout Description
flex_devs: An object with four keys that define the linear segments that
 make up each device in the Flex layer.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="5" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="55col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
meta_dev
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of pairs of integers representing the starting offset and length
 of an allocation in sectors that make up the metadata volume (MDV)
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
thin_meta_dev
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of pairs of integers representing the starting offset and length
 of an allocation in sectors that make up the thin metadata device
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
thin_meta_dev_spare
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of pairs of integers representing the starting offset and length
 of an allocation in sectors that make up the thin metadata spare device
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
thin_data_dev
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
an array of pairs of integers representing the starting offset and length
 of an allocation in sectors that make up the thin data device
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Description
thinpool_dev: An object that defines properties of the thinpool device.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="5" columns="4">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="40col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
key
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
JSON type
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
data_block_size
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
integer
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the size in sectors of the thinpool data block
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
feature_args
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
array
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
since stratisd 3.1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the feature args passed to the thin pool on setup
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
fs_limit
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
integer
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
since stratisd 3.1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
the maximum number of filesystems able to be created in this pool
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
enable_overprov
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
boolean
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
since stratisd 3.1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
indicates whether overprovisioning is allowed on this pool
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Subsubsection
\begin_inset CommandInset label
LatexCommand label
name "subsec:Metadata-Volume-(MDV)"

\end_inset

Metadata Volume (MDV)
\end_layout

\begin_layout Standard
The Metadata Volume is formatted with an XFS filesystem that is used by
 Stratis to store information on user-created thin filesystems (L5-L7).
 This information is stored in the filesystem as individual JSON files.
\end_layout

\begin_layout Subsubsection
\begin_inset CommandInset label
LatexCommand label
name "subsec:The-MDA-and"

\end_inset

The MDA and Very Large Pools
\end_layout

\begin_layout Standard
Stratis pools with very large numbers of blockdevs will encounter two issues.
 First, updating the metadata on all blockdevs in the pool may become a
 performance bottleneck.
 Second, the default MDA size may become inadequate to contain the information
 required.
\end_layout

\begin_layout Standard
To solve the first issue, Stratis caps the number of blockdevs that receive
 updated metadata information.
 A reasonable value for this cap might be in the range of 6 to 10, and should
 try to spread metadata updates across path-independent blockdevs, if this
 can be discerned, or randomly.
 This limits excessive I/O when blockdevs are added or removed from the
 pool, but maximizes the likelihood that up-to-date pool metadata is retrievable
 in case of failure.
\end_layout

\begin_layout Standard
To solve the second issue, Stratis monitors how large its most recent serialized
 metadata updates are, and increases the size of MDA areas on newly added
 devices when a fairly low threshold – %50 – is reached in comparison to
 the available MDA region size.
 This ensures that by the time sufficient blockdevs have been added to the
 pool to be in danger of serialized JSON data being too large, there are
 enough blockdevs with enlarged MDA space that they can be used for MDA
 writes.
\end_layout

\begin_layout Subsubsection
Metadata and Recovery
\end_layout

\begin_layout Standard
Bad things happen.
\end_layout

\begin_layout Standard
In order to recover from disk errors, Stratis uses checksums over the critical
 metadata, and writes duplicate copies to a single blockdev, as well as
 across multiple blockdevs, when possible.
 It takes this approach – copies – rather than a mechanism that might make
 it possible to partially repair corrupted metadata for three reasons:
\end_layout

\begin_layout Enumerate
This metadata is relatively small.
\end_layout

\begin_layout Enumerate
Partially reconstructed information has limited value.
 This is due to the layered nature of Stratis.
 It's not sufficient to know some subset of the device mapping levels.
 Since they are layered, recovering only some layouts allows no data to
 be recovered without also knowing how others are mapped on top, and vice
 versa.
\end_layout

\begin_layout Enumerate
Stratis metadata on the block devices should require relatively few updates
 per day, since the changes it would reflect are blockdevs being added to
 the pool, or thinpool data device expansions.
 Infrequent updates reduces the likelihood of corruption
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
citation needed?
\end_layout

\end_inset

.
\end_layout

\begin_layout Standard
Filesystem metadata is stored on the Metadata Volume on an XFS filesystem.
 Partial data recovery of that information is possible.
\end_layout

\begin_layout Standard
In addition to Stratis-specific metadata, device-mapper layers such as thin,
 as well as XFS filesystems, all have their own metadata.
 Stratis would rely on running each of their specific repair/fsck tools
 in case they reported errors.
\end_layout

\begin_layout Subsection
Cache Tier
\begin_inset CommandInset label
LatexCommand label
name "subsec:Cache-Tier"

\end_inset


\end_layout

\begin_layout Standard
The Cache Tier is a secondary optional stack that, if present, serves as
 a cache for the DataTier.
 If present, the Cache Tier sits directly underneath the Flex Layer.
 Its structure is similar to the lower levels of the Data Tier.
\end_layout

\begin_layout Subsubsection
Requirements
\end_layout

\begin_layout Enumerate
Caching may be configured for write-back and write-through modes.
\end_layout

\begin_layout Enumerate
Stratis concatenates all cache blockdevs and uses the resulting device to
 cache the thinpool device.
 This lets all filesystems benefit from the cache.
\end_layout

\begin_layout Enumerate
Cache blocksize should match thinpool datablock size.
\end_layout

\begin_layout Enumerate
Removing cache tier comes with performance hit and “rewarming” phase 
\end_layout

\begin_layout Subsubsection
Cache Tier Metadata
\end_layout

\begin_layout Paragraph
Cache Tier Metadata Requirements
\end_layout

\begin_layout Enumerate
Identify all blockdevs that are part of the pool's cache tier and other
 cache-specific configuration parameters (e.g.
 WT/WB, block size, cache policy)
\end_layout

\begin_layout Enumerate
Cache tier supports up to 8 devices.
\end_layout

\begin_layout Subsection
\begin_inset CommandInset label
LatexCommand label
name "subsec:Encryption"

\end_inset

Encryption
\end_layout

\begin_layout Standard
stratisd encrypts devices at the blockdev level.
 If Stratis devices are encrypted, the following conditions will hold:
\end_layout

\begin_layout Itemize
Each blockdev will be encrypted with a distinct and randomly generated MEK
 (Media Encryption Key).
\end_layout

\begin_layout Itemize
All blockdevs in a pool will be encrypted, or all blockdevs in a pool will
 be unencrypted.
 Stratis will support mixed usage for pools, where some pools are encrypted
 and others are not.
\end_layout

\begin_layout Itemize
A distinct passphrase (used to generate the KEK or Key Encryption Key) will
 be supported for each pool, although it will be possible to use the same
 passphrase for every pool, if desired.
\end_layout

\begin_layout Itemize
The user will be required to choose whether or not a pool is encrypted at
 pool creation time and must identify their choice by an additional argument
 in the CLI's 
\begin_inset Quotes eld
\end_inset

pool create
\begin_inset Quotes erd
\end_inset

 command.
 Encryption of an already existing pool will not be supported.
\end_layout

\begin_layout Itemize
Re-encryption will not be supported initially; this functionality will be
 considered and added in a later step.
\end_layout

\begin_layout Itemize
If a pool was encrypted on creation, then all blockdevs added to the data
 tier will be automatically encrypted with a randomly generated MEK and
 the pool's designated KEK.
\end_layout

\begin_layout Itemize
On any encrypted blockdev, the Stratis metadata will itself be encrypted;
 it will be inaccessible until the encrypted blockdev is opened.
\end_layout

\begin_layout Itemize
The use of a cache tier and of encryption will be mutually exclusive.
 If a pool is encrypted, an attempt to add a blockdev to the cache tier
 will be rejected.
\end_layout

\begin_layout Itemize
The default cipher specified by cryptsetup 2.1, 
\family typewriter
aes-xts-plain64
\family default
, is used to encrypt all encrypted devices.
 The MEK is 512 bits.
\end_layout

\begin_layout Standard
The above conditions require an implementation which makes use of the LUKS2
 header.
 In particular, for a blockdev to be decrypted with its pool-specific KEK,
 it will be necessary to include information within the device header which
 allows the device to be identified as belonging to a particular Stratis
 pool.
 The LUKS2 header includes support for LUKS tokens, which will allow stratisd
 to identify the pool to which a device belongs; the LUKS1 header does not.
\end_layout

\begin_layout Subsection
Block Device Characteristic Requirements (stratisd 3.4.0)
\end_layout

\begin_layout Standard
stratisd endeavors to enforce sufficient consistency in the characteristics
 of the block devices that make up a pool to ensure continuous proper operation
 of Stratis pools.
\end_layout

\begin_layout Standard
At present, stratisd takes into account the physical and the logical sector
 size of a block device, i.e, those values obtained by the BLKBPSZGET and
 the BLKSSZGET ioctls.
 stratisd's requirements for creating new pools or pool caches or for adding
 block devices to an existing pool or its cache are quite stringent.
 It follows a more relaxed policy with pre-existing pools or caches.
\end_layout

\begin_layout Subsubsection
Pre-existing pools and caches
\end_layout

\begin_layout Standard
With existing pools stratisd makes use of a rule intended to guard against
 changes in the logical and physical sector size presented by the cap device
 to the layers above.
 stratisd may automatically extend the cap device to accommodate pool usage.
 If the cap device is extended to make use of a block device which has a
 larger logical or physical sector size than the devices that it was using
 previously, the sector sizes exported by the cap device will change to
 the larger size.
 This can have the unfortunate effect of making XFS filesystems previously
 created above the cap device unmountable.
 To prevent this situation, stratisd enforces the following rule: If the
 cap device can be extended so that its logical or physical sector size
 could change, stratisd places the pool in 
\begin_inset Quotes eld
\end_inset

no_pool_changes
\begin_inset Quotes erd
\end_inset

 mode and logs a warning encouraging the user to migrate their data to a
 new pool.
 A pool in 
\begin_inset Quotes eld
\end_inset

no_pool_changes
\begin_inset Quotes erd
\end_inset

 mode can not take any action, including auto-extending.
\end_layout

\begin_layout Standard
With regard to existing pool caches, the danger of dynamically changing
 sector sizes does not exist.
 stratisd always makes use of all the block devices belonging to the cache
 when forming its cache device, so there is no check necessary for existing
 cache devices.
\end_layout

\begin_layout Subsubsection
Newly created pools and caches
\end_layout

\begin_layout Standard
If the user wishes to create a new pool or a new cache it is required that
 all the block devices specified at creation have the same logical and physical
 sector size.
\end_layout

\begin_layout Subsubsection
Adding block devices to an existing pool or to its cache
\end_layout

\begin_layout Standard
It is not possible to perform any operations on a pool that is in 
\begin_inset Quotes eld
\end_inset

no_pool_changes
\begin_inset Quotes erd
\end_inset

 mode, so it is not possible to add additional devices to such a pool's
 data or cache tier.
\end_layout

\begin_layout Standard
As a consequence of this rule, it can be assumed that all pools to which
 devices are being added can be assumed to have certain properties.
 In particular, both the data tier and the cache tier have achieved their
 
\begin_inset Flex Emph
status collapsed

\begin_layout Plain Layout
terminal sector sizes
\end_layout

\end_inset

.
 These are the respective sector sizes that the cap device would have if
 it were extended across all block devices that belong to the data tier
 and is the maximum of the respective sector sizes of all the individual
 block devices in the data tier.
 Since the cache always makes use of all its devices, it achieves its terminal
 sector sizes when constructed.
\end_layout

\begin_layout Standard
Taking these facts into account, the following rule is used when initializing
 a cache:
\end_layout

\begin_layout Enumerate
all the block devices specified for the cache must have the same logical
 and physical sector size.
\end_layout

\begin_layout Enumerate
the logical sector size of all the devices specified for the cache must
 be the same as the terminal logical sector size of the data tier.
\end_layout

\begin_layout Standard
and the following rule when adding devices to either the data or cache tier:
\end_layout

\begin_layout Enumerate
all the block devices specified must have the same logical and physical
 sector size
\end_layout

\begin_layout Enumerate
both sector sizes of all the devices specified must be the same as the respectiv
e terminal sector sizes of that tier
\end_layout

\begin_layout Subsubsection
Notes
\end_layout

\begin_layout Standard
Because stratisd must support pools that were previously created without
 the restrictions of uniform logical and physical sector size that stratisd
 began imposing in the 3.4.0 release, these rules do not guarantee total uniformit
y of either physical or logical sector size in the devices that make up
 a pool or a cache.
 They guarantee only that the devices that extend the data or cache tier
 after stratisd 3.4.0 will all have the same logical and physical sector size.
\end_layout

\begin_layout Section
Implementation Details
\end_layout

\begin_layout Subsection
'stratis' command-line tool
\end_layout

\begin_layout Standard
Stratis' command-line tool is written in Python.
 Since it is only used after the system is booted by the adminstrator, Python's
 interpreted nature and overhead is not a concern.
\end_layout

\begin_layout Subsection
stratisd
\end_layout

\begin_layout Standard
Stratisd needs to be implemented in a compiled language, in order to meet
 the requirement that it operate in a preboot environment.
 A small runtime memory footprint is also important.
\end_layout

\begin_layout Standard
stratisd is written in 
\begin_inset CommandInset href
LatexCommand href
name "Rust"
target "https://www.rust-lang.org/en-US/"
literal "false"

\end_inset

.
 The key features of Rust that make it a good choice for stratisd are:
\end_layout

\begin_layout Itemize
Compiled with minimal runtime (no GC)
\end_layout

\begin_layout Itemize
Memory safety, speed, and concurrency
\end_layout

\begin_layout Itemize
Strong stdlib, including collections
\end_layout

\begin_layout Itemize
Error handling
\end_layout

\begin_layout Itemize
Libraries available for D-Bus, devicemapper, and JSON serialization
\end_layout

\begin_layout Itemize
FFI to C libs if needed
\end_layout

\begin_layout Itemize
Will be available on RHEL 8 in delivery timeframe; currently packaged in
 Fedora
\end_layout

\begin_layout Standard
Other alternatives considered were C and C++.
 Rust was preferred over them for increased memory safety and productivity
 reasons.
\end_layout

\begin_layout Subsection
devicemapper names
\end_layout

\begin_layout Standard
If stratisd terminates unexpectedly and is restarted, it needs to rebuild
 its knowledge of the running system.
 This includes not only re-enumerating blockdevs to find Stratis pool members,
 but also determining the current state of the devicemapper targets that
 make up pools.
 A restarting stratisd needs to handle if none, some, or all of the expected
 DM devices are present, and if present DM devices are working correctly,
 or in an error state.
\end_layout

\begin_layout Standard
To these ends, Stratis uses consistent naming for devicemapper targets.
 This lets stratisd more easily determine if DM devices already exist, and
 avoids leaking old DM mappings.
\end_layout

\begin_layout Subsubsection
Naming convention Requirements
\end_layout

\begin_layout Itemize
Globally unique
\end_layout

\begin_layout Itemize
Maximum 127 characters
\end_layout

\begin_layout Itemize
Differentiate between Stratis and other DM devices
\end_layout

\begin_layout Itemize
Forward-compatible to allow Stratisd updates
\end_layout

\begin_layout Itemize
Human-readable
\end_layout

\begin_layout Itemize
Easily parsable
\end_layout

\begin_layout Subsubsection
Naming Convention
\end_layout

\begin_layout Standard
Stratis DM names consist of five required and two optional parts, separated
 by a '-'.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="8" columns="5">
<features tabularvalignment="middle">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top">
<column alignment="center" valignment="top" width="10col%">
<column alignment="center" valignment="top" width="60col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Part
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Name
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Max length
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Required
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
stratis-id
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
7
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Universal DM differentiator: 'stratis'
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
2
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
format-version
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
1
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Naming convention version: '1'
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
3
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
private
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
7
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
n
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Optional indicator 'private'
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
4
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
pool-id or dev-id
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
32
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
ASCII hex UUID of the associated pool or, in the case of encryption, the
 block device
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
5
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
layer-name
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
16
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Name of the Stratis layer this device is in
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
6
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
layer-role
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
16
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
y
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Name of the role of the device within the layer
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
7
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
role-unique-id
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
40
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
n
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Role-specific unique differentiator between multiple devices within the
 layer with the same role
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Itemize
The maximum length (adding 6 '-'s as separator) is 125, to stay within the
 DM name limit of 127 characters.
\end_layout

\begin_layout Itemize
\begin_inset Quotes eld
\end_inset

private
\begin_inset Quotes erd
\end_inset

 is included in names for DM devices that are internal and that should be
 excluded from content scanning by tools such as blkid.
\end_layout

\begin_layout Itemize
Characters for each part are drawn solely from the character classes '[a-z]'
 and '[0-9]' except that part 7 may also use the '-' character.
 These restrictions meet D-Bus and udev requirements
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
See libdm/libdm-common.c _is_whitelisted_char() in the lvm2 code for more.
\end_layout

\end_inset

.)
\end_layout

\begin_layout Itemize
Encryption uses device UUIDs because there may be multiple encrypted devices
 in one pool so using the pool UUID would result in naming collisions
\end_layout

\begin_layout Subsection
devicemapper minimum version
\end_layout

\begin_layout Standard
Stratisd devicemapper minor version 37 or greater, for DM event poll() support
 and support for event_nr in list_devices ioctl.
\end_layout

\begin_layout Subsection
OS Integration: Boot and initrd
\end_layout

\begin_layout Standard
Since we want to allow Stratis to be used for system files, Stratis needs
 to run in the initrd preboot environment.
 This allows it to activate pools and filesystems so that they can be mounted
 and accessible during the transition to the main phase of operation.
\end_layout

\begin_layout Standard
The use of D-Bus is not possible in the preboot environment.
 Therefore, Stratis has an alternate IPC mechanism to be used in the initramfs.
 This can be accessed through the stratis-min and stratisd-min exectutables.
\end_layout

\begin_layout Standard
Stratis packages distribute a dracut module, systemd generator, and service
 file to automate set up of all needed pools, encrypted or unencrypted,
 during the boot process and 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
/etc/fstab
\end_layout

\end_inset

 mount operations.
\end_layout

\begin_layout Subsection
OS Integration: udev
\end_layout

\begin_layout Standard
The udev library 
\begin_inset Quotes eld
\end_inset

libudev
\begin_inset Quotes erd
\end_inset

 enables access to the udev device database.
 This allows library users to enumerate block devices on the system, and
 includes attributes describing their contents, such as what filesystem
 or volume manager signature was detected.
 (libudev uses libblkid for this, which recently had Stratis signature support
 added.) The primary benefit of this is to perform the time-consuming block
 device scan only once, and to alleviate library users from interpreting
 block device contents.
\end_layout

\begin_layout Standard
On boot, Stratis uses libudev to enumerate Stratis block devices on the
 system, reads the Stratis metadata from each, and activates pools that
 are complete.
 Later, during the main running phase, Stratis monitors udev events for
 newly-added block devices, so that if missing Stratis pool members are
 connected to complete a pool, the pool can be activated and used.
\end_layout

\begin_layout Subsection
OS Integration: /dev entries
\end_layout

\begin_layout Standard
Stratis allows the user to create filesystems, which then can be mounted
 and used via 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
mount(8)
\end_layout

\end_inset

 and the 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
fstab(5)
\end_layout

\end_inset

.
 Stratisd provides a udev rule that generates a 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
/dev/stratis
\end_layout

\end_inset

 directory.
 It creates 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
/dev/stratis/<poolname>
\end_layout

\end_inset

 for each pool present on the system, and
\begin_inset Newline newline
\end_inset

 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
/dev/stratis/<poolname>/<filesystemname> 
\end_layout

\end_inset

for each filesystem within the pool.
 Changes such as creations, removals, and renames are reflected in the entries
 under 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
/dev/stratis
\end_layout

\end_inset

.
 These entries give the user a well-known path to a device to use for mounting
 the Stratis filesystem.
 Filesystems may also be listed in 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
/etc/fstab
\end_layout

\end_inset

 using XFS UUID.
 However, if the device is encrypted, it is recommended that users take
 advantage of the 
\begin_inset Flex Code
status collapsed

\begin_layout Plain Layout
stratis-fstab-setup@.service
\end_layout

\end_inset

 systemd unit file to automate pool unlock prior to mounting.
\end_layout

\begin_layout Subsection
Snapshots
\end_layout

\begin_layout Standard
Stratis's current snapshot implementation is characterized by a few traits:
\end_layout

\begin_layout Itemize
A snapshot and its origin are not linked in lifetime.
 i.e.
 a snapshotted filesystem may live longer than the filesystem it was created
 from.
\end_layout

\begin_layout Itemize
A snapshot of a filesystem is another filesystem.
\end_layout

\begin_layout Itemize
A filesystem may be snapshotted while it is mounted or unmounted.
\end_layout

\begin_layout Itemize
Each snapshot uses around half a gigabyte of actual backing storage, which
 is needed for the XFS filesystem's log.
\end_layout

\begin_layout Standard
These may change in the future.
\end_layout

\begin_layout Subsection
Backstore Internals
\end_layout

\begin_layout Standard
The backstore is divided into two tiers: the data tier, and an optional
 cache tier.
 Each tier has its own set of physical block devices.
 The goal of each tier is to provide a single linear device that the flex
 layer (or another tier) can easily build on top of.
\end_layout

\begin_layout Standard
A tier is created with a certain feature set, which results in an internal
 layering of devices as needed to support those features.
 The features a tier supports are fixed at tier creation time.
 However, the block devices that make up the tier may change.
 New blockdevs may be added.
\end_layout

\begin_layout Standard
This requires each tier to support:
\end_layout

\begin_layout Itemize
add_blockdev (add a new blockdev to the tier)
\end_layout

\begin_layout Itemize
blockdevs (list/iterate)
\end_layout

\begin_layout Standard
The tier includes optional internal support for multiple features, which
 also are implemented using DM devices.
\end_layout

\begin_layout Standard
At the 
\begin_inset Quotes eld
\end_inset

bottom
\begin_inset Quotes erd
\end_inset

 of the tier are blockdevs.
 These blockdevs are mapped through layers that add value, such as encryption.
\end_layout

\begin_layout Standard
Each layer takes a list of blockdevs and converts it to a list of 
\begin_inset Quotes eld
\end_inset

better
\begin_inset Quotes erd
\end_inset

 blockdevs, whose total size is likely different.
\end_layout

\begin_layout Standard
While each intermediate layer may provide an array of blockdevs, the 
\begin_inset Quotes eld
\end_inset

cap
\begin_inset Quotes erd
\end_inset

 layer of the tier presents a single linear blockdev that maintains the
 location of each presented block and never shrinks, and hides the interior
 complexity of the tier from upper users.
\end_layout

\begin_layout Standard
The ordering of layers (from bottom to top) within a tier is:
\end_layout

\begin_layout Enumerate
blockdev
\begin_inset Newline newline
\end_inset

Blockdevs supply available space to the tier.
\end_layout

\begin_layout Enumerate
encryption
\begin_inset Newline newline
\end_inset

This layer provides optional encryption for all block devices available
 in the pool.
\end_layout

\begin_layout Enumerate
cap
\begin_inset Newline newline
\end_inset

If presented with more than one blockdev, or the blockdev has a nonzero
 offset, the 
\begin_inset Quotes eld
\end_inset

cap
\begin_inset Quotes erd
\end_inset

 layer will ensure the Tier presents a single blockdev with consistent block
 mapping for use above the tier by creating a Linear device that never relocates
 previously-mapped block ranges.
\end_layout

\begin_layout Subsubsection
Demand-based allocations
\end_layout

\begin_layout Standard
Layers should not consume the entire space available to them when constructing
 devices, but instead grow existing mapped allocations (or create new ones)
 as the total demands of upper layers grow larger.
 This is preferred over a 
\begin_inset Quotes eld
\end_inset

greedy
\begin_inset Quotes erd
\end_inset

 strategy because it provides a better user experience to allow the amount
 of space allocated to both data and metadata to be calculated dynamically
 if requirements change.
\end_layout

\begin_layout Subsubsection
Block device growth
\end_layout

\begin_layout Standard
The logical separation between the backstore and thin pool allows relatively
 simple support for growing block devices that can change in size like loopback
 devices or RAID arrays.
 Because the cap device abstracts away the complexity of the underlying
 block devices, newly exposed block device segments can be added to the
 cap device without any support needing to be added to the thin pool.
 The thin pool will simply see that more space is now available and allocate
 it lazily as needed.
\end_layout

\begin_layout Subsection
Operation States
\end_layout

\begin_layout Standard
When encountering errors, Stratis must handle them if possible, but there
 are also errors that are severe enough to hamper Stratis's ability to function.
 When these occur, instead of terminating, Stratis continues by transitioning
 to a less-capable operation state.
 This allows some measure of continued monitoring and enables its condition
 to be visible to the user through the API.
\end_layout

\begin_layout Standard
\begin_inset Tabular
<lyxtabular version="3" rows="4" columns="2">
<features tabularvalignment="middle">
<column alignment="center" valignment="top" width="50col%">
<column alignment="left" valignment="top" width="50col%">
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Action availability state
\end_layout

\end_inset
</cell>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Description
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
fully_operational
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
All pool operations are available in this state.
 No restrictions are imposed.
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
no_ipc_requests
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Pool operations triggered by an IPC request are disabled.
 This is often due to a failed IPC command that could not be fully rolled
 back.
 Manual resolution of the bad roll back state will allow the pool to resume
 fully operational state again.
\end_layout

\end_inset
</cell>
</row>
<row>
<cell alignment="center" valignment="top" topline="true" bottomline="true" leftline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
no_pool_changes
\end_layout

\end_inset
</cell>
<cell alignment="left" valignment="top" topline="true" bottomline="true" leftline="true" rightline="true" usebox="none">
\begin_inset Text

\begin_layout Plain Layout
Any operations that modify the state of the pool will be disabled.
 This includes IPC requests and background operations such as extending
 the thin pool and filesystem.
\end_layout

\end_inset
</cell>
</row>
</lyxtabular>

\end_inset


\end_layout

\begin_layout Subsection
Licensing
\end_layout

\begin_layout Standard
Currently, stratisd and all Rust libraries included in the stratis-storage
 organization meant for stratisd are licensed as MPLv2.
 This conclusion was reached after careful consideration of compatibility
 with other licenses in the open source ecosystem.
 MPLv2 allows some major benefits:
\end_layout

\begin_layout Enumerate
It is compatible with more permissive licenses in the open source ecosystem
 such as BSD and MIT licenses.
 Given the prevalence of more permissive licenses in the Rust ecosystem,
 this is an important consideration.
\end_layout

\begin_layout Enumerate
It is compatible with GPL code.
 This permits stratisd to incorporate GPL code and become effectively GPL
 without ever changing the MPLv2 license.
\end_layout

\begin_layout Enumerate
If GPL code is incompatible with the license of a dependency added later,
 MPLv2 allows the removal of GPL code and migration of the GPL code into
 a separate service to permit the addition of the conflicting dependency.
 This can all be done without relicensing.
\end_layout

\begin_layout Standard
After evaluating the options, the MPLv2 seemed to be the most flexible license
 that still fulfilled the requirements for this project.
\end_layout

\begin_layout Standard
\begin_inset ERT
status collapsed

\begin_layout Plain Layout


\backslash
nocite{*}
\end_layout

\end_inset


\end_layout

\begin_layout Standard
\begin_inset CommandInset bibtex
LatexCommand bibtex
bibfiles "references"
options "plain"

\end_inset


\end_layout

\begin_layout Part*
\start_of_appendix
Appendices
\end_layout

\begin_layout Section
Encryption implementation details
\end_layout

\begin_layout Standard
Stratis uses libcryptsetup to manage FDE (full disk encryption) for each
 block device added to an encrypted pool.
\end_layout

\begin_layout Subsection
On-disk format
\end_layout

\begin_layout Standard
Stratis uses the LUKS2 encryption format as the basis for the encryption
 implementation.
 The LUKS2 header contains information that can be used to identify a device
 as a Stratis encrypted device.
\end_layout

\begin_layout Subsubsection
LUKS2 token format
\end_layout

\begin_layout Standard
LUKS2 tokens contain the necessary information to describe how to unlock
 the device.
 No private information is contained in the tokens.
 Stratis uses two tokens, one standard cryptsetup token which allows activating
 the device using a passphrase stored in the kernel keyring and another
 Stratis-defined token that contains activation information required by
 Stratis.
 Token IDs are statically assigned for each token for a number of reasons:
\end_layout

\begin_layout Itemize
Using static IDs, stratisd does not have to do a scan of all of the tokens
 followed by heuristics to recognize a token.
 Instead, it chooses the static ID, and if the format does not match what
 was expected, it is not treated as a Stratis encrypted device.
\end_layout

\begin_layout Itemize
As other activation methods are added, activation of a pool can specify
 one token ID to use for activation of all devices in the pool and expect
 that they will all be unlocked using the same mechanism.
\end_layout

\begin_layout Itemize
New tokens may be added without breaking changes to the assignment of existing
 token IDs.
\end_layout

\begin_layout Standard
The Stratis token has an ID of 0, the LUKS2 keyring token has an ID of 1,
 and the Clevis token has an ID of 2.
\end_layout

\begin_layout Subsubsection*
LUKS2 keyring token
\end_layout

\begin_layout Standard
The kernel keyring token contains information for LUKS2 integration with
 keys in the kernel keyring.
 This token is a standard token supported by cryptsetup, and details for
 the format can be found in the cryptsetup documentation.
 Interaction with this token is handled by standard libcryptsetup API methods.
\end_layout

\begin_layout Subsubsection*
Stratis token
\begin_inset CommandInset label
LatexCommand label
name "subsec:Stratis-token"

\end_inset


\end_layout

\begin_layout Standard
The Stratis token is used for device identification and activation, and
 the values are set directly by Stratis.
 The format specification is as follows:
\end_layout

\begin_layout Standard
\begin_inset listings
inline false
status collapsed

\begin_layout Plain Layout

{
\end_layout

\begin_layout Plain Layout

	
\begin_inset Quotes eld
\end_inset

type
\begin_inset Quotes erd
\end_inset

: 
\begin_inset Quotes eld
\end_inset

stratis
\begin_inset Quotes erd
\end_inset

,
\end_layout

\begin_layout Plain Layout

	
\begin_inset Quotes eld
\end_inset

keyslots
\begin_inset Quotes erd
\end_inset

: [],
\end_layout

\begin_layout Plain Layout

	
\begin_inset Quotes eld
\end_inset

activation_name
\begin_inset Quotes erd
\end_inset

: <DEVICEMAPPER_NAME>,
\end_layout

\begin_layout Plain Layout

	
\begin_inset Quotes eld
\end_inset

pool_uuid
\begin_inset Quotes erd
\end_inset

: <POOL_UUID>,
\end_layout

\begin_layout Plain Layout

	
\begin_inset Quotes eld
\end_inset

device_uuid
\begin_inset Quotes erd
\end_inset

: <DEVICE_UUID>,
\end_layout

\begin_layout Plain Layout

	
\begin_inset Quotes eld
\end_inset

pool_name
\begin_inset Quotes erd
\end_inset

: <POOL_NAME>
\end_layout

\begin_layout Plain Layout

}
\end_layout

\end_inset


\end_layout

\begin_layout Standard
See below for an explanation of each JSON value:
\end_layout

\begin_layout Standard
\begin_inset listings
inline false
status collapsed

\begin_layout Plain Layout

<DEVICEMAPPER_NAME>
\end_layout

\end_inset

 This is the managed name that will show up in devicemapper when the device
 is activated using libcryptsetup.
 While the name can be seen on the system by querying devicemapper, managing
 encrypted Stratis devices outside of Stratis is not supported so this is
 considered an internal name.
\end_layout

\begin_layout Standard
\begin_inset listings
inline false
status collapsed

\begin_layout Plain Layout

<POOL_UUID>
\end_layout

\end_inset


\end_layout

\begin_layout Standard
This UUID corresponds to the Stratis pool that owns this block device.
 The pool UUID in the token matches the pool UUID in the encrypted Stratis
 metadata.
\end_layout

\begin_layout Standard
\begin_inset listings
inline false
status collapsed

\begin_layout Plain Layout

<DEVICE_UUID>
\end_layout

\end_inset


\end_layout

\begin_layout Standard
This UUID corresponds to the device UUID for this specific block device.
 The device UUID in the token matches the device UUID in the encrypted Stratis
 metadata.
\end_layout

\begin_layout Standard
\begin_inset listings
inline false
status collapsed

\begin_layout Plain Layout

<POOL_NAME>
\end_layout

\end_inset


\end_layout

\begin_layout Standard
This name is duplicated from the pool level metadata and updated when the
 pool name is changed to facilitate starting pools by name for encrypted
 devices.
\end_layout

\begin_layout Subsubsection
Encrypted Stratis metadata format
\end_layout

\begin_layout Standard
Once the LUKS2 volume is unlocked, the encrypted Stratis metadata should
 be accessible through the unencrypted logical devicemapper device in exactly
 the same way as an unencrypted Stratis device.
\end_layout

\begin_layout Subsection
Encrypted device creation
\end_layout

\begin_layout Standard
Stratis does not wipe the device prior to initializing it with a LUKS2 header.
 This means that an attacker can deduce the following from examining a disk
 that has been initialized using Stratis without any prior preparation:
\end_layout

\begin_layout Itemize
The amount of data currently stored on disk that is encrypted.
 For example, if a disk has sectors that were zeroed or contain unencrypted
 data previously stored on the disk at the end of an encrypted segment,
 this can give insight into how many encrypted blocks are stored on the
 device.
 To prevent this, the device should be wiped with random data prior to providing
 it to a Stratis pool.
\end_layout

\begin_layout Itemize
The contents of unencrypted data that was previously stored on the disk
 prior to initialization by Stratis.
 cryptsetup's LUKS2 implementation does not overwrite all of the data on
 the disk by default, so without prior preparation, any sectors that have
 not been overwritten with encrypted data will still contain the data previously
 stored on the disk.
 To prevent this, the disk should be zeroed or wiped with random data.
\end_layout

\begin_layout Subsection
Encrypted device discovery
\end_layout

\begin_layout Standard
Stratis identifies encrypted devices belonging to Stratis by their Stratis
 token.
 It does not attempt to activate any device until it receives a D-Bus command
 to activate all devices.
 When the command is received, stratisd attempts to unlock the devices using
 the LUKS2 keyring token previously set by stratisd.
 If activation of devices yields a set of devices that can form a complete
 pool, the pool is set up.
\end_layout

\begin_layout Subsection
Encrypted device activation
\end_layout

\begin_layout Standard
Devices are activated with the activation name in the Stratis token.
 See 
\begin_inset CommandInset ref
LatexCommand ref
reference "subsec:Stratis-token"
plural "false"
caps "false"
noprefix "false"

\end_inset

 for an explanation of the Stratis token.
 Device activation results in a new, activated device path with the canonical
 path name 
\begin_inset listings
inline false
status collapsed

\begin_layout Plain Layout

/dev/mapper/<activation_name>
\end_layout

\end_inset

 where the unencrypted data can be accessed.
 Because of the design and use of libcryptsetup, encrypted devices can also
 be activated outside of Stratis using libcryptsetup or the cryptsetup CLI
 as long as the required passphrase is in the kernel keyring.
\end_layout

\begin_layout Subsection
Encrypted device destruction
\end_layout

\begin_layout Standard
Destroying an encrypted Stratis device does not wipe the entire device as
 the cost of this operation is linearly proportional with respect to disk
 size.
 Instead, Stratis uses libcryptsetup to destroy all of the keyslots, wiping
 all of the encrypted MEK (media encryption key) data in each keyslot.
 It then obtains the size of the LUKS2 metadata on this device and does
 an additional wipe of the remaining LUKS2 metadata.
 This provides the following device properties on pool destruction:
\end_layout

\begin_layout Itemize
The MEK data is destroyed so the data stored on the device will be unrecoverable.
\end_layout

\begin_layout Itemize
If this device is used when creating another pool later, Stratis will be
 able to reinitialize it and will consider this device unowned due to the
 wipe of the LUKS2 metadata.
\end_layout

\begin_layout Itemize
The encrypted data will be left on the device but will be inaccessible due
 to the destruction of the key.
\end_layout

\begin_layout Standard
Additional security may be achieved by zeroing the disk or overwriting it
 with random data using external tools.
\end_layout

\begin_layout Subsection
Key consistency for encrypted pools
\end_layout

\begin_layout Standard
Stratis takes steps to ensure that the same passphrase used during initial
 creation of the pool is the passphrase that is used for adding encrypted
 block devices at a later time.
 stratisd runs a check prior to adding block devices to an encrypted pool
 to verify that the passphrase in the kernel keyring with the key description
 recorded in the LUKS2 metadata can unlock the block devices that have already
 been encrypted and added to the pool.
 This prevents the passphrase data associated with a key description from
 being accidentally or intentionally changed between pool creation and addition
 of encrypted block devices which would result in an unusable pool and loss
 of data on the next occasion when the pool must be set up.
\end_layout

\begin_layout Subsection
Key management
\end_layout

\begin_layout Standard
Stratis provides facilities for key management.
 The kernel keyring is used as the backing store for the keys provided through
 the D-Bus API to allow proper access controls for passphrases.
 The architecture of key input has been carefully designed to avoid leaving
 keys in memory after they are no longer in use.
 The key is not directly sent over D-Bus; D-Bus traffic is not encrypted
 so this would leak the plaintext passphrase.
 Instead, the client side provides the server side with a file descriptor
 from which to read the passphrase so that no data is ever exposed in the
 D-Bus method call.
 When a user provides a key using the interactive mode in the CLI or D-Bus
 API, input buffering is turned off on the client side so the key is never
 stored in userspace memory.
 On the server side, stratisd reads the key into a memory block managed
 by libcryptsetup so that as soon as the memory is no longer in use, libcryptset
up will wipe the memory using a method that will not be optimized out by
 the compiler.
 All of this guarantees that the key data will only be available in one
 memory location while it is in use, and that the memory will be securely
 wiped after use.
\end_layout

\end_body
\end_document