allow sled agent to configure a swap device #3571
Conversation
smklein
left a comment
smklein
left a comment
There was a problem hiding this comment.
This looks great -- the code is extremely readable, and I'm thrilled to have this integrated!
| /// The swap device is an encrypted zvol that lives on the M.2 disk that the | ||
| /// system booted from. Because it booted from the disk, we know for certain | ||
| /// the system can access it. We encrypt the zvol because arbitrary system | ||
| /// memory could exist in swap, including sensitive data. The zvol is encrypted |
There was a problem hiding this comment.
(No action necessary) I totally think this is the right call, but in a parallel vein -- aren't we going to try to set up a dump device too? That also seems like an area where we might "put the OS's memory onto disk" but I don't think we had plans to encrypt it. Maybe we should?
There was a problem hiding this comment.
Hm, I forget what exactly we decided here. I see that @faithanalog is assigned to #2450. Do you have any context there?
Otherwise, I need to see if I can find the recording of the meeting we had for the design of the swap device and see if we discussed it there.
There was a problem hiding this comment.
Yeah, definitely no action needed from this PR, but mostly just a musing, since dump and swap are comparable for "what memory is written to disk".
citrus-it
left a comment
citrus-it
left a comment
There was a problem hiding this comment.
The approach, logic and the way the device is being configured all look good to me. Thanks for doing this.
| )?; | ||
| } | ||
| Some(sz) if sz == 0 => { | ||
| panic!("Invalid requested swap device size of 0 GiB"); |
There was a problem hiding this comment.
Your notes say that it's ok to set the size to 0
To test this, remove swap_device_size_gb (or set it to 0):
one or t'other should be changed.
There was a problem hiding this comment.
Oops! Good catch. I don't really want to change my approach in the code so I updated my notes.
gjcolombo
left a comment
gjcolombo
left a comment
There was a problem hiding this comment.
LGTM, just a couple of nits. Thanks for putting this together!
| pub(crate) fn ensure_swap_device( | ||
| log: &slog::Logger, | ||
| boot_zpool_name: &illumos_utils::zpool::ZpoolName, | ||
| size_gb: u32, |
There was a problem hiding this comment.
nit: maybe use NonZeroU32 here? I'm not sure how much uglier that'll make the caller, though.
There was a problem hiding this comment.
I think I'd rather punt on this, if that's okay.
sled-agent/src/swap_device.rs
Outdated
| info!(log, "swap zvol \"{}\" destroyed", swap_zvol); | ||
| } | ||
|
|
||
| // The process of paging out using block I/O, so use the "dsk" version of |
sled-agent/src/swap_device.rs
Outdated
| Ok(()) | ||
| } | ||
|
|
||
| // Check whether the given zvol exists. |
There was a problem hiding this comment.
I'd make this comment and the other private-function comments into doc comments even though the functions aren't pub (my dev environment, and I assume other similar IDEs, will only show these comments on hover if they're doc comments).
4 participants
Summary
When configured via sled-agent's config.toml via the parameter
swap_device_size_gb, sled agent will create an encrypted zvol of the specified size, using an ephemeral key for encryption, on the zpool of the M.2 that the sled booted from. It will then use that zvol as a swap device. (See the comment forensure_swap_devicefor a discussion of how this creation is made safe in the face of crashes/restarts of the agent and reboots of the sled).The default value for the gimlet config is 256 GiB. I got that value from some discussion somewhere, but I need to find that reasoning and record it.
Fixes #2858
Testing Notes
I tested this on sn05 using these instructions to get going.
Note about the
swap -land log line output below:swapctl(2)returns the start of the "swapfile", and its length, in 512-byte blocks. So in the examples below, 536870904 blocks * 512 ~= 256 GiB. Thestartfield starts 8 blocks in because the first page of the file is reserved.fresh install: no swap devices, zvol doesn't exist
environment before:
Installing omicron from a fresh slate we see these log lines:
The device and associated zvol are there:
sled-agent restart: swap device exists
Building off of the previous environment, now we restart sled-agent via
svadm restart sled-agent. We see that sled-agent detected the swap device and moved on:sled-agent restart: swap device doesn't exist, but zvol does
Next, remove the swap device and restart sled-agent again to ensure that it makes a new swap device.
Before:
Capture the guid and creation time of the zvol so we can make sure it gets recreated:
Delete the swap device and restart:
We see the sled agent deleted the old zvol and created a new one:
That's confirmed by the zvol guid and creation time:
And we see a swap device again:
sled-agent restart: neither swap device nor zvol exists
This is the same behavior s the fresh install case, but here I delete the swap device and zvol manually, then restart sled agent:
After the restart, everything looks good:
sled agent not configured for swap
This is useful for circumstances in which we don't want sled-agent to configure a swap device, such as a non-gimlet setup (helios configures a device by default). To test this, remove
swap_device_size_gbfrom the config: