Parallel file system and buffer management arbitration

Abstract

A computer system having a shared disk file system running on multiple computers each having their own instance of an operating system and being coupled for parallel data sharing access to files residing on network attached shared disks. Methods are provided for use as a parallel file system in a shared disk environment by use of a scalable directory service for the system with a stable cursor, and a segmented allocation map. Dynamic prefetch and cached balance pools for multiple accesses improve the system. Extended file attributes are used for implementation of Access Control Lists in a parallel file system. Improvements to caching and cache performance developments balance pools for multiple accesses. A metadata node manages file metadata for parallel read and write actions. For managing data for the same file distributed across multiple disk devices, a buffer manager is provided for a file system buffer pool which arbitrates use of memory resources among different system components competing for memory with buffer information for a component that said buffer manager needs for deciding how much memory to allocate among components of the system. The buffer information includes a desired memory size and current activity level. The buffer manager provides to a system component data as to how much memory has been assigned for use by that component of the system, and it schedules account resources to maximize file system throughput.

Claims

What is claimed is:

1. In a computer system employing a file system for storing file data and allowing multiple nodes of said computer system to allocate space for storing file data simultaneously in a shared-disck file system, a method comprising:

providing a file system in which data for the same file is distributed across multiple disk devices, and

providing a buffer manager for a file system buffer pool which arbitrates use of memory resources among different system components competing for memory with buffer information for a component that said buffer manager needs for deciding how much memory to allocate among components of the system, said buffer information including a desired memory size and current activity level and then

providing from said buffer manager to said component data as to how much memory has been assigned for use by that component of the system.

2. In a computer system method according to claim 1, in which one of the system components requiring assignment of memory resources for use is a file system buffer pool which is provided for caching recently accessed file data and data that was prefetched for sequential readers and said providing of information from said components includes providing

said buffer manager with appropriate information to take into account resources for prefetching and for

scheduling the resources assigned by the buffer manager so as to maximize file system throughput.

3. In a computer system method according to claim 1, wherein said file system buffer pool is logically divided into a pool part used for prefetching and a general pool part used for caching recently accessed file blocks.

4. In a computer system method according to claim 3, wherein said pool parts are presented to said buffer manager as two separate components for the file system to compute separate desired memory sizes and activity levels for the pool parts.

5. In a computer system method according to claim 4, wherein said activity levels for the pool parts are computed by counts measuring data access rates for each pool, and wherein on each buffer access the appropriate count is updated based on whether the buffer is accessed by sequential or random I/O.

6. In a computer system method according to claim 3, wherein said general pool is computed by measuring working sets using reference bits and counters to determine the total amount of distinct file data accessed over some time period.

7. In a computer system method according to claim 3, wherein the size of the prefetch pool is computed by determining the number and capability of disk drives belonging to the file system and as well determining the number of files being accessed sequentially, and as well determining the rate at which data is being read.

8. In a computer system method according to claim 3, wherein the method of computing the prefetch pool for multiple application programs and multiple disks per file system, computing a number of prefetch buffers required so that: (a) if the combined data rate at which all, the application programs attempt to read data is less than the total available disk bandwidth, then data will be supplied to each application as fast as it reads the data, with no I/O waits, but (b) if the combined data rate of the application programs is greater than the total available disk bandwidth, then data will be read as fast as it can be retrieved from disk.

9. In a computer system method according to claim 3, wherein is included:

scheduling prefetch I/O by using an actual number of prefetch buffers assigned by said buffer manager,

maintaining two global counters for a first number of prefetch I/Os currently in progress and a second number of buffers holding blocks to be read and summing said first number and said second number to determine the number of buffers currently in use for prefetching, and tracking the progress of the numbers and updating the pool assignments by said buffer manager.

Description

FIELD OF THE INVENTION

This invention is related to computers and computer systems. In particular to a file system running on multiple computers with each having their own instance of an operating system and being coupled for data sharing with network attached shared disks, a shared disk file system.

GLOSSARY OF TERMS

While dictionary meanings are also implied by certain terms used here, the following glossary of some terms which relate to our invention may prove to be useful:

Data/File system Data: These are arbitrary strings of bits which have meaning only in the context of a specific application.

File: A named string of bits which can be accessed by a computer application. A file has certain standard attributes, such as a length, a modification time, and a time of last access.

Metadata: These are the control structures created by the file system software to describe the structure of a file and the use of the disks which contain the file system. Specific types of metadata which apply to file systems of this type are:

Directories: these are control structures which associate a name with a set of data represented by an inode

An inode contains the attributes of the file plus a series of pointers to areas of disk which contain the data which makes up this file. An inode may be supplemented by indirect blocks which supplement the inode with additional pointers if the file is large.

Allocation maps: these are control structures which indicate whether specific areas of the disk (or other control structures, such as inodes) are in use or available. This allows software to effectively assign available blocks and inodes to new files.

Logs: This is a set of records used to keep the other types of metadata in sync in the case of failures. It contains single records which describe related updates to multiple structures.

File system: A software component which manages a defined set of disks providing access to data in ways prescribed by the set of Xopen and POSIX standards related to file data. The term is also used to describe the set of data and metadata contained within a specific set of disks.

Shared disk file system: A file system where multiple computers share in the management of a file system without assigning total management to a single entity. All of the computers are peers in that any may perform any role required to manage the data. Specific roles may be assigned to specific computers as needed.

Shared disk attachment: This is a method of attaching disks to multiple computers with a protocol that makes the disks appear to be locally attached to each file system. The exact attachment protocol to each computer is not important to this work but includes various forms of network attached disks, switched disk attachment, or store and forward attachment. The key items are that it appears local to the file system and appears the same to all instances of the file system.

Quota: This is a function by which a file system limits the usage of a specific user or named group of users within the file system. For example, the administrator may limit user "John" to 100 megabytes of data within the file system. Quota is the function name used in the Unix (TM of S.C.O.) environment.

Access Control List: This is a file system technique by which a user can limit access to data to users who are named in a specific list.

BACKGROUND OF THE INVENTIONS

There is a need to supply file services to computers, such as a MPP machine and other clusters of computers, which form part of a network of attached computers which serve as a common computing resource.

We now have certain "open" (e.g. Xopen and POSIX) standards related to file data to a shared disk file system where computing jobs which will execute on various computers require access to the same file data as if the data was local to the computer executing the job (in order to run systems developed by IBM for different systems, see e.g. U.S. Pat. Nos. 4,274,139 and 5,202,971 and 5,226,159). When multiple computers are part of a network and multiple disks are part of the network, there is a need to create a shared disk file system which is compatible with the standards and yet requires no change in multiple instances of operating systems running on the computers, whether they are MMPs or clusters.

Shared File System (SFS) (see U.S. Pat. No. 5,043,876) is a term applied to IBM's S/390 systems which operate under IBM's VM for sharing data among virtual machines. Shared file systems also have been known as data sharing vehicles, such as IBM's IMS and GRS, where developed for a single-system environment, and under MVS GRS, was used in a cluster of systems sharing disk storage, and GRS in such a system could allocate small lock files on a shared disk in order to serialize access to data sets. MVS must serialize access to the table of contents on disks or to the catalog. Whatever RESERVES operations are needed for the operating system to perform causes a good deal of system overhead.

IBM's DB2 has been adapted for data sharing in a Multiple Virtual Storage (MVS)/Enterprise Systems Architectures (ESA) environment by using IBM's coupling facility to create multisystem data sharing which requires a System/390 Parallel Sysplex environment because the coupling facility is needed to deliver highly efficient and scalable data sharing functions where the coupling facility manages connections between processors with a message path mechanism, as outlined in U.S. Pat. No. 5,463,736, essentially becoming the super-single server for the shared data.

Represented by what may be the best of breed for Audio/Video file systems (IBM's VideoCharger Server for AIX), previous solutions dealing with computer systems which would allow standards compliance have relied on shipping file system level requests to a single server which acquires the data and returns it or shipping metadata requests from a client to a single server which allows the original computer to directly fetch the data. IBM also provides what is called the Virtual Shared Disk (VSD) program product which allows an SP2 user to configure nodes as primary and secondary IBM VSD server nodes. VSD software allows multiple nodes, running independent images of the operating system, to access a disk device physically attached only to one of the nodes as if the disk device were attached to all nodes, which IBM has implemented for the AIX operating system with a transparent switchover to a secondary server node when the primary server node for a set of virtual shared disks fails. In both cases, the existence of the single server is both a bottleneck and a potential failure point, even though there have been substantial advances made with such single server systems, like IBM's VideoCharger, as illustrated by U.S. Pat. No. 5,454,108's lock manager, U.S. Pat. Nos. 5,490,270 and 5,566,297's cluster arrangement. Also, as in International Business Machines' systems, there also exist capabilities for partitioning a disk accessed via a network so that a given computer manages and accesses a specific region of the shared disk and does not use the regions assigned to other computer(s).

However, these systems in the past have not provided any satisfactory solution permitting many computers which have a network access to multiple disks to permit any computer to have access to any data at any time, especially those which do not require a change in an operating system or standard, as we have developed and will describe in the context of our shared disk file system. Nevertheless, we must recognize the work done by the inventors of the U.S. Pat. No. 5,454,108 for their advances, for we have been able to use a modification of their lock manager as our advanced token manager in our own shared disk file system.

SUMMARY OF THE INVENTION

Our invention provides a shared disk file system where a file system instance on each machine has identical access to all of the disks coupled to and forming a part in the file system. This can occur using a gateway processor, a switched network, a high speed intranet coupling as would support TCP/IP, a non-uniform memory access bus couplings, or other similar connections. In accordance with our invention, the shared disk file system supports disk read and write calls with associated management calls. The operating instance is a commonly available standard and does not need to be changed to use our shared disk file system. We have provided new services needed to make our shared disk file system operate in a useful fashion.

Our shared file system operates as a parallel file system in a shared disk environment. We have provided a scalable directory service for the system with a stable cursor. We have provided a segmented allocation map. For our scalable parallel file system, we have made dynamic prefetch a reality. Speed in our scalable parallel file system has been improved by improving cache performance and space utilization. In addition, extended file attributes support access control lists, known as ACL's in the Unix world, which are, for the first time, operable in a parallel file system which is scalable in a shared disk environment.

The improvements which we have made achieve efficient basic file control in a shared disk environment for multiple computers sharing the disk and file environment. The directory service claims provide efficient insertion and deletion of files into data structures without major disruption to the data structures. This is critical in parallel systems where exclusive control must be obtained of regions to be modified.

Our allocation map development provides the ability to allocate storage from the same pool of disks in parallel while maintaining full consistency of the metadata. This is important because each of the computers with access to the file system will wish to create additional data without regard to what is going on in the other computers. Our prefetch algorithms calculate the available I/O bandwidth and the application needs for data to determine the amount of data to prefetch. This is important in parallel systems where the demand for I/O can exceed the available bandwidth. Our cache performance developments balance pools of multiple accesses, and while not related to parallel processing, it is a general file system improvement. The use of file attributes as a supporting mechanism is also applicable to non-parallel file systems, but within our overall parallel file system mechanisms, it is very important because it allows an effective implementation of Access Control Lists in a parallel file system.

Allowing parallel update on the same file or directory in a shared disk environment is provided. We provide a metadata node for managing file metadata for parallel read and write actions. For our system, tokens are used for metadata node selection and identification, and we have enhanced token modes for controlling file size, as well as smart caching of byte range tokens using file access patterns and a byte range lock algorithm using a byte range token interface.

Parallel file updates required advances which revolve around the problem of how to effectively create and update metadata while updating the same file from multiple computers. One of our solutions is the creation of a metadata node which handles the merging of certain changeable metadata consistently from multiple originating computer applications. The second solution provides a locking scheme to effectively identify the computer to all which require its services. This avoids the need to create a fixed management point which might be a bottleneck.

Now, file size is a type of metadata which changes frequently in a parallel update situation. We have provided a method of getting the correct file size "just in time" when the executing application requires it. In addition we have redefined locking techniques for reducing the overhead of the token manager in this environment.

We have provided for file system recovery if a computer participating in the management of shared disks becomes unavailable, as may occur for many reasons, including system failure. We have provided a parallel file system recovery model and synchronous and asynchronous takeover of a metadata node.

Our parallel shared disk file system enables assignment of control of certain resources temporarily to a specific computer for modification. While this is the case, structures on the disk that are visible to other computers may be in an inconsistent state and must be corrected in the case of a failure. In order to handle this we have provided a method for extending standard logging and lock recovery to allow this recovery to occur while other computers continue to access most of the data on the file system. We have also provided for the handling of the failure of the metadata node. This development involves correction of metadata which was under modification and a new computer becoming the metadata node for that file, as described below.

Now, in the UNIX world the Quota concept is well known by that name. It is a generic concept able to be used to manage the initial extent of a space, and this concept is used with other operating systems, such as those of S/390 systems. Generically, when we consider quotas, they need to be managed aggressively so that locks are not constantly required to allocate new blocks on behalf of a user. We have provided recoverable local shares for Quota Management, as described below.

As a quota is a limit on the amount of disk that can be used by a user or group of users, in order to use the concept in our parallel file system, we have created a way for local shares to be distributed by a quota manager (which accesses the single quota file) for parallel allocation. This is crucial for those cases where a user has multiple application instances running on different computers sharing a file system. Our development provides for immediate recovery in many situations where sufficient quota exists at the time of the failure. In certain cases, running a utility, like the UNIX standard utility called "quotacheck", is required to complete the recovery. We have also developed a technique for running a quotacheck utility at the same time as applications using quotas with minimal interference.

These and other improvements are set forth in the following detailed description. For a better understanding of the invention with advantages and features, refer to the description and to the drawing.

DRAWING

FIG. 1 illustrates a shared file disk system in accordance with our invention which includes a token manager for nodes of the computer system.

DETAILED DESCRIPTION OF THE INVENTION

An example of our preferred embodiment of our shared disk file system implementation of several relevant components is illustrated in FIG. 1. Our system, as illustrated in FIG. 1, includes a token manager 11 which provides locking facilities for the computers which are considered nodes 1, 2, and 3 participating in the management of a file system. (N.B. For our token manager, we had to modify the lock manager of U.S. Pat. No. 5,454,108.)

Our file system code manages reads and writes requested by applications. This management uses the application requests and the commonly managed metadata to create and access data within the file system. This function is the bulk of the processing and is identical on all computers. With proper tokens, this processing directly accesses the disk through the disk read, write, and control functions.

The shared disk implementation, shown in FIG. 1 and described in general above, provides several major advantages over previous parallel and cluster file systems. It provides the shortest available path for moving the data from the disk to/from the using application. There is no file system server in the path for either data or metadata. Any available path can be used avoiding a server as a bottleneck or as a single point of failure. Since the required central functions in the lock manager have no attachment to a specific computer, they can be migrated from computer to computer to satisfy performance and availability needs.

In order to create the system we are describing, as we have noted, U.S. Pat. No. 5,454,108 showed a lock manager that we had modified to be able to handle different recovery paradigms needed for shared disk file systems and also to add additional lock states needed for the metanode processing required to allow parallel update of the same file. These specifics, along with others, are amplified below in the various subsections of this detailed description.

Scalable Directory Service with Stable Cursor and Extendible Hashing

For our shared disk file system implementation, we have developed a method for storing and indexing a large set of data records in a way that supports very fast insert, delete, and lookup operations, as well as a sequential retrieval ("scan") of all data records in an environment which can be implemented in any instance of an operating system, even a single one, in a manner which does not run afoul of existing interface programming standards, like X/Open's Single Unix specification. So, we will start with our sequential scan and the basic methods for storing and looking up data records. Unlike previously known indexing methods, our sequential scan produces predictable results using only a small, bounded amount of context information ("cursor") even if records are inserted or deleted while the scan is in progress. The method which we employ is in an area of technology referred to as extendible hashing. As implemented extendible hashing can use sparse files without storing an explicit hash table. Thus, with utilization of extendible hashing, we can implement directories in a Unix standard compliant file system, even though it is not so restricted. In general our preferred embodiment may be implemented with a Unix operating system environment, and that environment should be understood as a background, even though we contemplate other operating systems which use the same functions. Indeed, today, the base system can function with many operating system layers above the one actually employed in driving the machine which we call a computer.

Both database systems as well as general purpose file systems allow storing and retrieving data by specifying a "key" that identifies a data record or a file. In a general purpose file system the file name serves as the key for accessing the data stored in the file; the structure that stores a set of file names and associated file access information is commonly called a directory. When the set of data records or file names is large, an auxiliary data structure called an index is often used to speed up lookups. An index allows finding a record in a database table or a file name in a directory without scanning the whole database table or directory.

There are several well-known indexing methods based on hash tables as well as balanced search trees, such as AVL trees and B-trees. To achieve good lookup performance, these methods require reorganizing at least part of the index after inserting or deleting some number of data records. For example, inserting a record in a B-tree may require splitting a B-tree node into two new nodes to make room for the new record. As a result, existing records may need to be moved to a different physical location.

This presents a problem for applications that need to sequentially scan a data base table or a file system directory, e.g., to list the contents of a directory. Such applications make repeated calls to the data base or file system, retrieving one or more records in each call, until all records or directory entries have been retrieved. Between calls, a certain amount of context information, often called a "cursor", must be maintained to keep track of how far the scan has progressed. This is necessary so that the next call can continue retrieving the remaining records. Implementations of file system directories typically use the physical location or offset of an entry within a directory as a cursor for a sequential scan. Since an index update, such as a B-tree split, may move existing entries to a different location within the directory, inserting or deleting directory entries during a sequential scan will have undesired effects on the result of the scan: if an existing entry is moved, the sequential scan could miss the entry or it could return the same entry twice.

To solve this problem with previously known indexing methods, one could either keep the index separate from the data records, or save more context information during a scan. The former approach makes lookup, insert, and delete operations more expensive and considerably more complex, due to the extra level of indirection required, than our preferred approach. The latter saving of context information method is not applicable where the system needs to be compatible with existing programming interface standards. For example, the directory interface defined in the X/Open Single Unix Specification (readdir, telldir, and seekdir functions) allows only a single 32 bit value as a cursor for a sequential directory scan.

With our preferred development utilizing extensible hashing, we can demonstrate how a large set of data records can be stored and indexed in a way that supports very fast insert, delete, and lookup operations, as well as a sequential scan. Furthermore, one will appreciate with our preferred development that a small, bounded cursor value (typically 32 bit) is sufficient to guarantee that a sequential scan will return no duplicate records and retrieve all existing records, i.e., all records except for those that were inserted or deleted while the scan was in progress.

Now, it is well known that hashing is a technique for storing and looking up data records by key that works well if an approximate bound on the number of records is known in advance. Hashing works by dividing the available storage space into a fixed number of "hash buckets". To store a record, a mapping known as a "hash function" is applied that maps the key value to a hash bucket number; the new record is stored in the hash bucket given by the hash value. To find a record by key, its hash value is computed; the requested record can then be found by scanning only the records stored in the bucket given by the hash value.

In general, the number of key values to be stored will not be known in advance and may grow arbitrarily large. This presents problems for the standard hashing technique, which requires that the maximum number of hash buckets be known from the start. An advanced form of hashing algorithm known as "extendible hashing" solves this problem by using a variable number of bits from the value of the hash function. When a hash bucket fills, it is "split", i.e., a new hash bucket is added, and some of the records are moved from the existing hash bucket into the new one. Which records are moved is determined by re-evaluating the hash function and using one more bit to determine the hash bucket number: records where the additional bit is zero stay in the existing bucket, those with a one value for the additional bit are moved to the new bucket.

Using our preferred embodiment which uses extendible hashing, an index or directory starts out with a single hash bucket, bucket number zero. As long as they fit, all records go into the initial bucket regardless of hash value, i.e., zero bits of the hash function are used to determine the hash bucket number. When the initial bucket is full, it is split by adding a new hash bucket, bucket number one. Now one bit of the hash function is used to place records: those records with a zero in the least significant bit of the hash value stay in bucket zero, those records where the least significant bit is one are moved into hash bucket one. New records are added to bucket zero or one depending on the value of the least significant bit of the hash value. Now assume, for example, that hash bucket one fills up again and needs to be split. The two last bits of the hash function are now used to determine where the records from bucket one will be placed. Those records with bit values 01 stay in hash bucket one, those with bit values 11 go into a new hash bucket with bucket number three (binary 11=decimal 3). The records in hash bucket zero are not affected by the split, i.e., records with the last two bits 00 or 10 remain in bucket zero until bucket zero fills and needs to be split as well. It is also possible that bucket one fills up and needs to be split again before bucket zero is ever split. The directory structure after several hash bucket splits can be represented by a binary tree ("hash tree"), as shown in the example in Table 1. A record can be found by traversing the tree from the root to a leaf node (hash bucket) using the hash value bits to decide which branch to follow at each inner node. Depending on the distribution of hash values, one branch of the hash tree may be become longer than others. For a well chosen hash function, i.e., a function that generates evenly distributed hash values, we expect all tree branches to have approximately the same depth. A sequential directory scan is accomplished by a depth-first tree traversal, which will visit the leaf nodes (hash buckets) in left-to-right order.

                  TABLE 1
    ______________________________________
    Example of a hash tree after 4 splits:
    1 #STR1##
    ______________________________________
    bucket 0 was split into bucket 0 and bucket 1,
    bucket 0 was split again into bucket 0 and bucket 2,
    bucket 2 was split again into bucket 2 and bucket 6,
    bucket 1 was split again into bucket 1 and bucket 3.
    ______________________________________
     The leaf nodes of the tree are labeled with the hash bucket number in
     binary and decimal.

                  TABLE 2
    ______________________________________
    >>-------->>-------->>-------->>-------->>-------->>-------->>-------->>
    bucket 0 bucket 1 bucket 2 bucket 3
                       hole    hole    bucket 6
    Table 2: Hash tree from Table 1 mapped into a sparse file.
    ______________________________________

                  TABLE 5
    ______________________________________
                 ro ww xw
                ro  **
                ww ** **
                xw ** ** **
    ______________________________________

                  TABLE 6
    ______________________________________
                rw rf wf wa xw
               rw    **
               rf  ** ** **
               wf ** ** **
               wa ** ** ** **
               xw ** ** ** ** **
    ______________________________________