Dealing with power outages

[sgrover]

I am in the planning process for a freenas based NAS device for home backups. I intend to use 4 X 2Tb with raidz2. Data integrity being more imporant than performance.

Unfortunately where I live (India), power outages quite common. I have a central UPS for the house but it is not the kind that can talk to a computer and trigger automatic shutdowns. So when its batteries run out, there is an abrupt power failure. It's not a very common occurence but it can happen and I want to plan for that eventuality.

One options is to buy a UPS that can communicate with the freenas server. I'm hesitant in going in for this option because I'm not sure whether they're easily available over here, are most probably expensive and one UPS is already present.

My question is whether I can tweak something in the settings or set up a ZIL that will minimize data loss in case of a power outage.
1. Whether having a ZIL will prevent data loss in case of a sudden outage?
2. What happens if the ZIL itself becomes corrupted or fails? Does it cause loss of all data?
3. Does the ZIL have to be mirrorred? My understanding is that in the latest version of zfs, mirroring the ZIL is not necessary. Am I correct?
4. An online forum post (http://hardforum.com/showthread.php?t=1577141) mentions that not all SSDs are safe for use as ZIL but only those that obey flush commands or have super capacitors. Does anybody have more information on this aspect?
5. Can some other setting be changed in the system so that there are quicker commits to the disks?
6. Any other suggestions?


Thanks in advance.

 

[cyberjock]

Adding a ZIL when you can't guarantee a safe shutdown may not be the best choice in the world. While the ZIL is designed to protect your data during a power loss I'd rather not have to test that any more than I have to. Not to mention if you don't have 2 ZIL drives and the one you have experiences a failure you will have a loss of data on powerup. Mirroring the ZIL isn't necessary(aka required) but is a very smart choice because of the potential for drive failure. Also, anything stored on the ZIL must also fit in RAM, so if you have only 16GB of RAM don't buy a 128GB SDD and think that you can cache 128GB of data. It won't. It'll cache only until your RAM is full. Once it is full it WILL start committing data to the hard disk. The ZIL is far more complex than most people think and doesn't behave like you would think. I always shy away from it unless there is a very obvious and clear use-case. Typically the only use-cases I'd recommend are iscsi on ZFS(and this one is somewhat questionable and open to debate) and extremely large databases with very high system loading.

My suggestion would be to get an UPS that does talk to the server. This is(and has been for over 20 years) the best way to protect your data on servers. There is no substitute for what an UPS with the ability to gracefully shutdown your server can do. And when I say there is no substitute I mean that a ZIL won't be a good substitute.. nothing will be.

 

[sgrover]

Thanks for the reply.

I have another question: In case there is an abrupt power outage, what kind of losss are we looking at?

My guess is that zfs would prevent complete filesystem corruption but recently written data would be lost. How much would the loss be? As much as the RAM or less than that?

Also, is it possible that a modified file is left in an inconsistent state?

 

[cyberjock]

Your losses would likely be limited to whichever files are open at that moment. Files shouldn't be in an inconsistent state because ZFS is a copy-on-write file system. But there's no reason to test those mechanisms. You really don't want to find out that things aren't working that way because of some tweak you did. I'd still highly recommend an UPS be the next thing you buy for that server and sooner than later. If you don't have backups, well, then I'd call you crazy too ;)

Keep in mind that if you somehow corrupt the file system because of a loss of power there is no recovery except to destroy and recreate the zpool. There is no fschk/chkdsk because the file system is supposed to be uncorruptable, but it has been known to happen.

 

[ben]

Note that copy-on-write refers to blocks, not files. If you lose power in the middle of a transfer of a single large file, that file could be incomplete when the system comes back up.

 

[sgrover]

Thanks for the information.