The results vary between annoying (need to restore / “resilver” and have no redundancy until it’s done; massively increased risk of data loss while doing so due to heavy IO load without redundancy and pointless loss of the redundancy that already exists) to catastrophic (outright corruption). The corollary is that RAID invariably works poorly with disks connected over using an interface that enumerates slowly or unreliably.

Yet most competent active-active database systems have no problems with this scenario!

I would love to see a RAID system that thinks of disks as nodes, properly elects leaders, and can efficiently fast-forward a disk that’s behind. A pile of USB-connected drives would work perfectly, would come up when a quorum was reached, and would behave correctly when only a varying subset of disks is available. Bonus points for also being able to run an array that spans multiple computers efficiently, but that would just be icing on the cake.

I'm not sure what you expect?

RAID1 is a simple data copy, you made sure to make both disks contain different data. So there's two outcomes possible: either the system notices this and copies A to B or B to A to reestablish the redundancy, or it fails to notice and you get corruption.

Linux MD allows for partial sync with the bitmap. If the system knows something in the first 5% of the disk changed, it can limit itself to only syncing that 5%.

> Yet most competent active-active database systems have no problems with this scenario!

Because they're not RAID. The whole point of RAID is that it's extremely simple. This means it's a brute force method with some downsides, but in exchange it's extremely easy to reason about.

RAID is overkill for home use. It also does not solve backups and snapshots. I use one way syncthing with unlimited history, plus usb-sata adapter.

https://github.com/openzfs/zfs/issues/3461

I mean, sounds like a house of cards but, should be possible?

[1]: https://github.com/archiecobbs/s3backer

[2]: https://ersei.net/en/blog/fuse-root

You'll still want a fast network (I'd recommend 10gbe on the server at least, 2.5gbe on clients though 1gbe will work you will notice it bottleneck in bursts) but that won't be any different than any other network booting/rooting process

https://docs.ceph.com/en/latest/rbd/iscsi-overview/

Or the S3-fuse route if you just want to geek flex.

https://docs.ceph.com/en/reef/rbd/

I’m sure it’s possible. I don’t think this is quite what Ceph is intended for :)

I have a ZFS mirror, where I have taken one disk out, added files to it elsewhere, returned it and reimported.

The pool immediately resilvered the new content onto the untouched drive.

Doing this on btrfs will require a rebalance, forcing all data on the disks to be rewritten.

I believe btrfs replace will copy only the data that had a replica on the failing drive.

That's been implemented; in Linux 6.11 bcachefs will correct errors on read. See

> - Self healing on read IO/checksum error

in https://lore.kernel.org/linux-bcachefs/73rweeabpoypzqwyxa7hl...

Making it possible to scrub from userspace by walking and reading everything (tar -c /mnt/bcachefs >/dev/null).

Repro: supposedly only good copy is copied to ram, ram corrupts bit, crc is recalculated using corrupted but, corrupted copy is written back to disk(s).

Why would it need to recalculate the CRC? The correct CRC (or other hash) for the data is already stored in the metadata trees; it's how it discovered that the data was corrupted in the first place. If it writes back corrupted data, it will be detected as corrupted again the next time.

That's how bcachefs is designed right now.

Our RAM should all be ECC and our OSes should all be on self-healing filesystems.

That's a weird argument. Even if it's true, it is now stable, and has been for a long time. btrfs has long been my default, and I'd be wary of switching to something newer just because someone was mad that development took a long time.

This includes plenty of random power losses.

https://daltondur.st/syno_btrfs_1/

Sorry about that!

The people on IRC tend to default to "unless you're using an enterprise drive, it's probably buggy and doesn't respect write barriers", which shouldn't have mattered because there was no system crash involved.

Yes, I did test my RAM, I know it's fine. For comparison, I've (unintentionally) ran a ZFS system with bad RAM for years and it only manifested as an occasional checksum error.

Just luck. Software can't defend itself against bad RAM. There's always the possibility that bad RAM will cause ZFS to corrupt itself in some way it can't recover itself from.

Everything is in RAM. The kernel, the ZFS code, everything. All of that is vulnerable to corruption. No matter how fancy ZFS is, it can't stop its own code from being corrupted. It's just luck that it didn't happen.

Be careful though. If whatever data was to be written got corrupted early enough, ie before ZFS got to see it, it happily wrote corrupted data to disk with matching checksum and you're none the wiser. But yes, it didn't blow up the entire Filesystem unlike btrfs likes to do.

(I don't use btrfs or any other COW filesystem because of significantly worse performance with some kinds of workloads, but it has nothing to do with maturity of any of them.)

I use RAID-Z2 in lots of places for bulk storages purposes (HPC).

There's a reason why Ceph added erasure coding:

* https://ceph.io/en/news/blog/2017/new-luminous-erasure-codin...

* https://docs.ceph.com/en/latest/rados/operations/erasure-cod...

When you're talking about PB of data, storage efficiencies add up.

Just out of curiosity: is there a specific reason you're not using plain-vanilla filesystems which _are_ stable?

Personal anecdote: i've only ever had serious corruption twice, 20-ish years ago, once with XFS and once with ReiserFS, and have primarily used the extN family of filesystems for most of the past 30 years. A filesystem only has to go corrupt on me once before i stop using it.

Edit to add a caveat: though i find the ideas behind ZFS, btrfs, etc., fascinating, i have no personal need for them so have never used them on personal systems (but did use ZFS on corporate Solaris systems many years ago). ext4 has always served me well, and comes with none of the caveats i regularly read about for any of the more advanced filesystems. Similarly, i've never needed an LVM or any such complexity. As the age-old wisdom goes, "complexity is your enemy," and keeping to simple filesystem setups has always served my personal systems/LAN well. i've also never once seen someone recover from filesystem corruption in a RAID environment by simply swapping out a disk (there's always been much more work involved), so i've never bought into the "RAID is the solution" camp.

I'd guess that it is the classic case of figuring out if something works without using it being a lot harder than giving it a go and seeing what happens. I've accidentally taken out my own home folder in the past with ill-advised setups and it is an educational experience. I wouldn't recommend it professionally, but I can see the joy in using something unusual on a personal system. Keep backups of anything you really can't afford to lose.

And one bad experience isn't enough to get a feel for how reliable something is. It is better to stick with it even if it fails once or twice.

For non-critical subsystems, sure, but certain critical infrastructure has to get it right every time or it's an abject failure (barring interference from random cosmic rays and similar levels of problems). Filesystems have been around for the better part of a century, so should fall into the category of "solved problem" by now. i don't doubt that advanced filesystems are stupendously complex, but i do doubt the _need_ for such complexity beyond the sheer joy of programming one.

> It is better to stick with it even if it fails once or twice.

Like a pacemaker or dialysis machine, one proverbial strike is all i can give a filesystem before i switch implementations.

    $ grep bar foo.txt | tr A-Z a-z > foo.txt

If the file isn't in source control, a backup, or auto-synced cloud storage, it can't be _that_ important. If it was in either, it could be recovered easily without replacing one's filesystem with one which needs hand-holding to keep it running. Shrug.

- It can do 4x 15-minute snapshots, 24x hourly snapshots, 7x daily snapshots, 4x weekly snapshots, and 12x monthly snapshots, without making 51 copies of my files.

- Taking a snapshot has imperceptible performance impact.

- Snapshots are taken atomically.

- Snapshots can be booted from, if it's a system that's screwed up and not just one file.

- Snapshots can be accessed without disturbing the FS.

In my experience it hasn't required more hand-holding than ext4 past the initial install, but the OSes that most of my devices use either officially support ZFS or don't use package managers that will blindly upgrade a kernel past what out-of-tree modules I'm using will support, which I think fixes the most common issue people have with ZFS.

my personal reasons are raid + compression

I've personally had drive failures, fs corruptions due to power loss (which is supposed not to happen on a cow filesystem), fs and file corruption due to ram bitflips, etc. All the times btrfs handled the situation perfectly, with the caveat that I needed the help from the btrfs developers. And they were very helpful!

So yeah, btrfs has a bad rep, but it is not as bad as the common feeling makes it look like.

(note that I still run btrfs raid 1, as I did not find real return of experience regarding raid 5 or 6)

ZFS lovers need to stop this CoW against CoW violence.

RAID56 under Btrfs has some caveats but I'm not aware of any annecdata (or perhaps I'm just not searching hard enough) within the past few weeks or months about data loss when those caveats are taken under consideration.

Yeah this is something that makes me consider trying raid56 on it. Though I don't have enough drives to dump my current data while re-making the array :D (perhaps this can be changed on the fly?)

https://btrfs.readthedocs.io/en/latest/Balance.html

I'll have a look, thanks! I guess failing this will make me test by backup strategy that I have never tested in the past.

For btrfs specifically there is an online calculator [1] that shows you the effective capacity for any arbitrary configuration. I use it whenever I add a drive to check whether it’s actually useful.

1: https://carfax.org.uk/btrfs-usage/?c=2&slo=1&shi=1&p=0&dg=1&...

they likely have distributed layer on top which takes care of data corruption and losses happening on specific server

Try CachyOS (or at least the ZFS-Kernel) it has excellent ZFS integration.

https://wiki.cachyos.org/de/cachyos_repositories/how_to_add_...

No reinstall needed ;)

For two devices, 1x redundancy (so 2x copies of everything) will always limit your storage to the size of the smaller device otherwise it is not possible to have two copies of everything you need to store. As soon as you add a third device of at leats 100gb (or replace the 100gb device with one at least 200gb) the other 100gb of your second device will immediately come into play.

Uneven device size support is most useful when:

♯ You have three or more devices, or plan to grow onto three or more from an initial pair.

♯ You want flexibility rwt array growth (support for uneven devices usually (but not always) comes with better support for dynamic array reshaping).

♯ You want better quick repair flexibility: if 4Tb drive fails, you can replace it with 2x2Tb if you don't have a working 4Tb unit on-hand.

♯ You want variable redundancy (support for uneven devices sometimes comes with support for variable redundancy: keeping 3+ copies of important data, or data you want to access fastest via striping of reads, 2 copies of other permanent data, and 1 copy of temporary storage, all in the same array). In this instance the “wasted” part of the 200gb drive in your example could be used for scratch data designated as not needing to be stored with redundancy.

e.g. you have 3 100GB drives, total capacity in raid 1 is 150GB.

If you replace a broken one with a 200GB one, the total capacity will be increased to 200GB.

You can then extend the pool by adding more such partition-based vdevs as you replace disks, just add the new partitions and add new vdevs.

So if you have a 1TB disk, a 2TB disk and a 4 TB disk, you could have mirrors (d1p1,d3p1), (d2p1,d3p2), (d2p2,d3p3) with a total of 3TB mirrored, and 1 TB available. If you swap the 1TB for a 2TB disk, partition it, replacing the old d1p1 partition with the new and resilver, and once that's done you can add the mirror (d1p2,d3p4) and get the full 4TB redundant storage.

Not a great solution though, as it requires a lot of manual work, and especially write performance will suffer because ZFS will treat the vdevs as being separate and issue IOs in parallel to them, overloading the underlying devices.

1. The scheduler doesn't really exist. IIRC it is PID % num disks.

2. The default balancing policy is super basic. (IIRC always write to the disk with the most free space).

3. Erasure coding is still experimental.

4. Replication can only be configured at the FS level. bcachefs can configure this per-file or per-directory.

bcachefs is still early but it shows that it is serious about multi-disk. You can lump any collection of disks together and it mostly does the right thing. It tracks performance of different drives to make requests optimally and balances write to gradually even out the drives (not lasering a newly added disk).

IMHO there is really no comparison. If it wasn't for the fact that bcachefs ate my data I would be using it.

Or that the complexity is such that if a new bug is found, it may take a long time to be fixed because of the complexity, or it is fixed fast and has unexpected knock-on effects even for circumstances on the common path.

Something that takes a long time to be declared stable/reliable because of its complexity, needs to spend a long time after that declaration without significant issues before I'll actually trust it. Things like btrfs definitely live in this category.

bcachefs even won't be something I use for important storage until it has been battle-tested a bit more for a bit longer, though at this point it is much more likely to take over from my current simple ext4-on-RAID arrangement (and when/if it does, my backups might stay on ext4-on-RAID even longer).

Given the rather cheap price of durable storage these days, I would favour rock solid, high quality code for storing my data, at the expense of some optimisations. Then again, I still like RAID, instantaneous snapshots, COW, encryption, xattr, resizable partitions, CRC... It's it possible to have all this with acceptable performance and simple code bricks combined and layered on top of each other?

yeah, features rich/complete fs is complicated, that's why we have very few of them.

ZFS does something smarter here, it keeps track of the queue length for each drive in a mirror, and picks the one with the lowest number of pending requests.

Personally, I was one of those people. Very excited about the prospects of btrfs, switched several machines over to it to test, ended up with filesystem corruption and had to revert to ext. Now, whenever I peek at btrfs, I never see anything that's compelling over running ZFS, which I've run for close to 15+ years, and run hard, and have never had data loss. Even in the early days with zfs+fuse, where I could regularly crash the zfs fuse; the zfs+fuse developers quickly addressed every crash I ran into, once I put together a stress test.

Is it really? I must have missed the news. Back when it was released completely raw as a default for many distros, there were fundamental design level issues (e.g. "unbound internal fragmentation" reported by Shishkin). Plus all the reports and personal experiences of getting and trying to recover exotically shaped bricks when volume fills to 100% (which could happen at any time with btrfs). Is it all good now? Where can I read about btrfs behaving robustly when no free space is left?

BTW: Even SLES SuseLinux Enterprise says use XFS for data btrfs just for the OS i wonder why

Because XFS is far quicker for server-related software such as databases and virtual machines, which are weak points on btrfs due to its COW model.

Do you know how ZFS handles that?

You can do a replace, but then you need to buy a new drive.

- I never agreed with the btrfs default of root raid 1 system not booting up if a device is missing. I think the point of raid1 is to minimize downtime when losing a device and if you lose the other device before returning it to good state, that's 100% on you.

- Poor management tools compared to md (though bcachefs might be in the same boat). Some tools are poorly thought, e.g. there is a tool for defragmentation, but it undoes sharing (so snapshots and dedupped files get expanded).

- If a drive in raid1 drops but then later comes back, btrfs is still quite happy.

- Need of using btrfs balance, and in a certain way as well: https://github.com/kdave/btrfsmaintenance/blob/master/btrfs-... .

- At least it used to be difficult to recover when your filesystem becomes full. Helps if you have it on LVM volume with extra space.

- Snapshotting or having a clone of a btrfs volume is dangerous (due to the uuid-based volume participant scanning)

- I believe raid5/6 is still experimental?

- I've lost a filesystem to btrfs raid10 (but my backups are good).

- I have also rendered my bcachefs in a state where I could no longer write to the filesystem, but I was still able to read it. So I'm inclined to keep using bcachefs for the time being.

Overall I just have the impression that btrfs was complicated and ended up in a design dead-end, making improvements from hard to difficult, and I hope that bcachefs has made different base designs, making future improvements easier.

Yes, the number of developers for bcachefs is smaller, but frankly as long as it's possible for a project to advance with a single developer, it is going to be the most effective way to go—at the same time I hope this situation improves in the future.

Add "degraded" to default mount options. Solved.

The annoying part of this is that if you do reboot the system, it will never end up responding to a ping, meaning you need to visit the host yourself. In practice it might even have other drives you could configure remotely to replace the broken device. I use md's hot spare support routinely: an extra drive is available, should any of the drives of the independent raids fail.

Granted, md also has decent good monitoring options with mdadm or just cat /proc/mdstat.

Not doing so is especially upsetting when you discover you forgot to flip the setting only when a drive fails with the machine in question several hours' drive away (standalone remote servers like that tend not to have console access).

I think 'refusing to boot' is probably the right default for a workstation, but on the whole I think I'd prefer that to be a default set by the workstation distro installer rather than the filesystem.

Complete Principle of Least Surprise violation given everything else's (that I'm aware of) RAID1 setups will still boot fine.

Also said monitoring should then notify you of an unexpected reboot and/or a dropped out disk, which you can then remediate in a planned fashion.

If this was a new concept then defaulting all the safety knobs to max would seem pretty reasonable to me, but it's an established concept with established uses and expectations - a server distro's installer should not be defaulting to 'cause an unnecessary outage and require unplanned physical maintenance to remediate it.'

How often do people reboot their systems? IMO, if it's running (without going into "read-only filesystem" mode) with X disks, it should boot with the same X disks. Otherwise, it might be running fine for a long time, and it arbitrarily not coming back in case of a power failure (when otherwise it would be running fine) is an unnecessary trap.

0 problems in 2.5 months is not necessarily better than 1-2 problems in ~3 years, though. If we're just talking about the single partition boot drive use case, I think I'd go with the option that's had vastly more time to find and eliminate bugs. (If you're conservative about this stuff that probably means ext4, actually.)

- Stability but also

- Constant refactorings

and later

"Disclaimer, my personal data is stored on ZFS"

A bit troubling, I find

"RAID0 behavior is default when using multiple disks" never have I ever had the need for RAID0 or have I seen a customer using it. I think it was at one time popular with gamers before SSDs became popular and cheap.

"RAID 5/6 (experimental)

    This is referred to as erasure coding and is listed as “DO NOT USE YET”, "

> A bit troubling, I find

I appreciated the candor

The approach of bcachefs developers is that they will only recommend it's usage if it's absolutely, 100% stable and won't eat your data. Bcachefs isn't in that state yet and the developers don't pretend it is.

This avoids the kind of trust issues that btrfs has

> The RAID56 feature provides striping and parity over several devices, same as the traditional RAID5/6. There are some implementation and design deficiencies that make it unreliable for some corner cases and the feature should not be used in production, only for evaluation or testing. The power failure safety for metadata with RAID56 is not 100%.

AFAIK ZFS has had deduplication support for a very long time (2009) and now even does opportunistic block cloning with much less overhead.

The new block cloning still had data corruption bugs quite recently.

But it has de-duplication, with your logic no non-CoW FS should be in that list because they are not comparable.

Chart should have a bloc dedup and file dedup separated columns if it is deemed non comparable.

In theory full file deduplication exists in every filesystem that has cow/reflink support

https://lib.rs/crates/fclones

fclones group |fclones dedupe

btrfs doesn't have a built-in encryption.

> ZFS Encryption Y

I cannot find the discussion right now but I remember reading that they were considering a warning when enabling encryption because it was not really stable and people were running into crashes.

https://github.com/openzfs/zfs/issues?q=is%3Aissue+label%3A%...

I see it more as an administrative problem than an issue with ZFS encryption.

I bought new a new ssd and hdd for my desktop this year and looked into running bcachefs because it offers caching as well as native encryption and cow. I also determined that it is not production ready yet for my use case, my file system is the last thing I want to beta tester of. Investigated using bcache again, but opted to use lvm caching, as it offers better tooling and saves on one layer of block devices (with luks and btrfs on top). Performance is great and partition manipulations also worked flawless.

Hopefully bcachefs gains more traction and will be ready for production use, as it combines several useful features. My current setup still feels like making compromises.

why is this a bad thing?

Never again.

I eagerly await bcachefs reaching maturity!

I have a USB stick with btrfs + LUKS on Arch Linux and it never had a problem like this

Tried again with btrfs and hard freezes again.

None of those file systems are not comparable to BTRFS since they're not COW. BTRFS isn't for crappy USB drives since it has a lot more overhead than EXT4 and XFS which the controllers and flash chips in junky USB drives can't handle.

Regardless, I still expect the choice of filesystem to not hard freeze my OS.

I've had janky crappy USB drives before and with any other filesystem reads/writes might fail but I don't get a hard freeze.

One could argue it could be a bug in the Linux USB stack rather than a bug in the btrfs kernel driver. But what I do know is that when I pick btrfs I get problems.

That doesn't mean much. How high end? USB thumb drives are still much slower than SSDs or even HDDs.

>Regardless, I still expect the choice of filesystem to not hard freeze my OS.

That's a very particular filesystem, that's not designed for such hardware. OF course you'll run into issues. The FS expects data at a throughput that the ARM controller in the USB thumb drive can't deliver. OF course it will have issues.

You're overestimating how much overhead btrfs has. 500MB/s read/write is way more than it needs. I wasn't even doing any sustained writes.

In any case, I've been burned by btrfs issues on SSDs several times since 2018. Metadata issues, unrecoverable problems, corruption.

If you're ok with a filesystem causing hard freezes, then all power to you.

Not me. In my world, a filesystem that has this many issues is not a filesystem I want to use.

Edit: Can't reply to your reply. So here will do. Irrelevant how fast the USB is. If the filesystem has to do things slower, then simply do things slower. There's no excuse for hard freezes.

> You're trying to drive a Ferrari on a dirt road and claiming the dirt road is ar fault when your Ferrari has issues.

So btrfs in this metaphor is the Ferrari? Yes, my Ferrari definitely 100% has issues XD

Anyway, this particular USB drive I was able to push to the limit with XFS. Sustained reads and writes. Way more than the manufacturer would have tested for. And no freezes. I rest my case.

Benchmarked or claimed? For 500MB files or 4kb?

>If you're ok with a filesystem causing hard freezes, then all power to you.

To me it never caused that and I used in on some slow ass 5200 rpm HDDs. You have to understand that the firmware on the flash controller on that USB Stick was'nt built or tested for the workloads BTRFS triggers. Even some nvme SSDs are reported to act weird under it because the manufacturer tests the firmware for FAT/NTFS loads not BTRFS or other such FSs. So the issues is with your Thumb drive firmware which is independent of the claimed 500mb raw sequencial throughouput.

You're trying to drive a Ferrari on a dirt road and claiming the dirt road is ar fault when your Ferrari has issues.

Irrelevant how fast the USB is. If the filesystem has to do things slower, then simply do things slower. There's no excuse for hard freezes.

> You're trying to drive a Ferrari on a dirt road and claiming the dirt road is ar fault when your Ferrari has issues.

So btrfs in this metaphor is the Ferrari? Yes, I agree with you that my Ferrari definitely 100% has issues XD

You keep talking about btrfs workloads as though it's something crazy for usb firmware to handle. It really isn't. There's a bit of performance overhead, but not so much as to be unusable. And it's just I/O at the end of the day, not some mysterious workload that pushes the wrong buttons. USB firmware is more likely to freak out when doing sustained I/O and the thing gets too hot.

Anyway, I did minimal writes with btrfs before the freezes, and this particular USB drive I was able to push to the limit with XFS. Sustained reads and writes in a benchmark workload. Way more than the manufacturer would have tested for. And no freezes. I rest my case.

Btrfs is also far more reliable than ZFS in my view, because it has far far more real world testing, and is also much more actively developed.

Magical perfect elegant code isn't what makes a good filesystem: real world testing, iteration, and bugfixing is. BTRFS has more of that right now than anything else ever has.

On the other hand, while I haven't used it for /, dipping my toes in bcachefs with recoverable data has been a pleasant experience. Compression, encryption, checksumming, deduplication, easy filesystem resizing, SSD acceleration, ease of adding devices… it's good to have it all in one place.

That's not really true: it's deployed across a wide variety of workloads. Not databases, obviously, but reliability concerns have nothing to do with that.

My point isn't "they use it, it must be good": that's silly. My point is that they employ multiple full time engineers dedicated to finding and fixing the bugs in upstream Linux, and because of that, BTRFS is more well tested in practice than anything else out there today.

It doesn't matter how well thought out or "elegant" bcachefs or ZFS are: they don't have a team of full time engineers with access to thousands upon thousands of machines running the filesystem actively fixing bugs. That's what actually matters.

> Compression, encryption, checksumming, deduplication, easy filesystem resizing, SSD acceleration, ease of adding devices... it's good to have it all in one place.

BTRFS does all of that today.

ZFS has corruption bugs, this one was far worse than anything I've seen in btrfs recently: https://lists.freebsd.org/archives/freebsd-stable/2023-Novem...

If you're really conservative with these things, as some of us are, you currently don't really have a single safe COW pick. (Smug FreeBSD users incoming.) I have most trust in bcachefs over the long term.

DKMS works fine. And you can also take the NixOS approach where it's not built into the kernel but the system will never actually install a new kernel unless ZFS is supported on it and successfully builds for it.

I agree that it's still not ideal, though. I hope bcachefs thrives and takes a place of pride in the Linux world!

I have both bcachefs and ext4 filesystems on the same machine, for different uses.