BootLoginWithFullFilesystem

Differences between revisions 5 and 6
Revision 5 as of 2007-05-16 11:36:11
Size: 3362
Editor: chiark
Comment: release note and test plan
Revision 6 as of 2007-05-31 13:29:10
Size: 4357
Editor: quest
Comment: approver comments
Deletions are marked like this. Additions are marked like this.
Line 17: Line 17:

 ''ScottJamesRemnant: another use case here -- the machine will actually boot and let Michael login, and find out he's run out of disk space''
Line 36: Line 38:
 ''ScottJamesRemnant: we'd like to see more rigorous testing of the "most things work" hypothesis during the release cycle. For example, finding out what opens files for writing and working out why. Things are definitely expecting to write data, and they shouldn't be. strace and inotify will be helpful here. Please include a plan to test everything installed by default as part of this specification, and document the plan.''
Line 40: Line 44:
 ''ScottJamesRemnant: could /var/run not be used for this? the authority file seems to fit in with runtime data''
Line 43: Line 48:

 ''ScottJamesRemnant: some more detail about the implementation of this "dialog" are required. How will it be run? Will it be a dialog or a notification popup? Interaction issues between a dialog and ssh-askpass?''

 ''ScottJamesRemnant: any thoughts on helping the user free some space?''

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

This specification is about making boot and login work when the disk runs out of free space

Rationale

At the moment the desktop session doesn't start when there is no free space on the disk and let the user without any easy way to fix his system.

Use Cases

  • Michael just installed some new applications, ran out of disk space and didn't notice. The next login will warn him about the problem and let him to make some space.

    ScottJamesRemnant: another use case here -- the machine will actually boot and let Michael login, and find out he's run out of disk space

Scope

The Ubuntu distribution. We will aim to make the system work well enough for a user to be able to log in and delete files using the normal graphical file manager.

Examples of problems we consider out of scope:

  • The user may not be able to run firefox to get help.
  • Other applications may not run properly.
  • The user might fill up swap, eg by filling a tmpfs with junk; this is fixable with a reboot.
  • It is possible that some parts of the system or of the user's session will come up in a suboptimal state if the disk was full; this is fixable by making space and then rebooting.

Testing results

At UDS Seville, we did some tests. The current system is remarkably robust. We were able to boot and found only the following two problems:

  • If even the reserved blocks are used on all relevant partitions, gdm cannot write an authority file and login is not possible. gdm already has a fallback feature to write the authority file to a different location, but the currently set alternative location can also be full.
  • The session script attempts to create .gconfd, which can fail. This is only a problem if a user logs in for the first time with a full disk (and then the user's desktop session will not come up properly).

With an ad-hoc solution to the authority file problem, a test system was able to boot properly and the user was able to log in and delete files. A warning notification about low disk space was already displayed but had suboptimal wording and could do with some polish.

  • ScottJamesRemnant: we'd like to see more rigorous testing of the "most things work" hypothesis during the release cycle. For example, finding out what opens files for writing and working out why. Things are definitely expecting to write data, and they shouldn't be. strace and inotify will be helpful here. Please include a plan to test everything installed by default as part of this specification, and document the plan.

Implementation

To address the problems properly:

  • Create a /var/overflow 1 megabyte tmpfs partition.

    ScottJamesRemnant: could /var/run not be used for this? the authority file seems to fit in with runtime data

  • Make gdm set TMPDIR to this partition if there is less than 1 megabyte available on /tmp.
  • Set gdm's fallback authority location to a suitable place in /var/overflow.
  • Display a better dialog on login explaining that the user needs to free some space and then restart the system.

    ScottJamesRemnant: some more detail about the implementation of this "dialog" are required. How will it be run? Will it be a dialog or a notification popup? Interaction issues between a dialog and ssh-askpass?

    ScottJamesRemnant: any thoughts on helping the user free some space?

Release note

  • Arrangements are now made to ensure that even if the disk is full, the system is functional enough for the user to boot, log in, and be able to view and delete files.

Demo plan

  • install (with a single filesystem) and log in and check that all is well
  • copy some of the example documents into the new user's desktop or home directory
  • sudo dd if=/dev/zero of=/waste-space
  • log out or reboot
  • log in, observe the warning message appears properly, and view and delete some of the example documents
  • if the system is wanted for some other purpose, sudo rm /waste-space and reboot

CategorySpec

BootLoginWithFullFilesystem (last edited 2008-08-06 16:31:27 by localhost)