Changing default verification algorithm: auto-verify-alg

LINSTOR
,
1

Hello.
I came across commit https://github.com/torvalds/linux/commit/8522104f75bf1ce33d76ea425185da2a7fba5a70 indicating that support for the crct10dif algorithm was removed from the Linux kernel. Consequently, I decided to test the crc32c algorithm. During testing of verification algorithms in LINSTOR, I encountered ambiguous behavior regarding property inheritance and how values are displayed across different levels.

  • OS: Ubuntu 24.04

  • LINSTOR Controller/Satellite: 1.33.1

  • DRBD version: 9.3

I attempted to change the verification algorithm at the Resource Group level using the following command:
linstor rg opt --verify-alg crc32c test

As expected, the new value is visible at the Resource Group level:

root@test-node2:~# linstor rg lp test
+-----------------------------------------------------------+

| Key                         | Value                       |
|-----------------------------------------------------------|
| DrbdOptions/Net/verify-alg  | crc32c                      |
+-----------------------------------------------------------+

However, when checking the Resource Definition properties, I still see a different key with the old value:

root@test-node2:~# linstor rd lp test
+---------------------------------------------------+

| Key                           | Value             |
|---------------------------------------------------|
| DrbdOptions/auto-verify-alg   | crct10dif         |
+---------------------------------------------------+

Interestingly, the actual DRBD configuration correctly reflects the new setting. In the DRBD config, I see the new algorithm that I assigned to the Resource Group:

root@test-node3:~# drbdsetup show test
...
net {
    verify-alg "crc32c";
}
...

I can see that DRBD receives the correct configuration, but after changing the verification algorithm on the Resource Group, I expected this change to be reflected in the Resource Definition as well. The simultaneous coexistence of auto-verify-alg and verify-alg creates confusion from an administrative perspective.
I would appreciate a clarification on the proper way to change the verification algorithm in LINSTOR.
Is it possible to change the default algorithm for auto-verify-alg?
Why is this property not updated or hidden when verify-alg is explicitly defined at the Resource Group level?

2

Aside: have you found this option documented anywhere? I see it in the linstor source code, but I don’t see it in the linstor manual. (I’m sure it’s valid - linstor does validate the property names - but I’d like to understand the semantics)

Also, I’m not sure if resource-definition list-properties shows properties which are inherited from the resource group - and if it does, whether it’s possible to distinguish between inherited and explicitly-set properties.

brian@virtual1:~$ linstor rd l -r linstor_db
╭──────────────────────────────────────────────────────╮
┊ ResourceName ┊ ResourceGroup  ┊ Layers       ┊ State ┊
╞══════════════════════════════════════════════════════╡
┊ linstor_db   ┊ linstor-db-grp ┊ DRBD,STORAGE ┊ ok    ┊
╰──────────────────────────────────────────────────────╯
brian@virtual1:~$ linstor rg lp linstor-db-grp
╭──────────────────────────────────────────────────────────────────────╮
┊ Key                                                ┊ Value           ┊
╞══════════════════════════════════════════════════════════════════════╡
┊ DrbdOptions/Resource/auto-promote                  ┊ no              ┊
┊ DrbdOptions/Resource/on-no-data-accessible         ┊ io-error        ┊
┊ DrbdOptions/Resource/on-no-quorum                  ┊ io-error        ┊
┊ DrbdOptions/Resource/on-suspended-primary-outdated ┊ force-secondary ┊
┊ DrbdOptions/Resource/quorum                        ┊ majority        ┊
┊ Internal/Drbd/QuorumSetBy                          ┊ user            ┊
╰──────────────────────────────────────────────────────────────────────╯
brian@virtual1:~$ linstor rd lp linstor_db
╭─────────────────────────────────────────╮
┊ Key                         ┊ Value     ┊
╞═════════════════════════════════════════╡
┊ DrbdOptions/Resource/quorum ┊ majority  ┊
┊ DrbdOptions/auto-verify-alg ┊ crct10dif ┊
┊ DrbdPrimarySetOn            ┊ VIRTUAL1  ┊
╰─────────────────────────────────────────╯
brian@virtual1:~$ /usr/sbin/drbdadm dump
...
        verify-alg       crct10dif;
3

No, I haven’t found this option in the documentation either.

Is the value of DrbdOptions/auto-verify-alg hardcoded directly in the source code?

4

I don’t really grok java, but if you hunt around the context you might find what its default is:

% egrep -R '\bauto-verify-alg\b' .
./debian/changelog:  * auto-verify-alg: Improve disabled check
./server/src/main/java/com/linbit/linstor/InternalApiConsts.java:    public static final String DRBD_AUTO_VERIFY_ALGO = "auto-verify-alg";
% egrep -R '\bDRBD_AUTO_VERIFY_ALGO\b' .
./server/src/main/java/com/linbit/linstor/InternalApiConsts.java:    public static final String DRBD_AUTO_VERIFY_ALGO = "auto-verify-alg";
./controller/src/main/java/com/linbit/linstor/core/apicallhandler/controller/CtrlRscDfnAutoVerifyAlgoHelper.java:                        InternalApiConsts.DRBD_AUTO_VERIFY_ALGO, ApiConsts.NAMESPC_DRBD_OPTIONS
./controller/src/main/java/com/linbit/linstor/core/apicallhandler/controller/CtrlRscDfnAutoVerifyAlgoHelper.java:                            InternalApiConsts.DRBD_AUTO_VERIFY_ALGO,
./controller/src/main/java/com/linbit/linstor/core/apicallhandler/controller/CtrlRscDfnAutoVerifyAlgoHelper.java:                        rscDfnProps.removeProp(InternalApiConsts.DRBD_AUTO_VERIFY_ALGO, ApiConsts.NAMESPC_DRBD_OPTIONS);
./controller/src/main/java/com/linbit/linstor/core/apicallhandler/controller/CtrlRscDfnAutoVerifyAlgoHelper.java:                        InternalApiConsts.DRBD_AUTO_VERIFY_ALGO, ApiConsts.NAMESPC_DRBD_OPTIONS) != null)
./controller/src/main/java/com/linbit/linstor/core/apicallhandler/controller/CtrlRscDfnAutoVerifyAlgoHelper.java:                    rscDfnProps.removeProp(InternalApiConsts.DRBD_AUTO_VERIFY_ALGO, ApiConsts.NAMESPC_DRBD_OPTIONS);
./satellite/src/main/java/com/linbit/linstor/layer/drbd/resfiles/ConfFileBuilder.java:                InternalApiConsts.DRBD_AUTO_VERIFY_ALGO, ApiConsts.NAMESPC_DRBD_OPTIONS);

And I noticed this:

./controller/src/main/java/com/linbit/linstor/dbcp/migration/k8s/crd/Migration_01_v1_15_0_init.java:            "DrbdOptions/auto-verify-algo-allowed-list", "crct10dif-pclmul;crct10dif-generic;sha384-generic;sha512-generic;sha256-generic;md5-generic"
5

Could you please explain how the parameter DrbdOptions/auto-verify-algo-allowed-user-list works?
Does it restrict the selection of the verification algorithm from the list DrbdOptions/auto-verify-algo-allowed-list for the parameter DrbdOptions/auto-verify-alg?

6

the auto-verify-algo-allowed-user-list allows additional shash algorithms to be considered by Linstor, so it doesn’t override the linstor list, just expand it.