In light of recent discussions about how to implement device mirroring, it might be useful to describe an approach used in Bull's GCOS8 operating system. (GCOS8 is a mainframe operating system designed for the highest possible reliability and dynamic replacement of parts.) The GCOS8 approach has been used since the late 1970's and I think it works quite well. I'm not sure how compatible it might be with OpenBSD, but it's worth mentioning.
In the GCOS8 model, every disk device can have a secondary device. All reads may be performed on either the primary or the secondary, allowing for possible seek optimization. (However, if the system believes the two devices might be out of sync, reads only take place on the primary.) All writes are done on both primary and secondary. Secondary devices can have their own secondaries, making it possible to daisy- chain any number of disks together. A secondary device may be added to a primary device at any time. This allows for adding new disks or creating mirror partitions "on the fly." When a secondary device is added, the system immediately initiates a process to copy the primary's contents to the secondary *in sequence* from the bottom up (i.e. from the lowest address on the primary to the highest). This process operates at the kernel level using raw physical reads and writes. While the sequential copy process is executing, write operations can continue on the primary. If the write destination is in the region that's already been copied, the system writes to both the primary and secondary. If the write destination is in the region that hasn't been copied yet, the system writes only to the primary (since the copy process will update the secondary eventually). This leaves a section in the middle where the copy process is currently working; if a write operation is intended for this "busy" section, the system writes to the primary and waits to write to the secondary until the copy process has finished in that section. This arrangement could solve some of the problems found in other mirroring schemes. In particular, there's no problem with mirroring the root device; you simply associate a secondary device with the root and everything happens automatically. An important feature of this approach is the ability to swap the primary and secondary devices. If, for example, you suspect the primary disk may be dying, you can simply use a system call to declare that the secondary is the primary and vice versa. This approach also makes it possible to remove a disk on the fly. You set up a secondary device for the disk, and wait for the copy process to execute. When the copying is done, you invoke a command that makes the secondary the new primary and simultaneously terminates the mirroring relationship. You can then remove the original disk, with the secondary disk acting as a replacement. A similar process lets you capture an image of a disk or partition at a particular moment in time. The same sort of operation would let you grow a partition on the fly, provided that OpenBSD's growfs were fixed to work on mounted partitions. (The current documentation says that growfs ought to work, but doesn't.) If growfs were fixed, you could mirror the partition you want to grow with a secondary partition that had the potential to grow. You could then use growfs on the secondary partition, and swap the secondary with the primary to get the effect of growing the original partition. Finally, this type of operation would provide a more satisfactory way of implementing altroot, since it provides for a completely in-sync copy of any device or partition. It's important to note that all these operations could be done dynamically, without having to interrupt service by rebooting. A lot of the discussion on this forum deals with the problem of security against outside intruders. However, I've found that security of data against accidents and mistakes is just as important as defense against intrusion. A practical method for mirroring disks can buy you a lot of peace of mind.
