ZED(8) System Manager's Manual ZED(8)

ZEDZFS Event Daemon

ZED [-fFhILMvVZ] [-d zedletdir] [-p pidfile] [-P path] [-s statefile] [-j jobs] [-b buflen]

The ZED (ZFS Event Daemon) monitors events generated by the ZFS kernel module. When a zevent (ZFS Event) is posted, the ZED will run any ZEDLETs (ZFS Event Daemon Linkage for Executable Tasks) that have been enabled for the corresponding zevent class.

Display a summary of the command-line options.
Display license information.
Display version information.
Be verbose.
Force the daemon to run if at all possible, disabling security checks and throwing caution to the wind. Not recommended for use in production.
Don't daemonise: remain attached to the controlling terminal, log to the standard I/O streams.
Lock all current and future pages in the virtual memory address space. This may help the daemon remain responsive when the system is under heavy memory pressure.
Request that the daemon idle rather than exit when the kernel modules are not loaded. Processing of events will start, or resume, when the kernel modules are (re)loaded. Under Linux the kernel modules cannot be unloaded while the daemon is running.
Zero the daemon's state, thereby allowing zevents still within the kernel to be reprocessed.
Read the enabled ZEDLETs from the specified directory.
Write the daemon's process ID to the specified file.
Custom $PATH for zedlets to use. Normally zedlets run in a locked-down environment, with hardcoded paths to the ZFS commands ($ZFS, $ZPOOL, $ZED, ), and a hard-coded $PATH. This is done for security reasons. However, the ZFS test suite uses a custom PATH for its ZFS commands, and passes it to ZED with -P. In short, -P is only to be used by the ZFS test suite; never use it in production!
Write the daemon's state to the specified file.
Allow at most jobs ZEDLETs to run concurrently, delaying execution of new ones until they finish. Defaults to .
Cap kernel event buffer growth to buflen entries. This buffer is grown when the daemon misses an event, but results in unreclaimable memory use in the kernel. A value of removes the cap. Defaults to .

A zevent is comprised of a list of nvpairs (name/value pairs). Each zevent contains an EID (Event IDentifier) that uniquely identifies it throughout the lifetime of the loaded ZFS kernel module; this EID is a monotonically increasing integer that resets to 1 each time the kernel module is loaded. Each zevent also contains a class string that identifies the type of event. For brevity, a subclass string is defined that omits the leading components of the class string. Additional nvpairs exist to provide event details.

The kernel maintains a list of recent zevents that can be viewed (along with their associated lists of nvpairs) using the zpool events -v command.

ZEDLETs to be invoked in response to zevents are located in the enabled-zedlets directory (zedletdir). These can be symlinked or copied from the directory; symlinks allow for automatic updates from the installed ZEDLETs, whereas copies preserve local modifications. As a security measure, since ownership change is a privileged operation, ZEDLETs must be owned by root. They must have execute permissions for the user, but they must not have write permissions for group or other. Dotfiles are ignored.

ZEDLETs are named after the zevent class for which they should be invoked. In particular, a ZEDLET will be invoked for a given zevent if either its class or subclass string is a prefix of its filename (and is followed by a non-alphabetic character). As a special case, the prefix matches all zevents. Multiple ZEDLETs may be invoked for a given zevent.

ZEDLETs are executables invoked by the ZED in response to a given zevent. They should be written under the presumption they can be invoked concurrently, and they should use appropriate locking to access any shared resources. Common variables used by ZEDLETs can be stored in the default rc file which is sourced by scripts; these variables should be prefixed with .

The zevent nvpairs are passed to ZEDLETs as environment variables. Each nvpair name is converted to an environment variable in the following manner:

  1. it is prefixed with ,
  2. it is converted to uppercase, and
  3. each non-alphanumeric character is converted to an underscore.

Some additional environment variables have been defined to present certain nvpair values in a more convenient form. An incomplete list of zevent environment variables is as follows:

The Event IDentifier.
The zevent class string.
The zevent subclass string.
The time at which the zevent was posted as “seconds nanoseconds” since the Epoch.
The seconds component of ZEVENT_TIME.
The component of ZEVENT_TIME.
An almost-RFC3339-compliant string for ZEVENT_TIME.

Additionally, the following ZED & ZFS variables are defined:

The daemon's process ID.
The daemon's current enabled-zedlets directory.
The alias (“--”) string of the ZFS distribution the daemon is part of.
The ZFS version the daemon is part of.
The ZFS release the daemon is part of.

ZEDLETs may need to call other ZFS commands. The installation paths of the following executables are defined as environment variables: , , , , and . These variables may be overridden in the rc file.

The default directory for enabled ZEDLETs.
The default rc file for common variables used by ZEDLETs.
The default directory for installed ZEDLETs.
The default file containing the daemon's process ID.
The default file containing the daemon's state.

Reconfigure the daemon and rescan the directory for enabled ZEDLETs.
Terminate the daemon.

zfs(8), zpool(8), zpool-events(8)

The ZED requires root privileges.

Do not taunt the ZED.

ZEDLETs are unable to return state/status information to the kernel.

Internationalization support via gettext has not been added.

May 26, 2021 Debian