**Situation overview & first actions**- Treat as high-severity: corruption can be silent. Triage to contain scope before mass repair.- Notify stakeholders (ops, app owners) with immediate risk, impacted pools/users, and a short maintenance window if intrusive actions needed.**Inspect cluster health & metadata**- Check global health and recent events:bash
ceph status
ceph health detail
ceph -s
- Identify affected pools/PGs/OSDs:bash
ceph pg dump pgs_brief | grep -E "corrupt|inconsistent|stale"
ceph osd tree
ceph pg <pgid> query
- Audit object metadata and checksums (RADOS/Xattrs, RBD/rgw metadata).**Run scrubbing and verification**- Start targeted scrubs (avoid cluster-wide load spike):bash
# schedule deep-scrub for specific PGs/pool
ceph osd pool scrub <pool> --deep-scrub
ceph pg deep-scrub <pgid>
- Monitor scrub logs and events:bash
ceph health detail
journalctl -u ceph-osd -f
- For RBD/CEPHFS/RGW: use rbd info / rbd diff / fsck tools or rgw-admin to verify object checksums/etags.**Safe repair workflow**- Prefer read-only verification, then repair only verified corrupt replicas.- Back up affected objects/snapshots before write actions:bash
# export object as backup
rados -p <pool> get <object> /tmp/<object>.bak
- Use Ceph repair primitives:bash
ceph pg repair <pgid> # repairs PG replica set using healthy copies
rados repair -p <pool> <object> # for specific object (if available)
- If OSD hardware suspected: mark out, reweight, replace OSD, let rebalance complete; avoid simultaneous removals.**Verify client-visible integrity**- Re-fetch objects from clients and compute checksums:bash
sha256sum /path/to/object
# compare with known-good checksum or backup
- For S3/rgw, compare ETag/MD5; run application-level integrity tests and sampling reads.- Run systemic tests (consistency checks, fsck for CephFS, rbd bench/verify).**Prevent recurrence & root-cause analysis**- Check OSD SMART, kernel/syslog, network errors, scrubbing schedule, Ceph version bugs.- Enable/verify checksums at layers (filestore/bluestore checksum config), update to patched Ceph if bug identified.**Communication to stakeholders**- Immediate: what happened, systems/pools affected, user impact, mitigation steps in progress, expected ETA.- Follow-up: root cause, objects affected count, actions taken (backups, repairs, OSD replacements), risk of data loss, prevention steps and timeline for fixes/patches.- Provide rollback/restore plan and recommended actions for app owners (revalidate checksums, reingest data if needed).**Outcome & lessons**- Prioritize targeted scrubbing, backups before repair, and clear stakeholder updates. Implement monitoring for silent corruption (periodic deep-scrubs, S.M.A.R.T. alerts, checksum audits).