From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 88C3ABBC62 for ; Tue, 19 Dec 2023 12:54:46 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5E8AD37145 for ; Tue, 19 Dec 2023 12:54:16 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 19 Dec 2023 12:54:15 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 75F7F4859C for ; Tue, 19 Dec 2023 12:54:15 +0100 (CET) Date: Tue, 19 Dec 2023 12:54:08 +0100 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20231215135154.284412-1-s.hanreich@proxmox.com> In-Reply-To: <20231215135154.284412-1-s.hanreich@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1702986417.rjiew8jrm6.astroid@yuna.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.086 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, gitlab.com] Subject: Re: [pve-devel] [PATCH pve-manager v2] postinst: filter rbds in lvm X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2023 11:54:46 -0000 On December 15, 2023 2:51 pm, Stefan Hanreich wrote: > Since LVM 2.03.15 RBD devices are also scanned by default [1]. This > can lead to guest volumes being recognized and displayed on the host > when using KRBD for RBD-backed disks. In order to prevent this we add > an additional filter to the LVM config to avoid scanning rbds. >=20 > This also prevents a bug where LVM created a very high amount of > archive entries when there were logical volumes with the same path > available. This could happen when two guests with RBD disks had the > same LVM layout or a guest and host had the same layout. >=20 > previous behavior: > If there is no marker in the LVM conf and global_filter does not > contain '/dev/zd.*': replace the global_filter with our version >=20 > new behavior: > If there is no marker in the LVM conf or we upgrade from > 8.1.4: Replace the global_filter with our version if the global_filter > is empty or *exactly* '/dev/zd.*' >=20 > The previous versions could replace custom global_filters where the > comment had been removed and the zvol directive removed. The new > behavior is slightly more conservative, but works the same in other > cases. >=20 > [1] https://gitlab.com/lvmteam/lvm2/-/commit/6a431eb24241caf2277d3e5b4718= 782d92650a2a >=20 > Signed-off-by: Stefan Hanreich > --- > debian/postinst | 33 +++++++++++++++++++++------------ > 1 file changed, 21 insertions(+), 12 deletions(-) >=20 > diff --git a/debian/postinst b/debian/postinst > index 4c9a1f250..1d2f815e8 100755 > --- a/debian/postinst > +++ b/debian/postinst > @@ -9,21 +9,22 @@ set -e > # installed and configured. > =20 > set_lvm_conf() { > + local FORCE=3D"$1" > LVM_CONF_MARKER=3D"# added by pve-manager to avoid scanning" > =20 > # keep user changes afterwards provided marker is still there.. > - if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf; then > + if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$FORCE= "; then > return 0 # only do these changes once > fi > =20 > - OLD_VALUE=3D"$(lvmconfig --typeconfig full devices/global_filter)" > - NEW_VALUE=3D'global_filter=3D["r|/dev/zd.*|"]' > + OLD_VALUE=3D"$(lvmconfig --typeconfig diff devices/global_filter || = echo '')" > + NEW_VALUE=3D'global_filter=3D["r|/dev/zd.*|","r|/dev/rbd.*|"]' > =20 > export LVM_SUPPRESS_FD_WARNINGS=3D1 > =20 > # check global_filter > - # keep previous setting from our custom packaging if it is still the= re > - if echo "$OLD_VALUE" | grep -qvF 'r|/dev/zd.*|'; then > + # update setting if it is empty or exactly the one we set before 8.1= .4 > + if test -z "$OLD_VALUE" || (echo "$OLD_VALUE" | grep -qF '=3D"r|/dev= /zd.*|"'); then > SET_FILTER=3D1 > BACKUP=3D1 > fi this part is now a lot stricter then before (e.g., if the user has added multipath devices or something else to the filter for whatever reason, the filter won't be extended). should we at least print a warning in that case? iff - the config is not default (OLD_VALUE is set) - the old value is neither our expected old value nor our new value echo "non-default 'global_filter' value '$OLD_VALUE' in /etc/lvm/lvm.conf, = not setting '$NEW_VALUE' automatically" echo "consider adapting your 'global_filter' manually." or something along those lines? also, the combination of marker found, but no $OLD_VALUE would indicate that the user explicitly disabled/commented our previously set value - maybe in that case we also should just print a warning instead of overriding that choice? > @@ -37,17 +38,19 @@ set_lvm_conf() { > cp -vb /etc/lvm/lvm.conf /etc/lvm/lvm.conf.bak > fi > if test -n "$SET_FILTER"; then > - echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zv= ols from being scanned:" > + echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zv= ols and rbds from being scanned:" > echo "$OLD_VALUE =3D> $NEW_VALUE" > - # comment out existing setting > - sed -i -e 's/^\([[:space:]]*global_filter[[:space:]]*=3D\)/#\1/'= /etc/lvm/lvm.conf > - # add new section with our setting > - cat >> /etc/lvm/lvm.conf < + if test -n "$OLD_VALUE"; then > + sed -i -e "s/$LVM_CONF_MARKER ZFS zvols/$LVM_CONF_MARKER ZFS= zvols and Ceph rbds/" /etc/lvm/lvm.conf > + sed -i -e "s!^\([[:space:]]*\)\(global_filter[[:space:]]*=3D= .*\)\$!\1# \2\n\1$NEW_VALUE!" /etc/lvm/lvm.conf > + else > + cat >> /etc/lvm/lvm.conf < devices { > - $LVM_CONF_MARKER ZFS zvols > + $LVM_CONF_MARKER ZFS zvols and Ceph rbds > $NEW_VALUE > - } > +} > EOF > + fi > fi > if test -n "$SET_SCAN_LVS"; then > echo "Adding scan_lvs=3D0 setting to /etc/lvm/lvm.conf to preven= t LVs from being scanned." > @@ -165,6 +168,12 @@ case "$1" in > rm -v "$BETA_SOURCES" || true > fi > =20 > + if test ! -e /proxmox_install_mode && test -n "$2" && dpkg --compare= -versions "$2" 'lt' '8.1.4~'; then > + if test -e /etc/lvm/lvm.conf ; then > + set_lvm_conf 1 > + fi > + fi > + > set_lvm_conf > =20 > if test ! -e /proxmox_install_mode; then > --=20 > 2.39.2 >=20 >=20 > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >=20 >=20 >=20