From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-manager] postinst: Filter RADOS block devices
Date: Wed, 13 Dec 2023 16:35:38 +0100 [thread overview]
Message-ID: <20231213153538.358434-1-s.hanreich@proxmox.com> (raw)
Since LVM 2.03.15 RBD devices are also scanned by default [1]. This
can lead to guest volumes being recognized and displayed on the host
when using KRBD for RBD-backed disks. In order to prevent this we add
an additional filter to the LVM config to avoid scanning RADOS block
devices.
This also prevents a bug where LVM created a very high amount of
archive entries when there were logical volumes with the same path
available. This could happen when two guests with RBD disks had the
same LVM layout or a guest and host had the same layout.
The following cases can happen where postinst gets executed:
Upgrading from < 8.1.4: We force the new global_filter to be set in
the LVM config
Upgrading from >= 8.1.4: do nothing
New Installation: Run the function as before, just with the new
global_filter value
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
I have tested this for all cases by executing the script manually in a
VM.
Just in the case of upgrading from < 8.1.4 the resulting LVM config is
quite ugly:
```
devices {
# added by pve-manager to avoid scanning ZFS zvols
# global_filter=["r|/dev/zd.*|"]
}
devices {
# added by pve-manager to avoid scanning ZFS zvols and RADOS block devices
global_filter=["r|/dev/zd.*|","r|/dev/rbd.*|"]
}
```
Trying to find and delete the existing, enclosing devices {} part also
seemed a bit brittle to me, particularly since users could be adding
custom values to this section as well - which we would have to handle
then as well.
Does anyone maybe have a better idea on how to handle this without
generating such an ugly config?
debian/postinst | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/debian/postinst b/debian/postinst
index 4c9a1f250..59d88105c 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -9,21 +9,25 @@ set -e
# installed and configured.
set_lvm_conf() {
+ local FORCE="$1"
+
LVM_CONF_MARKER="# added by pve-manager to avoid scanning"
# keep user changes afterwards provided marker is still there..
- if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf; then
+ if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$FORCE"; then
return 0 # only do these changes once
fi
+ FILTER_VALUE='"r|/dev/zd.*|","r|/dev/rbd.*|"'
+
OLD_VALUE="$(lvmconfig --typeconfig full devices/global_filter)"
- NEW_VALUE='global_filter=["r|/dev/zd.*|"]'
+ NEW_VALUE="global_filter=[$FILTER_VALUE]"
export LVM_SUPPRESS_FD_WARNINGS=1
# check global_filter
# keep previous setting from our custom packaging if it is still there
- if echo "$OLD_VALUE" | grep -qvF 'r|/dev/zd.*|'; then
+ if echo "$OLD_VALUE" | grep -qvF "$FILTER_VALUE"; then
SET_FILTER=1
BACKUP=1
fi
@@ -37,14 +41,14 @@ set_lvm_conf() {
cp -vb /etc/lvm/lvm.conf /etc/lvm/lvm.conf.bak
fi
if test -n "$SET_FILTER"; then
- echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols from being scanned:"
+ echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols and rbds from being scanned:"
echo "$OLD_VALUE => $NEW_VALUE"
# comment out existing setting
sed -i -e 's/^\([[:space:]]*global_filter[[:space:]]*=\)/#\1/' /etc/lvm/lvm.conf
# add new section with our setting
cat >> /etc/lvm/lvm.conf <<EOF
devices {
- $LVM_CONF_MARKER ZFS zvols
+ $LVM_CONF_MARKER ZFS zvols and RADOS block devices
$NEW_VALUE
}
EOF
@@ -165,6 +169,12 @@ case "$1" in
rm -v "$BETA_SOURCES" || true
fi
+ if test ! -e /proxmox_install_mode && test -n "$2" && dpkg --compare-versions "$2" 'lt' '8.1.4~'; then
+ if test -e /etc/lvm/lvm.conf ; then
+ set_lvm_conf 1
+ fi
+ fi
+
set_lvm_conf
if test ! -e /proxmox_install_mode; then
--
2.39.2
next reply other threads:[~2023-12-13 15:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-13 15:35 Stefan Hanreich [this message]
2023-12-13 17:07 ` Stefan Hanreich
2023-12-14 9:34 ` Friedrich Weber
2023-12-14 9:55 ` Stefan Hanreich
2023-12-14 9:56 ` Stefan Hanreich
2023-12-14 10:17 ` Friedrich Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231213153538.358434-1-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox