From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-manager v2] postinst: filter rbds in lvm
Date: Fri, 15 Dec 2023 14:51:54 +0100 [thread overview]
Message-ID: <20231215135154.284412-1-s.hanreich@proxmox.com> (raw)
Since LVM 2.03.15 RBD devices are also scanned by default [1]. This
can lead to guest volumes being recognized and displayed on the host
when using KRBD for RBD-backed disks. In order to prevent this we add
an additional filter to the LVM config to avoid scanning rbds.
This also prevents a bug where LVM created a very high amount of
archive entries when there were logical volumes with the same path
available. This could happen when two guests with RBD disks had the
same LVM layout or a guest and host had the same layout.
previous behavior:
If there is no marker in the LVM conf and global_filter does not
contain '/dev/zd.*': replace the global_filter with our version
new behavior:
If there is no marker in the LVM conf or we upgrade from
8.1.4: Replace the global_filter with our version if the global_filter
is empty or *exactly* '/dev/zd.*'
The previous versions could replace custom global_filters where the
comment had been removed and the zvol directive removed. The new
behavior is slightly more conservative, but works the same in other
cases.
[1] https://gitlab.com/lvmteam/lvm2/-/commit/6a431eb24241caf2277d3e5b4718782d92650a2a
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
debian/postinst | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/debian/postinst b/debian/postinst
index 4c9a1f250..1d2f815e8 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -9,21 +9,22 @@ set -e
# installed and configured.
set_lvm_conf() {
+ local FORCE="$1"
LVM_CONF_MARKER="# added by pve-manager to avoid scanning"
# keep user changes afterwards provided marker is still there..
- if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf; then
+ if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$FORCE"; then
return 0 # only do these changes once
fi
- OLD_VALUE="$(lvmconfig --typeconfig full devices/global_filter)"
- NEW_VALUE='global_filter=["r|/dev/zd.*|"]'
+ OLD_VALUE="$(lvmconfig --typeconfig diff devices/global_filter || echo '')"
+ NEW_VALUE='global_filter=["r|/dev/zd.*|","r|/dev/rbd.*|"]'
export LVM_SUPPRESS_FD_WARNINGS=1
# check global_filter
- # keep previous setting from our custom packaging if it is still there
- if echo "$OLD_VALUE" | grep -qvF 'r|/dev/zd.*|'; then
+ # update setting if it is empty or exactly the one we set before 8.1.4
+ if test -z "$OLD_VALUE" || (echo "$OLD_VALUE" | grep -qF '="r|/dev/zd.*|"'); then
SET_FILTER=1
BACKUP=1
fi
@@ -37,17 +38,19 @@ set_lvm_conf() {
cp -vb /etc/lvm/lvm.conf /etc/lvm/lvm.conf.bak
fi
if test -n "$SET_FILTER"; then
- echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols from being scanned:"
+ echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols and rbds from being scanned:"
echo "$OLD_VALUE => $NEW_VALUE"
- # comment out existing setting
- sed -i -e 's/^\([[:space:]]*global_filter[[:space:]]*=\)/#\1/' /etc/lvm/lvm.conf
- # add new section with our setting
- cat >> /etc/lvm/lvm.conf <<EOF
+ if test -n "$OLD_VALUE"; then
+ sed -i -e "s/$LVM_CONF_MARKER ZFS zvols/$LVM_CONF_MARKER ZFS zvols and Ceph rbds/" /etc/lvm/lvm.conf
+ sed -i -e "s!^\([[:space:]]*\)\(global_filter[[:space:]]*=.*\)\$!\1# \2\n\1$NEW_VALUE!" /etc/lvm/lvm.conf
+ else
+ cat >> /etc/lvm/lvm.conf <<EOF
devices {
- $LVM_CONF_MARKER ZFS zvols
+ $LVM_CONF_MARKER ZFS zvols and Ceph rbds
$NEW_VALUE
- }
+}
EOF
+ fi
fi
if test -n "$SET_SCAN_LVS"; then
echo "Adding scan_lvs=0 setting to /etc/lvm/lvm.conf to prevent LVs from being scanned."
@@ -165,6 +168,12 @@ case "$1" in
rm -v "$BETA_SOURCES" || true
fi
+ if test ! -e /proxmox_install_mode && test -n "$2" && dpkg --compare-versions "$2" 'lt' '8.1.4~'; then
+ if test -e /etc/lvm/lvm.conf ; then
+ set_lvm_conf 1
+ fi
+ fi
+
set_lvm_conf
if test ! -e /proxmox_install_mode; then
--
2.39.2
next reply other threads:[~2023-12-15 13:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-15 13:51 Stefan Hanreich [this message]
2023-12-15 14:10 ` Stefan Hanreich
2023-12-19 11:54 ` Fabian Grünbichler
2023-12-19 13:13 ` Stefan Hanreich
2023-12-19 12:10 ` Friedrich Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231215135154.284412-1-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox