From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DBAA0BC2D1 for ; Fri, 22 Dec 2023 10:58:38 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B41171DF7 for ; Fri, 22 Dec 2023 10:58:08 +0100 (CET) Received: from lana.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Fri, 22 Dec 2023 10:58:07 +0100 (CET) Received: by lana.proxmox.com (Postfix, from userid 10043) id 088F82C2551; Fri, 22 Dec 2023 10:58:07 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Fri, 22 Dec 2023 10:58:06 +0100 Message-Id: <20231222095806.47673-1-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.565 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH pve-manager v4] postinst: filter rbds in lvm X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2023 09:58:38 -0000 Since LVM 2.03.15 RBD devices are also scanned by default [1]. This can lead to guest volumes being recognized and displayed on the host when using KRBD for RBD-backed disks. In order to prevent this we add an additional filter to the LVM config to avoid scanning rbds. This also prevents a bug where LVM created a very high amount of archive entries when there were logical volumes with the same path available. This could happen when two guests with RBD disks had the same LVM layout or a guest and host had the same layout. previous behavior: If there is no marker in the LVM conf and global_filter does not contain '/dev/zd.*': replace the global_filter with our version new behavior: Replace the global_filter iff: - There is no marker and global_filter is empty - The global_filter is exactly the old default If we don't replace the filter and it is a non-default value: We print a warning. Addtionally we force this function to run once when upgrading from older versions. The previous versions could replace custom global_filters where the comment had been removed and the zvol directive removed. The new behavior is slightly more conservative, but works the same in other cases. [1] https://gitlab.com/lvmteam/lvm2/-/commit/6a431eb24241caf2277d3e5b4718782d92650a2a Signed-off-by: Stefan Hanreich --- Changes from v3 -> v4: - Move LVM_SUPPRESS_FD_WARNINGS=1 in order to prevent fd warnings from the lvmconfig invocation Changes from v2 -> v3: - Additionally only change empty values if there is no marker - Print a warning when encountering a non-default value - Check the LVM config for validity afterwards and restore it from backup if it is invalid Changes from v1 -> v2: - changed replacement logic: - if there is an existing global_filter, we replace the line - if there is no existing global_filter we add a whole 'devices' block - we only rewrite if there is no global_filter set or if it is the value we set in versions <= 8.1.3 debian/postinst | 51 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/debian/postinst b/debian/postinst index 4c9a1f250..8028e39ee 100755 --- a/debian/postinst +++ b/debian/postinst @@ -9,23 +9,33 @@ set -e # installed and configured. set_lvm_conf() { + local FORCE="$1" LVM_CONF_MARKER="# added by pve-manager to avoid scanning" # keep user changes afterwards provided marker is still there.. - if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf; then + if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$FORCE"; then return 0 # only do these changes once fi - OLD_VALUE="$(lvmconfig --typeconfig full devices/global_filter)" - NEW_VALUE='global_filter=["r|/dev/zd.*|"]' - export LVM_SUPPRESS_FD_WARNINGS=1 - # check global_filter - # keep previous setting from our custom packaging if it is still there - if echo "$OLD_VALUE" | grep -qvF 'r|/dev/zd.*|'; then + OLD_VALUE="$(lvmconfig --typeconfig diff devices/global_filter || true)" + NEW_VALUE='global_filter=["r|/dev/zd.*|","r|/dev/rbd.*|"]' + + # update global_filter if: + # it is empty and there is no marker OR exactly the one we set before 8.1.4 + if (! grep -qF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$OLD_VALUE")\ + || (echo "$OLD_VALUE" | grep -qF '="r|/dev/zd.*|"'); + then SET_FILTER=1 BACKUP=1 + # print warning if global_filter is set but not our old/new default + elif test -n "$OLD_VALUE"\ + && ! echo "$OLD_VALUE" | grep -qF '="r|/dev/zd.*|"'\ + && ! echo "$OLD_VALUE" | grep -qF "$NEW_VALUE"; + then + echo "non-default 'global_filter' value '$OLD_VALUE' in /etc/lvm/lvm.conf, not setting '$NEW_VALUE' automatically" + echo "consider adapting your 'global_filter' manually." fi # should be the default since bullseye if lvmconfig --typeconfig full devices/scan_lvs | grep -qv 'scan_lvs=0'; then @@ -37,17 +47,19 @@ set_lvm_conf() { cp -vb /etc/lvm/lvm.conf /etc/lvm/lvm.conf.bak fi if test -n "$SET_FILTER"; then - echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols from being scanned:" + echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols and rbds from being scanned:" echo "$OLD_VALUE => $NEW_VALUE" - # comment out existing setting - sed -i -e 's/^\([[:space:]]*global_filter[[:space:]]*=\)/#\1/' /etc/lvm/lvm.conf - # add new section with our setting - cat >> /etc/lvm/lvm.conf <> /etc/lvm/lvm.conf <