Nir Soffer
2021-Jun-01 21:23 UTC
[Libguestfs] [PATCH INCOMPLETE] daemon: Reimplement LVM filters using lvmdevices command
On Tue, Jun 1, 2021 at 4:38 PM Richard W.M. Jones <rjones at redhat.com> wrote:> > LVM2 managed to break device filters. This patch attempts a fix. > > https://bugzilla.redhat.com/show_bug.cgi?id=1965941 > > However it is not working, because the new "lvmdevices" command which > is supposed to be used to set the new filters does not work for > partitioned whole devices. As far as I can tell there is no way to > emulate the old behaviour of filtering such a device. (Adding filters > for each partition in the device is one possible workaround, but the > filters will be out of date as soon as a new partition is created on > the device.)The best way to use lvm filter is to use a filter that includes only the devices you want lvm to use, and reject everything else: "a|^/dev/sda1$|", "r|.*|" With this there are never any surprises when someone adds a new device or partition. You need to add the new device to the filter to use it. This is how ovirt configures lvm filter on hosts so they use only the devices needed by the host and cannot access the devices used by guests, managed by ovirt. ovirt lvm commands override the host filter using: --config "device { filter = ["a|^/dev/sdb$|", "r|.*|"] }" So it can manage vgs used by ovirt to provide guest disks. With --config you don't need to modify the guest when you make changes. Using the new devices file should be much simpler since it keeps the same semantics without the need to manage a filter. Nir
Nir Soffer
2021-Jun-01 22:53 UTC
[Libguestfs] [PATCH INCOMPLETE] daemon: Reimplement LVM filters using lvmdevices command
On Wed, Jun 2, 2021 at 12:23 AM Nir Soffer <nsoffer at redhat.com> wrote:> > On Tue, Jun 1, 2021 at 4:38 PM Richard W.M. Jones <rjones at redhat.com> wrote: > > > > LVM2 managed to break device filters. This patch attempts a fix. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1965941 > > > > However it is not working, because the new "lvmdevices" command which > > is supposed to be used to set the new filters does not work for > > partitioned whole devices. As far as I can tell there is no way to > > emulate the old behaviour of filtering such a device. (Adding filters > > for each partition in the device is one possible workaround, but the > > filters will be out of date as soon as a new partition is created on > > the device.) > > The best way to use lvm filter is to use a filter that includes only > the devices you want lvm to use, and reject everything else: > > "a|^/dev/sda1$|", "r|.*|" > > With this there are never any surprises when someone adds a new > device or partition. You need to add the new device to the filter to > use it. > > This is how ovirt configures lvm filter on hosts so they use only the > devices needed by the host and cannot access the devices used by > guests, managed by ovirt. > > ovirt lvm commands override the host filter using: > > --config "device { filter = ["a|^/dev/sdb$|", "r|.*|"] }" > > So it can manage vgs used by ovirt to provide guest disks. > > With --config you don't need to modify the guest when you make changes.The modern way of this with new lvm is simply: --devices /dev/sdb,/dev/sde Right in the lvm command, so you don't need to manage the guest state unless the purpose of the command is to change the state in the guest.> Using the new devices file should be much simpler since it keeps the > same semantics without the need to manage a filter. > > Nir