[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Running docker-storage-setup from a UI

From: Elvir Kuric <ekuric redhat com>
To: Marius Vollmer <marius vollmer redhat com>
Cc: atomic-devel projectatomic io
Subject: Re: [atomic-devel] Running docker-storage-setup from a UI
Date: Wed, 13 Apr 2016 11:20:47 +0200

On 04/13/2016 10:56 AM, Marius Vollmer wrote:

Elvir Kuric <ekuric redhat com> writes:

I had same dilemma in past when I wanted to make d-s-s to wipe out all
on device specified in DEVS section in /etc/sysconfig/docker-storage,
however I think option to stop d-s-s if it detects fs signature is
security warning for case when someone by mistake specify wrong device
in /etc/sysconfig/docker-storage-setup. If --force-wipe ( or wipefs -a
) is used in d-s-s then it would delete all on device no matter is it
correct device or not.

Yes, but normally people wouldn't use --force-wipe.

Also, the concrete prompt that I got from pvcreate was pretty bogus, and
I would now say it's just a bug.  Here is how to get it, roughly:

  - Take a fresh hard drive out of the bag, call it /dev/sda.
  - Create a single partition /dev/sda1 on it and format it with xfs (say).
  - Wipe /dev/sda so that th partition table and /dev/sda1 disappear.
  - Give /dev/sda to d-s-s via DEVS="/dev/sda"

Now d-s-s will recreate the partition /dev/sda1 and it so happens that
the first block of the partition still has the xfs signature on it.
Pvcreate will find that signature and ask for confirmation to wipe it.

yes, I think that is due to same reason as written before.

if you run wipefs -a /dev/sda it will remove fs signature , but ..thatis security prevention, because if fs signature / partition is deletedon wrong device - then recovering from that is not fun task and notalways work. d-s-s has no way to know is /dev/sda really good device orUSB key holding important data.

In my test automation I had same issue with d-s-s, I ended forking d-s-sand adapting it for my needs, but that was only for my test and I wassure that I will not pass in docker-storage-setup device holdingimportant data for me.

Having --force-wipe ( wipefs -a ) implemented in d-s-s, will sooner orlater bite someone, but if there is big warning, then I would vote forit in UI.

In current situation without UI, there is no need for user toinvestigate deeper d-s-s, all what is necessary to configure/etc/sysconfig/docker-storage-setup with device for lvm and startdocker, but if there is free space on root lvm, d-s-s will use thatspace, so user intervention is not necessary beside starting docker (this could be wrong as I checked d-s-s months back! )

kind regards,
Elvir Kuric

References:
- [atomic-devel] Running docker-storage-setup from a UI
  - From: Marius Vollmer
- Re: [atomic-devel] Running docker-storage-setup from a UI
  - From: Vivek Goyal
- Re: [atomic-devel] Running docker-storage-setup from a UI
  - From: Marius Vollmer
- Re: [atomic-devel] Running docker-storage-setup from a UI
  - From: Elvir Kuric
- Re: [atomic-devel] Running docker-storage-setup from a UI
  - From: Marius Vollmer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]