Re: [atomic-devel] Running docker-storage-setup from a UI

Wed, 13 Apr 2016 02:21:36 -0700 

On 04/13/2016 10:56 AM, Marius Vollmer wrote:

Elvir Kuric <eku...@redhat.com> writes:


I had same dilemma in past when I wanted to make d-s-s to wipe out all
on device specified in DEVS section in /etc/sysconfig/docker-storage,
however I think option to stop d-s-s if it detects fs signature is
security warning for case when someone by mistake specify wrong device
in /etc/sysconfig/docker-storage-setup. If --force-wipe ( or wipefs -a
) is used in d-s-s then it would delete all on device no matter is it
correct device or not.

Yes, but normally people wouldn't use --force-wipe.

Also, the concrete prompt that I got from pvcreate was pretty bogus, and
I would now say it's just a bug.  Here is how to get it, roughly:

  - Take a fresh hard drive out of the bag, call it /dev/sda.
  - Create a single partition /dev/sda1 on it and format it with xfs (say).
  - Wipe /dev/sda so that th partition table and /dev/sda1 disappear.
  - Give /dev/sda to d-s-s via DEVS="/dev/sda"

Now d-s-s will recreate the partition /dev/sda1 and it so happens that
the first block of the partition still has the xfs signature on it.
Pvcreate will find that signature and ask for confirmation to wipe it.

yes, I think that is due to same reason as written before.
if you run wipefs -a /dev/sda it will remove fs signature , but ..that is security prevention, because if fs signature / partition is deleted on wrong device - then recovering from that is not fun task and not always work. d-s-s has no way to know is /dev/sda really good device or USB key holding important data.
In my test automation I had same issue with d-s-s, I ended forking d-s-s and adapting it for my needs, but that was only for my test and I was sure that I will not pass in docker-storage-setup device holding important data for me.
Having --force-wipe ( wipefs -a ) implemented in d-s-s, will sooner or later bite someone, but if there is big warning, then I would vote for it in UI.
In current situation without UI, there is no need for user to investigate deeper d-s-s, all what is necessary to configure /etc/sysconfig/docker-storage-setup with device for lvm and start docker, but if there is free space on root lvm, d-s-s will use that space, so user intervention is not necessary beside starting docker ( this could be wrong as I checked d-s-s months back! ) 
kind regards,
Elvir Kuric

Reply via email to