On 04/11/10 10:19, Manoj Joseph wrote:
Earlier writes to the file might have left
older copies of the blocks lying around which could be recovered.
Indeed; to be really sure you need to overwrite all the free space in
the pool.
If you limit yourself to worrying about data accessible via a regular
read on the raw device, it's possible to do this without an outage if
you have a spare disk and a lot of time:
rough process:
0) delete the files and snapshots containing the data you wish to purge.
1) replace a previously unreplaced disk in the pool with the spare
disk using "zpool replace"
2) wait for the replace to complete
3) wipe the removed disk, using the "purge" command of format(1m)'s
analyze subsystem or equivalent; the wiped disk is now the spare disk.
4) if all disks have not been replaced yet, go back to step 1.
This relies on the fact that the resilver kicked off by "zpool replace"
copies only allocated data.
There are some assumptions in the above. For one, I'm assuming that
that all disks in the pool are the same size. A bigger one is that a
"purge" is sufficient to wipe the disks completely -- probably the
biggest single assumption, given that the underlying storage devices
themselves are increasingly using copy-on-write techniques.
The most paranoid will replace all the disks and then physically destroy
the old ones.
- Bill
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
