From cdd81d3bef17b68a0b727bdc6e3d77377018e40e Mon Sep 17 00:00:00 2001 From: Nir Soffer Date: Sat, 12 Jan 2019 02:18:37 +0200 Subject: [lvm2] Use metadata_read_only=1 for lvm commands We use locking_type=0 to ensure that we can collect data even if another process holds a conflicting lock. This introduce a small risk since even the read-only commands we use may attempt to recover on-disk data in some cases. The risk is bigger when running lvm2 plugin in oVirt system, when LVM is used on shared storage, accessible from many hosts. Add metadata_read_only=1 to ensure that no command can attempt to do unwanted on-disk changes. Fixes: #1533 Resolves: #1538 Signed-off-by: Nir Soffer Signed-off-by: Bryn M. Reeves --- sos/plugins/lvm2.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/sos/plugins/lvm2.py b/sos/plugins/lvm2.py index 320451ad..24bf685f 100644 --- a/sos/plugins/lvm2.py +++ b/sos/plugins/lvm2.py @@ -37,14 +37,18 @@ class Lvm2(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): self.add_cmd_output(cmd, chroot=self.tmp_in_sysroot()) def setup(self): - # use locking_type 0 (no locks) when running LVM2 commands, - # from lvm.conf: - # Turn locking off by setting to 0 (dangerous: risks metadata - # corruption if LVM2 commands get run concurrently). - # None of the commands issued by sos ever modify metadata and this - # avoids the possibility of hanging lvm commands when another process - # or node holds a conflicting lock. - lvm_opts = '--config="global{locking_type=0}"' + # When running LVM2 comamnds: + # - use locking_type 0 (no locks) from lvm.conf: Turn locking + # off by setting to 0 (dangerous: risks metadata corruption if + # LVM2 commands get run concurrently). This avoids the + # possibility of hanging lvm commands when another process or + # node holds a conflicting lock. + # - use metadata_read_only 1 (forbid on-disk changes). Although + # all LVM2 commands we use should be read-only, any LVM2 + # command may attempt to recover on-disk data in some cases. + # This option prevents such changes, allowing safe use of + # locking_type=0. + lvm_opts = '--config="global{locking_type=0 metadata_read_only=1}"' self.add_cmd_output( "vgdisplay -vv %s" % lvm_opts, -- cgit