RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1749513 - [RFE] use devices file by default
Summary: [RFE] use devices file by default
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: lvm2
Version: 9.0
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: pre-dev-freeze
: ---
Assignee: David Teigland
QA Contact: cluster-qe@redhat.com
Kristina Slaveykova
URL:
Whiteboard:
Depends On: 1984851
Blocks: 1960618
TreeView+ depends on / blocked
 
Reported: 2019-09-05 19:20 UTC by David Teigland
Modified: 2023-09-15 01:28 UTC (History)
18 users (show)

Fixed In Version: lvm2-2.03.13-1.el9
Doc Type: Enhancement
Doc Text:
.Limiting the set of the devices for LVM By default, LVM in RHEL 9 uses only the devices that you explicitly select. Use the new commands `lvmdevices` and `vgimportdevices` to select specific devices. Using the `pvcreate`, `vgcreate`, and `vgextend` commands indirectly selects new devices for `lvm`, if they have not already been selected. LVM ignores devices that are attached to the system until you select them by using one of these commands. The `lvm` command saves the list of the selected devices in the devices file `/etc/lvm/devices/system.devices`. The `lvm.conf` filter or any other command-line configuration filter does not function when you enable the new devices file feature. If you remove or disable the devices file, LVM applies the filter to all attached devices. For detailed information about this feature, see the `lvmdevices(8)` man page.
Clone Of:
Environment:
Last Closed: 2021-12-07 21:42:00 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description David Teigland 2019-09-05 19:20:56 UTC 
Description of problem:

Change the default lvm.conf filter from opt-out to opt-in.  The old
assumption that any storage attached to a machine is intended for
that machine to use is no longer true.  And, it is unsafe given the
lack of default access controls (like system ID) for storage.

The default lvm filter would be configured during installation to
include only the devices set up for the machine's root, home, etc.

We would create a new tool for users to run to easily add/remove
devices to the filter (a lot more people would be editing the filter,
and that is not at all user friendly.)

Related to bug 1743372 where I proposed that dracut use an lvm.conf filter including only PVs for the root VG.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Zdenek Kabelac 2019-09-06 08:55:27 UTC 
How about making  'list of devices' we can get 'write' access/lock too - some sort of 'permission list'.
Comment 3 Nir Soffer 2020-05-26 15:21:25 UTC 
Can it be done automatically when creating/removing pvs?

For example when I run:

   pvcreate /dev/sda --add-device

It will add /dev/sda to the devices managed by lvm.

Then lvm on the host would use this internal filter:

   filter=[ "a|^/dev/sda$|", "r|.*|" ]

And after runing:

   pvremove /dev/sda

The device would be removed from the host database.

Programs using LVM on with shared storage will not use --add-device
and manage the filter outside of LVM.

Or to keep LVM backward compatible, pvcreate will add the device to
the host devices. Programs like vdsm using LVM with shared storage
will use some --private-device flag so LVM would not add shared
storage to the internal device list.
Comment 4 David Teigland 2020-05-26 16:42:08 UTC 
Good points, they sound generally consistent with what I've been thinking.

Some of the initial ideas that are a part of this plan:

- Adding a new filter that replaces the existing lvm.conf filter and global_filter.  If the new filter is disabled, then lvm would fall back to the current filters.  When using the new filter, the old filters would be unused.

- The new filter would be opt-in only, and only track individual devices.

- The new filter would be managed by lvm, probably in a different file.

- A new lvm command would be created to add/remove devices from the new filter; it would not be edited by users directly.

- lvm commands, like pvcreate, vgcreate, vgextend would be able to add devices to the new filter.  Others may be able to remove devs from the filter.

- We'd add WWID's to the lvm PVs, and the new filter would make use of WWIDs internally to handle the issue of unstable device names.

- The RHEL installer would need to have the new filter enabled by default, and a newly installed RHEL system would only have the root PVs included in the filter, so the system would only see and use these PVs.

- The RHEL installer would also enable system ID by default.  This supports the approach taken by the new filter, and it provides some safety if the filter is lost, and enables the new filter to be recreated if needed.

- Multiple filters, specifying different sets of devices, will probably be needed.  This would allow an application like RHV to have its own set of devices that it sees and uses, which would not been seen/used by the system, and the RHV wouldn't see/use devs used by the system.  This corresponds to the currently ability to set the filter on the command line with --config.

- The initrd code for activating the root LV would be rewritten to remove stale code and take advantage of the new filter.
Comment 6 David Teigland 2021-01-29 15:50:12 UTC 
This idea has been implemented as the "devices file" feature and will soon be merged into lvm.  The current plan is to release this feature in RHEL8 where it would not be enabled by default.  In RHEL9 it would be enabled by default.
Comment 9 RHEL Program Management 2021-03-15 07:39:02 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Comment 10 David Teigland 2021-03-15 16:01:43 UTC 
WTH is this bot doing?  Somebody needs to get these bots under control, it's getting out of hand.
Comment 13 David Teigland 2021-08-04 15:03:43 UTC 
The patch for this has been in the dev-next branch since the beginning of that branch, but since that branch is rebased I can't give a permanent pointer to the commit.  This change has already been included in RHEL9 builds.  This is the patch:

From: David Teigland <teigland>
Date: Tue, 16 Mar 2021 14:52:13 +0000 (-0500)
Subject: config: change default use_devicesfile to 1

config: change default use_devicesfile to 1
---

diff --git a/lib/config/defaults.h b/lib/config/defaults.h
index 66eece53a..a7a2a06df 100644
--- a/lib/config/defaults.h
+++ b/lib/config/defaults.h
@@ -322,7 +322,7 @@
 
 #define DEFAULT_MD_COMPONENT_CHECKS "auto"
 
-#define DEFAULT_USE_DEVICES_FILE 0
+#define DEFAULT_USE_DEVICES_FILE 1
 #define DEFAULT_DEVICES_FILE "system.devices"
 
 #define DEFAULT_SEARCH_FOR_DEVNAMES "auto"
Comment 16 Corey Marthaler 2021-08-31 03:54:30 UTC 
Initial devices file regression scenarios have passed with the latest rpms. Marking Verified:Tested. 

lvm2-2.03.13-1.el9    BUILT: Thu Aug 12 10:44:54 AM CDT 2021
lvm2-libs-2.03.13-1.el9    BUILT: Thu Aug 12 10:44:54 AM CDT 2021

Additional test scenarios still need to be written before final move from ON_QA to Verified.
Comment 21 Corey Marthaler 2021-09-01 22:36:23 UTC 
Additional vgimportdevices test scenarios have also passed with the latest rpms. Marking Verified.

lvm2-2.03.13-1.el9    BUILT: Thu Aug 12 10:44:54 AM CDT 2021
lvm2-libs-2.03.13-1.el9    BUILT: Thu Aug 12 10:44:54 AM CDT 2021
Comment 27 David Teigland 2022-01-18 17:02:20 UTC 
Yes, this is an enhancement.  This feature was recently made available in RHEL8 but it remains disabled by default in RHEL8 so most users will not be aware of it yet.  In RHEL9 it will be enabled by default, and new RHEL installations will be using it.

Many users will not recognize that this feature is enabled, because most lvm commands will continue to work no differently than before.  However, some lvm commands and use cases do change.  In those cases the user will need to be aware of the new steps and commands that are introduced by the devices file.  Users who have problems with the devices file can also disable the feature (ideally they would also let us know what doesn't work for them so we can fix it.)

The lvmdevices(8) man page is the most comprehensive description of the feature, and we should point interested users to that for all the details.

Here are some key points that could be highlighted:

1. A new file /etc/lvm/devices/system.devices lists devices that lvm will see and use.  Devices not listed in that file will not be seen by lvm.  That file is manipulated by lvm commands lvmdevices and vgimportdevices (it should not be edited directly by a user.)  The lvmdevices program will add and remove devices to/from system.devices, and vgimportdevices will add all PVs from a VG to system.devices.

2. The lvm.conf filter is not used when the devices file is being used.

3. Like the lvm.conf filter, a config filter specified on the command line is not used when the devices file is used (see the new --devices option for an alternative that is compatible with the devices file.)

4. When LVM PVs are attached to a system, lvm will not see and use them until the user explicitly adds them to the devices file (with lvmdevices --adddev or vgimportdevices).  This is likely to be a source of confusion for many users (who are not aware of this feature), when they attach new devices to a system and lvm commands to not recognize the devices.
Comment 37 Red Hat Bugzilla 2023-09-15 01:28:39 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days
Note You need to log in before you can comment on or make changes to this bug.