WanzenBug
commented
2 years ago @kvaps I'd be interested to hear if you ever used these LVM metadata backups. If you have, we might instead try to make them actually persistent.
Closed WanzenBug closed 2 years ago
WanzenBug
commented
2 years ago @kvaps I'd be interested to hear if you ever used these LVM metadata backups. If you have, we might instead try to make them actually persistent.
rck
commented
2 years ago What is driving this effort actually? Not against it, just trying to understand why we would like to have a "RO label".
WanzenBug
commented
2 years ago I'm currently working on operator v2, and would like to tighten the SecurityContext of our containers. One of the recommended options is readOnlyRootFS, which I enabled temporarily, which then caused all LVM commands to fail. If nothing else, it ensures we don't accidentally miss the creation of files in the container that should really be persistent.
In this case, I guess I'll just map the hosts directory through.
WanzenBug
commented
2 years ago However it make sense only for LVM backend, LVM_THIN has it's own metadata volume.
For me, it was also required for lvcreate -T ... operations.
kvaps
commented
2 years ago Yes LVM_THIN writes metadata into /etc/lvm/backup the same way as traditional LVM, but since it uses chunks, the information about these chunks is stored in specific metadata volume. Thus if you lose this information, you'll be never successful to recover thin-volumes from /etc/lvm/backup
By default, LVM tools will create a "metadata backup" every time a pool is modified. Since the backup location only exists while the container exists, this wasn't very useful in the container context.
In the interest of making our images ready to be read-only, disable the creation of LVM backups.
Signed-off-by: Moritz "WanzenBug" Wanzenböck moritz.wanzenboeck@linbit.com