On Thu, Oct 05 2017, Artur Paszkiewicz wrote: > On 10/04/2017 11:41 PM, NeilBrown wrote: >> On Wed, Oct 04 2017, Artur Paszkiewicz wrote: >> >>> >>> Also, our customers are asking specifically for an option to "hide" the >>> member drives. Making it impossible to write to the devices is ok, but >>> they would like to see only the md device, "like hardware raid". One of >>> the reasons is that some monitoring or inventory scan applications treat >>> md arrays and their components as separate storage devices. They should >>> probably modify their software but maybe that's not possible. >> >> What exactly is meant by "hide". How, exactly, does this software scan >> all devices? /proc/partitions? /sys/block? /sys/class/block? >> /dev/disks? All of the above. >> >> Modifying their application *must* be on the table, else modify the >> kernel is *not* on the table. I'm certainly open to enhancing the >> kernel so that it is easy to skip a particular class of devices, but if >> their application chooses to ignore the information the kernel provides, >> then the fact that the application doesn't work is their problem, not >> ours. >> >> >>> >>> I've been experimenting with different solutions and here is a patch >>> that allows to "hide" disk devices and their partitions by writing to a >>> sysfs attribute. It removes the device nodes (on devtmpfs), links in >>> /sys/block/ and removes the devices from the block class list, so they >>> won't be included in places like /proc/partitions, /sys/class/block/, >>> lsblk and so on. The device's "real" sysfs directory under /sys/devices/ >>> is still available, also the links in /sys/dev/block/ are preserved. >>> Applications like mdadm can use this to hide/unhide their component >>> devices. >> >> Can you confirm that this addresses the customer problem? Do you know >> which of these lists their code looks at? > > Yes, this is what they asked for. I know that at least /proc/partitions > and /sys/class/block are used. But this is not a single customer (or > application) case, this keeps coming up again and again... Of course > educating users about the specifics of md and that not hiding the drives > is actually an advantage always comes first. Some get it and would be ok > with just blocking write access to the drives, but others really want > this hiding approach. > Hmmm.. interesting that it is multiple applications. Given that both md and dm have been around for years and have layered on top of exiting devices without hiding them, it is hard to see how these applications have not run into problem before. There is some precedent for hiding things from /proc/partitions. removable devices like CDROMs are hidden, and you can easily hide individual devices by setting GENHD_FL_SUPPRESS_PARTITION_INFO. We might be able to get that through. It is certainly worth writing a patch and letting people experiment with it. Removing things from /sys/class/block is much less likely to be acceptable. Code really shouldn't be digging around in there without knowing what it is doing. It should be trivial to ignore any entry in /sys/class/block where the 'holders' directory is not empty, and that should achieve the goal. For users of /sys/class/block I think you really need to push back on the customers and tell them their application is broken. Thanks, NeilBrown
Attachment:
signature.asc
Description: PGP signature
