Re: [DRBD-user] The Problem of File System Corruption w/DRBD

Sun, 06 Jun 2021 09:11:55 -0700 

Il 2021-06-04 15:08 Eric Robinson ha scritto:

Those are all good points. Since the three legs of the information
security triad are confidentiality, integrity, and availability, this
is ultimately a security issue. We all know that information security
is not about eliminating all possible risks, as that is an
unattainable goal. It is about mitigating risks to acceptable levels.
So I guess it boils down to how each person evaluates the risks in
their own environment. Over my 38-year career, and especially the past
15 years of using Linux HA, I've seen more filesystem-type issues than
the other possible issues you mentioned, so that one tends to feature
more prominently on my risk radar.



For the very limited goal of protecting from filesystem corruptions, you 
can use a snapshot/CoW layer as thinlvm. Keep multiple rolling snapshots 
and you can recover from sudden filesystem corruption. However this is 
simply move the SPOF down to the CoW layer (thinlvm, which is quite 
complex by itself and can be considered a stripped-down 
filesystem/allocator) or up to the application layer (where corruptions 
are relatively quite common).



That said, nowadays a mature filesystem as EXT4 and XFS can be corrupted 
(barring obscure bugs) only by:

- a double mount from different machines;
- a direct write to the underlying raw disks;
- a serious hardware issue.


For what it is worth I am now accustomed to ZFS strong data integrity 
guarantee, but I fully realize that this does *not* protect from any 
corruptions scenario by itself, not even on 
XFS-over-ZVOL-over-DRBD-over-ZFS setups. If anything, a more complex 
filesystem (and I/O setup) has *greater* chances of exposing uncommon 
bugs.



So: I strongly advise on placing your filesystem over a snapshot layer, 
but do not expect this to shield from any storage related issue.

Regards.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.da...@assyoma.it - i...@assyoma.it
GPG public key ID: FF5F32A8
_______________________________________________
Star us on GITHUB: https://github.com/LINBIT
drbd-user mailing list
drbd-user@lists.linbit.com
https://lists.linbit.com/mailman/listinfo/drbd-user























					Reply via email to