[DRBD-user] The Problem of File System Corruption w/DRBD

Gionatan Danti g.danti at assyoma.it
Sun Jun 6 18:02:23 CEST 2021 

Il 2021-06-04 15:08 Eric Robinson ha scritto:
> Those are all good points. Since the three legs of the information
> security triad are confidentiality, integrity, and availability, this
> is ultimately a security issue. We all know that information security
> is not about eliminating all possible risks, as that is an
> unattainable goal. It is about mitigating risks to acceptable levels.
> So I guess it boils down to how each person evaluates the risks in
> their own environment. Over my 38-year career, and especially the past
> 15 years of using Linux HA, I've seen more filesystem-type issues than
> the other possible issues you mentioned, so that one tends to feature
> more prominently on my risk radar.

For the very limited goal of protecting from filesystem corruptions, you 
can use a snapshot/CoW layer as thinlvm. Keep multiple rolling snapshots 
and you can recover from sudden filesystem corruption. However this is 
simply move the SPOF down to the CoW layer (thinlvm, which is quite 
complex by itself and can be considered a stripped-down 
filesystem/allocator) or up to the application layer (where corruptions 
are relatively quite common).

That said, nowadays a mature filesystem as EXT4 and XFS can be corrupted 
(barring obscure bugs) only by:
- a double mount from different machines;
- a direct write to the underlying raw disks;
- a serious hardware issue.

For what it is worth I am now accustomed to ZFS strong data integrity 
guarantee, but I fully realize that this does *not* protect from any 
corruptions scenario by itself, not even on 
XFS-over-ZVOL-over-DRBD-over-ZFS setups. If anything, a more complex 
filesystem (and I/O setup) has *greater* chances of exposing uncommon 
bugs.

So: I strongly advise on placing your filesystem over a snapshot layer, 
but do not expect this to shield from any storage related issue.
Regards.

-- 
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8

More information about the drbd-user mailing list