Jack, I've modified the proposal to include some protection for vdevs. If a vdev is a disk, it must have the attribute "use_entire_disk" if the disk is labeled or formatted. Suggestions on a better name for this attribute gladly accepted - I don't think that "use_entire_disk" makes it adequately clear that the all formatting will be destroyed by zfs/zpool create.
Modified example: install on boot disk, use some selected disk as raid2 mirror, and use another selected disk over 30GB for zfs pool newpool mounted at /export1 <ai_target_device> <target_device_select_boot_disk> <!-- use the existing boot device --> <mirror> <!-- put mirror selected disk named "mirrordev" --> <vdev use_entire_disk="true">mirrordev</vdev> </mirror> <mirror_type>raid2</mirror_type> </ai_target_device> <ai_target_device> <!-- find disk for a new pool - disk bigger than 30G --> <reference_name>newpooldisk</reference_name> <target_select_min_size>30<target_select_min_size> </ai_target_device> <ai_target_device> <!-- just grab another disk for use as a mirror --> <reference_name>mirrordev</reference_name> <!-- just assume that disk is appropriate for raid2 mirror --> </ai_target_device> <ai_zfs_pool> <zpool_create name=newpool> <!-- describe the new pool --> <zpool_options>-m /export1</zpool_options> <!-- specify mount point --> <vdev use_entire_disk="true"> newpooldisk <!-- use selected disk named "newpooldisk", overwriting any formatting --> </vdev> </zpool_create> </ai_zfs_pool> Slices and partitions could also be similarly protected. Should they also be protected? A slice could be checked for existing files, but it would have to be mounted to do this. Perhaps we can just assume that the user knows what he/she is doing if slices and partitions are specifed. Jack, FYI, there is a new disk selection element: target_device_select_unformatted_disk which can be used to make the selection process safer. Updated schema: http://www.opensolaris.org/os/project/caiman/auto_install/ai_manifest_schema.xml Thank you, William William Schumann wrote: > Jack, > Good point. Read on. > > The use case here could be deployment of a computer that is slated for > complete reinitialization and removal of any existing data. > > In principle, the security for the disk is not provided in selection > criteria, but in the partition, slice, and zfs pool creation. The > design attempts to preserve data in all cases, unless specified > otherwise. > > However, you have identified a case where the mirror is created > without regard to what might be on the disk. I would propose that the > default behavior should be to prevent creating of zpools and mirrors > on "disks that have data", unless we offer an element to override that > protection. "Disks that have data" must be more clearly described. > > Thanks for pointing this out, > William > > Jack Schwartz wrote: >> Hi William. >> >> On 05/26/09 07:01, William Schumann wrote: >>> (snip) >>> >>> Example: install on boot disk, use some selected disk as raid2 >>> mirror, and use another selected disk over 30GB for zfs pool newpool >>> mounted at /export1 >> Sounds dangerous to have the system pick an arbitrary disk based on >> size. If we do this, we should check the disk label that the disk was >> not used, to prevent accidential erasure. >> >> Thanks, >> Jack > _______________________________________________ > caiman-discuss mailing list > caiman-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
