Chapter 12. Limiting LVM device visibility and usage

You can limit the devices that are visible and usable to Logical Volume Manager (LVM) by controlling the devices that LVM can scan.

Use LVM commands to control LVM device scanning. LVM commands interact with a file called the system.devices file, which lists the visible and usable devices. This feature is enabled by default in Red Hat Enterprise Linux 9.

If you disable the devices file feature, the LVM device filter is enabled automatically.

To adjust the configuration of LVM device scanning, edit the LVM device filter settings in the /etc/lvm/lvm.conf file. The filters in the lvm.conf file consist of a series of simple regular expressions. The system applies these expressions to each device name in the /dev directory to decide whether to accept or reject each detected block device.

12.1. The LVM devices file

The Logical Volume Manager (LVM) system.devices file controls device visibility and usability to LVM. You can find the devices file in the /etc/lvm/devices/ directory. Use LVM commands to manage the devices file. Do not directly edit the system.devices file.

By default, the system.devices file feature is enabled in Red Hat Enterprise Linux 9. When active, it replaces the LVM device filter. To enable the LVM device filter, disable the system.devices file. For more information see Disabling the system.devices file.

12.1.1. Additional resources

  • lvmdevices(8) and lvm.conf(5) man pages

12.1.2. Adding devices to the system.devices file

To use devices with the Logical Volume Manager (LVM), the system.devices file must contain a list of the device IDs, otherwise LVM ignores them. The operating system (OS) installer adds devices to the system.devices file during installation. A newly installed system includes the root device into the devices file automatically. Any Physical Volumes (PV) attached to the system during OS installation are also included into the devices file. You can also specifically add devices to the devices file. LVM detects and uses only the list of devices stored in the devices file.

Procedure

Add devices to the system.devices file by using one of the following methods:

  • Add devices by including their names to the devices file: 

    $ lvmdevices --adddev <device_name>

  • Add all devices in a Volume Group (VG) to the devices file: 

    $ vgimportdevices <vg_name>

  • Add all devices in all visible VGs to the devices file: 

    $ vgimportdevices --all

To implicitly include new devices into the system.devices file, use one of the following commands:

  • Use the pvcreate command to initialize a new device: 

    $ pvcreate <device_name>
    • This action automatically adds the new Physical Volume (PV) to the system.devices file.

  • Initialize new devices and add the new device arguments to the devices file automatically: 

    $ vgcreate <vg_name> <device_names>
    • Replace <vg_name> with the name of the VG, from which you want to add devices.
    • Replace <device_names> with a space-separated list of the devices you want to add.

  • Use the vgextend command to initialize new devices: 

    $ vgextend <vg_name> <device_names>
    • Replace <vg_name> with the name of the VG, from which you want to add devices.
    • Replace <device_names> with the names of the devices you want to add.
    • This adds the new device arguments to the devices file automatically.

Verification

Use the following verification steps only in case you need to explicitly add new devices to the system.devices file.

  • Display the system.devices file, to check the list of devices: 

    $ cat /etc/lvm/devices/system.devices

  • Update the system.devices file to match most recent device information: 

    $ lvmdevices --update

Additional resources

  • lvmdevices(8), pvcreate(8), vgcreate(8) and vgextend(8) man pages

12.1.3. Removing devices from the system.devices file

Remove a device to prevent the Logical Volume Manager (LVM) from detecting or using that device.

Procedure

  • Remove a device by using one of the following methods depending on the information you have about that device:

    • Remove a device by name: 

      $ lvmdevices --deldev <device_name>

    • Remove a device by the Physical Volume ID (PVID) of the device: 

      $ lvmdevices --delpvid <PV_UUID>

Verification

Use the following verification steps only in case you need to explicitly remove a devices in the system.devices file.

  • Display the system.devices file to verify, that the deleted device no longer present: 

    $ cat /etc/lvm/devices/system.devices

  • Update the system.devices file to match most recent device information: 

    $ lvmdevices --update

Additional resources

  • lvmdevices(8) man page

12.1.4. Creating custom devices files

Logical Volume Manager (LVM) commands use the default system.devices file of the system. You can also create and use custom devices files by specifying the new file name in the LVM commands. Custom devices files are useful in cases when only certain applications need to use certain devices.

Procedure

  1. Create a custom devices file in the /etc/lvm/devices/ directory.

  2. Include the new devices file name in the LVM command: 

    $ lvmdevices --devicesfile <devices_file_name>

  3. Optional: Display the new devices file to verify that the name of the new device is present: 

    $ cat /etc/lvm/devices/<devices_file_name>

Additional resources

  • lvmdevices(8) man page

12.1.5. Accessing all devices on the system

You can enable Logical Volume Manager (LVM) to access and use all devices on the system, which overrides the restrictions caused by the devices listed in the system.devices file.

Procedure

  • Specify an empty devices file: 

    $ lvmdevices --devicesfile ""

Additional resources

  • lvmdevices(8) man page

12.1.6. Disabling the system.devices file

You can disable the system.devices file functionality. This action automatically enables the Logical Volume Manager (LVM) device filter.

Procedure

  1. Open the lvm.conf file.
  2. Set the following value in the devices section: 
use_devicesfile=0
Important

If you remove the system.devices file, this action effectively disables it. This applies even if you enable the system.devices file in the lvm.conf configuration file by setting use_devicesfile=1 in the devices section. Disabling the devices file automatically enables the lvm.conf device filter.

Additional resources

  • lvmdevices(8) and lvm.conf(5) man pages

12.2. The LVM device filter

The Logical Volume Manager (LVM) device filter is a list of device name patterns. You can use it to specify a set of mandatory criteria by which the system can evaluate devices and consider them as valid for use with LVM. The LVM device filter enables you control over which devices LVM uses. This can help to prevent accidental data loss or unauthorized access to storage devices.

12.2.1. LVM device filter pattern characteristics

The patterns of LVM device filter are in the form of regular expression. A regular expression delimits with a character and precedes with either a for acceptance, or r for rejection. The first regular expression in the list that matches a device determines if LVM accepts or rejects (ignores) a specific device. Then, LVM looks for the initial regular expression in the list that matches the path of a device. LVM uses this regular expression to determine whether the device should be approved with an a outcome or rejected with an r outcome.

If a single device has multiple path names, LVM accesses these path names according to their order of listing. Before any r pattern, if at least one path name matches an a pattern, LVM approves the device. However, if all path names are consistent with an r pattern before an a pattern is found, the device is rejected.

Path names that do not match the pattern do not affect the approval status of the device. If no path names correspond to a pattern for a device, LVM still approves the device.

For each device on the system, the udev rules generate multiple symlinks. Directories contain symlinks, such as /dev/disk/by-id/, /dev/disk/by-uuid/, /dev/disk/by-path/ to ensure that each device on the system is accessible through multiple path names.

To reject a device in the filter, all of the path names associated with that particular device must match the corresponding reject r expressions. However, identifying all possible path names to reject can be challenging. This is why it is better to create filters that specifically accept certain paths and reject all others, using a series of specific a expressions followed by a single r|.*| expression that rejects everything else.

While defining a specific device in the filter, use a symlink name for that device instead of the kernel name. The kernel name for a device can change, such as /dev/sda while certain symlink names do not change such as /dev/disk/by-id/wwn-*.

The default device filter accepts all devices connected to the system. An ideal user configured device filter accepts one or more patterns and rejects everything else. For example, the pattern list ending with r|.*|.

You can find the LVM devices filter configuration in the devices/filter and devices/global_filter configuration fields in the lvm.conf file. The devices/filter and devices/global_filter configuration fields are equivalent.

Important

In Red Hat Enterprise Linux 9, the /etc/lvm/devices/system.devices file is enabled by default. The system automatically enables the LVM devices filter, when the system.devices file is disabled.

Additional resources

  • lvm.conf(5) man page

12.2.2. Examples of LVM device filter configurations

The following examples display the filter configurations to control the devices that LVM scans and uses later. To configure the device filter in the lvm.conf file, see

Note

Some LVM filter configurations can cause duplicate Physical Volume (PV) warnings. See the example filter configurations in to avoid this issue.

  • To scan all the devices, enter: 

    filter = [ "|a.*|" ]

  • To remove the cdrom device to avoid delays if the drive contains no media, enter: 

    filter = [ "r|^/dev/cdrom$|" ]

  • To add all loop devices and remove all other devices, enter: 

    filter = [ "a|loop|", "r|.*|" ]

  • To add all loop and Integrated Development Environment (IDE) devices and remove all other block devices, enter: 

    filter = [ "a|loop|", "a|/dev/hd.*|", "r|.*|" ]

  • To add only partition 8 on the first IDE drive and remove all other block devices, enter: 

    filter = [ "a|^/dev/hda8$|", "r|.*|" ]

Additional resources

  • lvm.conf(5) man page

12.2.3. Applying an LVM device filter configuration

You can control which devices LVM scans by setting up filters in the lvm.conf configuration file.

Prerequisites

  • You have disabled the system.devices file feature.
  • You have prepared the device filter pattern that you want to use.

Procedure

  1. Use the following command to test the device filter pattern, without actually modifying the /etc/lvm/lvm.conf file. The following includes an example filter configuration. 

    # lvs --config 'devices{ filter = [ "a|/dev/emcpower.|", "r|.|" ] }'

  2. Add the device filter pattern in the configuration section devices of the /etc/lvm/lvm.conf file: 

    filter = [ "a|/dev/emcpower.*|", "r|*.|" ]

  3. Verify missing physical volumes and volume groups respectively: 

    # pvscan -v
    # vgscan -v

  4. Scan only necessary devices on reboot: 

    # dracut --force --verbose

    This command rebuilds the initramfs file system so that LVM scans only the necessary devices at the time of reboot.