Chapter 14. Limiting LVM device visibility and usage
You can limit the devices that are visible and usable to Logical Volume Manager (LVM) by controlling the devices that LVM can scan.
Use LVM commands to control LVM device scanning. LVM commands interact with a file called the system.devices file, which lists the visible and usable devices. This feature is enabled by default in Red Hat Enterprise Linux 9.
If you disable the devices file feature, the LVM device filter is enabled automatically.
To adjust the configuration of LVM device scanning, edit the LVM device filter settings in the /etc/lvm/lvm.conf file. The filters in the lvm.conf file consist of a series of simple regular expressions. The system applies these expressions to each device name in the /dev directory to decide whether to accept or reject each detected block device.
14.1. The LVM devices file
The Logical Volume Manager (LVM) system.devices file controls device visibility and usability to LVM. You can find the devices file in the /etc/lvm/devices/ directory. Use LVM commands to manage the devices file. Do not directly edit the system.devices file.
By default, the system.devices file feature is enabled in Red Hat Enterprise Linux 9. When active, it replaces the LVM device filter. To enable the LVM device filter, disable the system.devices file. For more information see Disabling the system.devices file.
14.1.1. Additional resources
-
lvmdevices(8)andlvm.conf(5)man pages
14.1.2. Adding devices to the system.devices file
To use devices with the Logical Volume Manager (LVM), the system.devices file must contain a list of the device IDs, otherwise LVM ignores them. The operating system (OS) installer adds devices to the system.devices file during installation. A newly installed system includes the root device into the devices file automatically. Any Physical Volumes (PV) attached to the system during OS installation are also included into the devices file. You can also specifically add devices to the devices file. LVM detects and uses only the list of devices stored in the devices file.
Procedure
Add devices to the system.devices file by using one of the following methods:
Add devices by including their names to the devices file:
$ lvmdevices --adddev <device_name>Add all devices in a Volume Group (VG) to the devices file:
$ vgimportdevices <vg_name>Add all devices in all visible VGs to the devices file:
$ vgimportdevices --all
To implicitly include new devices into the system.devices file, use one of the following commands:
Use the
pvcreatecommand to initialize a new device:$ pvcreate <device_name>
-
This action automatically adds the new Physical Volume (PV) to the
system.devicesfile.
-
This action automatically adds the new Physical Volume (PV) to the
Initialize new devices and add the new device arguments to the devices file automatically:
$ vgcreate <vg_name> <device_names>
- Replace <vg_name> with the name of the VG, from which you want to add devices.
- Replace <device_names> with a space-separated list of the devices you want to add.
Use the
vgextendcommand to initialize new devices:$ vgextend <vg_name> <device_names>
- Replace <vg_name> with the name of the VG, from which you want to add devices.
- Replace <device_names> with the names of the devices you want to add.
- This adds the new device arguments to the devices file automatically.
Verification
Use the following verification steps only in case you need to explicitly add new devices to the system.devices file.
Display the
system.devicesfile, to check the list of devices:$ cat /etc/lvm/devices/system.devices
Update the
system.devicesfile to match most recent device information:$ lvmdevices --update
Additional resources
-
lvmdevices(8),pvcreate(8),vgcreate(8)andvgextend(8)man pages
14.1.3. Removing devices from the system.devices file
Remove a device to prevent the Logical Volume Manager (LVM) from detecting or using that device.
Procedure
Remove a device by using one of the following methods depending on the information you have about that device:
Remove a device by name:
$ lvmdevices --deldev <device_name>Remove a device by the Physical Volume ID (PVID) of the device:
$ lvmdevices --delpvid <PV_UUID>
Verification
Use the following verification steps only in case you need to explicitly remove a devices in the system.devices file.
Display the
system.devicesfile to verify, that the deleted device no longer present:$ cat /etc/lvm/devices/system.devices
Update the
system.devicesfile to match most recent device information:$ lvmdevices --update
Additional resources
-
lvmdevices(8)man page
14.1.4. Creating custom devices files
Logical Volume Manager (LVM) commands use the default system.devices file of the system. You can also create and use custom devices files by specifying the new file name in the LVM commands. Custom devices files are useful in cases when only certain applications need to use certain devices.
Procedure
-
Create a custom devices file in the
/etc/lvm/devices/directory. Include the new devices file name in the LVM command:
$ lvmdevices --devicesfile <devices_file_name>Optional: Display the new devices file to verify that the name of the new device is present:
$ cat /etc/lvm/devices/<devices_file_name>
Additional resources
-
lvmdevices(8)man page
14.1.5. Accessing all devices on the system
You can enable Logical Volume Manager (LVM) to access and use all devices on the system, which overrides the restrictions caused by the devices listed in the system.devices file.
Procedure
Specify an empty devices file:
$ lvmdevices --devicesfile ""
Additional resources
- lvmdevices(8) man page
14.1.6. Disabling the system.devices file
You can disable the system.devices file functionality. This action automatically enables the Logical Volume Manager (LVM) device filter.
Procedure
-
Open the
lvm.conffile. - Set the following value in the devices section:
use_devicesfile=0
If you remove the system.devices file, this action effectively disables it. This applies even if you enable the system.devices file in the lvm.conf configuration file by setting use_devicesfile=1 in the devices section. Disabling the devices file automatically enables the lvm.conf device filter.
Additional resources
-
lvmdevices(8)andlvm.conf(5)man pages
14.2. Persistent identifiers for LVM filtering
Traditional Linux device names, such as /dev/sda, are subject to changes during system modifications and reboots. Persistent Naming Attributes (PNAs) like World Wide Identifier (WWID), Universally Unique Identifier (UUID), and path names are based on unique characteristics of the storage devices and are resilient to changes in hardware configurations. This makes them more stable and predictable across system reboots.
Implementation of persistent device identifiers in LVM filtering enhances the stability and reliability of LVM configurations. It also reduces the risk of system boot failures associated with the dynamic nature of device names.
14.3. The LVM device filter
The Logical Volume Manager (LVM) device filter is a list of device name patterns. You can use it to specify a set of mandatory criteria by which the system can evaluate devices and consider them as valid for use with LVM. The LVM device filter enables you control over which devices LVM uses. This can help to prevent accidental data loss or unauthorized access to storage devices.
14.3.1. LVM device filter pattern characteristics
The patterns of LVM device filter are in the form of regular expression. A regular expression delimits with a character and precedes with either a for acceptance, or r for rejection. The first regular expression in the list that matches a device determines if LVM accepts or rejects (ignores) a specific device. Then, LVM looks for the initial regular expression in the list that matches the path of a device. LVM uses this regular expression to determine whether the device should be approved with an a outcome or rejected with an r outcome.
If a single device has multiple path names, LVM accesses these path names according to their order of listing. Before any r pattern, if at least one path name matches an a pattern, LVM approves the device. However, if all path names are consistent with an r pattern before an a pattern is found, the device is rejected.
Path names that do not match the pattern do not affect the approval status of the device. If no path names correspond to a pattern for a device, LVM still approves the device.
For each device on the system, the udev rules generate multiple symlinks. Directories contain symlinks, such as /dev/disk/by-id/, /dev/disk/by-uuid/, /dev/disk/by-path/ to ensure that each device on the system is accessible through multiple path names.
To reject a device in the filter, all of the path names associated with that particular device must match the corresponding reject r expressions. However, identifying all possible path names to reject can be challenging. This is why it is better to create filters that specifically accept certain paths and reject all others, using a series of specific a expressions followed by a single r|.*| expression that rejects everything else.
While defining a specific device in the filter, use a symlink name for that device instead of the kernel name. The kernel name for a device can change, such as /dev/sda while certain symlink names do not change such as /dev/disk/by-id/wwn-*.
The default device filter accepts all devices connected to the system. An ideal user configured device filter accepts one or more patterns and rejects everything else. For example, the pattern list ending with r|.*|.
You can find the LVM devices filter configuration in the devices/filter and devices/global_filter configuration fields in the lvm.conf file. The devices/filter and devices/global_filter configuration fields are equivalent.
In Red Hat Enterprise Linux 9, the /etc/lvm/devices/system.devices file is enabled by default. The system automatically enables the LVM devices filter, when the system.devices file is disabled.
Additional resources
-
lvm.conf(5)man page
14.3.2. Examples of LVM device filter configurations
The following examples display the filter configurations to control the devices that LVM scans and uses later. To configure the device filter in the lvm.conf file, see
You might encounter duplicate Physical Volume (PV) warnings when dealing with copied or cloned PVs. You can set up filters to resolve this. See the example filter configurations in Troubleshooting duplicate physical volume warnings for multipathed LVM devices.
To scan all the devices, enter:
filter = [ "a|.*|" ]
To remove the
cdromdevice to avoid delays if the drive contains no media, enter:filter = [ "r|^/dev/cdrom$|" ]
To add all loop devices and remove all other devices, enter:
filter = [ "a|loop|", "r|.*|" ]
To add all loop and SCSI devices and remove all other block devices, enter:
filter = [ "a|loop|", "a|/dev/sd.*|", "r|.*|" ]
To add only partition 8 on the first SCSI drive and remove all other block devices, enter:
filter = [ "a|^/dev/sda8$|", "r|.*|" ]
To add all partitions from a specific device identified by WWID along with all multipath devices, enter:
filter = [ "a|/dev/disk/by-id/<disk-id>.|", "a|/dev/mapper/mpath.|", "r|.*|" ]
The command also removes any other block devices.
Additional resources
-
lvm.conf(5)man page
14.3.3. Applying an LVM device filter configuration
You can control which devices LVM scans by setting up filters in the lvm.conf configuration file.
Prerequisites
-
You have disabled the
system.devicesfile feature. - You have prepared the device filter pattern that you want to use.
Procedure
Use the following command to test the device filter pattern, without actually modifying the
/etc/lvm/lvm.conffile. The following includes an example filter configuration.# lvs --config 'devices{ filter = [ "a|/dev/emcpower.*|", "r|*.|" ] }'Add the device filter pattern in the configuration section
devicesof the/etc/lvm/lvm.conffile:filter = [ "a|/dev/emcpower.*|", "r|*.|" ]
Scan only necessary devices on reboot:
# dracut --force --verbose
This command rebuilds the
initramfsfile system so that LVM scans only the necessary devices at the time of reboot.
