ZFS snapshots and daily security checks
Jeremy Chadwick
jdc at koitsu.org
Mon Apr 8 08:07:39 UTC 2013
On Mon, Apr 08, 2013 at 11:42:00AM +0400, Lev Serebryakov wrote:
> Hello, Jeremy.
> You wrote 8 Ð°Ð¿Ñ€ÐµÐ»Ñ 2013 г., 4:54:38:
>
> >> Is it possible to exclude these snapshots from `mount -p' output or
> >> don't mount them to hierarchy by default?
> JC> Taken from my stable/9 r249160 system:
> And here is my 9.1-STABLE r244958 (I'm filtering out all hourly
> output, or this message will be infinite):
>
> % df -k
> Filesystem 1024-blocks Used Avail Capacity Mounted on
> /dev/mirror/root 2026028 675598 1188348 36% /
> devfs 1 1 0 100% /dev
> fdescfs 1 1 0 100% /dev/fd
> procfs 4 4 0 100% /proc
> /dev/mirror/var 16244332 6285320 8659466 42% /var
> /dev/mirror/tmp 1012972 12290 919646 1% /tmp
> /dev/mirror/usr 64995336 10259340 49536370 17% /usr
> /dev/mirror/databases 101554148 174252 93255566 0% /var/databases
> pool 487184219 21 487184198 0% /pool
> pool/home 511417117 24232919 487184198 5% /usr/home
> devfs 1 1 0 100% /var/named/dev
> % mount
> /dev/mirror/root on / (ufs, local)
> devfs on /dev (devfs, local)
> fdescfs on /dev/fd (fdescfs)
> procfs on /proc (procfs, local)
> /dev/mirror/var on /var (ufs, local, soft-updates)
> /dev/mirror/tmp on /tmp (ufs, local, soft-updates)
> /dev/mirror/usr on /usr (ufs, local, soft-updates)
> /dev/mirror/databases on /var/databases (ufs, local, soft-updates)
> pool on /pool (zfs, local, nfsv4acls)
> pool/home on /usr/home (zfs, local, nfsv4acls)
> devfs on /var/named/dev (devfs, local)
> % zfs list -t snapshot | grep -v hourly
> NAME USED AVAIL REFER MOUNTPOINT
> pool/home at daily-2013-04-05_03.01.28--1m 544K - 23.1G -
> pool/home at daily-2013-04-06_03.01.20--1m 688K - 23.1G -
> pool/home at weekly-2013-04-06_04.15.34--1y 1.70M - 23.1G -
> pool/home at daily-2013-04-07_03.04.44--1m 1.15M - 23.1G -
> pool/home at daily-2013-04-08_03.01.31--1m 437K - 23.1G -
> % mount -p | grep -v hourly
> /dev/mirror/root / ufs rw 1 1
> devfs /dev devfs rw 0 0
> fdescfs /dev/fd fdescfs rw 0 0
> procfs /proc procfs rw 0 0
> /dev/mirror/var /var ufs rw 2 2
> /dev/mirror/tmp /tmp ufs rw 2 2
> /dev/mirror/usr /usr ufs rw 2 2
> /dev/mirror/databases /var/databases ufs rw 3 3
> pool /pool zfs rw,nfsv4acls 0 0
> pool/home /usr/home zfs rw,nfsv4acls 0 0
> devfs /var/named/dev devfs rw 0 0
> pool/home at daily-2013-04-05_03.01.28--1m /usr/home/.zfs/snapshot/daily-2013-04-05_03.01.28--1m zfs ro,nosuid,noatime,nfsv4acls 0 0
> pool/home at daily-2013-04-06_03.01.20--1m /usr/home/.zfs/snapshot/daily-2013-04-06_03.01.20--1m zfs ro,nosuid,noatime,nfsv4acls 0 0
> pool/home at weekly-2013-04-06_04.15.34--1y /usr/home/.zfs/snapshot/weekly-2013-04-06_04.15.34--1y zfs ro,nosuid,noatime,nfsv4acls 0 0
> pool/home at daily-2013-04-07_03.04.44--1m /usr/home/.zfs/snapshot/daily-2013-04-07_03.04.44--1m zfs ro,nosuid,noatime,nfsv4acls 0 0
> %
>
> JC> It seems to me mount and mount -p show the mounted snapshot.
> I didn't mount snapshot specifically, and they are created by zfSnap
> script from ports (sysutils/zfsnap).
> As I can see in this script, snapshots are created with
>
> /sbin/zfs snapshot -r ${fs}@${snapshot}
I don't know what to tell you -- my output clearly shows that after
creating a snapshot with "zfs snapshot -r filesystem at snapname" that
mount nor mount -p show anything.
I wonder if you have either pool or filesystem-level attributes which
are causing your issue.
Here are mine, for the pool and filesystem I used in my previous mail
(pool "data" and filesystem "data/home"):
root at icarus:~ # zpool get all data
NAME PROPERTY VALUE SOURCE
data size 2.72T -
data capacity 24% -
data altroot - default
data health ONLINE -
data guid 4221681810446459190 default
data version - default
data bootfs - default
data delegation on default
data autoreplace off default
data cachefile - default
data failmode wait default
data listsnapshots off default
data autoexpand off default
data dedupditto 0 default
data dedupratio 1.00x -
data free 2.06T -
data allocated 671G -
data readonly off -
data comment - default
data expandsize 0 -
data freeing 0 default
data feature at async_destroy enabled local
data feature at empty_bpobj active local
data feature at lz4_compress enabled local
root at icarus:~ # zfs get all data/home
NAME PROPERTY VALUE SOURCE
data/home type filesystem -
data/home creation Tue Jan 22 23:48 2013 -
data/home used 15.8G -
data/home available 1.35T -
data/home referenced 15.8G -
data/home compressratio 1.00x -
data/home mounted yes -
data/home quota none default
data/home reservation none default
data/home recordsize 128K default
data/home mountpoint /home local
data/home sharenfs off default
data/home checksum on default
data/home compression off default
data/home atime on default
data/home devices on default
data/home exec on default
data/home setuid on default
data/home readonly off default
data/home jailed off default
data/home snapdir hidden default
data/home aclmode discard default
data/home aclinherit restricted default
data/home canmount on default
data/home xattr off temporary
data/home copies 1 default
data/home version 5 -
data/home utf8only off -
data/home normalization none -
data/home casesensitivity sensitive -
data/home vscan off default
data/home nbmand off default
data/home sharesmb off default
data/home refquota none default
data/home refreservation none default
data/home primarycache all default
data/home secondarycache all default
data/home usedbysnapshots 0 -
data/home usedbydataset 15.8G -
data/home usedbychildren 0 -
data/home usedbyrefreservation 0 -
data/home logbias latency default
data/home dedup off default
data/home mlslabel -
data/home sync standard default
data/home refcompressratio 1.00x -
data/home written 15.8G -
data/home logicalused 15.2G -
data/home logicalreferenced 15.2G -
--
| Jeremy Chadwick jdc at koitsu.org |
| UNIX Systems Administrator http://jdc.koitsu.org/ |
| Mountain View, CA, US |
| Making life hard for others since 1977. PGP 4BD6C0CB |
More information about the freebsd-fs
mailing list