[Pkg-zfsonlinux-devel] Bug#961094: zfsutils-linux: Hostid is not regenerated on a clone/copy/restore of the underlying OS

Real Carbonneau testing01 at realcarbonneau.com
Wed May 20 01:34:48 BST 2020 

Package: zfsutils-linux
Version: 0.8.4-1
Severity: important

Dear Maintainer,

When cloning/copying/restoring multiple copies of the same Debian system, the
/etc/hostid/ is not regenerated.  Thus the same disk can be imported ("zpool
import tank") on multiple cloned systems simultaneously and instantaneously
destroy the disk's data since both systems can write to the disk.

This can happen on local or cloud environments where systems are often cloned
and also in a situation where a system is restored multiple times (clones)
during a disaster recovery and reconnected to the same underlying storage.
This unsafe situation may be a results of Debian does not have the genhostid as
part of the system, thus less safe default behavior with respects to
/etc/hostid?  Maybe systems running native genhostid regenerate the hostid on
cloning?

The workaround and permanent Debian/zfs solution is simple.  As soon as a new
copy of a system is created, a new hostid should be created to be safe.  If the
intention is to continue using the zpool on the new clone, the import can be
explicitly forced by the user or the clone can be reverted to the previous
hostid.  The current default behavior is very dangerous for data corruption, it
should be a much safer default behavior.

For example, every clone of a Debian system has a UUID (eg command "dmidecode
-t 1"), thus it would be simple to generate a new hostid (possibly keeping the
old one backed up) when the system uuid has been observed to have changed.

Manual workaround:
rm /etc/hostid (or maybe "mv /etc/hostid /etc/hostid.bak")
zgenhostid

Kind regards,
Real Carbonneau



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.6.0-1-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages zfsutils-linux depends on:
ii  libblkid1        2.35.1-5
ii  libc6            2.30-8
ii  libnvpair1linux  0.8.4-1
ii  libuuid1         2.35.1-5
ii  libuutil1linux   0.8.4-1
ii  libzfs2linux     0.8.4-1
ii  libzpool2linux   0.8.4-1
ii  python3          3.8.2-3

Versions of packages zfsutils-linux recommends:
ii  lsb-base                11.1.0
ii  zfs-dkms [zfs-modules]  0.8.4-1
ii  zfs-zed                 0.8.4-1

Versions of packages zfsutils-linux suggests:
pn  nfs-kernel-server           <none>
pn  samba-common-bin            <none>
pn  zfs-initramfs | zfs-dracut  <none>

-- Configuration Files:
/etc/sudoers.d/zfs [Errno 13] Permission denied: '/etc/sudoers.d/zfs'

-- no debconf information

More information about the Pkg-zfsonlinux-devel mailing list