Better user experience for errata 4
This patch attempts to address some user concerns that have arisen since errata 4 was introduced. * The errata warning has been made less scary for users without any encrypted datasets. * The errata warning now clears itself without a pool reimport if the bookmark_v2 feature is enabled and no encrypted datasets exist. * It is no longer possible to create new encrypted datasets without enabling the bookmark_v2 feature, thus helping to ensure that the errata is resolved. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Issue ##8308 Closes #8504
This commit is contained in:
Tom Caputi
Brian Behlendorf
parent
98310e5d1a
commit
eaed840542
|
|
@ -2479,15 +2479,17 @@ show_import(nvlist_t *config)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ZPOOL_ERRATA_ZOL_8308_ENCRYPTION:
|
case ZPOOL_ERRATA_ZOL_8308_ENCRYPTION:
|
||||||
(void) printf(gettext(" action: Existing "
|
(void) printf(gettext(" action: Any existing "
|
||||||
"encrypted datasets contain an on-disk "
|
"encrypted datasets contain an on-disk "
|
||||||
"incompatibility which\n\tmay cause "
|
"incompatibility\n\twhich may cause "
|
||||||
"on-disk corruption with 'zfs recv' and "
|
"on-disk corruption with 'zfs recv' and "
|
||||||
"which needs to be\n\tcorrected. Enable "
|
"which needs\n\tto be corrected. Enable "
|
||||||
"the bookmark_v2 feature and backup "
|
"the bookmark_v2 feature, backup "
|
||||||
"these datasets to new encrypted "
|
"these datasets\n\tto new encrypted "
|
||||||
"datasets and\n\tdestroy the "
|
"datasets, and destroy the old ones. "
|
||||||
"old ones.\n"));
|
"If this pool does\n\tnot contain any "
|
||||||
|
"encrypted datasets, simply enable the "
|
||||||
|
"bookmark_v2\n\tfeature.\n"));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
/*
|
/*
|
||||||
|
|
@ -7417,10 +7419,12 @@ status_callback(zpool_handle_t *zhp, void *data)
|
||||||
"contain an on-disk incompatibility\n\twhich "
|
"contain an on-disk incompatibility\n\twhich "
|
||||||
"needs to be corrected.\n"));
|
"needs to be corrected.\n"));
|
||||||
(void) printf(gettext("action: To correct the issue "
|
(void) printf(gettext("action: To correct the issue "
|
||||||
"enable the bookmark_v2 feature and "
|
"enable the bookmark_v2 feature, backup\n\tany "
|
||||||
"backup\n\texisting encrypted datasets to new "
|
"existing encrypted datasets to new encrypted "
|
||||||
"encrypted datasets and\n\tdestroy the old "
|
"datasets,\n\tand destroy the old ones. If this "
|
||||||
"ones.\n"));
|
"pool does not contain any\n\tencrypted "
|
||||||
|
"datasets, simply enable the bookmark_v2 "
|
||||||
|
"feature.\n"));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
|
|
@ -1837,6 +1837,13 @@ dmu_objset_create_crypt_check(dsl_dir_t *parentdd, dsl_crypto_params_t *dcp,
|
||||||
return (SET_ERROR(EOPNOTSUPP));
|
return (SET_ERROR(EOPNOTSUPP));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Check for errata #4 (encryption enabled, bookmark_v2 disabled) */
|
||||||
|
if (parentdd != NULL &&
|
||||||
|
!spa_feature_is_enabled(parentdd->dd_pool->dp_spa,
|
||||||
|
SPA_FEATURE_BOOKMARK_V2)) {
|
||||||
|
return (SET_ERROR(EOPNOTSUPP));
|
||||||
|
}
|
||||||
|
|
||||||
/* handle inheritance */
|
/* handle inheritance */
|
||||||
if (dcp->cp_wkey == NULL) {
|
if (dcp->cp_wkey == NULL) {
|
||||||
ASSERT3P(parentdd, !=, NULL);
|
ASSERT3P(parentdd, !=, NULL);
|
||||||
|
|
|
||||||
|
|
@ -376,6 +376,19 @@ feature_enable_sync(spa_t *spa, zfeature_info_t *feature, dmu_tx_t *tx)
|
||||||
spa->spa_feat_enabled_txg_obj, feature->fi_guid,
|
spa->spa_feat_enabled_txg_obj, feature->fi_guid,
|
||||||
sizeof (uint64_t), 1, &enabling_txg, tx));
|
sizeof (uint64_t), 1, &enabling_txg, tx));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Errata #4 is mostly a problem with encrypted datasets, but it
|
||||||
|
* is also a problem where the old encryption feature did not
|
||||||
|
* depend on the bookmark_v2 feature. If the pool does not have
|
||||||
|
* any encrypted datasets we can resolve this issue simply by
|
||||||
|
* enabling this dependency.
|
||||||
|
*/
|
||||||
|
if (spa->spa_errata == ZPOOL_ERRATA_ZOL_8308_ENCRYPTION &&
|
||||||
|
spa_feature_is_enabled(spa, SPA_FEATURE_ENCRYPTION) &&
|
||||||
|
!spa_feature_is_active(spa, SPA_FEATURE_ENCRYPTION) &&
|
||||||
|
feature->fi_feature == SPA_FEATURE_BOOKMARK_V2)
|
||||||
|
spa->spa_errata = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
|
||||||
|
|
@ -75,9 +75,12 @@ log_must eval "ls $old_mntpnt | grep -q testfile"
|
||||||
block_device_wait
|
block_device_wait
|
||||||
log_mustnot dd if=/dev/zero of=/dev/zvol/$POOL_NAME/testvol bs=512 count=1
|
log_mustnot dd if=/dev/zero of=/dev/zvol/$POOL_NAME/testvol bs=512 count=1
|
||||||
log_must dd if=/dev/zvol/$POOL_NAME/testvol of=/dev/null bs=512 count=1
|
log_must dd if=/dev/zvol/$POOL_NAME/testvol of=/dev/null bs=512 count=1
|
||||||
|
|
||||||
|
log_must zpool set feature@bookmark_v2=enabled $POOL_NAME # necessary for Errata #4
|
||||||
|
|
||||||
log_must eval "echo 'password' | zfs create \
|
log_must eval "echo 'password' | zfs create \
|
||||||
-o encryption=on -o keyformat=passphrase -o keylocation=prompt \
|
-o encryption=on -o keyformat=passphrase -o keylocation=prompt \
|
||||||
cryptv0/encroot"
|
$POOL_NAME/encroot"
|
||||||
log_mustnot eval "zfs send -w $POOL_NAME/testfs@snap1 | \
|
log_mustnot eval "zfs send -w $POOL_NAME/testfs@snap1 | \
|
||||||
zfs recv $POOL_NAME/encroot/testfs"
|
zfs recv $POOL_NAME/encroot/testfs"
|
||||||
log_mustnot eval "zfs send -w $POOL_NAME/testvol@snap1 | \
|
log_mustnot eval "zfs send -w $POOL_NAME/testvol@snap1 | \
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue