Re: Drive identifiers

[Ricardo Wurmus <rekado@elephly.net>]

myglc2@gmail.com writes:

> On 01/18/2018 at 10:29 Danny Milosavljevic writes:
>
> [...]
>
>> Maybe we could make the user specify the serial number in the operating-system
>> bootloader-configuration.  Installing the bootloader to the wrong
>> drive would be very bad otherwise.  Also, it's not exactly declarative if the
>> labels sda, sdb etc can move around - and reconfiguring / booting ends up like
>> a game of musical chairs.
>>
>> Although if a drive fails and an administrator replaces it by a new drive,
>> one would have to change the operating-system configuration and reconfigure
>> (which could potentially download gigabytes of data and take hours).
>>
>> Not ideal.
>>
>> Maybe store the original serial number into a file on disk and make Guix
>> fall back to checking those in a second pass (with a warning).
>>
>> (Guix could still call the bootloader's installer with the name of the
>> device file it found out - so it wouldn't be an involved change)
>>
>> We would still have to check what happens with the hard drive emulators of
>> CD-ROMs - do these have a unique persistent serial number?
>
> Hi Danny,
>
> I commented in a separate post on requiring our users to provide the
> drive SN in the config file.  Here I comment on consequences of having
> the SN of a HD in a file held by that HD. IMO this is like having the
> directory name in a file held by the directory. Both raise the same
> issue: the file is no longer relocatable.
>
> In our case, as you point out, this creates a new error
> case. Unfortunately we can't possibly know the best way to handle
> it. E.G.: If the user has created an image backup of a mission-critical
> GuixSD server and if they start it on a second server as a warm-backup
> and if they have forgotten to change critical identify files (say
> hostname) and if this can cause both servers to become corrupted,
> halting on this error might be helpful.

The configuration is written in Guile, so you could run code before
returning the operating-system configuration value.

I do this in my config, because I’ve been reinstalling my system onto a
newly formatted disk:

--8<---------------cut here---------------start------------->8---
;; Get the UUID of the encrypted disk
(define %uuid
  (let* ((port (open-input-pipe "blkid -s UUID -o value /dev/sda1"))
         (str  (read-line port)))
    (close-pipe port)
    str))
…
(operating-system …
  (mapped-devices (list (mapped-device
                         (source (uuid %uuid))
                         (target "root")
                         (type luks-device-mapping))))
--8<---------------cut here---------------end--------------->8---

People who are worried about changing device identifiers when restoring
from backup could use a similar mechanism to obtain the identifier on
the target at runtime.

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net