Re: [linux-lvm] Snapshots and disk re-use

[Jonathan Tripathy <jonnyt abpni co uk>]

On 23/02/11 13:09, Joe Thornber wrote:
> On Wed, 2011-02-23 at 12:36 +0000, Jonathan Tripathy wrote:
> > Hi Everyone,
> >
> > We host many Xen VMs for customers. We use LVM as the fisk storage for
> > these VMs. When a customer cancels, we generally dd their LV with
> > /dev/zero, before removing the LV.
> >
> > If however we want to create a snapshot of a customer's LV, is there the
> > chance that the data may appear on a new future LV if we were to create
> > one (for a new customer)? Is is my understanding that most filesystems
> > don't actually remove data from a disk when deleting a file, but just
> > set an "ignore" tag of some sort...
> I'm a bit confused about your scenario.  But I think this will help:
>
> The snapshot device is composed of 2 sub devices, the origin and the
> exception store.  Someone who only has visibility of the snapshot (ie.
> your vm if your scenario is what I think it is) will have visibility of
> all of the origin.  So you _do_ need to worry about data leaks on the
> origin device.  Their view of the exception store is always a subset
> which has been overwritten by origin data first.  So data leaks are not
> an issue for the exception store.
>
> - Joe
Sorry Joe, I think I wrote my scenario in a confusing way.

The snapshot will be done in the Xen host, so the Xen host will see the 
snapshot. The VM will only see the "normal" LV (and continue to use it 
as normal). My concern is what happens when I remove the snapshot and 
later on I create a new additional LV for a new customer.

Please understand where my confusion lies. My current procedure for 
adding and removing customers is as follows:

When a customer leaves, zero their LV, then remove it
When a customer joins, create a new LV

I'm just not sure where "snapshots" fit into my above procedure

Thanks