Re: Planning for LTSP EPEL-6

*NBD Upgrade Risk Analysis* - EL-6 lacks nbd.ko, so the userspace nbd-client in EPEL-6 could not be used. Thus it is possible nobody was using the userspace-only nbd-server daemon on EL-6? - *Scenarios:* Does 3.2 remain compatible with old nbd client/server and invocation scripts? If command line parameters and the wire protocol remains compatible, then risk to users is negligible. (Joshua is researching this.) - *Yes, safe to upgrade:* The old way of using nbd by manually specifying port numbers is deprecated but supported in nbd-3.2, so users will not notice any difference. - *No, safe to upgrade: *Even though it is not compatible, nobody was actually using nbd-server on EL-6, so we can safely upgrade it. - *No, not safe to upgrade:* Not compatible, and we don't want to risk breaking users who might have relied on the old nbd-server on EL-6. Use a parallel nbd3 package. - Alternative nbd3 package would obviate the risk of upgrading, but it would create an added maintenance burden. nbd has had several CVE advisories in the past, and we really would be better off avoiding the need to maintain redundant daemons. By upgrading nbd in EPEL-6, it will make it easier to maintain in the future as security fixes will not need to be backported. I believe we have a strong case for upgrading under any of the above scenarios. Joshua will research the compatibility issue to better inform us of the actual extent of upgrade risk. * *

** *unionfs-fuse and dracut module* Currently LTSP clients netboot a dracut-network generated initrd which mounts a read-only NFS or NBD root filesystem and relies upon /etc/rwtab*. In theory rwtab bind mounts copies of files and directories to the read-only filesystem to allow a stateless client to boot. In practice rwtab has significant problems and was never well supported as most developers never test in readonly root stateless mode. As an alternative, Joshua intends to try the fuse-based unionfs overlay to mimic the kernel-based unionfs overlay used by Debian LTSP. http://podgorny.cz/moin/UnionFsFuse http://pkgs.repoforge.org/fuse-unionfs/ Someone made packages, although it hasn't been tried yet. It would theoretically require a dracut module to move /sysroot to another name, then mount the fuse overlay as /sysroot prior to mounting of any auxiliary filesystems (/proc?) and switch_root. The "other name" may need to be protected from the deletion that occurs prior to switch_root. Hopefully fuse will work as expected even after a switch_root.