Best method to write zeros to tape?

[goony]

I have a pool of tapes that are clones of my backups - these tapes are rotated offsite on a daily basis. On most occasions, not all of the tapes are full when they are pulled to be taken offsite.

I recently enabled software encryption via Networker (Unix), but I realized that since not all tape are fully written that old non-encrypted data could still be present beyond the most recent end-of-tape.

I have been considering "zeroing" the tapes as they return from offsite using dd thusly:

[tt]dd if=/dev/zero of=/dev/rmt/0bn bs=<some large blocksize>[/tt]

Can anyone think of a better/more effective method for zeroing these tapes?

Thanks!

 

[speculos]

Did you try the Networker "erase" command?
(Syntax: erase [-sr] -a b.t.l)

 

[605]

I wonder how you discovered this effect. The tape drive's firmware should not allow anybody to position the tape beyond the 'logical end-of-tape', represented by 2 consecutive file marks. The purpose of this behaviour was to avoid these 'security erase' processes.

 

[goony]

Re: 'erase' command

I discovered that command right after my initial posting... I'm not sure why, but on my Solaris V7.4 Networker system that command does absolutely NOTHING - it just sits there.

I verified my SCSI id's using the 'inquire' command too.

Re: data beyond the written end-of-tape

I guess I'm just paranoid. Yes, drive firmware shouldn't permit you going past the double EOF, but being an old timer I'm convinced that someone could still figure out a way to pull it off.

-------

I actually found a more pleasant method to handle my dilema: I created a tape pool called ZeroMe and am labeling candidate tapes for that pool. I then created a 500MB random data file using dd with /dev/random as the source device. I then made 10 copies of this file and put them into a directory.

The next entry is the script that I have turned loose to write the random data to the tapes.

 

[goony]

Note: I'm not a particularly adept with writing shell scripts, so it may be a bit inefficient, but hey - it works!

I wanted this to run only when regular backups were not running, thus the 9AM to 9PM window. When 9PM comes around it will finish whatever 'save' it is doing and then be inactive until 9AM the next day.

[tt]
#!/sbin/sh

#erase_tapes.sh
#
# Aug. 2007
# backup specific directory/files that are filled with random data created by
# /dev/random.
#
# Backup to specific pool 'ZeroMe' - tapes that need to be zeroed will be put
# into that pool by labeling them for that pool. When the tape is full, it
# is essentially erased by being overwritten with random data.
#
# Stop this thing by this command:
#
# touch /var/tmp/stop.tmp
#
# When a backup pass finishes and it finds the above file it will STOP.

set -x
STOP_FILE=/var/tmp/stop.tmp

while [ true ]; do
date

HOUR=`date "+%H"`

#limit hours of running 9AM to 9PM daily
while [ $HOUR -gt 20 ] || [ $HOUR -lt 9 ]; do
date

if [ -f ${STOP_FILE} ]; then
echo "Found stop file - user has forced an exit!"
exit 0
fi

echo "5 minute sleep - napping from 9PM until 9AM"
sleep 300
HOUR=`date "+%H"`
done

if [ -f ${STOP_FILE} ]; then
echo "Found stop file - user has forced an exit!"
exit 0
fi

#get list of tapes in the ZeroMe pool
mminfo -q 'pool=ZeroMe' -m

date
echo "Begin backup of large random data files in 15 seconds..."
sleep 15

if [ -f ${STOP_FILE} ]; then
echo "Found stop file - user has forced an exit!"
exit 0
fi

save -i -S -b ZeroMe -v -x /var/tmp/erase/

date
mminfo -q 'pool=ZeroMe' -m

sleep 10

done
[/tt]

 

[goony]

Minor note: Comments at top of file should read like this:

[tt]
# Backup the files in /var/tmp/erase/ that are filled with random data created by
# using /dev/random as the input device to the 'dd' command.
[/tt]