2019-04-22 21:35:39 +00:00
|
|
|
/*
|
|
|
|
Copyright 2019 The Ceph-CSI Authors.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package util
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2019-08-22 17:19:06 +00:00
|
|
|
"context"
|
2019-04-22 21:35:39 +00:00
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"os"
|
|
|
|
"os/exec"
|
|
|
|
"strings"
|
2019-06-10 07:22:13 +00:00
|
|
|
|
2020-01-16 15:33:54 +00:00
|
|
|
"github.com/ceph/go-ceph/rados"
|
2019-06-10 07:22:13 +00:00
|
|
|
"k8s.io/klog"
|
2019-04-22 21:35:39 +00:00
|
|
|
)
|
|
|
|
|
2020-01-24 16:26:56 +00:00
|
|
|
// InvalidPoolID used to denote an invalid pool
|
|
|
|
const InvalidPoolID int64 = -1
|
|
|
|
|
2019-06-10 07:22:13 +00:00
|
|
|
// ExecCommand executes passed in program with args and returns separate stdout and stderr streams
|
2019-04-22 21:35:39 +00:00
|
|
|
func ExecCommand(program string, args ...string) (stdout, stderr []byte, err error) {
|
|
|
|
var (
|
Address security concerns reported by 'gosec'
gosec reports several issues, none of them looks very critical. With
this change the following concerns have been addressed:
[pkg/cephfs/nodeserver.go:229] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
> os.Chmod(targetPath, 0777)
[pkg/cephfs/util.go:39] - G204: Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM)
> exec.Command(program, args...)
[pkg/rbd/nodeserver.go:156] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
> os.Chmod(stagingTargetPath, 0777)
[pkg/rbd/nodeserver.go:205] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
> os.OpenFile(mountPath, os.O_CREATE|os.O_RDWR, 0750)
[pkg/rbd/rbd_util.go:797] - G304: Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
> ioutil.ReadFile(fPath)
[pkg/util/cephcmds.go:35] - G204: Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM)
> exec.Command(program, args...)
[pkg/util/credentials.go:47] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
> os.Remove(tmpfile.Name())
[pkg/util/credentials.go:92] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
> os.Remove(cr.KeyFile)
[pkg/util/pidlimit.go:74] - G304: Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
> os.Open(pidsMax)
URL: https://github.com/securego/gosec
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2019-08-30 10:23:10 +00:00
|
|
|
cmd = exec.Command(program, args...) // nolint: gosec, #nosec
|
2019-06-08 05:06:03 +00:00
|
|
|
sanitizedArgs = StripSecretInArgs(args)
|
|
|
|
stdoutBuf bytes.Buffer
|
|
|
|
stderrBuf bytes.Buffer
|
2019-04-22 21:35:39 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
cmd.Stdout = &stdoutBuf
|
|
|
|
cmd.Stderr = &stderrBuf
|
|
|
|
|
|
|
|
if err := cmd.Run(); err != nil {
|
|
|
|
return stdoutBuf.Bytes(), stderrBuf.Bytes(), fmt.Errorf("an error (%v)"+
|
2019-06-08 05:06:03 +00:00
|
|
|
" occurred while running %s args: %v", err, program, sanitizedArgs)
|
2019-04-22 21:35:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return stdoutBuf.Bytes(), nil, nil
|
|
|
|
}
|
|
|
|
|
2020-01-16 15:33:54 +00:00
|
|
|
// GetPoolID fetches the ID of the pool that matches the passed in poolName
|
|
|
|
// parameter
|
2020-05-14 11:23:55 +00:00
|
|
|
func GetPoolID(monitors string, cr *Credentials, poolName string) (int64, error) {
|
2020-01-16 15:33:54 +00:00
|
|
|
conn, err := connPool.Get(monitors, cr.ID, cr.KeyFile)
|
2019-06-28 01:10:32 +00:00
|
|
|
if err != nil {
|
2020-05-14 12:28:55 +00:00
|
|
|
return InvalidPoolID, err
|
2019-04-22 21:35:39 +00:00
|
|
|
}
|
2020-01-16 15:33:54 +00:00
|
|
|
defer connPool.Put(conn)
|
2019-04-22 21:35:39 +00:00
|
|
|
|
2020-01-16 15:33:54 +00:00
|
|
|
id, err := conn.GetPoolByName(poolName)
|
|
|
|
if err == rados.ErrNotFound {
|
2020-05-14 12:28:55 +00:00
|
|
|
return InvalidPoolID, ErrPoolNotFound{poolName, fmt.Errorf("pool (%s) not found in Ceph cluster", poolName)}
|
2020-01-16 15:33:54 +00:00
|
|
|
} else if err != nil {
|
2020-05-14 12:28:55 +00:00
|
|
|
return InvalidPoolID, err
|
2019-04-22 21:35:39 +00:00
|
|
|
}
|
|
|
|
|
2020-01-16 15:33:54 +00:00
|
|
|
return id, nil
|
2019-04-22 21:35:39 +00:00
|
|
|
}
|
|
|
|
|
2020-03-13 09:24:01 +00:00
|
|
|
// GetPoolName fetches the pool whose pool ID is equal to the requested poolID
|
|
|
|
// parameter
|
2020-05-14 13:28:14 +00:00
|
|
|
func GetPoolName(monitors string, cr *Credentials, poolID int64) (string, error) {
|
2020-03-13 09:24:01 +00:00
|
|
|
conn, err := connPool.Get(monitors, cr.ID, cr.KeyFile)
|
2019-04-22 21:35:39 +00:00
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2020-03-13 09:24:01 +00:00
|
|
|
defer connPool.Put(conn)
|
2019-04-22 21:35:39 +00:00
|
|
|
|
2020-03-13 09:24:01 +00:00
|
|
|
name, err := conn.GetPoolByID(poolID)
|
|
|
|
if err != nil {
|
|
|
|
return "", ErrPoolNotFound{string(poolID), fmt.Errorf("pool ID (%d) not found in Ceph cluster", poolID)}
|
2019-04-22 21:35:39 +00:00
|
|
|
}
|
2020-03-13 09:24:01 +00:00
|
|
|
return name, nil
|
2019-04-22 21:35:39 +00:00
|
|
|
}
|
|
|
|
|
2020-01-24 16:26:56 +00:00
|
|
|
// GetPoolIDs searches a list of pools in a cluster and returns the IDs of the pools that matches
|
|
|
|
// the passed in pools
|
|
|
|
// TODO this should take in a list and return a map[string(poolname)]int64(poolID)
|
|
|
|
func GetPoolIDs(ctx context.Context, monitors, journalPool, imagePool string, cr *Credentials) (int64, int64, error) {
|
2020-05-14 11:23:55 +00:00
|
|
|
journalPoolID, err := GetPoolID(monitors, cr, journalPool)
|
2020-01-24 16:26:56 +00:00
|
|
|
if err != nil {
|
|
|
|
return InvalidPoolID, InvalidPoolID, err
|
|
|
|
}
|
|
|
|
|
|
|
|
imagePoolID := journalPoolID
|
|
|
|
if imagePool != journalPool {
|
2020-05-14 11:23:55 +00:00
|
|
|
imagePoolID, err = GetPoolID(monitors, cr, imagePool)
|
2020-01-24 16:26:56 +00:00
|
|
|
if err != nil {
|
|
|
|
return InvalidPoolID, InvalidPoolID, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return journalPoolID, imagePoolID, nil
|
|
|
|
}
|
|
|
|
|
2019-04-22 21:35:39 +00:00
|
|
|
// SetOMapKeyValue sets the given key and value into the provided Ceph omap name
|
2019-08-22 17:19:06 +00:00
|
|
|
func SetOMapKeyValue(ctx context.Context, monitors string, cr *Credentials, poolName, namespace, oMapName, oMapKey, keyValue string) error {
|
2019-04-22 21:35:39 +00:00
|
|
|
// Command: "rados <options> setomapval oMapName oMapKey keyValue"
|
2019-05-28 19:03:18 +00:00
|
|
|
args := []string{
|
2019-04-22 21:35:39 +00:00
|
|
|
"-m", monitors,
|
2019-06-01 21:26:42 +00:00
|
|
|
"--id", cr.ID,
|
2019-06-25 19:29:17 +00:00
|
|
|
"--keyfile=" + cr.KeyFile,
|
2019-04-22 21:35:39 +00:00
|
|
|
"-c", CephConfigPath,
|
|
|
|
"-p", poolName,
|
2019-05-28 19:03:18 +00:00
|
|
|
"setomapval", oMapName, oMapKey, keyValue,
|
|
|
|
}
|
|
|
|
|
|
|
|
if namespace != "" {
|
|
|
|
args = append(args, "--namespace="+namespace)
|
|
|
|
}
|
|
|
|
|
|
|
|
_, _, err := ExecCommand("rados", args[:]...)
|
2019-04-22 21:35:39 +00:00
|
|
|
if err != nil {
|
2019-08-22 17:19:06 +00:00
|
|
|
klog.Errorf(Log(ctx, "failed adding key (%s with value %s), to omap (%s) in "+
|
|
|
|
"pool (%s): (%v)"), oMapKey, keyValue, oMapName, poolName, err)
|
2019-04-22 21:35:39 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetOMapValue gets the value for the given key from the named omap
|
2019-08-22 17:19:06 +00:00
|
|
|
func GetOMapValue(ctx context.Context, monitors string, cr *Credentials, poolName, namespace, oMapName, oMapKey string) (string, error) {
|
2019-04-22 21:35:39 +00:00
|
|
|
// Command: "rados <options> getomapval oMapName oMapKey <outfile>"
|
|
|
|
// No such key: replicapool/csi.volumes.directory.default/csi.volname
|
|
|
|
tmpFile, err := ioutil.TempFile("", "omap-get-")
|
|
|
|
if err != nil {
|
2019-08-22 17:19:06 +00:00
|
|
|
klog.Errorf(Log(ctx, "failed creating a temporary file for key contents"))
|
2019-04-22 21:35:39 +00:00
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
defer tmpFile.Close()
|
|
|
|
defer os.Remove(tmpFile.Name())
|
|
|
|
|
2019-05-28 19:03:18 +00:00
|
|
|
args := []string{
|
2019-04-22 21:35:39 +00:00
|
|
|
"-m", monitors,
|
2019-06-01 21:26:42 +00:00
|
|
|
"--id", cr.ID,
|
2019-06-25 19:29:17 +00:00
|
|
|
"--keyfile=" + cr.KeyFile,
|
2019-04-22 21:35:39 +00:00
|
|
|
"-c", CephConfigPath,
|
|
|
|
"-p", poolName,
|
2019-05-28 19:03:18 +00:00
|
|
|
"getomapval", oMapName, oMapKey, tmpFile.Name(),
|
|
|
|
}
|
|
|
|
|
|
|
|
if namespace != "" {
|
|
|
|
args = append(args, "--namespace="+namespace)
|
|
|
|
}
|
|
|
|
|
|
|
|
stdout, stderr, err := ExecCommand("rados", args[:]...)
|
2019-04-22 21:35:39 +00:00
|
|
|
if err != nil {
|
2019-05-14 19:15:01 +00:00
|
|
|
// no logs, as attempting to check for non-existent key/value is done even on
|
|
|
|
// regular call sequences
|
2019-04-22 21:35:39 +00:00
|
|
|
stdoutanderr := strings.Join([]string{string(stdout), string(stderr)}, " ")
|
|
|
|
if strings.Contains(stdoutanderr, "No such key: "+poolName+"/"+oMapName+"/"+oMapKey) {
|
|
|
|
return "", ErrKeyNotFound{poolName + "/" + oMapName + "/" + oMapKey, err}
|
|
|
|
}
|
|
|
|
|
|
|
|
if strings.Contains(stdoutanderr, "error getting omap value "+
|
|
|
|
poolName+"/"+oMapName+"/"+oMapKey+": (2) No such file or directory") {
|
|
|
|
return "", ErrKeyNotFound{poolName + "/" + oMapName + "/" + oMapKey, err}
|
|
|
|
}
|
|
|
|
|
2020-03-19 12:30:59 +00:00
|
|
|
if strings.Contains(stdoutanderr, "error opening pool "+
|
|
|
|
poolName+": (2) No such file or directory") {
|
|
|
|
return "", ErrPoolNotFound{poolName, err}
|
|
|
|
}
|
|
|
|
|
2019-05-14 19:15:01 +00:00
|
|
|
// log other errors for troubleshooting assistance
|
2019-08-22 17:19:06 +00:00
|
|
|
klog.Errorf(Log(ctx, "failed getting omap value for key (%s) from omap (%s) in pool (%s): (%v)"),
|
2019-05-14 19:15:01 +00:00
|
|
|
oMapKey, oMapName, poolName, err)
|
|
|
|
|
2019-06-10 07:22:13 +00:00
|
|
|
return "", fmt.Errorf("error (%v) occurred, command output streams is (%s)",
|
2019-04-22 21:35:39 +00:00
|
|
|
err.Error(), stdoutanderr)
|
|
|
|
}
|
|
|
|
|
|
|
|
keyValue, err := ioutil.ReadAll(tmpFile)
|
|
|
|
return string(keyValue), err
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveOMapKey removes the omap key from the given omap name
|
2019-08-22 17:19:06 +00:00
|
|
|
func RemoveOMapKey(ctx context.Context, monitors string, cr *Credentials, poolName, namespace, oMapName, oMapKey string) error {
|
2019-04-22 21:35:39 +00:00
|
|
|
// Command: "rados <options> rmomapkey oMapName oMapKey"
|
2019-05-28 19:03:18 +00:00
|
|
|
args := []string{
|
2019-04-22 21:35:39 +00:00
|
|
|
"-m", monitors,
|
2019-06-01 21:26:42 +00:00
|
|
|
"--id", cr.ID,
|
2019-06-25 19:29:17 +00:00
|
|
|
"--keyfile=" + cr.KeyFile,
|
2019-04-22 21:35:39 +00:00
|
|
|
"-c", CephConfigPath,
|
|
|
|
"-p", poolName,
|
2019-05-28 19:03:18 +00:00
|
|
|
"rmomapkey", oMapName, oMapKey,
|
|
|
|
}
|
|
|
|
|
|
|
|
if namespace != "" {
|
|
|
|
args = append(args, "--namespace="+namespace)
|
|
|
|
}
|
|
|
|
|
|
|
|
_, _, err := ExecCommand("rados", args[:]...)
|
2019-04-22 21:35:39 +00:00
|
|
|
if err != nil {
|
|
|
|
// NOTE: Missing omap key removal does not return an error
|
2019-08-22 17:19:06 +00:00
|
|
|
klog.Errorf(Log(ctx, "failed removing key (%s), from omap (%s) in "+
|
|
|
|
"pool (%s): (%v)"), oMapKey, oMapName, poolName, err)
|
2019-04-22 21:35:39 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateObject creates the object name passed in and returns ErrObjectExists if the provided object
|
|
|
|
// is already present in rados
|
2019-08-22 17:19:06 +00:00
|
|
|
func CreateObject(ctx context.Context, monitors string, cr *Credentials, poolName, namespace, objectName string) error {
|
2019-04-22 21:35:39 +00:00
|
|
|
// Command: "rados <options> create objectName"
|
2019-05-28 19:03:18 +00:00
|
|
|
args := []string{
|
2019-04-22 21:35:39 +00:00
|
|
|
"-m", monitors,
|
2019-06-01 21:26:42 +00:00
|
|
|
"--id", cr.ID,
|
2019-06-25 19:29:17 +00:00
|
|
|
"--keyfile=" + cr.KeyFile,
|
2019-04-22 21:35:39 +00:00
|
|
|
"-c", CephConfigPath,
|
|
|
|
"-p", poolName,
|
2019-05-28 19:03:18 +00:00
|
|
|
"create", objectName,
|
|
|
|
}
|
|
|
|
|
|
|
|
if namespace != "" {
|
|
|
|
args = append(args, "--namespace="+namespace)
|
|
|
|
}
|
|
|
|
|
2019-07-13 12:00:47 +00:00
|
|
|
_, stderr, err := ExecCommand("rados", args[:]...)
|
2019-04-22 21:35:39 +00:00
|
|
|
if err != nil {
|
2019-08-22 17:19:06 +00:00
|
|
|
klog.Errorf(Log(ctx, "failed creating omap (%s) in pool (%s): (%v)"), objectName, poolName, err)
|
2019-07-13 12:00:47 +00:00
|
|
|
if strings.Contains(string(stderr), "error creating "+poolName+"/"+objectName+
|
2019-04-22 21:35:39 +00:00
|
|
|
": (17) File exists") {
|
|
|
|
return ErrObjectExists{objectName, err}
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveObject removes the entire omap name passed in and returns ErrObjectNotFound is provided omap
|
|
|
|
// is not found in rados
|
2019-08-22 17:19:06 +00:00
|
|
|
func RemoveObject(ctx context.Context, monitors string, cr *Credentials, poolName, namespace, oMapName string) error {
|
2019-04-22 21:35:39 +00:00
|
|
|
// Command: "rados <options> rm oMapName"
|
2019-05-28 19:03:18 +00:00
|
|
|
args := []string{
|
2019-04-22 21:35:39 +00:00
|
|
|
"-m", monitors,
|
2019-06-01 21:26:42 +00:00
|
|
|
"--id", cr.ID,
|
2019-06-25 19:29:17 +00:00
|
|
|
"--keyfile=" + cr.KeyFile,
|
2019-04-22 21:35:39 +00:00
|
|
|
"-c", CephConfigPath,
|
|
|
|
"-p", poolName,
|
2019-05-28 19:03:18 +00:00
|
|
|
"rm", oMapName,
|
|
|
|
}
|
|
|
|
|
|
|
|
if namespace != "" {
|
|
|
|
args = append(args, "--namespace="+namespace)
|
|
|
|
}
|
|
|
|
|
2019-07-13 12:00:47 +00:00
|
|
|
_, stderr, err := ExecCommand("rados", args[:]...)
|
2019-04-22 21:35:39 +00:00
|
|
|
if err != nil {
|
2019-08-22 17:19:06 +00:00
|
|
|
klog.Errorf(Log(ctx, "failed removing omap (%s) in pool (%s): (%v)"), oMapName, poolName, err)
|
2019-07-13 12:00:47 +00:00
|
|
|
if strings.Contains(string(stderr), "error removing "+poolName+">"+oMapName+
|
2019-04-22 21:35:39 +00:00
|
|
|
": (2) No such file or directory") {
|
|
|
|
return ErrObjectNotFound{oMapName, err}
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2019-12-13 11:41:32 +00:00
|
|
|
|
|
|
|
// SetImageMeta sets image metadata
|
|
|
|
func SetImageMeta(ctx context.Context, cr *Credentials, monitors, imageSpec, key, value string) error {
|
|
|
|
args := []string{
|
|
|
|
"-m", monitors,
|
|
|
|
"--id", cr.ID,
|
|
|
|
"--keyfile=" + cr.KeyFile,
|
|
|
|
"-c", CephConfigPath,
|
|
|
|
"image-meta", "set", imageSpec,
|
|
|
|
key, value,
|
|
|
|
}
|
|
|
|
|
|
|
|
_, _, err := ExecCommand("rbd", args[:]...)
|
|
|
|
if err != nil {
|
|
|
|
klog.Errorf(Log(ctx, "failed setting image metadata (%s) for (%s): (%v)"), key, imageSpec, err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetImageMeta gets image metadata
|
|
|
|
func GetImageMeta(ctx context.Context, cr *Credentials, monitors, imageSpec, key string) (string, error) {
|
|
|
|
args := []string{
|
|
|
|
"-m", monitors,
|
|
|
|
"--id", cr.ID,
|
|
|
|
"--keyfile=" + cr.KeyFile,
|
|
|
|
"-c", CephConfigPath,
|
|
|
|
"image-meta", "get", imageSpec,
|
|
|
|
key,
|
|
|
|
}
|
|
|
|
|
|
|
|
stdout, stderr, err := ExecCommand("rbd", args[:]...)
|
|
|
|
if err != nil {
|
|
|
|
stdoutanderr := strings.Join([]string{string(stdout), string(stderr)}, " ")
|
|
|
|
if strings.Contains(stdoutanderr, "failed to get metadata "+key+" of image : (2) No such file or directory") {
|
|
|
|
return "", ErrKeyNotFound{imageSpec + " " + key, err}
|
|
|
|
}
|
|
|
|
|
|
|
|
klog.Errorf(Log(ctx, "failed getting image metadata (%s) for (%s): (%v)"), key, imageSpec, err)
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
return string(stdout), nil
|
|
|
|
}
|