mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-17 18:29:30 +00:00
rbd: use ioctx locks for key rotation
Signed-off-by: Niraj Yadav <niryadav@redhat.com>
This commit is contained in:
parent
0bed833ef7
commit
4445247690
@ -20,12 +20,10 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
csicommon "github.com/ceph/ceph-csi/internal/csi-common"
|
|
||||||
"github.com/ceph/ceph-csi/internal/rbd"
|
"github.com/ceph/ceph-csi/internal/rbd"
|
||||||
"github.com/ceph/ceph-csi/internal/util"
|
"github.com/ceph/ceph-csi/internal/util"
|
||||||
"github.com/ceph/ceph-csi/internal/util/log"
|
"github.com/ceph/ceph-csi/internal/util/log"
|
||||||
|
|
||||||
"github.com/container-storage-interface/spec/lib/go/csi"
|
|
||||||
ekr "github.com/csi-addons/spec/lib/go/encryptionkeyrotation"
|
ekr "github.com/csi-addons/spec/lib/go/encryptionkeyrotation"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
@ -55,12 +53,6 @@ func (ekrs *EncryptionKeyRotationServer) EncryptionKeyRotate(
|
|||||||
return nil, status.Error(codes.InvalidArgument, "empty volume ID in request")
|
return nil, status.Error(codes.InvalidArgument, "empty volume ID in request")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Block key rotation for RWX/ROX volumes
|
|
||||||
_, isMultiNode := csicommon.IsBlockMultiNode([]*csi.VolumeCapability{req.GetVolumeCapability()})
|
|
||||||
if isMultiNode {
|
|
||||||
return nil, status.Error(codes.Unimplemented, "multi-node key rotation is not supported")
|
|
||||||
}
|
|
||||||
|
|
||||||
if acquired := ekrs.volLock.TryAcquire(volID); !acquired {
|
if acquired := ekrs.volLock.TryAcquire(volID); !acquired {
|
||||||
return nil, status.Errorf(codes.Aborted, util.VolumeOperationAlreadyExistsFmt, volID)
|
return nil, status.Errorf(codes.Aborted, util.VolumeOperationAlreadyExistsFmt, volID)
|
||||||
}
|
}
|
||||||
|
@ -22,9 +22,11 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
kmsapi "github.com/ceph/ceph-csi/internal/kms"
|
kmsapi "github.com/ceph/ceph-csi/internal/kms"
|
||||||
"github.com/ceph/ceph-csi/internal/util"
|
"github.com/ceph/ceph-csi/internal/util"
|
||||||
|
"github.com/ceph/ceph-csi/internal/util/lock"
|
||||||
"github.com/ceph/ceph-csi/internal/util/log"
|
"github.com/ceph/ceph-csi/internal/util/log"
|
||||||
|
|
||||||
librbd "github.com/ceph/go-ceph/rbd"
|
librbd "github.com/ceph/go-ceph/rbd"
|
||||||
@ -463,6 +465,28 @@ func (rv *rbdVolume) RotateEncryptionKey(ctx context.Context) error {
|
|||||||
return errors.New("key rotation not supported for unencrypted device")
|
return errors.New("key rotation not supported for unencrypted device")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Call open Ioctx to create a new ioctx object
|
||||||
|
// if the obj already exists, no error is returned
|
||||||
|
err = rv.openIoctx()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to open ioctx, err: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Lock params
|
||||||
|
lockName := rv.VolID + "-mutexlock"
|
||||||
|
lockDesc := "Key rotation mutex lock for " + rv.VolID
|
||||||
|
lockDuration := 3 * time.Minute
|
||||||
|
lockCookie := rv.VolID + "-enc-key-rotate"
|
||||||
|
|
||||||
|
// Acquire the exclusive lock based on vol id
|
||||||
|
lck := lock.NewLock(rv.ioctx, rv.VolID, lockName, lockCookie, lockDesc, lockDuration)
|
||||||
|
err = lck.LockExclusive(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer lck.Unlock(ctx)
|
||||||
|
log.DebugLog(ctx, "acquired ioctx lock for vol id: %s", rv.VolID)
|
||||||
|
|
||||||
// Get the device path for the underlying image
|
// Get the device path for the underlying image
|
||||||
useNbd := rv.Mounter == rbdNbdMounter && hasNBD
|
useNbd := rv.Mounter == rbdNbdMounter && hasNBD
|
||||||
devicePath, found := waitForPath(ctx, rv.Pool, rv.RadosNamespace, rv.RbdImageName, 1, useNbd)
|
devicePath, found := waitForPath(ctx, rv.Pool, rv.RadosNamespace, rv.RbdImageName, 1, useNbd)
|
||||||
|
Loading…
Reference in New Issue
Block a user