mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-27 08:40:23 +00:00
rbd: support pvc-pvc clone with different sc & encryption
This commit makes modification so as to allow pvc-pvc clone
with different storageclass having different encryption
configs.
This commit also modifies `copyEncryptionConfig()` to
include a `isEncrypted()` check within the function.
Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit f1ccc4eced
)
This commit is contained in:
parent
272182a588
commit
584c87ce34
@ -144,11 +144,9 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
|
||||
return err
|
||||
}
|
||||
|
||||
if parentVol.isEncrypted() {
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||
}
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||
}
|
||||
|
||||
err = j.StoreImageID(ctx, rv.JournalPool, rv.ReservedID, rv.ImageID)
|
||||
@ -216,5 +214,10 @@ func (rv *rbdVolume) doSnapClone(ctx context.Context, parentVol *rbdVolume) erro
|
||||
return errClone
|
||||
}
|
||||
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -19,6 +19,7 @@ package rbd
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
csicommon "github.com/ceph/ceph-csi/internal/csi-common"
|
||||
"github.com/ceph/ceph-csi/internal/util"
|
||||
@ -579,6 +580,11 @@ func (cs *ControllerServer) createVolumeFromSnapshot(
|
||||
|
||||
log.DebugLog(ctx, "create volume %s from snapshot %s", rbdVol, rbdSnap)
|
||||
|
||||
err = parentVol.copyEncryptionConfig(&rbdVol.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rbdVol, err)
|
||||
}
|
||||
|
||||
// resize the volume if the size is different
|
||||
// expand the image if the requested size is greater than the current size
|
||||
err = rbdVol.expand()
|
||||
@ -1080,11 +1086,9 @@ func cloneFromSnapshot(
|
||||
}
|
||||
defer vol.Destroy()
|
||||
|
||||
if rbdVol.isEncrypted() {
|
||||
err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Internal, err.Error())
|
||||
}
|
||||
err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Internal, err.Error())
|
||||
}
|
||||
|
||||
err = vol.flattenRbdImage(ctx, false, rbdHardMaxCloneDepth, rbdSoftMaxCloneDepth)
|
||||
@ -1174,14 +1178,12 @@ func (cs *ControllerServer) doSnapshotClone(
|
||||
}
|
||||
}()
|
||||
|
||||
if parentVol.isEncrypted() {
|
||||
cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
|
||||
if cryptErr != nil {
|
||||
log.WarningLog(ctx, "failed copy encryption "+
|
||||
"config for %q: %v", cloneRbd, cryptErr)
|
||||
err = parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, "failed to copy encryption "+
|
||||
"config for %q: %v", cloneRbd, err)
|
||||
|
||||
return nil, err
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = cloneRbd.createSnapshot(ctx, rbdSnap)
|
||||
|
@ -120,14 +120,20 @@ func (ri *rbdImage) setupEncryption(ctx context.Context) error {
|
||||
}
|
||||
|
||||
// copyEncryptionConfig copies the VolumeEncryption object from the source
|
||||
// rbdImage to the passed argument. This function re-encrypts the passphrase
|
||||
// from the original, so that both encrypted passphrases (potentially, depends
|
||||
// on the DEKStore) have different contents.
|
||||
// rbdImage to the passed argument if the source rbdImage is encrypted.
|
||||
// This function re-encrypts the passphrase from the original, so that
|
||||
// both encrypted passphrases (potentially, depends on the DEKStore) have
|
||||
// different contents.
|
||||
// When copyOnlyPassphrase is set to true, only the passphrase is copied to the
|
||||
// destination rbdImage's VolumeEncryption object which needs to be initialized
|
||||
// beforehand and is possibly different from the source VolumeEncryption
|
||||
// (Usecase: Restoring snapshot into a storageclass with different encryption config).
|
||||
func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
|
||||
// nothing to do if parent image is not encrypted.
|
||||
if !ri.isEncrypted() {
|
||||
return nil
|
||||
}
|
||||
|
||||
if ri.VolID == cp.VolID {
|
||||
return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
|
||||
"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
|
||||
@ -184,7 +190,7 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
|
||||
dest.conn = ri.conn.Copy()
|
||||
}
|
||||
|
||||
return ri.copyEncryptionConfig(dest, false)
|
||||
return ri.copyEncryptionConfig(dest, true)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
@ -323,8 +323,8 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
|
||||
return false, err
|
||||
}
|
||||
|
||||
if parentVol != nil && parentVol.isEncrypted() {
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
|
||||
if parentVol != nil {
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, err.Error())
|
||||
|
||||
|
@ -1365,15 +1365,6 @@ func (rv *rbdVolume) cloneRbdImageFromSnapshot(
|
||||
}
|
||||
}()
|
||||
|
||||
if pSnapOpts.isEncrypted() {
|
||||
pSnapOpts.conn = rv.conn.Copy()
|
||||
|
||||
err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to clone encryption config: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// get image latest information
|
||||
err = rv.getImageInfo()
|
||||
if err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user