mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 18:43:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

rbd: set encryption passphrase on CreateVolume

Browse Source 
Have the provisioner create the passphrase for the volume, instead of
doign it lazily at the time the volume is used for the 1st time. This
prevents potential races where pods on different nodes try to store
different passphrases at the (almost) same time.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
2021-02-15 10:53:25 +01:00
committed by mergify[bot]
parent 47c6223b3a
commit 9b6c2117f3
3 changed files with 46 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/rbd/nodeserver.go
View File

@ -830,7 +830,7 @@ func (ns *NodeServer) processEncryptedDevice(ctx context.Context, volOptions *rb
}
func encryptDevice(ctx context.Context, rbdVol *rbdVolume, devicePath string) error {
passphrase, err := util.GetCryptoPassphrase(ctx, rbdVol.VolID, rbdVol.KMS)
passphrase, err := util.GetCryptoPassphrase(rbdVol.VolID, rbdVol.KMS)
if err != nil {
util.ErrorLog(ctx, "failed to get crypto passphrase for %s: %v",
rbdVol, err)
@ -853,7 +853,7 @@ func encryptDevice(ctx context.Context, rbdVol *rbdVolume, devicePath string) er
}
func openEncryptedDevice(ctx context.Context, volOptions *rbdVolume, devicePath string) (string, error) {
passphrase, err := util.GetCryptoPassphrase(ctx, volOptions.VolID, volOptions.KMS)
passphrase, err := util.GetCryptoPassphrase(volOptions.VolID, volOptions.KMS)
if err != nil {
util.ErrorLog(ctx, "failed to get passphrase for encrypted device %s: %v",
volOptions, err)