mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
rbd: support pvc-pvc clone with different sc & encryption
This commit makes modification so as to allow pvc-pvc clone with different storageclass having different encryption configs. This commit also modifies `copyEncryptionConfig()` to include a `isEncrypted()` check within the function. Signed-off-by: Rakshith R <rar@redhat.com>
This commit is contained in:
parent
2672fad90a
commit
f1ccc4eced
@ -144,11 +144,9 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if parentVol.isEncrypted() {
|
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
|
if err != nil {
|
||||||
if err != nil {
|
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err = j.StoreImageID(ctx, rv.JournalPool, rv.ReservedID, rv.ImageID)
|
err = j.StoreImageID(ctx, rv.JournalPool, rv.ReservedID, rv.ImageID)
|
||||||
@ -216,5 +214,10 @@ func (rv *rbdVolume) doSnapClone(ctx context.Context, parentVol *rbdVolume) erro
|
|||||||
return errClone
|
return errClone
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -19,6 +19,7 @@ package rbd
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
csicommon "github.com/ceph/ceph-csi/internal/csi-common"
|
csicommon "github.com/ceph/ceph-csi/internal/csi-common"
|
||||||
"github.com/ceph/ceph-csi/internal/util"
|
"github.com/ceph/ceph-csi/internal/util"
|
||||||
@ -591,6 +592,11 @@ func (cs *ControllerServer) createVolumeFromSnapshot(
|
|||||||
|
|
||||||
log.DebugLog(ctx, "create volume %s from snapshot %s", rbdVol, rbdSnap)
|
log.DebugLog(ctx, "create volume %s from snapshot %s", rbdVol, rbdSnap)
|
||||||
|
|
||||||
|
err = parentVol.copyEncryptionConfig(&rbdVol.rbdImage, true)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to copy encryption config for %q: %w", rbdVol, err)
|
||||||
|
}
|
||||||
|
|
||||||
// resize the volume if the size is different
|
// resize the volume if the size is different
|
||||||
// expand the image if the requested size is greater than the current size
|
// expand the image if the requested size is greater than the current size
|
||||||
err = rbdVol.expand()
|
err = rbdVol.expand()
|
||||||
@ -1104,11 +1110,9 @@ func cloneFromSnapshot(
|
|||||||
}
|
}
|
||||||
defer vol.Destroy()
|
defer vol.Destroy()
|
||||||
|
|
||||||
if rbdVol.isEncrypted() {
|
err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
|
||||||
err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
|
if err != nil {
|
||||||
if err != nil {
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err = vol.flattenRbdImage(ctx, false, rbdHardMaxCloneDepth, rbdSoftMaxCloneDepth)
|
err = vol.flattenRbdImage(ctx, false, rbdHardMaxCloneDepth, rbdSoftMaxCloneDepth)
|
||||||
@ -1207,14 +1211,12 @@ func (cs *ControllerServer) doSnapshotClone(
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
if parentVol.isEncrypted() {
|
err = parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
|
||||||
cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
|
if err != nil {
|
||||||
if cryptErr != nil {
|
log.ErrorLog(ctx, "failed to copy encryption "+
|
||||||
log.WarningLog(ctx, "failed copy encryption "+
|
"config for %q: %v", cloneRbd, err)
|
||||||
"config for %q: %v", cloneRbd, cryptErr)
|
|
||||||
|
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err = cloneRbd.createSnapshot(ctx, rbdSnap)
|
err = cloneRbd.createSnapshot(ctx, rbdSnap)
|
||||||
|
@ -120,14 +120,20 @@ func (ri *rbdImage) setupEncryption(ctx context.Context) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// copyEncryptionConfig copies the VolumeEncryption object from the source
|
// copyEncryptionConfig copies the VolumeEncryption object from the source
|
||||||
// rbdImage to the passed argument. This function re-encrypts the passphrase
|
// rbdImage to the passed argument if the source rbdImage is encrypted.
|
||||||
// from the original, so that both encrypted passphrases (potentially, depends
|
// This function re-encrypts the passphrase from the original, so that
|
||||||
// on the DEKStore) have different contents.
|
// both encrypted passphrases (potentially, depends on the DEKStore) have
|
||||||
|
// different contents.
|
||||||
// When copyOnlyPassphrase is set to true, only the passphrase is copied to the
|
// When copyOnlyPassphrase is set to true, only the passphrase is copied to the
|
||||||
// destination rbdImage's VolumeEncryption object which needs to be initialized
|
// destination rbdImage's VolumeEncryption object which needs to be initialized
|
||||||
// beforehand and is possibly different from the source VolumeEncryption
|
// beforehand and is possibly different from the source VolumeEncryption
|
||||||
// (Usecase: Restoring snapshot into a storageclass with different encryption config).
|
// (Usecase: Restoring snapshot into a storageclass with different encryption config).
|
||||||
func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
|
func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
|
||||||
|
// nothing to do if parent image is not encrypted.
|
||||||
|
if !ri.isEncrypted() {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
if ri.VolID == cp.VolID {
|
if ri.VolID == cp.VolID {
|
||||||
return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
|
return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
|
||||||
"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
|
"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
|
||||||
@ -184,7 +190,7 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
|
|||||||
dest.conn = ri.conn.Copy()
|
dest.conn = ri.conn.Copy()
|
||||||
}
|
}
|
||||||
|
|
||||||
return ri.copyEncryptionConfig(dest, false)
|
return ri.copyEncryptionConfig(dest, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -324,8 +324,8 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
|
|||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if parentVol != nil && parentVol.isEncrypted() {
|
if parentVol != nil {
|
||||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
|
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.ErrorLog(ctx, err.Error())
|
log.ErrorLog(ctx, err.Error())
|
||||||
|
|
||||||
|
@ -1366,15 +1366,6 @@ func (rv *rbdVolume) cloneRbdImageFromSnapshot(
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
if pSnapOpts.isEncrypted() {
|
|
||||||
pSnapOpts.conn = rv.conn.Copy()
|
|
||||||
|
|
||||||
err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage, true)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to clone encryption config: %w", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// get image latest information
|
// get image latest information
|
||||||
err = rv.getImageInfo()
|
err = rv.getImageInfo()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user