There is a bug in current code where the devicePath
is always empty and the rbd image unmap never
happens if nodeplugin fails to mount the rbd image
to the stagingpath.
This is a fix to unmap the rbd image if some issue
occurs after rbd image is mapped.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 2f7e51076b)
The problem happens when multiple PVCs with the
same UUID are attached/mounted on a node. This
can happen after creating a PVC from a snapshot,
or cloning a PVC.
make nouuid as the default mount option if
the format type is xfs to avoid mounting
issues.
updates: #966
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 22a86c568e)
Fix below error in current codebase
File is not `goimports`-ed with -local
github.com/ceph/ceph-csi
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 5b14cc9272)
This commit adds support to mention dataPool parameter for the
topology constrained pools in the StorageClass, that can be
leveraged to mention erasure coded pool names to use for RBD
data instead of the replica pools.
Signed-off-by: ShyamsundarR <srangana@redhat.com>
NOTE: If GetTopologyFromDomainLabels took a k8s client as an
argument, we could use the kubernetes fake client to test this
function in addition. This would though break the layers, exposing
k8s semantics in the code into the higher layers. Hence not
changing the same.
Signed-off-by: ShyamsundarR <srangana@redhat.com>
Use the Credentials.ID in combination with the keyfile to connect to the
Ceph cluster. This makes it possible to use different users for
different tasks on the cluster.
Fixes: #904
Signed-off-by: Niels de Vos <ndevos@redhat.com>
On occasion the e2e tests fail as there is an unexpected error while
deleting an RBD image. The particular tests forcefully removes the pool
where the RBD image is stored. Deleting a volume that has been removed
already (or when its parent pool has been wiped), should succeed.
By catching the error that a pool does not exist (anymore), the
provisioner responds to the DeleteVolume request with succes.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
In (standard, non-privileged) container environments the /sys/fs/cgroup
mountpoint is not available. This would cause the tests to fail, as
TestGetPIDLimit() tries to write to the cgroup configuration.
The test will work when run as root on a privileged container or
directly on a host (as Travis CI does).
Setting the CEPH_CSI_RUN_ALL_TESTS environment variable to a non-empty
value will cause the test to be executed.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
As kubernetes CSI sidecar is exposing the
GRPC mertics we can make use of the same in
ceph-csi we dont need to expose our own.
update: #881
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
if there is an error when adding the rbd task
we are logging the output which is empty. This
PR logs the error if the rbd task is supported
and there is an error.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
use mountoptions when mounting rbd to stagingpath
in stagevolume request, add E2E for mount options
fixes: #846
updates: #757
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
librbd only supports ImageFormat 2. It is not expected that anyone has a
different version of the format in container environments.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This is the initial step for improving performance during provisioning
of CSI volumes backed by RBD.
While creating a volume, an existing connection to the Ceph cluster is
used from the ConnPool. This should speed up the creation of a batch of
volumes significantly.
Updates: #449
Signed-off-by: Niels de Vos <ndevos@redhat.com>
By using the ConnPool it is not needed to re-connect every time to the
Ceph cluster when (rbd) operations are executed through the go-ceph/rbd
API.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
If a CreateVolume call is interrupted,
post creating the required CSI journal entries,
but prior to creating the backing CephFS subvolume,
then a subsequent CreateVolume call will return
a valid response with a VolumeID that has
it's backing image missing. This PR adds a check
for backend image, if image notfound it deletes the
reserved keys in omap.
fixes#839
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
this allows administrators to override the naming prefix for both volumes and snapshots
created by the rbd plugin.
Signed-off-by: Reinier Schoof <reinier@skoef.nl>
currently its not possible to create
and mount static PVC to a application pod
using rbd csi driver. This PR adds the support
for static PVC in ceph-csi driver for rbd.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
If the backend rbd or cephfs pool is already deleted
we need to return success to the DeleteVolume RPC
call to make it idempotent.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
PR #282 introduces the mount cache to
solve cephfs fuse mount issue when cephfs plugin pod
restarts .This is not working as intended. This PR removes
the code for maintainability.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
* moves KMS type from StorageClass into KMS configuration itself
* updates omapval used to identify KMS to only it's ID without the type
why?
1. when using multiple KMS configurations (not currently supported)
automated parsing of kms configuration will be failing because some
entries in configs won't comply with the requested type
2. less options are needed in the StorageClass and less data used to
identify the KMS
Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com
Signed-off-by: Andrea Baglioni andrea.baglioni@workday.com
- adds proposal document for PVC encryption from PR448
- adds per-volume encription by generating encryption passphrase
for each volume and storing it in a KMS
- adds HashiCorp Vault integration as a KMS for encryption passphrases
- avoids encrypting volume second time if it was already encrypted but
no file system created
- avoids unnecessary checks if volume is a mapped device when encryption
was not requested
- prevents resizing encrypted volumes (it is not currently supported)
- prevents creating snapshots from encrypted volumes to prevent attack
on encryption key (security guard until re-encryption of volumes
implemented)
Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com
Signed-off-by: Andrea Baglioni andrea.baglioni@workday.comFixes#420Fixes#744
Added checks in DeleteVolume RPC, for image missing errors, and
taking appropriate actions to cleanup the CSI reservations.
Further removed forcing a volume purge, and instead added checks
for missing volume errors in purgeVolume.
This should now fix issues where an continuation of an interrupted
DeleteVolume call, that only deleted the backing volume, will
proceed and not error out.
Signed-off-by: ShyamsundarR <srangana@redhat.com>
This values will be added at both nodestage
and nodepublish for rbd, nbd and ceph kernel client.
As cephfs fuse doesnot support this value,
this is added only during the nodepublish.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
and its functions in E2E.
update vendor packages
log dismounter command output
use kube v1.17.1 in dependency
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
if PVC is created from a snapshot, external-provisioner
expects the volume ContentSource to be set in Create
VolumeResponse
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
For the filesystem resize the stagingPath will
be passed to NodeExpandVolume and for the block
resize the targetpath will be passed.
Added code to handle resize for both block and
file system resize
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
if the directory is not mounted return nil
during umount of mountPoint
Discard error if error is os.IsNotExist
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Added one more validation in NodeExpand for
the volume name from the request and the image
name stored in the staging path metadata.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Adds encryption in StorageClass as a parameter. Encryption passphrase is
stored in kubernetes secrets per StorageClass. Implements rbd volume
encryption relying on dm-crypt and cryptsetup using LUKS extension
The change is related to proposal made earlier. This is a first part of
the full feature that adds encryption with passphrase stored in secrets.
Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com
Signed-off-by: Andrea Baglioni andrea.baglioni@workday.com
Signed-off-by: Ioannis Papaioannou ioannis.papaioannou@workday.com
Signed-off-by: Paul Mc Auley paul.mcauley@workday.com
Signed-off-by: Sergio de Carvalho sergio.carvalho@workday.com
