Commit Graph

300 Commits

Author SHA1 Message Date
Niraj Yadav
0bed833ef7 util: Add IOCtxLock interface
that abstracts rados Ioctx Lock/Unlocks

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-07-30 14:51:49 +00:00
Andreas
89ccbc8fba cephfs: support omap data store in radosnamespace via cli argument
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-30 07:13:48 +00:00
Niraj Yadav
ebc56887cd rbd: implement pv key rotation
This patch implements the EncryptionKeyRotation spec for ceph-csi

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-07-19 13:26:28 +00:00
Praveen M
f11fa815c8 util: exclude empty label values for crushlocation map
This commit resolves a bug where node labels with empty values
are processed for the crush_location mount option,
leading to invalid mount options and subsequent mount failures.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-16 09:57:37 +00:00
Praveen M
d376271376 cleanup: append pointer instead of value to avoid copying lock value
This commit resolves the govet issue -
`copylocks: call of append copies lock value ... contains sync.Mutex`

Embedding DoNotCopy in a struct is a convention to signal and prevent
shallow copies, as recommended in Go's best practices. This does not
rely on a language feature but is instead a special case within the vet
checker.

For more details, see https://golang.org/issues/8005

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-10 12:18:50 +00:00
Mike Perez
c8af2b638a util: Removing JoinError in favor of fmt.Errorf
Signed-off-by: Mike Perez <thingee@gmail.com>
2024-05-22 09:05:42 +00:00
Praveen M
0e61b826ea cleanup: incorrect fuserecovery logging
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-05-07 17:08:46 +00:00
Niels de Vos
e85914fc0d build: address 'intrange' linter warning
golangci-lint warns about this:

    for loop can be changed to use an integer range (Go 1.22+)
    (intrange)

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-04-29 14:36:48 +00:00
Niels de Vos
0e7b06e9d0 build: address 'copyloopvar' linter warning
golangci-lint reports these:

    The copy of the 'for' variable "kmsID" can be deleted (Go 1.22+)
    (copyloopvar)

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-04-29 14:36:48 +00:00
Madhu Rajanna
4c2d2caf9f util: add support to configure mirror daemon count
Currently we are assuming that only one
rbd mirror daemon running on the ceph cluster
but that is not true for many cases and it
can be more that one, this PR make this as a
configurable parameter.

fixes: #4312

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-04-22 09:49:59 +00:00
Madhu Rajanna
4b7cafe821 util: address golangci-lint issues
address golangci-lint issues in utils

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-04-09 06:55:23 +00:00
Praveen M
c1467242c6 cleanup: use slices package
This commit replaces the user implemented function
`CheckSliceContains()` with `slices.Contains()`
function introduced in Go 1.21.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-05 12:18:00 +00:00
Praveen M
3538b23794 rbd: remove topologyConstrainedPools parameter
This commit removes the `topologyConstrainedPools` parameter
from PV volumeAttributes as it is not required.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-05 12:18:00 +00:00
Madhu Rajanna
1e0254daba util: use slices package for contains
use slices package to check whether
the slice contains the element or not.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-04-02 14:10:11 +00:00
Niels de Vos
86b5db90bc cleanup: rename EncryptionTypeString() to EncryptionType.String()
This makes it easier to log the EncryptionType as string, or int,
whatever is preferred. Standard fmt formatting notations like %s or %d
can be used now.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-04-02 14:04:10 +00:00
Niels de Vos
991343d9e5 cleanup: do not pass EncodingVersion to GenerateVolID()
The only encoding version that exists is `1`. There is no need to have
multiple constants for that version across different packages. Because
there is only one version, `GenerateVolID()` does not really require it,
and it can use a default version.

If there is a need in the future to support an other encoding version,
this can be revisited with a cleaner solution.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-18 06:23:28 +00:00
Praveen M
e345b26340 cleanup: refactor functions to accept a context parameter
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-12 13:54:19 +00:00
Michael Fritch
3410687855 cephfs: create a new blank key sized according to the passphrase
Padding a passphrase with null chars to arrive at a 32-byte length
later forces a user to also pass null chars via the term when
attempting to manually unlock a subvolume via the fscrypt cli tools.

This also had a side-effect of truncating any longer length passphrase
down to a shorter 32-byte length.

fixup for:
cfea8d7562
dd0e1988c0

Signed-off-by: Michael Fritch <mfritch@suse.com>
2024-03-06 19:23:30 +00:00
Michael Fritch
2368df7e69 cephfs: return ErrBadAuth during keyFn retry
fscrypt will infinitely retry the keyFn during an auth failure,
preventing the csi driver from progressing when configured with
an invalid passphrase

See also:
8c12cd64ab/actions/callback.go (L102-L106)

Signed-off-by: Michael Fritch <mfritch@suse.com>
2024-03-06 19:23:30 +00:00
Praveen M
50e505619c deploy: added json field tags for csi config map
This commit adds the json field tags for csi config map for
encoding and decoding JSON.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-12-21 17:44:46 +00:00
Praveen M
4d466843b9 cephfs: add read affinity mount option
This commit makes use of crush location labels from node
labels to supply `crush_location` and `read_from_replica=localize`
options during mount. Using these options, cephfs
will be able to redirect reads to the closest OSD,
improving performance.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-22 13:13:01 +00:00
Praveen M
1e4ff115a7 util: added GetCephFSMountOptions method
This commit adds GetCephFSMountOptions util method which returns
KernelMountOptions and fuseMountOptions for cluster `clusterID`.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-15 11:43:27 +00:00
Praveen M
c4e373c72f deploy: support for read affinity options per cluster
Implemented the capability to include read affinity options
for individual clusters within the ceph-csi-config ConfigMap.
This allows users to configure the crush location for each
cluster separately. The read affinity options specified in
the ConfigMap will supersede those provided via command line arguments.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-08 21:17:00 +00:00
Praveen M
93f2ed681f util: added RunsOnKubernetes() function
Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-08 21:17:00 +00:00
Praveen M
9cec05f484 util: added read affinity related functions and unit testcases
This commit adds util functions related to read affinity
and unit testcases for the same.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-08 21:17:00 +00:00
Praveen M
a93f3e24ba util: moved GetNodeLabels() under internal/util/k8s
Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-08 21:17:00 +00:00
Madhu Rajanna
304462c7cc cleanup: fix spellcheck errors
fixed spellcheck errors caught in
CI.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-08 12:32:06 +00:00
Madhu Rajanna
1e05a0da7c util: remove RadosNamespace from configmap
remove RadosNamespace from the configmap main
section as its already added to the rbd section

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-04 08:14:51 +00:00
Madhu Rajanna
00d6971dbd util: rearrange struct to fix lint
re-arrange the struct members to
fix below lint issue

```
struct of size 336 bytes could be of size 328 bytes
```

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-03 10:04:50 +00:00
Madhu Rajanna
3ea540bf0f util: remove deprecated grpc metrics
This commit removes the deprecated
grpc related code from cephcsi.

fixes: #4122

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-03 10:04:50 +00:00
karthik-us
5ff0607360 e2e: To test 500MB PVC creation
Adding e2e test to check for successful PVC creation
of 500MB.

Signed-off-by: karthik-us <ksubrahm@redhat.com>
2023-10-12 17:31:46 +00:00
karthik-us
5a0eeb882e cephfs: Fix cephfs PVC sizing
Issue:
The RoundOffCephFSVolSize() function omits the fractional
part when calculating the size for cephfs volumes, leading
to the created volume capacity to be lesser than the requested
volume capacity.

Fix:
Consider the fractional part during the size calculation so the
rounded off volume size will be greater than or equal to the
requested volume size.

Signed-off-by: karthik-us <ksubrahm@redhat.com>
Fixes: #4179
2023-10-12 17:31:46 +00:00
Niels de Vos
9271375028 build: address gosec warning
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 04:49:46 +00:00
Niels de Vos
9201da0502 build: address gofmt warnings
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 04:49:46 +00:00
Niels de Vos
53c94efc02 build: address gocritic warnings
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 04:49:46 +00:00
Niels de Vos
81218a69f9 build: address nolintlint errors from new golangci-lint
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 04:49:46 +00:00
Benoît Knecht
1852e977f8 util: Limit cryptsetup PBKDF memory usage
By default, `cryptsetup luksFormat` uses Argon2i as Password-Based Key
Derivation Function (PBKDF), which not only has a CPU cost, but also a memory
cost (to make brute-force attacks harder).

The memory cost is based on the available system memory by default, which in
the context of Ceph CSI can be a problem for two reasons:

1. Pods can have a memory limit (much lower that the memory available on the
   node, usually) which isn't taken into account by `cryptsetup`, so it can get
   OOM-killed when formating a new volume;
2. The amount of memory that was used during `cryptsetup luksFormat` will then
   be needed for `cryptsetup luksOpen`, so if the volume was formated on a node
   with a lot of memory, but then needs to be opened on a different node with
   less memory, `cryptsetup` will get OOM-killed.

This commit sets the PBKDF memory limit to a fixed value to ensure consistent
memory usage regardless of the specifications of the nodes where the volume
happens to be formatted in the first place.

The limit is set to a relatively low value (32 MiB) so that the `csi-rbdplugin`
container in the `nodeplugin` pod doesn't require an extravagantly high memory
limit in order to format/open volumes (particularly with operations happening
in parallel), while at the same time not being so low as to render it
completely pointless.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2023-04-27 10:43:45 +00:00
Rakshith R
95682522ee rbd: add capability to automatically enable read affinity
This commit makes use of crush location labels from node
labels to supply `crush_location` and `read_from_replica=localize`
options during rbd map cmd. Using these options, ceph
will be able to redirect reads to the closest OSD,
improving performance.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-02-14 08:29:46 +00:00
Madhu Rajanna
3967e4dae9 cleanup: fix static checks
fix SA1019 static check to replace
io/utils with os package and sets
with generic sets

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-03 08:55:43 +00:00
Madhu Rajanna
e9e33fb851 cleanup: fix static checks
fix SA1019 static check to replace
io/utils with os package

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-02 14:53:59 +00:00
Marcel Lauhoff
2abfafdf3f util: Add EncryptionTypeNone and unit tests
Add type none to distinguish disabled encryption (positive result)
from invalid configuration (negative result).

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
f1f50e0218 fscrypt: fix metadata directory permissions
Call Mount.Setup with SingleUserWritable constant instead of 0o755,
which is silently ignored and causes the /.fscrypt/{policy,protector}/
directories to have mode 000.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
4e38bdac10 fscrypt: fsync encrypted dir after setting policy [workaround]
Revert once our google/fscrypt dependency is upgraded to a version
that includes https://github.com/google/fscrypt/pull/359 gets accepted

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
33c33a8b49 fscrypt: Use constant protector name
Use constant protector name 'ceph-csi' instead of constant prefix
concatenated with the volume ID. When cloning volumes the ID changes
and fscrypt protected directories become inunlockable due to the
protector name change

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
97cb1b6672 fscrypt: Update mount info before create context
NewContextFrom{Mountpoint,Path} functions use cached
`/proc/self/mountinfo` to find mounted file systems by device ID.
Since we run fscrypt as a library in a long-lived process the cached
information is likely to be stale. Stale entries may map device IDs to
mount points of already destroyed RBDs and fail context creation.
Updating the cache beforehand prevents this.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
a52314356e fscrypt: Determine best supported fscrypt policy on node init
Currently fscrypt supports policies version 1 and 2. 2 is the best
choice and was the only choice prior to this commit. This adds support
for kernels < 5.4, by selecting policy version 1 there.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
dd0e1988c0 fscrypt: Fetch passphrase when keyFn is invoked not created
Fetch password when keyFn is invoked, not when it is created. This
allows creation of the keyFn before actually creating the passphrase.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
a6a4282493 fscrypt: Unlock: Fetch keys early
Fetch keys from KMS before doing anything else. This will catch KMS
errors before setting up any fscrypt metadata.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
cfea8d7562 fscrypt: fscrypt integration
Integrate google/fscrypt into Ceph CSI KMS and encryption setup. Adds
dependencies to google/fscrypt and pkg/xattr. Be as generic as
possible to support integration with both RBD and Ceph FS.

Add the following public functions:

InitializeNode: per-node initialization steps. Must be called
before Unlock at least once.

Unlock: All steps necessary to unlock an encrypted directory including
setting it up initially.

IsDirectoryUnlocked: Test if directory is really encrypted

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
624905d60d kms: Add basic GetSecret() test
Add rudimentary test to ensure that we can get a valid passphrase from
the GetSecret() feature

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00