Commit Graph

755 Commits

Author SHA1 Message Date
Madhu Rajanna
67d73cd6e9 rbd: flatten image if the depth is not zero
flatten the image if the deep-flatten feature
is present on the images in the chain or if the
images in chain is not zero, as we cannot check
the deep-flatten feature the images which are
in trash.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-05-07 07:57:37 +00:00
Madhu Rajanna
e15e2e5081 rbd: discard image not found error
For flatten we call checkImageChainHasFeature
which internally calls to getImageInfo returns
the parent name even if the parent is in the trash,
when we try to open the parent image to get its
information it fails as the image not found.
we should treat error as nil if the parent is not found.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-05-07 07:57:37 +00:00
Niels de Vos
f11a041f56 cleanup: address gosec complaint about creating a file
The new gosec 2.7.0 complains like:

    G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)

Updates: #2025
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-05-05 16:05:23 +00:00
Madhu Rajanna
07a916b84d rbd: mark image ready when image state is up+unknown
To recover from split brain (up+error) state the image need to be
demoted and requested for resync on site-a and then the image on site-b
should gets demoted.The volume should be marked to ready=true when the
image state on both the clusters are up+unknown because during the last
snapshot syncing the data gets copied first and then image state on the
site-a changes to up+unknown.

If the image state on both the sites are up+unknown consider that
complete data is synced as the last snapshot
gets exchanged between the clusters.

* create 10 GB of file and validate the data after resync

* Do Failover when the site-a goes down
* Force promote the image and write data in GiB
* Once the site-a comes back, Demote the image and issue resync
* Demote the image on site-b
* The status will get reflected on the other site when the last
  snapshot sync happens
* The image will go to up+unknown state. and complete data will
  be copied to site a
* Promote the image on site-a and use it

```bash
csi-vol-5633715e-a7eb-11eb-bebb-0242ac110006:
  global_id:   e7f9ec55-06ab-46cb-a1ae-784be75ed96d
  state:       up+unknown
  description: remote image demoted
  service:     a on minicluster1
  last_update: 2021-04-28 07:11:56
  peer_sites:
    name: e47e29f4-96e8-44ed-b6c6-edf15c5a91d6-rook-ceph
    state: up+unknown
    description: remote image demoted
    last_update: 2021-04-28 07:11:41
 ```

* Do Failover when the site-a goes down
* Force promote the image on site-b and write data in GiB
* Demote the image on site-b
* Once the site-a comes back, Demote the image on site-a
* The images on the both site will go to split brain state

```bash
csi-vol-37effcb5-a7f1-11eb-bebb-0242ac110006:
  global_id:   115c3df9-3d4f-4c04-93a7-531b82155ddf
  state:       up+error
  description: split-brain
  service:     a on minicluster2
  last_update: 2021-04-28 07:25:41
  peer_sites:
    name: abbda0f0-0117-4425-8cb2-deb4c853da47-rook-ceph
    state: up+error
    description: split-brain
    last_update: 2021-04-28 07:25:26
```
* Issue resync
* The images cannot be resynced because when we issue resync
  on site a the image on site-b was in demoted state
* To recover from this state (promote and then demote the
  image on site-b after sometime)

```bash
csi-vol-37effcb5-a7f1-11eb-bebb-0242ac110006:
  global_id:   115c3df9-3d4f-4c04-93a7-531b82155ddf
  state:       up+unknown
  description: remote image demoted
  service:     a on minicluster1
  last_update: 2021-04-28 07:32:56
  peer_sites:
    name: e47e29f4-96e8-44ed-b6c6-edf15c5a91d6-rook-ceph
    state: up+unknown
    description: remote image demoted
    last_update: 2021-04-28 07:32:41
```
* Once the data is copied we can see that  the image state
  is moved to up+unknown on both sites
* Promote the image on site-a and use it

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-05-05 13:38:29 +00:00
Madhu Rajanna
c3bae17fce rbd: delete encryption key from KMS
when a Snapshot is encrypted during a CreateSnapshot
operation, the encryption key gets created in the KMS
when we delete the Snapshot the key from the KMS
should also gets deleted.

When we create a volume from snapshot we are copying
required information but we missed to copy the
encryption information, This commit adds the missing
information to delete the encryption key.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-30 08:05:47 +00:00
Humble Chirammal
074c937a08 cleanup: correct typo in vault_tokens.go
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-04-29 08:51:29 +00:00
Mudit Agarwal
ec105bd782 cephfs: expand clone error messages
Adding "snapshot clone" in the clone error messages.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2021-04-26 13:38:55 +00:00
Humble Chirammal
798437d0c4 rbd: return crypt error for the rpc return
At present we return the volume connect error if the clone
from snapshot fails when rbdvolume is encrypted, which is incorrect.
This patch correctly return the failed copy encryption error to the
caller

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-04-21 16:10:20 +00:00
Madhu Rajanna
52290333e6 rbd: modified logic to check image watchers
Before RBD map operation, we do check the
watchers on the RBD image. In the case of
RWO volume. cephcsi makes sure only one
client is using the RBD image. If the rbd
image is mirrored, by default mirroring
daemon will add a watcher on the image
and as we are using go-ceph a watcher will
be added as we have opened the image So
we will have two watchers on an image if
mirroring is enabled. This holds when the
rbd mirror daemon is running, In case if
the mirror daemon is not running there will
be only one watcher on the rbd image
(which is placed by go-ceph image open)
we should not block the map operation if
the mirroring daemon is not running as
its Async mirroring. This commit adds a
check to make sure no more than 2 watchers
if the image is mirrored or no more than 1
watcher if it is not mirrored image.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-19 16:30:55 +00:00
Yug
6a46f381c2 cleanup: update description to generic
Since rbdImage is a common struct for
rbdVolume and rbdSnapshot, it description
was matching to only snapshot.
This commit makes the comments generic for
both volumes and snapshots.

Signed-off-by: Yug <yuggupta27@gmail.com>
2021-04-19 07:32:35 +00:00
Rakshith R
9f2cf498b6 cephfs: enable ceph-fuse big_writes by default
By default, the write buffer size in libfuse2 is 2KiB
`fuse_big_writes = true` option is used to override this limit.
This commit makes `fuse_big_writes = true` option as default
in ceph.conf.

Closes: #1928

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-19 07:08:57 +00:00
Humble Chirammal
54845b63c0 cleanup: better or corrected variable name in grpc prometheous code
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-04-16 10:22:35 +00:00
Humble Chirammal
0fae0e53b6 cleanup: various source code comment corrections
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-04-16 10:22:35 +00:00
Madhu Rajanna
eea52847bc rbd: check volumeID in PV if image not found
If the pool or few keys are missing in the omap.
GetImageAttributes function returns nil error message and few
empty items in imageAttributes struct. if the image is not
found and  the entiries are missing use
the volumeId present on the PV annotation for further operations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-15 17:13:06 +05:30
Madhu Rajanna
cfc88c9910 rbd: discard up+unknown state in ResyncVolume
incase if the image is promoted and demoted the
image state will be set to up+unknown if the image
on the remote cluster is still in demoted state.

when user changes the state from primary to secondary
and still the image is in demoted (secondary) state
in the remote cluster. the image state on both the cluster
will be on unknown state.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-15 17:13:06 +05:30
Niels de Vos
8b8480017b logging: report issues in rbdImage.DEKStore API with stacks
It helps to get a stack trace when debugging issues. Certain things are
considered bugs in the code (like missing attributes in a struct), and
might cause a panic in certain occasions.

In this case, a missing string will not panic, but the behaviour will
also not be correct (DEKs getting encrypted, but unable to decrypt).
Clearly logging this as a BUG is probably better than calling panic().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
b1d05a1840 rbd: repair encryption config in case it is missing
It is possible that when a provisioner restarts after a snapshot was
cloned, but before the newly restored image had its encryption metadata
set, the new image is not marked as encrypted. This will prevent
attaching/mounting the image, as the encryption key will not be fetched,
or is not available in the DEKStore.

By actively repairing the encryption configuration when needed, this
problem should be addressed.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
1482105309 cleanup: use buildCreateVolumeResponse() to simplify CreateVolume()
buildCreateVolumeResponse() exists exactly for the need to create a
csi.CreateVolumeResponse based on an rbdVolume. Calling this helper
reduces the code duplication in CreateVolume().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
52433841b4 cleanup: move copyEncryptionConfig() from CreateVolume to Exists()
The rbdVolume that needs its encryption configured is constructed in the
Exists() method. It is suitable to move the copyEncryptionConfig() call
there as well, so that the object is completely constructed in a single
place.

Golang-ci:gocyclo complained about the increased complexity of the
Exists() function. Moving the repairing of the ImageID into its own
helper function makes the code a little easier to understand.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
596410ae60 cleanup: address "nolint" comments for RBD CreateSnapshot
Introduce helper function cloneFromSnapshot() that takes care of the
procedures that are needed when an existing snapshot has been found.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
b5d0524c39 cleanup: release resources for rbdImages objects after use
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
dc990037a5 rbd: move setupEncryption() from buildCreateVolumeResponse to CreateVolume
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
bea9d56117 rbd: copyEncryptionConfig in doSnapshotClone()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
fd5f4dbafd rbd: configureEncryption() in genSnapFromSnapID()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
6fd3f57f40 rbd: set kmsID in reserveSnap()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
0a046c5b6d rbd: copy encryption configuration in CreateSnapshot
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
6b1285d38b rbd: copy passphrase for encrypted clones
When a source volume is encrypted, the passphrase needs to be copied and
stored for the newly cloned volume.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
7b332a0184 rbd: add rbdImage.copyEncryptionConfig() to copy encryption metadata
Cloning volumes requires copying the DEK from the source to the newly
cloned volume. Introduce copyEncryptionConfig() as a helper for that.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
7e6feecc25 util: add VolumeEncryption.StoreCryptoPassphrase()
The new StoreCryptoPassphrase() method makes it possible to store an
unencrypted passphrase newly encrypted in the DEKStore.

Cloning volumes will use this, as the passphrase from the original
volume will need to get copied as part of the metadata for the volume.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
b6aa19eea5 rbd: pass secrets when creating an source rbdVolume for cloning
Without this, the rbdVolume can not connect to the Ceph cluster and
configure the (optional) encryption.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
92b2e08adf rbd: improve logging in deleteImage()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
99da92cfd7 rbd: move deletion of DEK to deleteImage()
The ControllerServer should not need to care about support for
encryption, ideally it is transparantly handled by the rbdVolume type
and its internal API.

Deleting the DEK was one of the last remainders that was explicitly done
inside the ControllerServer.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
151d066938 util: add logging when OpenEncryptedVolume() encounters an error
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
bd1388fb96 util: log available configs when KMS not found
When the KMS configuration can not be found, it is useful to know what
configurations are available. This aids troubleshooting when typos in
the KMS ID are made.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Niels de Vos
a7c261a394 logging: correct formatting when reporting error in createVolumeFromSnapshot()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-14 03:59:28 +00:00
Rakshith R
ae6a52a84e util: add nil check to default ControllerGetCapabilities()
Currently default ControllerGetCapabilities function is being
used which throws 'runtime error: invalid memory address or
nil pointer dereference' when `--controllerServer=true` is not
set in provisioner deployment args.
This commit adds a check to prevent it.

Fixes: 1925

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-09 10:12:48 +00:00
Rakshith R
10d539efc8 cleanup: correct nolint directive listing format
nolint directive needs to be followed by comma separated
list of linters. This commit changes to gocognit:gocyclo
which was not recognised to linters which show error for
the function.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-09 07:24:47 +00:00
Rakshith R
fb7389f478 cephfs: add stderr to mount function errors
This commit appends stderr to error in both kernel and
ceph-fuse mounter functions to better be able to debug
errors.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-08 12:18:01 +00:00
Madhu Rajanna
e2fa84357a rbd: take lock when reconciling the PV
there can be a change we can reconcile same
PV parallelly we can endup in generating and
deleting multiple omap keys. to be on safer
side taking lock to process one volumeHandle
at a time.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-07 11:46:27 +00:00
Madhu Rajanna
0f8813d89f rbd:store/Read volumeID in/from PV annotation
In the case of the Async DR, the volumeID will
not be the same if the clusterID or the PoolID
is different, With Earlier implementation, it
is expected that the new volumeID mapping is
stored in the rados omap pool. In the case of the
ControllerExpand or the DeleteVolume Request,
the only volumeID will be sent it's not possible
to find the corresponding poolID in the new cluster.

With This Change, it works as below

The csi-rbdplugin-controller will watch for the PV
objects, when there are any PV objects created it
will check the omap already exists, If the omap doesn't
exist it will generate the new volumeID and it checks for
the volumeID mapping entry in the PV annotation, if the
mapping does not exist, it will add the new entry
to the PV annotation.

The cephcsi will check for the PV annotations if the
omap does not exist if the mapping exists in the PV
annotation, it will use the new volumeID for further
operations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-07 11:46:27 +00:00
Rakshith R
020cded581 cleanup: refactor deeply nested if statements in internal/rbd
Refactored deeply nested if statement in internal/rbd to
reduce cognitive complexity.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-07 02:31:41 +00:00
Rakshith R
d4cfd7bef9 cleanup: refactor deeply nested if statement in vault_tokens.go
Refactored deeply nested if statement in vault_tokens.go to
reduce cognitive complexity by adding fetchTenantConfig function.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-07 02:31:41 +00:00
Rakshith R
2d1a572d11 cleanup: refactor deeply nested if statements in internal/cephfs
Refactored deeply nested if statement in internal/cephfs to
reduce cognitive complexity.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-07 02:31:41 +00:00
Rakshith R
0f7b653b4e cleanup: refactor deeply nested if statements in persistentvolume.go
Refactored deeply nested if statement in persistentvolume.go to
reduce cognitive complexity.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-04-07 02:31:41 +00:00
Niels de Vos
aaeb35eceb rbd: encrypted volumes can be of type "crypto_LUKS" too
It seems that newer versions of some tools/libraries identify encrypted
filesystems with `crypto_LUKS` instead of `crypt`.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-06 15:54:27 +00:00
Madhu Rajanna
d7838defcf rbd: return FailedPrecondition error message
In case of the DR the image on the primary site cannot be
demoted as the cluster is down, during failover the image need
to be force promoted. RBD returns `Device or resource busy`
error message if the image cannot be promoted for above reason.
Return FailedPrecondition so that replication operator can send
request to force promote the image.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-06 14:12:41 +00:00
Madhu Rajanna
403532c9a6 rbd: use force from PromoteVolume Request
instead of fetching the force option from the
parameters. Use the Force field available in
the PromoteVolume Request.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-06 14:12:41 +00:00
Madhu Rajanna
385a751b8e rebase: rename kube-storage to csi-addons
as the org github.com/kube-storage is renamed
to github.com/csi-addons as the name kube-storage
was more generic.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-06 10:59:58 +00:00
Niels de Vos
1c1683ba20 util: add AmazonMetadata KMS provider
The new Amazon Metadata KMS provider uses a CMK stored in AWS KMS to
encrypt/decrypt the DEK which is stored in the volume metadata.

Updates: #1921
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-06 07:33:54 +00:00
Niels de Vos
f3b06d4c4a util: pass Namespace as part of KMSInitializerArgs
Amazon KMS expects a Secret with sensitive account and key information
in the Kubernetes Namespace where the Ceph-CSI Pods are running. It will
fetch the contents of the Secret itself.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-06 07:33:54 +00:00
Niels de Vos
523ac4b975 util: move getPodNamespace() and getKMSConfigMapName() into its own helpers
These functions can now be re-used easier. The Amazon KMS needs to know
the Namespace of the Pod for reading a Secret with more key/values.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-06 07:33:54 +00:00
Humble Chirammal
314fe0e23d cleanup: correct misspelling in rbd/clone.go
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-04-05 09:34:09 +00:00
Madhu Rajanna
448be70682 rbd: early check for disabled,disabling in DisableVolumeReplication
added early check for disabling and disabled
image mirroring state in DisableVolumeReplication

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-05 08:53:40 +00:00
Madhu Rajanna
fb3f7fe202 rbd: remove todo for image not found
Incase of resync the image will get deleted, gets
recreated and its a a time consuming operation.
It makes sense to return aborted error instead
of not found as we have omap data only the image
is missing in rbd pool.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-05 08:53:40 +00:00
Madhu Rajanna
95387c3b5e rbd: check for peer site status
Do resync if the image is in unknow or in error
state.

Check for the current image state for up+stopped
or up+replaying and also all peer site status
should be un up+stopped to confirm that resyncing
is done and image can be promoted and used.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-05 08:53:40 +00:00
Madhu Rajanna
233954bc10 rbd: make replication operations as rbdImage methods
added replication related operations as a method
of rbdImage as these methods can be easily used
when we introduce volumesnaphot mirroring operations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-05 08:53:40 +00:00
Madhu Rajanna
c822ad460d rbd: add a check for image mirror disabling state
the rbd mirror state can be in enabled,disabled
or disabling state. If the mirroring is not disabled
yet and still in disabling state. we need to
check for it and return abort error message if
the mirroring is still getting disabled.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-05 08:53:40 +00:00
Madhu Rajanna
aaf6b571b8 rbd: Add ReplicationServer struct for replication operations
added ReplicationServer struct for the replication related
operation it also embed the ControllerServer which
already implements the helper functions like locking/unlocking etc.

removed getVolumeFromID and cleanup functions for better
code readability and easy maintaince.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-05 08:53:40 +00:00
Madhu Rajanna
da840a70c5 util: avoid secret logging in GRPC Replication Request
This commit uses the helper function to avoid the
logging of secrets in Replication GRPC request.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-01 20:05:55 +00:00
Niels de Vos
96fcc58095 util: use transformed Vault Tokens for initialization
After translating options from the ConfigMap into the common Vault
parameters, the generated configuration is not used. Instead, the
untranslated version of the configuration is passed on to the
vaultConnection initialization function, which then can detects missing
options.

By passing the right configuration to the initializatino function,
things work as intended.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-29 13:56:40 +00:00
Niels de Vos
d0f054bb6c util: use ConfigMap.Data instead of .BinaryData
When using .BinaryData, the contents of the configuration is not parsed
correctly. Whereas the parsing works fine whet .Data is used.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-29 13:56:40 +00:00
Rakshith R
721640178b cephfs: fix unmountVolume function
This commit fixes bug in unmount function which caused
unmountVolume to fail when targetPath was already unmounted.

Signed-off-by: Rakshith R <rar@redhat.com>
2021-03-25 15:15:07 +00:00
Humble Chirammal
82bc993b32 util: remove unwanted import string from module dependencies
There is no need for an extra import string when the go mod package
itself declared in the same.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-03-24 15:12:13 +00:00
Niels de Vos
eea97ca014 util: move GetID() from EncryptionKMS to VolumeEncryption
There is no need for each EncryptionKMS to implement the same GetID()
function. We have a VolumeEncryption type that is more suitable for
keeping track of the KMS-ID that was used to get the configuration of
the KMS.

This does not change any metadata that is stored anywhere.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-24 12:09:04 +00:00
Niels de Vos
9317e2afb4 util: rewrite GetKMS() to use KMS provider plugin API
GetKMS() is the public API that initilizes the KMS providers on demand.
Each provider identifies itself with a KMS-Type, and adds its own
initialization function to a switch/case construct. This is not well
maintainable.

The new GetKMS() can be used the same way, but uses the new kmsManager
interface to create and configure the KMS provider instances.

All existing KMS providers are converted to use the new kmsManager
plugins API.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-24 12:09:04 +00:00
Niels de Vos
b43d28d35b util: add API for KMS Provider plugins
The KMSProvider struct is a simple, extendable type that can be used to
register KMS providers with an internal kmsManager.

Helper functions for creating and configuring KMS providers will also be
located in the new kms.go file. This makes things more modular and
better maintainable.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-24 12:09:04 +00:00
Madhu Rajanna
d8f7b38d3d rbd: add exclusive-lock and journaling image features for rbd image
Current rbd plugin only supports the layering feature
for rbd image. Add exclusive-lock and journaling image
features for the rbd.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Signed-off-by: woohhan <woohyung_han@tmax.co.kr>
2021-03-24 09:48:04 +00:00
Yati Padia
0d9548c815 Cephfs: Failed to delete snapshot
Failed to delete voluesnapshot when backend subvolume
(pvc) and ceph fs subvolume snapshot is deleted

Fixes#1647

Signed-off-by: Yati Padia <ypadia@redhat.com>
2021-03-17 10:28:08 +00:00
Niels de Vos
bbd24e52f3 cleanup: use rbdImage.Destroy() for temporary volumes
rbdVolumes can have several resources that get allocated during its
usage. Only destroying the IOContext may not be suffiecient and can
cause resource leaks.

Use rbdVolume.Destroy() when the rbdVolume is not used anymore.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-17 07:50:09 +00:00
Niels de Vos
5c26fbb0d7 util: use ClusterConnection.Copy() for re-using connections
Connections are reference counted, so just assigning the connection to
an other object for re-use is not correct. This can cause connections to
be garbage collected while something else is still using it.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-17 07:50:09 +00:00
Madhu Rajanna
6e941539b5 rbd: implement volume replication spec
implemented the volume replication spec
for the rbd mirroring.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-03-16 13:06:44 +00:00
Madhu Rajanna
ee9a200fcc rbd: implement mirroring helpers with go-ceph
mirror.go exposes the helper functions to
perform the mirroring operations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-03-16 13:06:44 +00:00
Madhu Rajanna
c642637cec util: register replication controller
as RBD is implementing the replication
we are registering it. For CephFS, its
not implementing the replication we are
passing nil so we dont want to register
it.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-03-16 13:06:44 +00:00
Madhu Rajanna
ee0576278f cleanup: move servers to a new struct
For future enhancments like adding more
servers. Moving the list of servers to a
new structure.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-03-16 13:06:44 +00:00
Niels de Vos
10a75dd4ff rbd: introduce rbdImage as base for rbdVolume and rbdSnapshot
Because rbdVolume and rbdSnapshot are very similar, they can be based
off a common struct rbdImage that contains the common attributes and
functions.

This makes it possible to re-use functions for snapshots, and prevents
further duplication or code.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-15 08:10:51 +00:00
Niels de Vos
3fe714c4fa cleanup: rename rbdSnapshot.SnapID to VolID
The rbdSnapshot and rbdVolume structs have many common attributes. In
order to combine these into an rbdImage struct that implements shared
functionality, having the same attribute for the ID makes things much
easier.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-15 08:10:51 +00:00
Niels de Vos
5e63743243 util: add SecretsMetadataKMS
This new KMS is based on the (default) SecretsKMS, but instead of using
the passphrase for all volumes, the passphrase is used to
encrypt/decrypt a Data-Encryption-Key that is stored in the metadata of
the volume.

CC: Patrick Uiterwijk <puiterwijk@redhat.com> - for encryption guidance
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
6915624380 util: add EncryptDEK DecryptDEK to EncryptionKMS interface
By adding these methods, a KMS can explicitly encrypt/decrypt the DEK if
there is no transparent way of doing so.

Hashicorp Vault encrypts the DEK when it it stored, and decrypts it when
fetched. Therefor there is no need to do any encryption in this case.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
cffec0b3f3 rbd: configure the DEKStore if the configuration suggests to use metadata
NewVolumeEncryption() will return an indication that an alternative
DEKStore needs to be configured in case the KMS does not support it.

setKMS() will also set the DEKStore if needed, so renaming it to
configureEncryption() makes things clearer.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
e4431edaf9 rbd: implement the DEKStore interface
To accommodate storing DEKs outside a KMS, the DEK can be stored in the
metadata of the volume.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
9ac7f56400 util: move existing KMS implementations to the DEKStore interface
Use DEKStore API for Fetching and Storing passphrases.

Drop the fallback for the old KMS interface that is now provided as
DEKStore. The original implementation has been re-used for the DEKStore
interface.

This also moves GetCryptoPassphrase/StoreNewCryptoPassphrase functions
to methods of VolumeEncryption.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
b60dd286c6 util: use the KMS as DEKStore if it supports it
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
ee033da8e9 util: add DEKStore interface
DEKStore is a new interface that will be used for Storing and Fetching
DEKs. The existing implementations for KMS already function as a
DEKStore, and will be updated to match the interface.

By splitting KMS and DEKStore into two components, the encryption
configuration for volumes becomes more modular. This makes it possible
to implement a DEKStore where the encrypted DEK for a volume is stored
in the metadata of the volume (RBD image).

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
d4076d6216 util: introduce VolumeEncryption type
Prepare for grouping encryption related functions together. The main
rbdVolume object should not be cluttered with KMS or DEK procedures.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
aa52afff09 cleanup: move SecretsKMS in own file
Prepared for an enhanced API to communicate with a KMS and keep the DEK
storage separate. The crypto.go file is already mixed with different
functions, so moving the KMS part into its own file, just like we have
for Hashicorp Vault KMS's.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Madhu Rajanna
cbb10fd84d rbd: add more logging for NodeUnstageVolume
For NodeUnstageVolume its a two step process,
first unmount the volume and than unmap the volume.
Currently, we are logging only after rbd unmapping is done.
sometimes it becomes difficult to debug with above logging
whether more time is spent in unmount or unmap.
This commits adds one more debug log after unmount is done.
with this we can identify where exactly more time is spent
by looking at the logs.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-03-11 17:40:57 +00:00
Niels de Vos
fe0f169875 rbd: write max 1gb per WriteSame() operation
It seems that writing more than 1 GiB per WriteSame() operation causes
an EINVAL (22) "Invalid argument" error. Splitting the writes in blocks
of maximum 1 GiB should prevent that from happening.

Not all volumes are of a size that is the multiple of the stripe-size.
WriteSame() needs to write full blocks of data, so in case there is a
small left-over, it will be filled with WriteAt().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-11 10:57:31 +00:00
Niels de Vos
6c8bc79771 ci: add unit tests for SecretsKMS
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-04 12:11:07 +00:00
Niels de Vos
165a837bca rbd: move KMS initialization into rbdVol.initKMS()
Introduce initKMS() as a function of rbdVolume. KMS functionality does
not need to pollute general RBD image functions. Encryption functions
are now in internal/rbd.encryption.go, so move initKMS() there as well.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-24 13:16:11 +00:00
Niels de Vos
cf6dae86e9 rbd: move encryptDevice() to a method of rbdVolume
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-24 13:16:11 +00:00
Niels de Vos
fb065b0f39 rbd: move openEncryptedDevice() to a method of rbdVolume
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-24 13:16:11 +00:00
Madhu Rajanna
8720f4e2f5 cephfs: create subvolume with VolumeNamePrefix
when user provides an option for VolumeNamePrefix
create subvolume with the prefix which will be easy
for user to identify the subvolumes belongs to
the storageclass.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-19 17:04:17 +00:00
Niels de Vos
b5020657e6 rbd: add "--options notrim" when mapping a thick-provisioned image
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-19 11:55:40 +00:00
Niels de Vos
cc96bdaac3 rbd: allocate extents when expanding an image
When and RBD image is expanded, the additional extents need to get
allocated when the image was thick-provisioned.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-19 11:55:40 +00:00
Niels de Vos
294a0973bd rbd: mark images thick-provisioned in metadata
When images get resized/expanded, the additional space needs to be
allocated if the image was initially thick-provisioned. By marking the
image with a "thick-provisioned" key in the metadata, future operations
can check the need.

A missing "thick-provisioned" key indicates that the image has not been
thick-provisioned.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-19 11:55:40 +00:00
Niels de Vos
74d218df8d rbd: disable rbd_discard_on_zeroed_write_same for thick-allocation
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-19 11:55:40 +00:00
Niels de Vos
5522a05f59 rbd: thick-provision images on request
Write blocks of stripe-size to allocate RBD images when
Thick-Provisioning is enabled in the StorageClass.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-19 11:55:40 +00:00
Madhu Rajanna
c417a5d0ba rbd: add support for thick provisioning option
Add an option to the StorageClass to support creating fully allocated
(thick provisioned) RBD images

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-19 11:55:40 +00:00
Niels de Vos
4937e59c4d rbd: add backwards compatible encryption in NodeStageVolume
When a volume was provisioned by an old Ceph-CSI provisioner, the
metadata of the RBD image will contain `requiresEncryption` to indicate
a passphrase needs to be created. New Ceph-CSI provisioners create the
passphrase in the CreateVolume request, and set `encryptionPrepared`
instead.

When a new node-plugin detects that `requiresEncryption` is set in the
RBD image metadata, it will fallback to the old behaviour.

In case `encryptionPrepared` is read from the RBD image metadata, the
passphrase is used to cryptsetup/format the image.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-17 17:51:13 +00:00
Niels de Vos
ee79b22c97 rbd: move encryption function to encryption.go
This adds internal/rbd/encryption.go which will be used to include other
encryption functionality to support additional KMS related functions. It
will work together with the shared API from internal/util/kms.go.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-17 17:51:13 +00:00
Niels de Vos
dc81e001cf cleanup: remove unused MissingPassphrase error type
Storing a passphrase is now done while the volume is created. There is
no need to (re)generate a passphrase when it can not be found.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-17 17:51:13 +00:00
Niels de Vos
9b6c2117f3 rbd: set encryption passphrase on CreateVolume
Have the provisioner create the passphrase for the volume, instead of
doign it lazily at the time the volume is used for the 1st time. This
prevents potential races where pods on different nodes try to store
different passphrases at the (almost) same time.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-17 17:51:13 +00:00
Niels de Vos
a42c4b5855 util: convert VAULT_SKIP_VERIFY to "vaultCAVerify" KMS option
"VAULT_SKIP_VERIFY" is a standard Hashicorp Vault environment variable
(a string) that needs to get converted to the "vaultCAVerify"
configuration option in the Ceph-CSI format.

The value of "VAULT_SKIP_VERIFY" means the reverse of "vaultCAVerify",
this part was missing in the original conversion too.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-16 13:05:47 +00:00
Niels de Vos
d534ee9ce8 rbd: include rados-namespace when calling addRbdManagerTask()
It seems that calls to addRbdManagerTask() do not include the
rados-namespace in the image location. Functions calling
addRbdManagerTask() construct the image location themselves, but should
use rbdVolume.String() to include all the attributes.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-12 12:02:14 +00:00
Niels de Vos
8d0b39e690 rbd: log error when scheduling flattening fails
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-12 12:02:14 +00:00
Madhu Rajanna
8cd901d2dd cephfs: add subvolume path to volume context
There are many usecases with adding the subvolume
path to the PV object. the volume context returned
in the createVolumeResponse is added to the PV object
by the external provisioner.

More Details about the usecases are in below link
https://github.com/rook/rook/issues/5471

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-11 11:31:22 +00:00
Madhu Rajanna
dd6ce7b441 rbd: fix error check when reading vaultCAFromSecret
check correct error variable when reading
vaultCAFromSecret.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-04 14:58:40 +00:00
Madhu Rajanna
e9782d86ad rbd: fix incorrect reading of client cert key
fix incorrect reading of client cert key.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-04 14:58:40 +00:00
Madhu Rajanna
f63ccb0cce rbd: store VaultCAVerify as a string
storing VaultCAVerify as a string.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-04 14:58:40 +00:00
Madhu Rajanna
bf5c36822f rbd: set tenant in kms object
the tenant/namespace is needed to read the certificates,
this commit sets the tenant in kms object.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-04 14:58:40 +00:00
Madhu Rajanna
22ae4a0b16 rbd: change key in secret for cert and tls
currently, the keys for kms certificates/keys in a
secret is ca.cert, tls.cert and
tls.key, this commit changes the key from ca.cert
and tls.cert to cert and tls.key to key.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-04 14:58:40 +00:00
Madhu Rajanna
b370d9afb6 rbd: unmarshal the data read from file
if are reading the kms data from the file.
than only we need to unmarshal. If we are reading
from the configmap it already returns the unmarshal
data.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-02-04 14:58:40 +00:00
Niels de Vos
582d004ca5 util: store EnvVaultInsecure as string, not bool
The configuration option `EnvVaultInsecure` is expected to be a string,
not a boolean. By converting the bool back to a string (after
verification), it is now possible to skip the certificate validation
check by setting `vaultCAVerify: false` in the Vault configuration.

Fixes: #1852
Reported-by: Bryon Nevis <bryon.nevis@intel.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-02 11:24:28 +00:00
Niels de Vos
df81022349 rbd: add support for VAULT_SKIP_VERIFY in KMS ConfigMap
When the KMS VaultTokens is configured through a Kubernetens ConfigMap,
the `VAULT_SKIP_VERIFY` option was not taken into account. The option
maps to the `vaultCAVerify` value in the configuration file, but has the
reverse meaning.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-02-01 13:09:54 +00:00
Mudit Agarwal
d480eb4bda cephfs: ignore BytesQuota field in case it is not set.
This can happen when the subvolume is in snapshot-retained state.
We should not return error for such case as it is a valid situation.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2021-02-01 09:20:53 +00:00
Madhu Rajanna
584a43dc2c rbd: fix issue in ENV variable check
Currently cephcsi is returning an error
if the ENV variable is set, but it should not.
This commit fixes the the POD_NAMESPACE env
variable issue and as well as the KMS_CONFIG_NAME
ENV variable.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-01-29 10:00:12 +00:00
Niels de Vos
0b7521162c cleanup: rewrite ifElseChains to switch statements
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-01-27 13:03:56 +00:00
Ilya Dryomov
04644c1d58 rbd: enable mapping and unmapping from a network namespace
Make rbdplugin pod work in a non-initial network namespace (i.e. with
"hostNetwork: false") by skipping waiting for udev events when mapping
and unmapping images.  CSI use case is very simple: all that is needed
is a device node which is immediately fed to mkfs, so we should be able
to tolerate udev not being finished with the device just fine.

Fixes: #1323
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-01-07 15:34:05 +00:00
Ilya Dryomov
c2493686b7 rbd: introduce appendDeviceTypeAndOptions()
Factor out --device-type and --options formatting.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-01-07 15:34:05 +00:00
Ilya Dryomov
d3f31187fc rbd: rename ndbType parameter
Fix "ndb" typo.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-01-07 15:34:05 +00:00
Ilya Dryomov
5631b83dd0 rbd: rename mapOptions and options argument slices
With the new support for passing --options, referring to ExecCommand()
argument slices as mapOptions and options is confusing.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-01-07 15:34:05 +00:00
Seena Fallah
fdec9f65b8 rbd: fix namespace json parser for xbdDeviceInfo
rbd device list --format=json returns namespace as a namespace not radosNamespace

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2021-01-05 11:26:09 +00:00
Yati Padia
995879d349 cephfs: use enum to check resize is supported or not
Currently, we are using bool pointer to find out
the ceph cluster supports resize or not. This
commit replaces the bool pointer with enum.

Signed-off-by: Yati Padia <ypadia@redhat.com>

Fixes#1764
2021-01-04 04:42:58 +00:00
Madhu Rajanna
9c7176dbb4 rbd: update mount packges in import path
mount packges is moved from
k8s.io/utils/mount to a new repository
k8s.io/mount-utils. updated code to use
the same.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-17 16:04:54 +00:00
Madhu Rajanna
b3fbcb9c95 rbd: read configuration from the configmap
if the kms encryption configmap is not mounted
as a volume to the CSI pods, add the code to
read the configuration from the kubernetes. Later
the code to fetch the configmap will be moved to
the new sidecar which is will talk to respective
CO to fetch the encryption configurations.

The k8s configmap uses the standard vault spefic
names to add the configurations. this will be converted
back to the CSI configurations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-16 15:05:05 +00:00
Niels de Vos
e4b16a5c72 util: allow tenants to (re)configure VaultTokens settings
A tenant can place a ConfigMap in their Kubernetes Namespace with
configuration options that differ from the global (by the Storage Admin
set) values.

The ConfigMap needs to be located in the Tenants namespace, as described
in the documentation

See-also: docs/design/proposals/encryption-with-vault-tokens.md
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-16 13:42:52 +00:00
Madhu Rajanna
81061e9f68 util: add support for vault certificates
Added a option to pass the client certificate
and the client certificate key for the vault token
based encryption.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-16 11:01:15 +00:00
Niels de Vos
db15458d16 cleanup: use constant for "vault" KMS-type
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
cc5684dbd8 util: add support for Hashicorp Vault with Tokens per Tenant
Tenants (Kubernetes Namespaces) can use their own Vault Token to manage
the encryption keys for PVCs. The working is documented in #1743.

See-also: #1743
Closes: #1500
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
648f9ccf31 util: support vaultBackendPath and vaultTLSServerName options
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
8f91c672d4 util: add EncryptionKMS.Destroy()
Add a new method to the EncryptionKMS interface so that resources can be
freed when EncryptionKMS instances get freed.

With the move to using the libopenstorage API, a temporary file needs to
store the optional CA certificate. The Destroy() method of the
vaultConnection type now removes this file.

The rbdVolume uses the EncryptionKMS type now, so call the new Destroy()
method from withing rbdVolume.Destroy().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
eb1ef69cfb util: allow updating settings of vaultConnection
Make it possible to calle initConnection() multiple times. This enables
the VaultTokensKMS type to override global settings with options from a
per-tenant configuration.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
f08182e2fc rbd: pass Owner to GetKMS()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
5bbab25a9f util: move Secrets to vaultConnection
The Secrets is the main object to connect to Vault. This should be part
of the vaultConnection type.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
d28a5a5f23 util: pass map[string]interface{} to initialize KMS
This makes it possible to pass a more complex configuration to the
initialize functions for KMS's. The upcoming VaultTokensKMS can use
overrides for configiration options on a per tenant basis. Without this
change, it would not be possible to consume the JSON configuration file.

See-also: #1743
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Niels de Vos
43fa1cddb7 util: use helper function to parse Vault configuration
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-14 14:45:09 +00:00
Madhu Rajanna
0d9fcbc21b cephfs: remove unused cr Credentials
removed unused cr variable.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-10 10:13:55 +00:00
Madhu Rajanna
9a96370942 cephfs: implement purgeVolume with go-ceph
moved frm  ceph fs CLI to go-ceph for
purgeVolume.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-10 10:13:55 +00:00
Madhu Rajanna
34d0ff0d70 cephfs: make purgeVolume method of volumeOptions
converted purgeVolume from function to method
of volumeOptions.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-10 10:13:55 +00:00
Niels de Vos
16cb43f0f9 rbd: store csi.storage.k8s.io/pvc/namespace metadata as Owner
The Owner of an RBD image (Kubernetes Namespace, tenant) can be used to
identify additional configuration options. This will be used for
fetching the right Vault Token when encrypting/decrypting volumes.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 13:58:48 +00:00
Niels de Vos
9160a5309e cleanup: standardize error format in VaultKMS.GetPassphrase()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
e3ea8ca0b1 cleanup: standardize error format in util.GetTopologyFromDomainLabels()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
6d5de7458d cleanup: standardize error format in util.k8sGetNodeLabels()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
752841d213 cleanup: standardize error format in util.readClusterInfo()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
3dfe65d17c cleanup: return error type in GetCryptoPassphrase()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
c8c8176a37 cleanup: return error type in util.storeKey()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
f8ebc6aa3f cleanup: return error type in ensureEncryptionMetadataSet()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
d8e443ab49 cleanup: return error type in cleanupRBDImageMetadataStash()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
f262673b60 cleanup: return error type in lookupRBDImageMetadataStash()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
8e589587ae cleanup: return error type in stashRBDImageMetadata()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
57ce07f54e cleanup: return error type in updateVolWithImageInfo()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
610162b5f4 cleanup: return error type in genVolFromVolumeOptions()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
729e2419ef cleanup: return error type in detachRBDImageOrDeviceSpec()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
7eae69f10c cleanup: return error type in rbdGetDeviceList()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
4dde3fc9e0 cleanup: return error type in encryptDevice()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
d6fb8f302d cleanup: return error type in NodeServer.processEncryptedDevice()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
8019e4d1bc rbd: return CSI status-error on resize failure
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
65a10fd553 cleanup: standardize error format in NodeServer.NodeStageVolume()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
cc3f146ad1 cleanup: return error type in rbdVolume.checkCloneImage()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
37471c7a5f cleanup: return error type in ReconcilePersistentVolume.getCredentials()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Niels de Vos
a7a928d7ec cleanup: return error from execCommandErr() in bindMount()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-09 08:35:35 +00:00
Madhu Rajanna
43fde0a30a cleanup: add a helper function storeImageID
added a helper function storeImageID to reduce
code duplication.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-07 11:03:27 +00:00
Madhu Rajanna
b2fb43b335 cleanup: reduce the code complexity of controller
created a new helper function to getCredentials.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-07 11:03:27 +00:00
Madhu Rajanna
e243c0006b rbd: dont generate OMAP data for static volume
if the user has created a static PV for a RBD
image which is not created by CSI driver, dont
generate the OMAP data.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-07 11:03:27 +00:00
Madhu Rajanna
c40872df00 rbd: undo reservation incase of errors
If cephcsi encounters any error after
reservation, as a cleanup operation
it should revert back the reservation.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-07 11:03:27 +00:00
Madhu Rajanna
99dbe27921 rbd: return nil if the omap data exists
If the omap data already exits return nil.
so that omap generator will not try to reserve
anything again.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-07 11:03:27 +00:00
Madhu Rajanna
ebb413534f cephfs: remove unsed cr util.Credentials
remove unused cr util.Credentials variable.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-03 14:53:33 +00:00
Madhu Rajanna
0f451ed465 cephfs: implement getSnapshotInfo with go-ceph
implement getSnapshotInfo function with go-ceph
to get subvolume information.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-03 14:53:33 +00:00
Madhu Rajanna
ddf91de859 cephfs: implement clonesnapshot with go-ceph
updated ceph fs CLI implementaion of cloning
with go-ceph.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-03 06:39:18 +00:00
Madhu Rajanna
814bf4459a cephfs: implement snapshot protect and unprotect to go-ceph
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-03 06:39:18 +00:00
Niels de Vos
3433cefaa5 cleanup: standardize logging in deleteSnapshot
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 14:36:39 +00:00
Niels de Vos
294f7b22d4 cephfs: remove unused Credentials argument from deleteSnapshot()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 14:36:39 +00:00
Niels de Vos
9d9b5b3303 cephfs: implement deleteSnapshot() with go-ceph
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 14:36:39 +00:00
Niels de Vos
032db78d8a cephfs: make deleteSnapshot() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 14:36:39 +00:00
Niels de Vos
5883f244d2 cleanup: standardize logging in createSnapshot
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 13:18:47 +05:30
Niels de Vos
7c580af412 cephfs: remove unused Credentials argument from createSnapshot()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 13:18:47 +05:30
Niels de Vos
1d8cc75282 cephfs: implement createSnapshot() with go-ceph
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 13:18:47 +05:30
Niels de Vos
57f8ee0aa7 cephfs: make createSnapshot() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-12-02 13:18:47 +05:30
Madhu Rajanna
a35a835e9c cephfs: fix logic to call ceph fs resize
clusterAdditionalInfo map is holding a localClusterState
for checking ceph cluster supports resize and subvolumegroup
is created or not, currently we are checking if the key is present
in a map and localClusterStatelocalClusterState.resizeSupported
is set to false to call ceph fs subvolume resize to check command is
supported or not, if a structure is  initialized all its members
are set to default value. so we will never going to check the
ceph fs subvolume  resize command is supported in backend or not, we are
always using ceph fs subvolume create to resize subvolume. in some
ceph version ceph fs subvolume create wont work to resize a subvolume.
This commit changes the resizeSupported from bool to *bool for
proper handling of this scenario.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 13:31:39 +00:00
Madhu Rajanna
a1c8942e2b cephfs: remove unused invalidCommand error const
removed unused invalidCommand from cephfs
error const.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
1ba160afdb cephfs: handle invalid error in subvolume info
go ceph returns NotImplementedError for invalid
commands,cephcsi is using errors.As to find out
the error.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
66eb3b7525 cephfs: handle invalid error in fs resize
go ceph returns NotImplementedError for invalid
commands,cephcsi is using errors.As to find out
the error.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
2232067e99 cephfs: use rados.ErrNotFound in subvolume info
go-ceph rados.ErrNotFound for not found errors,cephcsi
need to check same for not found errors.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
a0283ef7f9 cephfs: use rados.ErrNotFound in getVolumeRootPathCeph
go-ceph rados.ErrNotFound for not found errors,cephcsi
need to check same for not found errors.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
b40d561228 cephfs: make getVolumeRootPathCeph as a method
getVolumeRootPathCeph is a method of volumeOptions

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
e4713bc9ed cephfs: remove unused Credentials argument from getVolumeRootPathCeph
remove unused Credentials argument from getVolumeRootPathCeph
function.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Madhu Rajanna
b6f3ba885e cephfs: implement getVolumeRootPathCeph with go-ceph
instead of ceph fs CLI commands using go-ceph library
to get subvolume path.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-01 09:46:52 +00:00
Niels de Vos
5565a902ac rebase: split vaultConnection from VaultKMS
In order to re-use the configuration of Vault, split a new
vaultConnection type from the VaultKMS type.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-30 19:16:39 +00:00
Madhu Rajanna
8ebb9a1ba0 cleanup: fix misspell words
fixed misspell words detected by  codespell

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-30 08:46:48 +01:00
Madhu Rajanna
39b1f2b4d3 cleanup: fix mispell words
fixed mispell words in the repo.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-29 12:47:46 +05:30
Niels de Vos
8d08e8b37e cephfs: remove unused Credentials argument from getCloneState()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 07:13:35 +00:00
Niels de Vos
055975f790 cephfs: implement getCloneState() with go-ceph
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 07:13:35 +00:00
Niels de Vos
476ad18d2e cephfs: make getCloneState() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 07:13:35 +00:00
Niels de Vos
66aa595e77 cephfs: do not export internal CloneStatus type
getCloneInfo() does not need to return a full CloneStatus struct that
only has one member. Instead, it can just return the value of the single
member, so the JSON type/struct does not need to be exposed.

This makes the API for getCloneInfo() a little simpler, so it can be
replaced by a go-ceph implementation later on.

As the function does not return any of the unused attributes anymore, it
is renamed to getCloneStatu() as well.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 07:13:35 +00:00
Niels de Vos
7824cb5ed7 util: use %w when forwarding an error
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 04:03:59 +00:00
Niels de Vos
5fba89f783 cleanup: use libopenstorage/secrets for Vault access
Instead of the hand-rolled Vault usage, use the libopenstorage/secrets
package that provides a nice API. The support for Vault becomes much
simpler and maintainable that way.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 04:03:59 +00:00
Madhu Rajanna
6091490393 rbd: improve logging in getCloneDepth
earlier if the depth check fails the
complete vol struct was getting logged,
this commits logs only the pool and image
name.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Madhu Rajanna
b3120926b9 rbd: remove extra Destory of parent volume
removed extra Destory of the parent volume.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Madhu Rajanna
30af703a2f rbd: add controller to main
initialize and start the rbd controller when
we the driver type is controller.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Madhu Rajanna
68bd44beba rbd: add new controller to regenerate omap data
In the case of Disaster Recovery failover, the
user expected to create the static PVC's. We have
planned not to go with the PVC name and namespace
for many reasons (as in kubernetes it's planned to
support PVC transfer to a new namespace with a
different name and with new features coming in
like data populator etc). For now, we are
planning to go with static PVC's to support
async mirroring.

During Async mirroring only the RBD images are
mirrored to the secondary site, and when the
user creates the static PVC's on the failover
we need to regenerate the omap data. The
volumeHandler in PV spec is an encoded string
which contains clusterID and poolID and image UUID,
The clusterID and poolID won't remain same on both
the clusters, for that cephcsi need to generate the
new volume handler and its to create a mapping
between new volume handler and old volume handler
with that whenever cephcsi gets csi requests it
check if the mapping exists it will pull the new
volume handler and continues other operations.

The new controller watches for the PVs created,
It checks if the omap exists if it doesn't it
will regenerate the entire omap data.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Madhu Rajanna
14700b89d1 rbd: update inuse logic of a rbd image
in case of mirrored image, if the image is
primary a watcher will be added by the rbd
mirror deamon on the rbd image.
we have to consider 2 watcher to check image
is in use.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Madhu Rajanna
ba84f14241 journal: create object with provided UUID
incase of async mirroring the volume UUID is
retrieved from the volume name, instead of cephcsi
generating a new UUID it should reserve the passed
UUID it will be useful when we support both metro DR
and async mirroring on a kubernetes clusters.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Madhu Rajanna
8d3a44d0c4 rbd: add minsnapshotsonimage flag
An rbd image can have a maximum number of
snapshots defined by maxsnapshotsonimage
On the limit is reached the cephcsi will
start flattening the older snapshots and
returns the ABORT error message, The Request
comes after this as to wait till all the
images are flattened (this will increase the
PVC creation time.  Instead of waiting till
the maximum snapshots on an RBD image, we can
have a soft limit, once the limit reached
cephcsi will start flattening the task to
break the chain. With this PVC  creation time
will only be affected when the hard limit
(minsnapshotsonimage) reached.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-18 05:59:20 +00:00
Yug
3ac6bbd87c cephfs: Add isCloneRetryError function
The function isCloneRetryError verifies
if the clone error is `pending` or
`in-progress` error.

Co-authored-by: Madhu Rajanna <madhupr007@gmail.com>
Signed-off-by: Yug <yuggupta27@gmail.com>
2020-11-09 07:29:12 +00:00
Yug
acbedc52bf cephfs: Add 'pending' state for clone status
In certain cases, clone status can be 'pending'.
In that case, abort error message should be
returned similar to that during 'in-progress'
state.

Co-authored-by: Madhu Rajanna <madhupr007@gmail.com>
Signed-off-by: Yug <yuggupta27@gmail.com>
2020-11-09 07:29:12 +00:00
Niels de Vos
565038fdfd cephfs: ignore quota when SubVolumeInfo() returns Infinite
There is a type-check on BytesQuota after calling SubVolumeInfo() to see
if the value is supported. In case no quota is configured, the value
Infinite is returned. This can not be converted to an int64, so the
original code returned an error.

It seems that attaching/mounting sometimes fails with the following
error:

    FailedMount: MountVolume.MountDevice failed for volume "pvc-0e8fdd18-873b-4420-bd27-fa6c02a49496" : rpc error: code = Internal desc = subvolume csi-vol-0d68d71a-1f5f-11eb-96d2-0242ac110012 has unsupported quota: infinite

By ignoring the quota of Infinite, and not setting a quota in the
Subvolume object, this problem should not happen again.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-06 14:58:26 +00:00
John Mulligan
8a41cd03a5 journal: fix reading omaps from objects with large key counts
The implementation of getOMapValues assumed that the number of key-value
pairs assigned to the object would be close to the number of keys
being requested. When the number of keys on the object exceeded the
"listExcess" value the function would fail to read additional keys
even if they existed in the omap.
This change sets a large fixed "chunk size" value and keeps reading
key-value pairs as long as the callback gets called and increments
the numKeys counter.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-11-06 06:42:22 +00:00
Mudit Agarwal
0ecfd0e72c rbd: replace go-ceph GetParentInfo() with GetParent()
GetParent() is a newer and better version of
GetParentInfo() in go-ceph.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-11-03 08:00:12 +00:00
Niels de Vos
9732cf16a1 cephfs: drop unused Credentials from resizeVolume()
When using go-ceph and the volumeOptions.Connect() call, the credentials
are not needed once the connection is established.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-28 08:02:12 +00:00
Niels de Vos
5baed6190c cephfs: implement resizeVolume() with go-ceph
Reduce the number of calls to the `ceph fs` executable to improve
performance of CephFS volume resizing.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-28 08:02:12 +00:00
Niels de Vos
d431402101 cephfs: make resizeVolume() a method of volumeOptions
This prepares resizeVolume() so that the volumeOptions.conn can be used
for connecting with go-ceph and use the connection cache.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-28 08:02:12 +00:00
Niels de Vos
6a46b8f17f cephfs: implement getSubVolumeInfo() with go-ceph
Fixes: #1551
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-23 10:58:35 +00:00
Niels de Vos
429f7acd8f cephfs: make getSubVolumeInfo() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-23 10:58:35 +00:00
Humble Chirammal
992d4b92bb util: NewCredentials() dont have any callers
We have below exported function in credentials.go which is not
called from anywhere in the repo. Removing it for the same reason.

```
 // NewCredentials generates new credentials when id and key
 // are provided.

 func NewCredentials(id, key string) (*Credentials, error) {
...
```

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-21 21:04:11 +00:00
Humble Chirammal
5ac3f1e29e util: change member cap of CSIDriver struct
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-21 12:30:18 +00:00
Humble Chirammal
25617929f0 rbd: use different variable instead of builtin cap function
`cap` builtin function returns the capacity of a type. Its not
good practice to use this builtin function for other variable
names, removing it here

Ref# https://golang.org/pkg/builtin/#cap

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-21 12:30:18 +00:00
Humble Chirammal
2d70e25081 util: remove unused CSI server initialization functions
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-21 11:17:22 +00:00
Niels de Vos
5a1e370433 util: drop nolint comment for execCommandJSON()
golang-ci suddenly complains about the following issue

    internal/cephfs/util.go:41:1: directive `// nolint:unparam //  todo:program values has to be revisited later` is unused for linter unparam (nolintlint)
    // nolint:unparam //  todo:program values has to be revisited later
    ^

Dropping the comment completely seems to fix it. Ideally
execCommandJSON() will get removed once the migration to go-ceph is
complete.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-20 15:38:44 +00:00
Niels de Vos
eb2584095b cephfs: implement getMetadataPool() with go-ceph
Fixes: #1554
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-20 15:38:44 +00:00
Niels de Vos
cabdac4913 cephfs: make getMetadataPool() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-20 15:38:44 +00:00
Humble Chirammal
70358c8eb7 rbd: volJournal.Connect() return wrongly pushed to caller
volJournal.Connect() got the error on err2 variable, however
the return was on variable err which hold the error return of
DecomposeCSIID() which is wrong. This cause the error return wrongly
parsed and pushed from the caller. From now on, we are reusing the
err variable to hold and revert the error of volJournal.Connect().

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-20 12:45:51 +00:00
Humble Chirammal
5c73f0e41b rbd: correct the code comment for ErrFlattenInProgress
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-20 08:59:25 +00:00
Humble Chirammal
9dee064b77 cephfs: fix wrong error check in CreateVolume rollback action
Previously the purgeVolume error was ignored due to wrong error variable
check in the createVolume. With this change it checks on the proper error.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-20 04:08:51 +00:00
Humble Chirammal
5b537754a7 cephfs: replace variable name for builtin cap attribute
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-19 13:25:15 +00:00
Niels de Vos
0e96199a1c cephfs: free resources when newVolumeOptionsFromVolID() errors out
The allocated, and potentially connected, volumeOptions object in
newVolumeOptionsFromVolID() is not cleaned-up in case of errors. This
could cause resource leaks.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-19 09:15:43 +00:00
Niels de Vos
0f9087d05e cephfs: connect snapshot to Ceph cluster in newSnapshotOptionsFromID()
Without connection, follow-up oparations on the volumeOptions object
will cause a panic. This should fix a regression in CephFS testing.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-19 09:15:43 +00:00
Niels de Vos
157d2aff64 cephfs: implement getFsName() with go-ceph
Fixes: #1549
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-15 13:54:57 +00:00
Niels de Vos
0a3f9d3487 cephfs: make getFsName() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-15 13:54:57 +00:00
Niels de Vos
f646840779 cephfs: implement getFscID() with go-ceph
Fixes: #1550
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-15 12:33:34 +00:00
Niels de Vos
b28ff63a29 cephfs: make getFscID() a method of volumeOptions
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-15 12:33:34 +00:00
Humble Chirammal
75c6cb6544 rbd: remove unused credentials argument from StoreImageID()
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-15 06:46:41 +00:00
Humble Chirammal
4cb7d2bbbd rbd: remove unwanted condition check in flattenCloneImage
All the previous condition checks exit from the function and
when it reach to this block its obvious that error is non nil,
we dont need an extra check here.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-15 06:20:47 +00:00
Niels de Vos
5598c279da cleanup: no magic number for RWX permissions
golang-ci complains that 0777 is a magic number, so make it a constant
with a clear description.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-14 15:16:56 +00:00
Niels de Vos
9bd10d2698 cephfs: newVolumeOptions() does not need all secrets, only credentials
There is no need to pass all secrets on to newVolumeOptions(), it only
needs the credentials. As the caller of newVolumeOptions() already has
the credentials generated, just pass them along instead of the raw
secrets.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-14 15:16:56 +00:00
Niels de Vos
66046e4312 cephfs: drop credentials from createVolume()
The credentials are not used anymore, the volume object is already
connected to the cluster when createVolume() is called.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-14 15:16:56 +00:00
Niels de Vos
8cba08189d cephfs: implement createVolume() with go-ceph
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-14 15:16:56 +00:00
Niels de Vos
fe62348cfb util: add ClusterConnection.GetFSAdmin()
The go-ceph CephFS Admin API needs a rados.Conn to connect the Admin
interface to the Ceph cluster. As the rados.Conn is internal to the
ClusterConnection type, add GetFSAdmin() to create a new FSAdmin
instance for a specific connection.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-14 15:16:56 +00:00
Niels de Vos
0f108edc7b cephfs: connect to the Ceph Cluster with go-ceph
Add the ClusterConnection to the volumeOptions type, so that future use
of go-ceph can connect to the Ceph cluster.

Once a volumeOptions object is not needed anymore, it needs to get
destroyed to free associated resources like the ClusterConnection.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-14 15:16:56 +00:00
Humble Chirammal
be9195cf32 rbd: remove false error condition check in checkSnapCloneExists
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-13 12:56:51 +00:00
Humble Chirammal
7992033156 rbd: remove false error condition check in rbdVol.Exists()
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-13 12:56:51 +00:00
Humble Chirammal
c9b7b6561a rbd: remove false error condition check in genVolFromVolID
The error check condition in genVolFromID() is always false as far as
code reading/workflow goes. Removing it for the same reason.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-13 12:56:51 +00:00
Humble Chirammal
364b3afcaa rbd: correct typo in validateRequestedVolumeSize()
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-13 08:58:05 +00:00
Humble Chirammal
36ee8b2240 rbd: make sure csi rbd pv encryption defaulting to luks2 version
Fixes: #https://github.com/ceph/ceph-csi/issues/1564

As per release notes this new version is compatible with previous
version of LUKS.
https://www.saout.de/pipermail/dm-crypt/2017-December/005771.html

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-10-13 05:11:25 +00:00
Niels de Vos
f6de345cc9 cleanup: standardize error logs in cephfs/volume.go
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-01 12:00:59 +00:00
Humble Chirammal
b5d1edd3f7 cephfs: correct cephFSCloneInprogress source code comment
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-09-25 17:36:14 +00:00
Marton Natko
91c49c14b3 rbd: fix problem with deletion of a namespaced image
fix problem with deletion of a namespaced image

Signed-off-by: Marton Natko <mnatko@transip.nl>
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-25 15:35:22 +00:00
Marton Natko
2fbca0d1e2 rbd: fix typo in createVolume validation
Signed-off-by: Marton Natko <mnatko@transip.nl>
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-25 15:35:22 +00:00
Mudit Agarwal
e1237f348f rbd: replace cli with go-ceph for snapshot namespace
cephcsi uses cli for fetching snap list as well as to check the
snapshot namespace, replaced that with go-ceph calls.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-09-25 08:07:32 +00:00
Madhu Rajanna
89b326c896 cephfs: check ENOTEMPTY when removing subvolume
return a proper error message to the user when
the subvolume has the snapshots and it cannot
be removed until the snapshots on the subvolume
have to be deleted.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-23 13:51:23 +00:00
Niels de Vos
6f2f972f5b cephfs: trim spaces around fuseMountOptions
When passing

    fuseMountOptions: debug

in the StorageClass, the mount options passed on the ceph-fuse
commandline result in "-o nonempty ,debug". The additional space before
the ",debug" causes the mount command to fail.

Fixes: 1485
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-09-23 12:12:51 +00:00
Madhu Rajanna
d1f175d9f3 rbd: add support for rbd map and unmap options
added support for providing map and unmap
options to rbd CLI when mapping rbd image
on the node.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-21 13:27:28 +00:00
Yug
0682f0e500 cephfs: Fetch subvolume features in newSnapshotOptionsFromID
Get subvolume features using subvolume info and update the
volume options with Features parameter.

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-09-16 16:05:28 +00:00
Yug
9e959c45a3 cephfs: No-Op Unprotect call if "snapshot-autoprotect" feature present
The subvolume features consists the list of features, which if includes
"snapshot-autoprotect", result in query based approach to
detecting the need for protect/unprotect.
If "snapshot-autoprotect" feature is present, The UnprotectSnapshot
call should be treated as a no-op

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-09-16 16:05:28 +00:00
Yug
43a4c100ec cephfs: No-Op Protect call if "snapshot-autoprotect" feature present
The subvolume features consists the list of features, which if includes
"snapshot-autoprotect", result in query based approach to
detecting the need for protect/unprotect.
If "snapshot-autoprotect" feature is present, The ProtectSnapshot
call should be treated as a no-op

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-09-16 16:05:28 +00:00
Yug
365eb58ff7 cephfs: use subvolume info if available
Use subvolume info to fetch the subvolume path.
If `subvolume info` command is not available,
use `getpath` command instead.

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-09-10 15:03:45 +00:00
Yug
59fc4aa00f cephfs: validate if subvolume has snapshot-retention feature
Add validateSnapshotRetention() to verify if subvolume has
`snapshot-retention` feature.

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-09-10 15:03:45 +00:00
Yug
6351358752 cephfs: Add --retain-snapshots flag to purge volume operations
Snapshots can be retained even after subvolume deletion in
Ceph 14.2.12. Adding support for the same in ceph-csi.

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-09-10 15:03:45 +00:00
Madhu Rajanna
860b65c446 cephfs: allow readonly only for volume with contentsource
It doesnot make sense to allow the creation of empty
volumes with readonly access, this commit allows the
creation of volume which is having readonly capabilities
only if the content source is set for the volume.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-10 13:47:23 +00:00
Madhu Rajanna
2deabcd284 rbd: allow readonly only for volume with contentsource
It doesnot make sense to allow the creation of empty
volumes which is going to be accessed with readonly mode,
this commit allows the creation of volume which is having
readonly capabilities only if the content source is set
for the volume.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-10 13:47:23 +00:00
Madhu Rajanna
d816df4f42 util: add helper to validate ROX request
added a helper function to validate is create
request for ROX is for volume from source.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-09-10 13:47:23 +00:00
Humble Chirammal
edca318828 rebase: update the CSI Spec to v1.3.0
This spec add the extra capability to  node and controller
volume to report volume condition of a pv..etc.

Refer # https://github.com/ceph/ceph-csi/issues/1356

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-09-04 09:24:01 +00:00
Mudit Agarwal
4de1abad5e rbd: NodeExpandVolume() should use StagingTargetPath
Form kubernetes v1.19 onwards NodeRequest is getting volume path
in StagingTargetPath instead of VolumePath, cephcsi should also
use the same.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-08-25 15:58:44 +00:00
Mudit Agarwal
8c2bdbc001 rbd: implement rbd.updateVolWithImageInfo() with go-ceph
updateVolWithImageInfo() is currently executing an rbd command
to get details about an RBD image. Replaced it with the
required go-ceph functions.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-08-25 07:06:40 +00:00
Madhu Rajanna
38892c3068 rbd: rearrange the cleanup order incase clone fails
in case of clone failure, we need to first delete
the clone and the snapshot from which we created
the clone, then as part of cleanup we need to remove
the temporary cloned image and the temporary snapshot
created on the parent image.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-24 08:16:59 +00:00
Madhu Rajanna
a7b65087af rbd: fix return error message
incase of flattening error return the
flatten error.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-24 08:16:59 +00:00
Madhu Rajanna
0bd45a5eb1 cephfs: use string const for cli error comparison
we should not return the CLI errors in GRPC errors
we need to return proper readable error messages
to the user for better understanding and better
debugging.

updates #1242

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 17:09:12 +00:00
Madhu Rajanna
27d2cc644d util: replace klog with util logger in liveness.go
replace klog with util logger in liveness.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
ed289fea5e journal: replace klog with util logger in voljournal.go
journal: replace klog with util logger in voljournal.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
1a9cd23f64 journal: replace klog with util logger in omap.go
replace klog with util logger in omap.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
7c9fee17af rbd: replace klog with util logger in snapshot.go
rbd: replace klog with util logger in snapshot.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
9305e27797 rbd: replace klog with util logger in rbd_util.go
rbd: replace klog with util logger in rbd_util.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
90cc5a4fd0 rbd: replace klog with util logger in rbd_journal.go
replace klog with util logger in rbd_journal.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
9512aa6206 rbd: replace klog with util logger in rbd_attach.go
replace klog with util logger in rbd_attach.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
e768c0dfc0 rbd: replace klog with util logger in nodeserver.go
replace klog with util logger in nodeserver.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
883485b082 rbd: replace klog with util logger in driver.go
replace klog with util logger in driver.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
c4f30c23c1 rbd: replace klog with util logger in clone.go
replace klog with util logger in clone.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Madhu Rajanna
d8ca56fbe9 rbd: replace klog with util in controllerserver.go
replace klog with util in controllerserver.go

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-19 14:38:12 +00:00
Humble Chirammal
1f5b84745f rbd: Bail out from nodeexpansion if its block mode pvc
At CSI spec < 1.2.0, there was no volumecapability in the
expand request. However its available from v1.2+ which allows
us to declare the node operations based on the volume mode.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-08-19 12:34:20 +00:00
Madhu Rajanna
787ba69089 cephfs: fix lock release in volumeDelete
currently the lock is not released which is
taken on the request name. this is causing issues
when the subvolume is requested for delete.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-18 06:12:43 +00:00
Madhu Rajanna
31c7c95fdb cephfs: check error output contains Error: ENOENT
execCommandErr returns both error and stderror
message. checking strings.HasPrefix is not helpful
as the stderr will be the first string. its good
to do string comparison and find out that error
is volume not found error.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-18 06:12:43 +00:00
Madhu Rajanna
f566b0fc2d cephfs: replace Warningf with WarningLog in unmountVolume
replace Errorf with ErrorLog in unmountVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
3fe3d25dda cephfs: replace Errorf with ErrorLogMsg in loadAvailableMounters
replace Errorf with ErrorLog in loadAvailableMounters
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
fbe090065d cephfs: replace Errorf with ErrorLog in purgeVolume
replace Errorf with ErrorLog in purgeVolume
for context based logging

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
5a1652e5e8 cephfs: replace Errorf with ErrorLog in resizeVolume
replace Errorf with ErrorLog in resizeVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
a882c1194b cephfs: replace Errorf with ErrorLog in createVolume
replace Errorf with ErrorLog in createVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
f3d9b8933b cephfs: replace Errorf with ErrorLog in getSubVolumeInfo
replace Errorf with ErrorLog in getSubVolumeInfo
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
2b7aade289 cephfs: replace Errorf with ErrorLog in getVolumeRootPathCeph
replace Errorf with ErrorLog in getVolumeRootPathCeph
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
d1ac832266 cephfs: replace Errorf with ErrorLog in genSnapFromOptions
replace Errorf with ErrorLog in genSnapFromOptions
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
e83a51c1e1 cephfs: replace Errorf with ErrorLog in parseTime
replace Errorf with ErrorLog in parseTime
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
e7a043271d cephfs: replace Errorf with ErrorLog in cloneSnapshot
replace Errorf with ErrorLog in cloneSnapshot
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
841a3713f5 cephfs: replace Errorf with ErrorLog in unprotectSnapshot
replace Errorf with ErrorLog in unprotectSnapshot
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
91811c18c5 cephfs: replace Errorf with ErrorLog in protectSnapshot
replace Errorf with ErrorLog in protectSnapshot
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
72dfe6a265 cephfs: replace Errorf with ErrorLog in getSnapshotInfo
replace Errorf with ErrorLog in getSnapshotInfo
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
7e8cc41aca cephfs: replace Errorf with ErrorLog in deleteSnapshot
replace Errorf with ErrorLog in deleteSnapshot
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
7f00fa66f4 cephfs: replace Errorf with ErrorLog in createSnapshot
replace Errorf with ErrorLog in createSnapshot
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
57454cf379 cephfs: replace Errorf with ErrorLog in nodeUnstageVolume
replace Errorf with ErrorLog in nodeUnstageVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
0a5581b7a0 cephfs: replace Errorf with ErrorLog in NodeUnPublishVolume
cephfs: replace Errorf with ErrorLog in NodeUnPublishVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
79dbc41d14 cephfs: replace Errorf with ErrorLog in NodePublishVolume
replace Errorf with ErrorLog in NodePublishVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
48a313c6cc cephfs: replace Errorf with ErrorLog in mount
replace Errorf with ErrorLog in mount for
context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00
Madhu Rajanna
032901b8d0 cephfs: replace Errorf with ErrorLog in nodeStageVolume
replace Errorf with ErrorLog in nodeStageVolume
for context based logging.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-13 09:44:12 +00:00