Commit Graph

4400 Commits

Author SHA1 Message Date
Madhu Rajanna
c094699c32 build: update ceph to squid
updating ceph image and tag for
squid

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-30 19:42:51 +00:00
Niraj Yadav
439a03f21b cephfs: refactor locks using IOCtxLock interface
Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-07-30 14:51:49 +00:00
Niraj Yadav
4445247690 rbd: use ioctx locks for key rotation
Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-07-30 14:51:49 +00:00
Niraj Yadav
0bed833ef7 util: Add IOCtxLock interface
that abstracts rados Ioctx Lock/Unlocks

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-07-30 14:51:49 +00:00
dependabot[bot]
10fb3ef6cb rebase: bump the github-dependencies group with 3 updates
Bumps the github-dependencies group with 3 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go), [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) and [github.com/onsi/gomega](https://github.com/onsi/gomega).


Updates `github.com/aws/aws-sdk-go` from 1.55.0 to 1.55.4
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.55.0...v1.55.4)

Updates `github.com/onsi/ginkgo/v2` from 2.19.0 to 2.19.1
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.19.1)

Updates `github.com/onsi/gomega` from 1.33.1 to 1.34.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-30 10:21:07 +00:00
Andreas
7afddb41d6 deploy: support omap data store in radosnamespace via cli argument
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-30 07:13:48 +00:00
Andreas
89ccbc8fba cephfs: support omap data store in radosnamespace via cli argument
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-30 07:13:48 +00:00
Madhu Rajanna
b185bfde4d rbd: refractor to use mirror interface
Refractoring code to use mirror
interface.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-26 12:14:20 +00:00
Madhu Rajanna
132f258569 rbd: add mirroring helper for image
Add helper methods for the rbd
image mirroring.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-26 12:14:20 +00:00
Madhu Rajanna
03de220380 rbd: add mirror interface
Adding mirror interface for rbd image
and group which can be used to manage
mirroring for both.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-26 12:14:20 +00:00
Rakshith R
14509c3e39 doc: add release note for flattenMode option
Signed-off-by: Rakshith R <rar@redhat.com>
2024-07-26 09:36:44 +00:00
Niels de Vos
aa88b4c4a0 rbd: implement CSI-Addons ControllerGetVolumeGroup operation
With the ControllerGetVolumeGroup operation the caller can verify that a
VolumeGroup exists, and validate the volumes that are part of it.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-26 08:12:49 +00:00
NymanRobin
da6279b59d cephfs: correct the id for cephfs locks
There was a discrepancy between the objectId
when creating the lock and when releasing the lock
this caused every lock to hang.

Signed-off-by: NymanRobin <robin.nyman@est.tech>
2024-07-25 18:12:22 +00:00
Praveen M
0a3ec18c30 rebase: update k8s.io packages to v0.30.3
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-25 15:28:04 +00:00
dependabot[bot]
e9c729b692 rebase: bump k8s.io/kubernetes in the k8s-dependencies group
Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes).


Updates `k8s.io/kubernetes` from 1.30.2 to 1.30.3
- [Release notes](https://github.com/kubernetes/kubernetes/releases)
- [Commits](https://github.com/kubernetes/kubernetes/compare/v1.30.2...v1.30.3)

---
updated-dependencies:
- dependency-name: k8s.io/kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-25 15:28:04 +00:00
Niels de Vos
74d434c3b7 rbd: check for valid UUID instead of name
It seems to be possible that the UUID was found, but the name is not
set. Checking on UUID makes the CreateVolumeGroup operation more
idempotent.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-25 12:18:24 +00:00
Niels de Vos
a3d457a8dd rbd: add VolumeGroup.ModifyVolumeGroupMembership CSI-Addons operation
The ModifyVolumeGroupMembership operation can be used to change the
volumes that are part of a VolumeGroup. Only empty VolumeGroups can be
removed, this operation is required to make that possible.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-25 11:46:04 +00:00
Niels de Vos
f9ab14e826 rbd: check if an image is part of a group before adding it
A RBD image can only be part of a single group. While an image is added
to a group, check if the image is already part of a group, and return an
error in case it is.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
4acffb5548 rbd: make VolumeGroup Create/Delete/AddVolume/RemoveVolume idempotent
Add extra error checking to make sure trying to create an existing
volume group does not result in a failure. The same counts for deleting
a non-existing volume group, and adding/removing volumes to/from the
volume group.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
382d70893d rbd: remove the VolumeGroup from the journal on DeleteVolumeGroup
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
fd20536662 rbd: add journalledObject as base for VolumeGroup interface
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
a82ae15f1a rbd: use the Manager to handle CSI-Addons VolumeGroup requests
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
40b0526f64 rbd: implement the VolumeGroup interface
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
fbf9ffcac4 rbd: update Volume interface implementation for VolumeGroup APIs
Add support for adding and removing the RBD-image from a group.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
a98edab480 rbd: pass CSI-instanceID to CSI-Addons VolumeGroupServer
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Niels de Vos
435e26d948 cleanup: make VolumeGroupJournalConnection a private type
VolumeGroupJournalConnection is not used outside the internal/journal
package. There is no need to expose the type outside of the package, it
causes only confusion about the usage of the journalling API.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-24 15:55:07 +00:00
Sunnatillo
d46b7d7ff4 cephfs: Avoid hanging lock in volume mutex lock
This patch allows to avoid hanging mutex lock scenario when
fscrypt fails to unlock. Prevents uncessary delays

Signed-off-by: Sunnatillo <sunnat.samadov@est.tech>
2024-07-24 09:55:17 +00:00
dependabot[bot]
c875483f8a rebase: bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) and [github.com/pkg/xattr](https://github.com/pkg/xattr).


Updates `github.com/aws/aws-sdk-go` from 1.54.19 to 1.55.0
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.19...v1.55.0)

Updates `github.com/pkg/xattr` from 0.4.9 to 0.4.10
- [Release notes](https://github.com/pkg/xattr/releases)
- [Commits](https://github.com/pkg/xattr/compare/v0.4.9...v0.4.10)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/pkg/xattr
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-23 21:03:25 +00:00
Niels de Vos
dce8561f33 doc: update coding guideline to suggest to place local imports last
It seems very common in other Go based projects to place the local
packages in the import statement last. Currently Ceph-CSI expects the
imports to group the local packages immediately after standard packages.
This exception compared to other projects often requires new
contributors to 'correct' their PR.

Following a more common convention for grouping imports should make it a
little easier to contribute to the project.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-23 13:04:46 +00:00
dependabot[bot]
141da9af42 rebase: bump k8s.io/api in /api in the k8s-dependencies group
Bumps the k8s-dependencies group in /api with 1 update: [k8s.io/api](https://github.com/kubernetes/api).

Updates `k8s.io/api` from 0.30.2 to 0.30.3
- [Commits](https://github.com/kubernetes/api/compare/v0.30.2...v0.30.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-23 07:21:15 +00:00
Niraj Yadav
ebc56887cd rbd: implement pv key rotation
This patch implements the EncryptionKeyRotation spec for ceph-csi

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-07-19 13:26:28 +00:00
black-dragon74
64c5be5242 doc: Update docs for rbd-pv-key-rotation
This commit updates the key rotation docs with the following changes:

- Do not call LuksVerify
- Mention specifics of RWX volumes
- Rename the file to represent RBD backed volumes

Signed-off-by: black-dragon74 <niryadav@redhat.com>
2024-07-19 07:15:41 +00:00
black-dragon74
4be5e4cbca doc: proposal for providing PV key rotation
The design and implementation details for rotating
the encryption keys for volumes.

Signed-off-by: black-dragon74 <niryadav@redhat.com>
2024-07-19 07:15:41 +00:00
Madhu Rajanna
8083a966b6 helm: fix typo in document
fix typo in document for helm values.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-18 05:23:32 +00:00
Praveen M
0e4d455e54 deploy: update CSI sidecar driver-registrar to v2.11.1
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-17 12:05:41 +00:00
Praveen M
f11fa815c8 util: exclude empty label values for crushlocation map
This commit resolves a bug where node labels with empty values
are processed for the crush_location mount option,
leading to invalid mount options and subsequent mount failures.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-16 09:57:37 +00:00
dependabot[bot]
3dd7e8bfba rebase: bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) and [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.54.16 to 1.54.19
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.16...v1.54.19)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.30.1 to 1.30.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.30.1...v1.30.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-16 07:14:46 +00:00
Sunnatillo
e7762ac1af cephfs: Set object lock for volumes for cephfs encryption
The way fscrypt client handles metadata and policy creation
causing errors when multiple instances start simultaneously.
This commit adds a lock to ensure the initial setup
completes correctly, preventing race conditions and
mismatches.

Signed-off-by: Sunnatillo <sunnat.samadov@est.tech>
2024-07-11 16:17:22 +00:00
Niels de Vos
e71a95fece rebase: update github.com/csi-addons/spec to latest version
Update VolumeGroup API with CreateVolumeGroupRequest that contains an
optional list of VolumeIDs.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-11 11:17:13 +00:00
Niels de Vos
9b41feac9d csiaddons: initial implementation of CSI-Addons VolumeGroup
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-11 11:17:13 +00:00
Niels de Vos
d248a1e200 rbd: add Manager interface for using Volumes and VolumeGroups
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-11 11:17:13 +00:00
Niels de Vos
4246b30178 rbd: add the VolumeGroup type
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-11 11:17:13 +00:00
Niels de Vos
2803ec1290 rbd: add a ToCSI() function to the Volume interface
A VolumeGroup CSI-Addons object contains a list of CSI Volumes. A
ToCSI() function makes creating such a list much simpler.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-11 11:17:13 +00:00
Madhu Rajanna
2dd2ac8e91 csiaddons: register volumegroup controller
Register the volumegroup controller as part
of rbd controller server to serve the volume
group RPC spec.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-11 11:17:13 +00:00
Niels de Vos
6e5de23674 rbd: move internal/rbd_types -> internal/rbd/types
The rbd_types package was initially created with references to the rbd
package. And the rbd package references the rbd_types package. Having
rbd/types was not possible due to recursive imports. After cleaning up
the rbd_types package, it can be renamed to rbd/types.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-11 11:17:13 +00:00
Praveen M
d376271376 cleanup: append pointer instead of value to avoid copying lock value
This commit resolves the govet issue -
`copylocks: call of append copies lock value ... contains sync.Mutex`

Embedding DoNotCopy in a struct is a convention to signal and prevent
shallow copies, as recommended in Go's best practices. This does not
rely on a language feature but is instead a special case within the vet
checker.

For more details, see https://golang.org/issues/8005

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-10 12:18:50 +00:00
Niels de Vos
69ef70e25b util: DefaultIdentityServer should use csi.UnimplementedIdentityServer
The DefaultIdentityServer struct embedded UnimplementedControllerServer,
but it should have been UnimplementedIdentityServer instead.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-07-10 12:18:50 +00:00
dependabot[bot]
786414bab2 rebase: Bump github.com/container-storage-interface/spec
Bumps [github.com/container-storage-interface/spec](https://github.com/container-storage-interface/spec) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/container-storage-interface/spec/releases)
- [Commits](https://github.com/container-storage-interface/spec/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/container-storage-interface/spec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 12:18:50 +00:00
dependabot[bot]
598f16b866 rebase: Bump google.golang.org/grpc from 1.64.0 to 1.65.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.65.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.64.0...v1.65.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 15:47:15 +00:00
dependabot[bot]
93e02d6447 rebase: Bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) and [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go).


Updates `github.com/IBM/keyprotect-go-client` from 0.14.2 to 0.14.3
- [Release notes](https://github.com/IBM/keyprotect-go-client/releases)
- [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.14.2...v0.14.3)

Updates `github.com/aws/aws-sdk-go` from 1.54.12 to 1.54.16
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.12...v1.54.16)

---
updated-dependencies:
- dependency-name: github.com/IBM/keyprotect-go-client
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 11:40:02 +00:00