Commit Graph

4042 Commits

Author SHA1 Message Date
Niels de Vos
7c557d2610 build: use Go 1.21.9 to include latest security fixes
Update from v1.21.5 to latest v1.21.9, to include the following fixes:

go1.21.6 (released 2024-01-09) includes fixes to the compiler, the
runtime, and the crypto/tls, maps, and runtime/pprof packages.

go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go
command, the runtime, and the crypto/x509 package.

go1.21.8 (released 2024-03-05) includes security fixes to the
crypto/x509, html/template, net/http, net/http/cookiejar, and net/mail
packages, as well as bug fixes to the go command and the runtime.

go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages.

See-also: https://go.dev/doc/devel/release#go1.21.0
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit ae7f513816)
2024-04-25 19:52:51 +00:00
Niels de Vos
dc33450a84 build: use Fedora 39 as base image for test container
It seems GitHub has an issue with the Fedora 40 container image,
extracting the Golang tarball fails. The Fedora 39 image does not have
this problem, so use that for the time being.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit 60e2527917)
2024-04-25 14:00:32 +00:00
Rakshith R
2f19479981 e2e: validate PVC-PVC clone creation with deleted parent snap
This commit modifies a test case to check creation of
PVC-PVC clone of a restored PVC when parent snapshot
is deleted.

Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit 1bb78fdf43)
2024-04-25 07:21:43 +00:00
Rakshith R
3c68748c11 rbd: add ParentInTrash parameter in rbdImage struct
This commit adds ParentInTrash parameter in rbdImage struct
and makes use of it in getParent() function in order to avoid
error in case the parent is present but in trash.

Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit c34b31ee05)
2024-04-25 07:21:43 +00:00
Praveen M
2ccb57a1cc cleanup: client cert decoding is not required
Signed-off-by: Praveen M <m.praveen@ibm.com>
(cherry picked from commit 29f1fbeb84)
2024-04-15 13:53:36 +00:00
Madhu Rajanna
a3a10855da ci: fix secret name in rbd storageclass
use rbd secret for rbd storageclass

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 9fb3743280)
2024-04-04 13:21:52 +00:00
Madhu Rajanna
efd2414cce ci: add volumesnapshotclasses for externalstorage
added volumesnapshotclasses yaml and script for
external-storage test

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 307a2f130b)
2024-04-04 13:21:52 +00:00
Rakshith R
2ee72f0391 revert: revert to 3.11-canary
This commit makes template changes for
3.11 release branch to use 3.11-canary tag.

Signed-off-by: Rakshith R <rar@redhat.com>
2024-04-04 07:51:21 +00:00
Rakshith R
bc24b5eca8 deploy: update templates to v3.11.0
This commit updates templates to new
v3.11.0 release.
Pending Release Notes is also reset.

Signed-off-by: Rakshith R <rar@redhat.com>
2024-04-02 13:03:08 +00:00
Rakshith R
4aa53c823e ci: modify mergifyio rules for new release-v3.11
This commit adds support for v3.11 backports
and removes support for v3.9 backports.

Signed-off-by: Rakshith R <rar@redhat.com>
2024-04-02 08:07:30 +00:00
Rakshith R
97bc20ae5a ci: update pr-commentor rules matrix
This commit adds rules for release-v3.11
and removes rules for release-v3.9.

Signed-off-by: Rakshith R <rar@redhat.com>
2024-04-02 08:07:30 +00:00
Rakshith R
04670a8b4d doc: add steps for upgrading from 3.10 to 3.11
This commit adds steps for upgrading from 3.10
to 3.11.

Signed-off-by: Rakshith R <rar@redhat.com>
2024-04-02 08:07:30 +00:00
Rakshith R
0e4991ac8b doc: update README for v3.11.0 release
This commit updates README to deprecate 3.9.x release,
add 3.10.1/2 release versions and pin latest release
to v3.11.0

Signed-off-by: Rakshith R <rar@redhat.com>
2024-04-02 08:07:30 +00:00
Praveen M
3c8ea475ec doc: csi driver object options
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-01 09:27:01 +00:00
Niels de Vos
8e57efad98 cleanup: use standard Golang "slices" instead of k8s package
The "slices" package has been introduced in Go 1.21 and can be used
instead of the Kubernetes package that will be replaced by the standard
package at one point too.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-29 12:42:24 +00:00
Praveen M
33a888f9ec helm: fix seLinuxMount option for csi driver
This commit fixes the typo from `.Values.seLinuxMount` to
`.Values.CSIDriver.seLinuxMount` used in helm charts.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-29 10:46:18 +00:00
Niels de Vos
3df396e6f1 rbd: add extra logging while cleaning up snapshots
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-28 11:54:28 +00:00
Niels de Vos
ba05c0f5f1 cleanup: reformat generateVolFromSnap() to rbdSnapshot.toVolume()
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-28 11:54:28 +00:00
Niels de Vos
a517290ea7 rbd: let parseVolCreateRequest() return a connected rbdVolume
By returning a connected rbdVolume in parseVolCreateRequest(), the
CreateVolume() function can be simplified a little. There is no need to
call the additional Connect() and detect failures with it.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-28 11:54:28 +00:00
Niels de Vos
7b2b125b18 rbd: free snapshot resources after allocation
Not all snapshot objects are free'd correctly after they were allocated.
It is possible that some connections to the Ceph cluster were never
closed. This does not need to be a noticeable problem, as connections
are re-used where possible, but it isn't clean either.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-28 11:54:28 +00:00
Niels de Vos
18162c71bc cleanup: do not pass an empty snapshot to genSnapFromSnapID()
Just like GenVolFromVolID() the genSnapFromSnapID() function can return
a snapshot. There is no need to allocated an empty snapshot and pass
that to the genSnapFromSnapID() function.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-28 11:54:28 +00:00
parth-gr
063319f6e5 rbd: make pool optional in rbd sc if topologyconstraints are present
if rbd storage class is created with topologyconstraintspools
replicated pool was still mandatory, making the pool optional if the
topologyconstraintspools is requested

Closes: https://github.com/ceph/ceph-csi/issues/4380

Signed-off-by: parth-gr <partharora1010@gmail.com>
2024-03-22 13:15:50 +00:00
NymanRobin
5224d58c13 cephfs: add support for encryption in ceph-csi-cephfs chart
the chart currently lacks access to configmap and secrets
this causes the mounting of encrypted file systems to fail

Signed-off-by: NymanRobin <nyman.robin@gmail.com>
2024-03-21 14:58:33 +00:00
Ruslan Khizhnyak
d56c9abbce helm: CSIDriver add labels and seLinuxMount disabling method
Signed-off-by: Ruslan Khizhnyak <rkhizhnyak@ptsecurity.com>
2024-03-21 10:07:23 +00:00
Madhu Rajanna
cd18490451 rebase: update go-ceph to latest commit
updating go-ceph to latest commit to
pull the changes required for ceph fs
quiesce. This is also updating aws
sdk dependency.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
aa2094ba30 cephfs: unit test for validateVolumeGroupSnapshotRequest
Added unit test for
validateVolumeGroupSnapshotRequest API which
validates the input VolumeGroupSnapshotRequest
request

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
728a7f5ac7 util: add UnimplementedGroupControllerServer
adding UnimplementedGroupControllerServer to
the DefaultControllerServer struct to avoid
build errors when some non mandatory RPC's
are not implemented.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
0f724480f5 cephfs: implement DeleteVolumeGroupSnapshot RPC
implemented DeleteVolumeGroupSnapshot RPC which
does below operations

* Basic request validation
* Get the snapshotId's and volumeId's
mapping reserved for the UUID
* Delete snapshot and remove its mapping
from the omap
* Repeat above steps until all the mapping
are removed
* Remove the reserved uuid from the omap
* Reset the filesystem quiesce, This might be
required as cephfs doesnt provide any options to
remove the quiesce, if we get any request with same
ID again we can reuse the quiesce API for same set-id
* Return success if the received error is
Pool not found or key not found.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
df770e4139 cephfs: implement CreateVolumeGroupSnapshot RPC
implemented CreateVolumeGroupSnapshot RPC which
does below operations

* Basic request validation
* Reserve the UUID for the group name
* Quiesce the filesystem for all the subvolumes
from the input volumeId's
* Take the snapshot for all the input volumeId's
* Add the mapping between volumeId's and snapshot
Id's in omap
* Release the quiesce for the filesystem for
all the subvolumes from the input volumeId's

Undo all the operations if anything fails.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
ffb2b1144d cephfs: add helper for group options
volumegroup.go holders all the helpers
to extra the group details from the request
and also to extra group details from the
groupID.

This also provide helpers to reserve group
for the request Name and also an undo function
incase if somethings goes wrong and we need to
cleanup the reserved omap entries.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
86bf74bb5c cephfs: add helper function to getVolumeOptions
added helper function to extract basic
details from the parameters related to volume
options.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
6a4c45deeb cephfs: add helper for quiesce api
added helper function which calls
the go-ceph API for the quiesce
operations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
eff0fe3a23 cephfs: add error for quiesce operation
added ErrInProgress to indicate the
the quiesce operation is in progress.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
ef25a816a7 cephfs: add locks for volumegroup
Adding a lock for the volumegroup so
that we can take care of serializing
the same requests to ensure same requests
are not served in parallel.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
b30da094b0 build: add ceph_preview to GO_TAGS_LIST
added required ceph_preview tag to the
GO_TAGS_LIST in Makefile which is
required for FSQuiesce API.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
6ec86879e6 cephfs: register group controller
register the group controller service
for the cephfs.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
ff6eda0de1 cephfs: initialize VolumeGroupJournal
initialize VolumeGroupJournal which is
required for volumegroup rados communication

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
445de7926d cephfs: add validateCreateVolumeGroupSnapshotRequest
added validateCreateVolumeGroupSnapshotRequest
to validate the CreateVolumeGroupSnapshotRequest
request and ensure that all the requirement
options are set. if not, reject the RPC request.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
68e93a31cc journal: fix connection problem with groupjournal
Same group jounral config need to be reused
for multiple connection where different monitors
and users are used, for that reason create a unique
connection each time.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
f17ea38736 cephfs: advertise group snapshot capability
Advertise VOLUME_GROUP_SNAPSHOT capability
from the cephfs driver.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
6b3484f285 cephfs: add volumegroup service capability
Add GROUP_CONTROLLER_SERVICE capabilities to
the GetPluginCapabilities of the cephFS
plugin.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
dependabot[bot]
3ad922dbae rebase: bump the k8s-dependencies group in /api with 1 update
Bumps the k8s-dependencies group in /api with 1 update: [k8s.io/api](https://github.com/kubernetes/api).


Updates `k8s.io/api` from 0.29.2 to 0.29.3
- [Commits](https://github.com/kubernetes/api/compare/v0.29.2...v0.29.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-19 12:31:13 +00:00
dependabot[bot]
5b9730ce6e rebase: bump the k8s-dependencies group with 1 update
Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes).

Updates `k8s.io/kubernetes` from 1.29.2 to 1.29.3
- [Release notes](https://github.com/kubernetes/kubernetes/releases)
- [Commits](https://github.com/kubernetes/kubernetes/compare/v1.29.2...v1.29.3)

---
updated-dependencies:
- dependency-name: k8s.io/kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-19 11:43:39 +00:00
Praveen M
b9543d3fd3 helm: update template for rbd volumegroupsnapshot
This commit updates template for rbd VolumeGroupSnapshot.
The value is set to false by default.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-18 17:00:45 +00:00
Praveen M
bd07dd4e71 rbd: deployment changes to support VGS
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-18 17:00:45 +00:00
Niels de Vos
991343d9e5 cleanup: do not pass EncodingVersion to GenerateVolID()
The only encoding version that exists is `1`. There is no need to have
multiple constants for that version across different packages. Because
there is only one version, `GenerateVolID()` does not really require it,
and it can use a default version.

If there is a need in the future to support an other encoding version,
this can be revisited with a cleaner solution.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-18 06:23:28 +00:00
Niels de Vos
c32dfc0ae6 cleanup: correct typo in NewCSIVolumeroupJournal() function
The name of the function should be `NewCSIVolumeGroupJournal()`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 11:05:10 +00:00
muxuelan
4f04748c87 rbd: support nbd on euler or arm
Signed-off-by: muxuelan <muxuelan@cmss.chinamobile.com>
2024-03-15 10:39:50 +00:00
Niels de Vos
6f0d9a5d59 deploy: include ServiceAccount in the NFS provisioner RBAC artifact
It seems that the ServiceAccount was not created anymore, this causes
problems with provisioning volumes.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 08:02:25 +00:00
Niels de Vos
a469a66f9d e2e: replace quoted namespace in templates too
Some templates are now generated with the API, and these include
namespaces as "quotes" values. Namespace replacing in the templates need
to replace both the unquoted and quoted strings.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 08:02:25 +00:00