Commit Graph

1372 Commits

Author SHA1 Message Date
Niels de Vos
834ea92185 rebase: use gosec-2.3.0
gosec-2.3.0 is the current latest version, use that so more checks are
done on the code.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-07-01 05:56:32 +00:00
Niels de Vos
1b89f86d51 util: handle Close() errors in pidlimit
A new version of gosec insists on handling errors returned by Close():

    [/go/src/github.com/ceph/ceph-csi/internal/util/pidlimit.go:44] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer cgroup.Close()

    [/go/src/github.com/ceph/ceph-csi/internal/util/pidlimit.go:78] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer f.Close()

    [/go/src/github.com/ceph/ceph-csi/internal/util/pidlimit.go:113] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer f.Close()

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-07-01 05:56:32 +00:00
Niels de Vos
30dc83c3bb util: create ceph.conf with 0600 permissions
The generated ceph.conf does not need readable by the group, there is
only one (system) user consuming the configurations file.

This addresses the following gosec warning:

    [/go/src/github.com/ceph/ceph-csi/internal/util/cephconf.go:52] - G306 (CWE-): Expect WriteFile permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
      > ioutil.WriteFile(CephConfigPath, cephConfig, 0640)

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-07-01 05:56:32 +00:00
Niels de Vos
16c4e33b09 util: log error when closing temp fail fails in GetOMapValue()
gosec-2.3.0 complains about the following:

    [/go/src/github.com/ceph/ceph-csi/internal/util/cephcmds.go:146] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer tmpFile.Close()

By logging the error from Close(), the warning is gone.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-07-01 05:56:32 +00:00
Madhu Rajanna
21bd26ebc4 e2e: Add E2E for ROX PVC
Added E2E testing for creation
and mounting of ROX PVC, if the
PVC accessmode is ReadOnlyMany
the application pod should not get
write access to it.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-30 17:43:41 +00:00
Madhu Rajanna
37979da5b2 e2e: Add E2E for app readonly options
If the mount option is readonly in app
pod, the pod should not get the write
access to the mounted cephfs subvolume.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-30 17:43:41 +00:00
Madhu Rajanna
5be2f62d38 doc: update readme for ROX PVC
Updated readme for support of ROX PVC

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-30 17:43:41 +00:00
Madhu Rajanna
e1fd12fb29 cephfs: do chmod on stagingpath
instead of doing chmod on the targetpath always
do it once at the stagintpath.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-30 17:43:41 +00:00
Madhu Rajanna
4d11490a2b cephfs: Add support for ROX PVC
cephcsi need to add mount the cephfs subvolume
as the readonly when the PVC type is ROX to
provide only readonly access to the users

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-30 17:43:41 +00:00
Niels de Vos
bb561c5da3 ci: select OS for Travis CI
Travis logs a message while parsing its configuration:

    root: missing os, using the default linux

By adding the "os: linux" option, the unneeded message is removed.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-30 16:02:01 +00:00
Niels de Vos
234ec7b1e0 ci: remove "sudo" from travis configuration
Address the following warning Travis reports:

    root: deprecated key sudo (The key `sudo` has no effect anymore.)

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-30 16:02:01 +00:00
Niels de Vos
c02413a663 build: Add -tags=nautilus to go test and go build
Build `GO_TAGS` based on the `CEPH_VERSION` from build.env. In case the
version is non-empty, pass `-tags=${CEPH_VERSION}` to any of the go
commandline and script that call go programs.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-30 07:55:37 +00:00
Humble Chirammal
58bf45a13e rebase: Make use of latest go ceph library
The go-ceph version 0.4.0 is available now which got some important
library changes required for ceph csi project.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-06-30 07:55:37 +00:00
Yug Gupta
306d5b1da0 ci: add pylint as part of CI
add pylint to catch static issues of python
files in the repo.

User can now run make lint-py for pylint
check on python files.

Signed-off-by: Yug Gupta <ygupta@redhat.com>
2020-06-30 04:43:45 +00:00
Niels de Vos
6ea163af21 cleanup: remove unused GO_METALINTER_THREADS
Go Metalinter is not used anymore, we moved to Golangci.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
9b48598fca build: document CEPH_CSI_RUN_ALL_TESTS in build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
5ebc11963e ci: use CEPH_VERSION from build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
2055d79165 build: check if installed Golang has a compatible architecture
For building a arm64 container image on amd64, it is needed to configure
the system specifically for that. In order to prevent including a amd64
executable in a arm64 image, a check has been added.

When running an arm64 executable on a amd64 system, an error should
occur when cross architecture containers are not supported. This can be
triggered when running `make image-cephcsi GO_ARCH=arm64` on a amd64
system.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
44bf398c79 build: move GOARCH environment variable to targets that use it
This prevents some clutter while running 'make' commands on an
environment where 'go' is not installed. There is no requirement on 'go'
in the case containers are used for building and testing.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
3cc791c7c4 ci: document TEST_COVERAGE and GO_COVER_DIR in buid.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
4fd973b924 build: use BASE_IMAGE from build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
f1da7d9bd1 ci: move minikube variables to build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
21946ae345 ci: move HELM_VERSION to build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
079459c247 build: move GOSEC_VERSION to build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
bc2ac1ccac build: move GOLANGCI_VERSION to build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
33dc861f23 ci: use "gimme" to install Golang in Travis CI
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Niels de Vos
f83a065c8a build: move GOLANG_VERSION to build.env
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-28 17:46:37 +00:00
Yug Gupta
c9ad904331 cephfs: Add support for multiple subvolumegroups
With the current code base, the subvolumegroup will
be created once, and even for a different cluster,
subvolumegroup creation is not allowed again.

Added support multiple subvolumegroups creation by
validating one subvolumegroup creation per cluster.

Fixes: #1123

Signed-off-by: Yug Gupta <ygupta@redhat.com>
2020-06-26 09:19:24 +00:00
Niels de Vos
efd9b31043 cleanup: use util.MountOptionsAdd() in CephFS volumemounter
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-24 13:33:44 +00:00
Niels de Vos
cdbc56de7d ci: add test for MountOptionsAdd()
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-24 13:33:44 +00:00
Niels de Vos
887aab1d72 util: add MountOptionsAdd() to add mount options
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-24 13:33:44 +00:00
John Mulligan
75088aa36d util: add doc comments for exported functions in errors.go
A number of exported functions in errors.go were missing doc comments.
Add them.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
09e1c856d0 journal: do not return errors from remove omap func if omap missing
The previous function used to remove omap keys apparently did not
return errors when removing omap keys from a missing omap (oid).
Mimic that behavior when using the api.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
d32cef5b9f ci: remove comment referring to a function that no longer exists
Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
c14cbee132 journal: change omap set func to handle multiple key-value pairs
For any function that sets more than one key on a single oid setting
them as a batch will be more efficient.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
a8409eccc8 journal: change omap remove func to handle multiple keys at once
For any function that removes more than one key on a single oid removing
them as a batch will be more efficient.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
0ac5f40d09 journal: change omap get func to handle multiple keys at once
Taking this appraoch means that any function that must get more than one
key's value from the same oid can be more efficient by calling out to
ceph only once.

To be cautious and avoid missing things we always request ceph return
more keys than we actually expect to be set on the oid. If there are
unexpected keys there, we will not miss the keys we want if we first hit
an unexpected key if we were to limit ourselves to iterating only over
the number of keys we're expecting to be on the object.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
cd24bb3f5c journal: convert journal to use new omap functions
Convert the business-logic of the journal to use the new go-ceph based
omap manipulation functions.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
0b99bdaa82 journal: add omap.go with go-ceph based omap manipulation funcs
These new omap manipulation functions (get/set/remove) are roughly
equivalent to the previous command-line based approach but rely
on direct api calls to ceph.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
John Mulligan
f3192bd1b3 util: add New* funcs for ErrKeyNotFound & ErrPoolNotFound types
These types have private fields but we need to construct them outside of
the util package. Add New* methods for both.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
2020-06-22 15:41:00 +00:00
Madhu Rajanna
1a1ad11f57 doc: update coding doc to correct import order
Updated coding doc to correct the import order
as per the standard. More info can be found on
https://github.com/golang/go/wiki/CodeReviewComments#imports

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-22 09:51:23 +00:00
Madhu Rajanna
03947ebcc5 doc: update readme to add ROX support
Updated Readme to add ROX support
for rbd PVC.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-22 06:15:40 +00:00
Madhu Rajanna
39561b9675 e2e: Add E2E to mount rbd PVC as ro in app
Added an E2E to mount rbd PVC as readonly
in application pod and try to create some
file in Readonly PVC,when we try to create
files on RO PVC, we should get error.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-22 06:15:40 +00:00
Madhu Rajanna
649aeb7aaf rbd: Add support for rbd ROX PVC mounting
if the PVC access mode is ReadOnlyMany
or single node readonly, mounting the rbd
device path to the staging path as readonly
to avoid the write operation.

If the PVC acccess mode is readonly, mapping
rbd images as readonly.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-06-22 06:15:40 +00:00
Niels de Vos
da40d8e05e rbd: use librbd.FeatureSet for features
go-ceph v0.3 adds constants for ImageFeature values and their names.
Instead of hardcoding "layering" in several places, use the constant
given by librbd.

The rbdVolume.ImageFeatures does not seem to be used anywhere after the
conversion. Stashing the image metadata does include the ImageFeatures
as these are retrieved when getting the image information. It is safe to
drop ImageFeatures altogether and only use the imageFeatureSet instead.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-19 11:37:29 +00:00
Niels de Vos
decfc1ae2c rbd: make hasSnapshotFeature() a method of rbdVolume
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-19 11:37:29 +00:00
Humble Chirammal
dcbf71dd5d cleanup: avoid double import of kubernetes library in e2e utils
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-06-19 08:42:08 +00:00
Mudit Agarwal
e9082768b6 cephfs: enhance tracevol.py script to work with cephfs
tracevol.py script traces a RBD PVC to its RADOS map, key and image.
The script is enhanced to provide the same functionality for cephfs now.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-06-19 05:48:27 +00:00
Mudit Agarwal
78963737d3 rbd: fix tracevol.py script to work with python 3.x
tracevol.py script traces a RBD PVC to its RADOS map, key and image.
It needs minor fixup in order to work with python 3.x

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-06-19 05:48:27 +00:00
Niels de Vos
ebe378c79a util: trim "\x00" characters from the kernel version
It seems that convering the release component from the unix.Utsrelease
type leaves some trailing "\x00" characters.

While splitting the string to compare kernel versions, these additional
characters might prevent converting the string to an int. Strip the
additional characters before returning the string.

Note:
  "\x00" characters are not visible when printing to a file or screen.
  They can be seen in hex-editors, or sending the output through 'xxd'.

Fixes: #1167
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-18 11:42:47 +00:00