During the Demote volume store
the image creation timestamp.
During Resync do below operation
* Check image creation timestamp
stored during Demote operation
and current creation timestamp during Resync
and check both are equal and its for
force resync then issue resync
* If the image on both sides is
not in unknown state, check
last_snapshot_timestamp on the
local mirror description, if its present
send volumeReady as false or else return
error message.
If both the images are in up+unknown the
send volumeReady as true.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit e013cfed15)
golang.org/x/net/html v0.12 is vulnerable against CVE-2023-3978.
Exploiting it through Ceph-CSI is non-trivial, but rebasing
golang.org/x/net should take away any concerns.
See-also: https://pkg.go.dev/vuln/GO-2023-1988
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit a129b1c4ab)
This commit makes sure sparsify() is not run when rbd
image is in use.
Running rbd sparsify with workload doing io and too
frequently is not desirable.
When a image is in use fstrim is run and sparsify will
be run only when image is not mapped.
Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit 98fdadfde7)
The clients parameter in the storage class is used to limit access to
the export to the set of hostnames, networks or ip addresses specified.
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
`/retest all` causes a spike in resource consumption in Jenkins and the
OpenShift cluster kills the Pod. That means tests are not fully running
yet, and results never arrive back in the PR. Instead of `/retest all`,
the `ok-to-test` label can be used to trigger required tests with a
slight delay between each command.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.
It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.
Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
When a volume has AccessType=Block and is encrypted with LUKS, a resize
of the filesystem on the (decrypted) block-device is attempted. This
should not be done, as the application that requested the Block volume
is the only authoritive reader/writer of the data.
In particular VirtualMachines that use RBD volumes as a disk, usually
have a partition table on the disk, instead of only a single filesystem.
The `resizefs` command will not be able to resize the filesystem on the
block-device, as it is a partition table.
When `resizefs` fails during NodeStageVolume, the volume is unstaged and
an error is returned.
Resizing an encrypted block-device requires `cryptsetup resize` so that
the LUKS header on the RBD-image is updated with the correct size. But
there is no need to call `resizefs` in this case.
Fixes: #3945
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.
It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.
Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit modifies code to handle last sync duration being
empty & 0,returning nil & 0 on encountering it respectively.
Earlier both case return 0. Test case is added too.
Signed-off-by: Rakshith R <rar@redhat.com>
This commit get more information from the description
like lastsyncbytes and lastsyncduration and send them
as a response of getvolumereplicationinfo request.
Signed-off-by: Yati Padia <ypadia@redhat.com>
this commit migrates the replication controller server
from internal/rbd and adds it to csi-addons.
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
this commit removes grpc import from replication.go
and replaced it with usual errors and passed gRPC
responses in csi-addons
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
Setting seLinuxMount:true in csidriver objects advertize
that the driver supports passing selinux label in mount
options.
refer: https://kubernetes.io/blog/2023/04/18/ \
kubernetes-1-27-efficient-selinux-relabeling-beta/
Signed-off-by: Rakshith R <rar@redhat.com>
K8s 1.24 will be End of Life on 2023-07-28.
Therefore, removing checks for ci tests on
that version.
refer:
https://kubernetes.io/releases/#release-v1-24
Signed-off-by: Rakshith R <rar@redhat.com>
Currently the Helm chart does not contain a
imagePullSecrets option when you are using
private container registry, this is very inconvenient.
This PR add this option for both CephFS and RBD.
Signed-off-by: Garen Fang <fungaren@qq.com>
The mergify label copier used github-actions bot
to add labels. Actions performed by github-actions
bot do not trigger a workflow and hence
pull-request-commentor was not working as expected.
This commit modifies mergify label copier to use
Cephcsi-bot to copy labels which then will be
able to trigger action to add pr comments.
Signed-off-by: Rakshith R <rar@redhat.com>
