This patch modifies the code to use userID and
userKey for provisioning of both static and dynamic
PVs.
In case user credentials are not found admin credentials
are used as a fallback and for backwards compatibility.
Signed-off-by: Niraj Yadav <niryadav@redhat.com>
- gomnd is replaced by mnd in v1.58.0
- gosec exlcude G115 rule (Potential integer overflow when converting between integer types)
- disable new iface linter
- disable new recvcheck linter
Signed-off-by: Praveen M <m.praveen@ibm.com>
Fix status codes that are returned for Get/Delete RPC calls
for VolumeGroup/VolumeGroupSnapshot.
Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
Currently, CephCSI only uses listSnaps to determine
number of snapshots on a RBD image and uses snapshot
names as child image names to flatten them.
But child images may have different name(in case of
group snapshot) or they maybe in trash
(deleted k8s VolSnapshot with alive restored PVC).
The above problems are avoid by making use of both
snap and child image lists.
Signed-off-by: Rakshith R <rar@redhat.com>
This commit consolidates flatten logic checks for cloneDepth
and snapshotLimit in PrepareVolumeForSnapshot. This allows
the function to be called for both CreateSnapshot and
CreateVolumeGroupSnapshot.
Clone Depth check and flattening of grand parent image
now occurs before creation of snapshot starts.
This aligns better with how PVC-PVC clone and
PVC-restore process occurs currently.
Flattening the grandparent image once prevents
flattening of every newly created snapshot.
Snapshot in above para refers to k8s VolumeSnapshot
(which is backed by a rbd image).
Signed-off-by: Rakshith R <rar@redhat.com>
This commit fixes the VolumeGroup UndoReservation
by using the correct RequestName of the VolumeGroup
instead of the volumeGroupHandle.
Signed-off-by: Praveen M <m.praveen@ibm.com>
This function deletes rbd snap and rbd image
backing k8s snapshot.
The same function is used for deleting
individual snapshots in group snapshot.
Signed-off-by: Praveen M <m.praveen@ibm.com>
We should return NotFound status if the group doesn't exists
for ControllerGetVolumeGroup RPC call.
And, an empty/OK response for DeleteVolumeGroup if the group
doesn't exists
Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
`ControllerExpandVolume` creates the credentials from
secrets but never actually uses it for anything.
The secrets map is passed on to `NewVolumeOptionsFromVolID`
which does the same check again. This patch removes the
extraneous step.
Signed-off-by: Niraj Yadav <niryadav@redhat.com>
using os.RemoveAll will remove everything
in the director after the Umount we should
be using os.Remove only to remove the empty
directory
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
using os.RemoveAll will remove everything
in the director after the Umount we should
be using os.Remove only to remove the empty
directory
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
We should not be dependent on the CO to ensure
that it will serialize the request instead of
that we need to have own internal locks to ensure
that we dont do concurrent operations for same
request.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
We should not be dependent on the CO to ensure
that it will serialize the request instead of
that we need to have own internal locks to ensure
that we dont do concurrent operations for same
request.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
During PVC-PVC clone creation, parent of the datasource
image is flattened after checking for clone depth.
We need to account for data source image as well since
we're calculating depth from the parent image.
depthToAvoidFlatten = 3(datasource image + temp + final clone)
Signed-off-by: Rakshith R <rar@redhat.com>
CephCSI should not flatten image that can be mounted
for use by the user.
`checkFlatten()` was called in a recovery code flow
of PVC restored from snapshot and was missed while
refractoring in https://github.com/ceph/ceph-csi/pull/2900
refer: #2900
Signed-off-by: Rakshith R <rar@redhat.com>
Add VolumeGroupLocks in the CSI Controller Server so that operations are
protected against concurrent requests for the same VolumeGroupSnapshot.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
`reserveSnap()` can potentially fail halfway through, in that case it
needs to undo the snapshot reservation and restore modified attributes
of the snapshot.
Fixes: #4945
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Without the SnapshotGroupID in the Snapshot object, Kubernetes CSI does
not know that the Snapshot belongs to a group. In that case, it allows
the deletion of the Snapshot, which should be denied.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
When the GroupSnapGetInfo go-ceph function is supported by librbd, the
Group Controller Servive and VolumeGroupSnapshot capabilities can be
exposed to the Container Orchestrator.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
When creating a Snapshot with the new NewSnapshotByID() function, the
name of the RBD-image that is created is the same as the name of the
Snapshot. The `RbdImageName` points to the name of parent image, which
causes deleting the Snapshot to delete the parent image instead.
Correcting the `RbdImageName` and setting it to the `RbdSnapName` makes
sure that upon deletion, the Snapshot RBD-image is removed, and not the
parent image.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The Group Controller Server may need to fetch a VolumeGroupSnapshot that
was statically provisioned. In that case, only the name of the
VolumeGroupSnapshot is known and should be resolved to an object.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The GetVolumeGroupSnapshotByID function makes it possible to get a
VolumeGroupSnapshot object from the Manager by passing a request-id.
This makes it simple for the Group Controller Server to check if a
VolumeGroupSnapshot already exists, so it is not needed to try and
re-create an existing one.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Implement the CreateVolumeGroupSnapshot for the rbd.Manager. A Group
Controller Server can use the rbd.Manager to create VolumeGroupSnapshots
in an easy an idempotent way.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
A (CSI) VolumeGroupSnapshot object contains references to Snapshot IDs
(or CSI Snapshot handles). In order to work with a VolumeGroupSnapshot
struct, the Snapshot IDs need to be resolved into rbdSnapshot structs.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The VolumeGroupSnapshot type will be used by the rbd.Manager to create,
inspect and delete VolumeGroupSnapshos.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
When the rbd.Manager creates a VolumeGroupSnapshot, each RBD-snapshot
that is created as part of the RBD-group needs to be cloned into its own
RBD-image that will be used as a CSI Snapshot.
The VolumeGroup.CreateSnapshots() creates the RBD-group snapshot and
returns a list of the Snapshot structs.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The NewSnapshotByID() function makes it possible to clone a new Snapshot
from an existing RBD-image and the ID of an RBD-snapshot on that image.
This will be used by the VolumeGroupSnapshot feature, where the ID of an
RBD-snapshot is obtained for the RBD-snapshot on the RBD-images.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Each object is responsible for maintaining a connection to the journal.
By sharing a single journal, cleanup of objects becomes more complex as
the journal is used in deferred functions and only the last should
destroy the journal connection resources.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Commit 95733b3a9 introduced the `StoreGroupID()` function, but that
unfortunately set an empty key in the journal.
Passing the `csiGroupIDKey` key (with value `csi.groupid`) caused
setting `csi.csi.groupid` as a key. Reading the value back with the
right `csi.groupid` key always returned an empty value.
Fixes: 95733b3a9 "journal: add option to store the groupID"
Signed-off-by: Niels de Vos <ndevos@ibm.com>
When the image is not closed, it keeps a watch open. This prevents the
CSI Controller to delete the Volume, as there is still a user of it.
Fixes: f9ab14e826 "rbd: check if an image is part of a group before adding it"
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The address we get from ceph
contains the ip in the format
of 10.244.0.1:0/2686266785 we
need to extract the client IP
from this address, we already
have a helper to extract it,
This makes the helper more generic
can be reused by multiple packages
in the fence controller.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
implemented GetFenceClients which
connects to the ceph cluster and
returns the ceph clusterID and the
clientaddress that is used for rados
connection.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
added GetAddrs to get the client
Adress of the rados connection
which is helpful for NetworkFencing
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
register Capability_NetworkFence_
GET_CLIENTS_TO_FENCE capability and
start a NetworkFence controllers
as part of rbd nodeplugin.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This PR modifies the execCryptSetupCommand so that
the process is killed in an event of lock timeout.
Useful in cases where the volume lock is released but
the command is still running.
Signed-off-by: Niraj Yadav <niryadav@redhat.com>
This commit adds the support for storing the CephFS omap data
in a namespace specified in the ceph-csi-config ConfigMap under
cephFS.radosNamespace field.
If the radosNamespace is not set, the default radosNamespace will
be used i.e, csi.
Signed-off-by: Praveen M <m.praveen@ibm.com>
This commit adds `GetCephFSRadosNamespace` util method that returns
the `RadosNamespace` specified in ceph-csi-config ConfigMap under
cephFS.radosNamespace.
If not specified, the method returns the default RadosNamespace
i.e, csi.
Signed-off-by: Praveen M <m.praveen@ibm.com>
The rbdSnapshot/rbdImage object implements all functions for a useful
Snapshot interface. The rbd.Manager will be able to use this for
providing VolumeGroupSnapshot support.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Prevent re-use of a destroyed connection by setting it to `nil`. This
way it is also safe to call `Destroy()` multiple times without causing a
panic.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The go-ceph rbd package provides the GroupSnapGetInfo function, but it
may return ErrUnsupported when called. Returning this error after
advertising the support for VolumeGroupSnapshot seems ugly.
In order to advertise support for VolumeGroupSnapshot,
SupportsGroupSnapGetInfo() can be used, which detects the required C
function of librbd.
Signed-off-by: Niels de Vos <ndevos@ibm.com>