public_git
/
democratic-csi
mirror of https://github.com/democratic-csi/democratic-csi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

support sudo setups, support apiKey with TrueNAS

This commit is contained in:
Travis Glenn Hansen 2020-11-21 17:15:22 -07:00
parent 52741d3e24
commit 61a4adc6d1
8 changed files with 104 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/freenas-iscsi.yaml
View File

@ -4,9 +4,15 @@ httpConnection:
protocol: http protocol: http
host: server address host: server address
port: 80 port: 80
# use only 1 of apiKey or username/password
# if both are present, apiKey is preferred
# apiKey is only available starting in TrueNAS-12
#apiKey:
username: root username: root
password: password:
allowInsecure: true allowInsecure: true
# use apiVersion 2 for TrueNAS-12 and up (will work on 11.x in some scenarios as well)
#apiVersion: 2
sshConnection: sshConnection:
host: server address host: server address
port: 22 port: 22
@ -21,6 +27,7 @@ zfs:
# can be used to override defaults if necessary # can be used to override defaults if necessary
# the example below is useful for TrueNAS 12 # the example below is useful for TrueNAS 12
#cli: #cli:
# sudoEnabled: true
# paths: # paths:
# zfs: /usr/local/sbin/zfs # zfs: /usr/local/sbin/zfs
# zpool: /usr/local/sbin/zpool # zpool: /usr/local/sbin/zpool

7
examples/freenas-nfs.yaml
View File

@ -4,9 +4,15 @@ httpConnection:
protocol: http protocol: http
host: server address host: server address
port: 80 port: 80
# use only 1 of apiKey or username/password
# if both are present, apiKey is preferred
# apiKey is only available starting in TrueNAS-12
#apiKey:
username: root username: root
password: password:
allowInsecure: true allowInsecure: true
# use apiVersion 2 for TrueNAS-12 and up (will work on 11.x in some scenarios as well)
#apiVersion: 2
sshConnection: sshConnection:
host: server address host: server address
port: 22 port: 22
@ -21,6 +27,7 @@ zfs:
# can be used to override defaults if necessary # can be used to override defaults if necessary
# the example below is useful for TrueNAS 12 # the example below is useful for TrueNAS 12
#cli: #cli:
# sudoEnabled: true
# paths: # paths:
# zfs: /usr/local/sbin/zfs # zfs: /usr/local/sbin/zfs
# zpool: /usr/local/sbin/zpool # zpool: /usr/local/sbin/zpool

7
examples/freenas-smb.yaml
View File

@ -4,9 +4,15 @@ httpConnection:
protocol: http protocol: http
host: server address host: server address
port: 80 port: 80
# use only 1 of apiKey or username/password
# if both are present, apiKey is preferred
# apiKey is only available starting in TrueNAS-12
#apiKey:
username: root username: root
password: password:
allowInsecure: true allowInsecure: true
# use apiVersion 2 for TrueNAS-12 and up (will work on 11.x in some scenarios as well)
#apiVersion: 2
sshConnection: sshConnection:
host: server address host: server address
port: 22 port: 22
@ -21,6 +27,7 @@ zfs:
# can be used to override defaults if necessary # can be used to override defaults if necessary
# the example below is useful for TrueNAS 12 # the example below is useful for TrueNAS 12
#cli: #cli:
# sudoEnabled: true
# paths: # paths:
# zfs: /usr/local/sbin/zfs # zfs: /usr/local/sbin/zfs
# zpool: /usr/local/sbin/zpool # zpool: /usr/local/sbin/zpool

1
examples/zfs-generic-iscsi.yaml
View File

@ -51,6 +51,7 @@ iscsi:
# https://bugzilla.redhat.com/show_bug.cgi?id=1659195 # https://bugzilla.redhat.com/show_bug.cgi?id=1659195
# http://atodorov.org/blog/2015/04/07/how-to-configure-iscsi-target-on-red-hat-enterprise-linux-7/ # http://atodorov.org/blog/2015/04/07/how-to-configure-iscsi-target-on-red-hat-enterprise-linux-7/
shareStragetyTargetCli: shareStragetyTargetCli:
#sudoEnabled: true
basename: "iqn.2003-01.org.linux-iscsi.ubuntu-19.x8664" basename: "iqn.2003-01.org.linux-iscsi.ubuntu-19.x8664"
tpg: tpg:
attributes: attributes:

1
examples/zfs-generic-nfs.yaml
View File

@ -17,6 +17,7 @@ zfs:
# can be used to override defaults if necessary # can be used to override defaults if necessary
# the example below is useful for TrueNAS 12 # the example below is useful for TrueNAS 12
#cli: #cli:
# sudoEnabled: true
# paths: # paths:
# zfs: /usr/local/sbin/zfs # zfs: /usr/local/sbin/zfs
# zpool: /usr/local/sbin/zpool # zpool: /usr/local/sbin/zpool

19
src/driver/controller-zfs-generic/index.js
View File

@ -260,14 +260,21 @@ delete ${iscsiName}
const sshClient = this.getSshClient(); const sshClient = this.getSshClient();
data = data.trim(); data = data.trim();
let command = "sh";
let args = ["-c"]; let args = ["-c"];
let command = []; let taregetCliCommand = [];
command.push(`echo "${data}"`.trim()); taregetCliCommand.push(`echo "${data}"`.trim());
command.push("|"); taregetCliCommand.push("|");
command.push("targetcli"); taregetCliCommand.push("targetcli");
args.push("'" + command.join(" ") + "'"); if (this.options.iscsi.shareStragetyTargetCli.sudoEnabled) {
return sshClient.exec(sshClient.buildCommand("sh", args)); command = "sudo";
args.unshift("sh");
}
args.push("'" + taregetCliCommand.join(" ") + "'");
return sshClient.exec(sshClient.buildCommand(command, args));
} }
} }

27
src/driver/controller-zfs-ssh/index.js
View File

@ -135,9 +135,24 @@ class ControllerZfsSshBaseDriver extends CsiBaseDriver {
options.paths = this.options.zfs.cli.paths; options.paths = this.options.zfs.cli.paths;
} }
if (
this.options.zfs.hasOwnProperty("cli") &&
this.options.zfs.cli.hasOwnProperty("sudoEnabled")
) {
options.sudo = this.getSudoEnabled();
}
return new Zetabyte(options); return new Zetabyte(options);
} }
getSudoEnabled() {
return this.options.zfs.cli.sudoEnabled === true;
}
getSudoPath() {
return this.options.zfs.cli.paths.sudo || "/usr/bin/sudo";
}
getDatasetParentName() { getDatasetParentName() {
let datasetParentName = this.options.zfs.datasetParentName; let datasetParentName = this.options.zfs.datasetParentName;
datasetParentName = datasetParentName.replace(/\/$/, ""); datasetParentName = datasetParentName.replace(/\/$/, "");
@ -671,6 +686,10 @@ class ControllerZfsSshBaseDriver extends CsiBaseDriver {
this.options.zfs.datasetPermissionsMode, this.options.zfs.datasetPermissionsMode,
properties.mountpoint.value, properties.mountpoint.value,
]); ]);
if (this.getSudoEnabled()) {
command = this.getSudoPath() + " " + command;
}
driver.ctx.logger.verbose("set permission command: %s", command); driver.ctx.logger.verbose("set permission command: %s", command);
response = await sshClient.exec(command); response = await sshClient.exec(command);
} }
@ -690,6 +709,10 @@ class ControllerZfsSshBaseDriver extends CsiBaseDriver {
: ""), : ""),
properties.mountpoint.value, properties.mountpoint.value,
]); ]);
if (this.getSudoEnabled()) {
command = this.getSudoPath() + " " + command;
}
driver.ctx.logger.verbose("set ownership command: %s", command); driver.ctx.logger.verbose("set ownership command: %s", command);
response = await sshClient.exec(command); response = await sshClient.exec(command);
} }
@ -703,6 +726,10 @@ class ControllerZfsSshBaseDriver extends CsiBaseDriver {
acl, acl,
properties.mountpoint.value, properties.mountpoint.value,
]); ]);
if (this.getSudoEnabled()) {
command = this.getSudoPath() + " " + command;
}
driver.ctx.logger.verbose("set acl command: %s", command); driver.ctx.logger.verbose("set acl command: %s", command);
response = await sshClient.exec(command); response = await sshClient.exec(command);
} }

62
src/driver/freenas/http/index.js
View File

@ -19,7 +19,7 @@ class Client {
host: server.host, host: server.host,
port: server.port, port: server.port,
//userinfo: server.username + ":" + server.password, //userinfo: server.username + ":" + server.password,
path: server.apiVersion == 1 ? "/api/v1.0" : "/api/v2.0" path: server.apiVersion == 1 ? "/api/v1.0" : "/api/v2.0",
}; };
return URI.serialize(options); return URI.serialize(options);
} }
@ -55,22 +55,27 @@ class Client {
headers: { headers: {
Accept: "application/json", Accept: "application/json",
"User-Agent": USER_AGENT, "User-Agent": USER_AGENT,
"Content-Type": "application/json" "Content-Type": "application/json",
}, },
json: true, json: true,
qs: data, qs: data,
agentOptions: { agentOptions: {
rejectUnauthorized: !!!client.options.allowInsecure rejectUnauthorized: !!!client.options.allowInsecure,
} },
}; };
request(options, function(err, res, body) { request(options, function (err, res, body) {
client.log_repsonse(...arguments, options); client.log_repsonse(...arguments, options);
if (err) { if (err) {
reject(err); reject(err);
} }
resolve(res); resolve(res);
}).auth(client.options.username, client.options.password); }).auth(
client.options.username,
client.options.password,
true,
client.options.apiKey
);
}); });
} }
@ -87,22 +92,27 @@ class Client {
headers: { headers: {
Accept: "application/json", Accept: "application/json",
"User-Agent": USER_AGENT, "User-Agent": USER_AGENT,
"Content-Type": "application/json" "Content-Type": "application/json",
}, },
json: true, json: true,
body: data, body: data,
agentOptions: { agentOptions: {
rejectUnauthorized: !!!client.options.allowInsecure rejectUnauthorized: !!!client.options.allowInsecure,
} },
}; };
request(options, function(err, res, body) { request(options, function (err, res, body) {
client.log_repsonse(...arguments, options); client.log_repsonse(...arguments, options);
if (err) { if (err) {
reject(err); reject(err);
} }
resolve(res); resolve(res);
}).auth(client.options.username, client.options.password); }).auth(
client.options.username,
client.options.password,
true,
client.options.apiKey
);
}); });
} }
@ -119,22 +129,27 @@ class Client {
headers: { headers: {
Accept: "application/json", Accept: "application/json",
"User-Agent": USER_AGENT, "User-Agent": USER_AGENT,
"Content-Type": "application/json" "Content-Type": "application/json",
}, },
json: true, json: true,
body: data, body: data,
agentOptions: { agentOptions: {
rejectUnauthorized: !!!client.options.allowInsecure rejectUnauthorized: !!!client.options.allowInsecure,
} },
}; };
request(options, function(err, res, body) { request(options, function (err, res, body) {
client.log_repsonse(...arguments, options); client.log_repsonse(...arguments, options);
if (err) { if (err) {
reject(err); reject(err);
} }
resolve(res); resolve(res);
}).auth(client.options.username, client.options.password); }).auth(
client.options.username,
client.options.password,
true,
client.options.apiKey
);
}); });
} }
@ -151,22 +166,27 @@ class Client {
headers: { headers: {
Accept: "application/json", Accept: "application/json",
"User-Agent": USER_AGENT, "User-Agent": USER_AGENT,
"Content-Type": "application/json" "Content-Type": "application/json",
}, },
json: true, json: true,
body: data, body: data,
agentOptions: { agentOptions: {
rejectUnauthorized: !!!client.options.allowInsecure rejectUnauthorized: !!!client.options.allowInsecure,
} },
}; };
request(options, function(err, res, body) { request(options, function (err, res, body) {
client.log_repsonse(...arguments, options); client.log_repsonse(...arguments, options);
if (err) { if (err) {
reject(err); reject(err);
} }
resolve(res); resolve(res);
}).auth(client.options.username, client.options.password); }).auth(
client.options.username,
client.options.password,
true,
client.options.apiKey
);
}); });
} }
} }