diff --git a/README.md b/README.md index 75c46e8..ae2e831 100644 --- a/README.md +++ b/README.md @@ -188,8 +188,10 @@ node: and continue your democratic installation as usuall with other iscsi drivers. #### Privileged Namespace + democratic-csi requires privileged access to the nodes, so the namespace should allow for privileged pods. One way of doing it is via [namespace labels](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/). Add the followin label to the democratic-csi installation namespace `pod-security.kubernetes.io/enforce=privileged` + ``` kubectl label --overwrite namespace democratic-csi pod-security.kubernetes.io/enforce=privileged ``` @@ -648,12 +650,6 @@ Copy the `contrib/freenas-provisioner-to-democratic-csi.sh` script from the project to your workstation, read the script in detail, and edit the variables to your needs to start migrating! -# Sponsors - -A special shout out to the wonderful sponsors of the project! - -[![ixSystems](https://www.ixsystems.com/wp-content/uploads/2021/06/ix_logo_200x47.png "ixSystems")](http://ixsystems.com/) - # Related - https://github.com/nmaupu/freenas-provisioner diff --git a/contrib/scale-nvmet-start.sh b/contrib/scale-nvmet-start.sh index a2cfc22..8a46078 100755 --- a/contrib/scale-nvmet-start.sh +++ b/contrib/scale-nvmet-start.sh @@ -17,25 +17,60 @@ SCRIPTDIR="$( cd "${SCRIPTDIR}" : "${NVMETCONFIG:="${SCRIPTDIR}/nvmet-config.json"}" +: "${NVMETVENV:="${SCRIPTDIR}/nvmet-venv"}" export PATH=${HOME}/.local/bin:${PATH} -modules=() -modules+=("nvmet") -modules+=("nvmet-fc") -modules+=("nvmet-rdma") -modules+=("nvmet-tcp") +main() { -for module in "${modules[@]}"; do - modprobe "${module}" -done - -which nvmetcli &>/dev/null || { - which pip &>/dev/null || { - wget -O get-pip.py https://bootstrap.pypa.io/get-pip.py - python get-pip.py --user - rm get-pip.py + kernel_modules + nvmetcli ls &>/dev/null || { + setup_venv + install_nvmetcli } + nvmetcli_restore + +} + +kernel_modules() { + + modules=() + modules+=("nvmet") + modules+=("nvmet-fc") + modules+=("nvmet-rdma") + modules+=("nvmet-tcp") + + for module in "${modules[@]}"; do + modprobe "${module}" + done + +} + +setup_venv() { + + rm -rf ${NVMETVENV} + python -m venv ${NVMETVENV} --without-pip --system-site-packages + activate_venv + curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py + python get-pip.py + rm get-pip.py + deactivate_venv + +} + +activate_venv() { + + . ${NVMETVENV}/bin/activate + +} + +deactivate_venv() { + + deactivate + +} + +install_nvmetcli() { if [[ ! -d nvmetcli ]]; then git clone git://git.infradead.org/users/hch/nvmetcli.git @@ -43,19 +78,31 @@ which nvmetcli &>/dev/null || { cd nvmetcli - # install to root home dir - python3 setup.py install --user + activate_venv # install to root home dir - pip install configshell_fb --user + python3 setup.py install --install-scripts=${HOME}/.local/bin + + # install to root home dir + pip install configshell_fb # remove source cd "${SCRIPTDIR}" rm -rf nvmetcli + + deactivate_venv + } -cd "${SCRIPTDIR}" -nvmetcli restore "${NVMETCONFIG}" +nvmetcli_restore() { -touch /var/run/nvmet-config-loaded -chmod +r /var/run/nvmet-config-loaded + activate_venv + cd "${SCRIPTDIR}" + nvmetcli restore "${NVMETCONFIG}" + deactivate_venv + touch /var/run/nvmet-config-loaded + chmod +r /var/run/nvmet-config-loaded + +} + +main diff --git a/examples/freenas-api-iscsi.yaml b/examples/freenas-api-iscsi.yaml index 5871bcf..3b2d922 100644 --- a/examples/freenas-api-iscsi.yaml +++ b/examples/freenas-api-iscsi.yaml @@ -33,7 +33,7 @@ zfs: # "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}" # "org.freenas:test": "{{ parameters.foo }}" # "org.freenas:test2": "some value" - + # total volume name (zvol//) length cannot exceed 63 chars # https://www.ixsystems.com/documentation/freenas/11.2-U5/storage.html#zfs-zvol-config-opts-tab # standard volume naming overhead is 46 chars @@ -41,7 +41,7 @@ zfs: # for work-arounds see https://github.com/democratic-csi/democratic-csi/issues/54 datasetParentName: tank/k8s/b/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap - # they may be siblings, but neither should be nested in the other + # they may be siblings, but neither should be nested in the other # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps # "" (inherit), lz4, gzip-9, etc @@ -68,6 +68,8 @@ iscsi: # add as many as needed targetGroups: # get the correct ID from the "portal" section in the UI + # https://github.com/democratic-csi/democratic-csi/issues/302 + # NOTE: the ID in the UI does NOT always match the ID in the DB, you must use the DB value - targetGroupPortalGroup: 1 # get the correct ID from the "initiators" section in the UI targetGroupInitiatorGroup: 1 diff --git a/examples/freenas-iscsi.yaml b/examples/freenas-iscsi.yaml index a2de43f..6a20b6b 100644 --- a/examples/freenas-iscsi.yaml +++ b/examples/freenas-iscsi.yaml @@ -43,14 +43,14 @@ zfs: # "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}" # "org.freenas:test": "{{ parameters.foo }}" # "org.freenas:test2": "some value" - + # total volume name (zvol//) length cannot exceed 63 chars # https://www.ixsystems.com/documentation/freenas/11.2-U5/storage.html#zfs-zvol-config-opts-tab # standard volume naming overhead is 46 chars # datasetParentName should therefore be 17 chars or less when using TrueNAS 12 or below datasetParentName: tank/k8s/b/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap - # they may be siblings, but neither should be nested in the other + # they may be siblings, but neither should be nested in the other # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps # "" (inherit), lz4, gzip-9, etc @@ -77,6 +77,8 @@ iscsi: # add as many as needed targetGroups: # get the correct ID from the "portal" section in the UI + # https://github.com/democratic-csi/democratic-csi/issues/302 + # NOTE: the ID in the UI does NOT always match the ID in the DB, you must use the DB value - targetGroupPortalGroup: 1 # get the correct ID from the "initiators" section in the UI targetGroupInitiatorGroup: 1 diff --git a/examples/private.yaml b/examples/private.yaml index 4cd9ade..66e42dc 100644 --- a/examples/private.yaml +++ b/examples/private.yaml @@ -14,6 +14,7 @@ _private: #driver: kubernetes # THIS IS UNSUPPORTED, BAD THINGS WILL HAPPEN IF NOT CONFIGURED PROPERLY + # https://github.com/democratic-csi/democratic-csi/issues/289 # # note the volume length must *always* be the same for every call for the same volume by the CO # the length must NOT execeed 128 characters @@ -21,6 +22,16 @@ _private: # must only contain alphnumeric characters or `-` or `_` idTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}-{{ parameters.[csi.storage.k8s.io/pvc/name] }}" + # THIS IS UNSUPPORTED, BAD THINGS WILL HAPPEN IF NOT CONFIGURED PROPERLY + # https://github.com/democratic-csi/democratic-csi/issues/289 + # + # in order for this to behave sanely you *MUST* set consistent templates for + # share names/assets (ie: nfs/iscsi/etc) and the `idTemplate` above + # + # setting to retain results in noop delete opertions (both shares where applicable and volumes remain intact) + # delete|retain + deleteStrategy: retain + # if set, this hash is applied *after* the templating above idHash: strategy: crc16 diff --git a/examples/zfs-generic-nvmeof.yaml b/examples/zfs-generic-nvmeof.yaml index 76a6c6f..b56b3ae 100644 --- a/examples/zfs-generic-nvmeof.yaml +++ b/examples/zfs-generic-nvmeof.yaml @@ -20,7 +20,7 @@ zfs: # zpool: /usr/local/sbin/zpool # sudo: /usr/local/bin/sudo # chroot: /usr/sbin/chroot - + # can be used to set arbitrary values on the dataset/zvol # can use handlebars templates with the parameters from the storage class/CO #datasetProperties: @@ -65,6 +65,7 @@ nvmeof: # http://git.infradead.org/users/hch/nvmetcli.git shareStrategyNvmetCli: #sudoEnabled: true + # /root/.local/bin/nvmetcli #nvmetcliPath: nvmetcli # prevent startup race conditions by ensuring the config on disk has been imported # before we start messing with things @@ -73,7 +74,7 @@ nvmeof: basename: "nqn.2003-01.org.linux-nvme" # add more ports here as appropriate if you have multipath ports: - - "1" + - "1" subsystem: attributes: allow_any_host: 1 @@ -96,7 +97,7 @@ nvmeof: attributes: allow_any_host: "true" listeners: - - trtype: tcp - traddr: server - trsvcid: port - adrfam: ipv4 + - trtype: tcp + traddr: server + trsvcid: port + adrfam: ipv4 diff --git a/src/driver/controller-client-common/index.js b/src/driver/controller-client-common/index.js index d12dd03..434213b 100644 --- a/src/driver/controller-client-common/index.js +++ b/src/driver/controller-client-common/index.js @@ -636,6 +636,17 @@ class ControllerClientCommonDriver extends CsiBaseDriver { ); } + // deleteStrategy + const delete_strategy = _.get( + driver.options, + "_private.csi.volume.deleteStrategy", + "" + ); + + if (delete_strategy == "retain") { + return {}; + } + const volume_path = driver.getControllerVolumePath(volume_id); await driver.deleteDir(volume_path); diff --git a/src/driver/controller-objectivefs/index.js b/src/driver/controller-objectivefs/index.js index d1ccb36..d0b1164 100644 --- a/src/driver/controller-objectivefs/index.js +++ b/src/driver/controller-objectivefs/index.js @@ -458,6 +458,17 @@ class ControllerObjectiveFSDriver extends CsiBaseDriver { ); } + // deleteStrategy + const delete_strategy = _.get( + driver.options, + "_private.csi.volume.deleteStrategy", + "" + ); + + if (delete_strategy == "retain") { + return {}; + } + volume_id = volume_id.toLowerCase(); const filesystem = `${pool}/${volume_id}`; await ofsClient.destroy({}, filesystem, []); diff --git a/src/driver/controller-synology/index.js b/src/driver/controller-synology/index.js index 6c261d9..031ff66 100644 --- a/src/driver/controller-synology/index.js +++ b/src/driver/controller-synology/index.js @@ -691,6 +691,17 @@ class ControllerSynologyDriver extends CsiBaseDriver { ); } + // deleteStrategy + const delete_strategy = _.get( + driver.options, + "_private.csi.volume.deleteStrategy", + "" + ); + + if (delete_strategy == "retain") { + return {}; + } + let response; switch (driver.getDriverShareType()) { diff --git a/src/driver/controller-zfs/index.js b/src/driver/controller-zfs/index.js index 1fca665..28d714a 100644 --- a/src/driver/controller-zfs/index.js +++ b/src/driver/controller-zfs/index.js @@ -1297,6 +1297,17 @@ class ControllerZfsBaseDriver extends CsiBaseDriver { driver.ctx.logger.debug("dataset properties: %j", properties); + // deleteStrategy + const delete_strategy = _.get( + driver.options, + "_private.csi.volume.deleteStrategy", + "" + ); + + if (delete_strategy == "retain") { + return {}; + } + // remove share resources await this.deleteShare(call, datasetName); diff --git a/src/driver/freenas/api.js b/src/driver/freenas/api.js index 42087c5..e1933f9 100644 --- a/src/driver/freenas/api.js +++ b/src/driver/freenas/api.js @@ -3020,6 +3020,17 @@ class FreeNASApiDriver extends CsiBaseDriver { driver.ctx.logger.debug("dataset properties: %j", properties); + // deleteStrategy + const delete_strategy = _.get( + driver.options, + "_private.csi.volume.deleteStrategy", + "" + ); + + if (delete_strategy == "retain") { + return {}; + } + // remove share resources await this.deleteShare(call, datasetName); diff --git a/src/driver/index.js b/src/driver/index.js index bad9dde..242b5bb 100644 --- a/src/driver/index.js +++ b/src/driver/index.js @@ -815,10 +815,11 @@ class CsiBaseDriver { if (!has_guest) { mount_flags.push("guest"); } + } - if (volume_mount_group) { - mount_flags.push(`gid=${volume_mount_group}`); - } + // handle node service VOLUME_MOUNT_GROUP + if (volume_mount_group) { + mount_flags.push(`gid=${volume_mount_group}`); } break; case "iscsi":