From 8ac44c0a67ddf9f59476b8f04b710c364a063e3c Mon Sep 17 00:00:00 2001 From: Travis Glenn Hansen Date: Sun, 17 Apr 2022 14:41:34 -0600 Subject: [PATCH] enable smb in csi, only force host mount/umount if the operator has not explicitly set a preference Signed-off-by: Travis Glenn Hansen --- .github/workflows/main.yml | 8 ++-- ci/configs/truenas/core/12.0/core-iscsi.yaml | 7 ++++ ci/configs/truenas/core/12.0/core-nfs.yaml | 2 +- ci/configs/truenas/core/12.0/core-smb.yaml | 28 ++++++------- ci/configs/truenas/core/13.0/core-nfs.yaml | 2 +- ci/configs/truenas/core/13.0/core-smb.yaml | 40 +++++++++++-------- ci/configs/truenas/scale/22.02/scale-nfs.yaml | 2 +- ci/configs/truenas/scale/22.02/scale-smb.yaml | 36 +++++++---------- docker/mount | 12 +++--- docker/umount | 12 +++--- examples/node-common.yaml | 27 +++++++++++++ 11 files changed, 105 insertions(+), 71 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 528fb9d..bcab4e5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -74,7 +74,7 @@ jobs: - truenas/scale/22.02/scale-iscsi.yaml - truenas/scale/22.02/scale-nfs.yaml # 80 char limit - #- truenas/scale-smb.yaml + - truenas/scale/22.02/scale-smb.yaml runs-on: - self-hosted - csi-sanity-zfs-local @@ -103,10 +103,10 @@ jobs: matrix: config: # 63 char limit - #- truenas/core-iscsi.yaml + - truenas/core/12.0/core-iscsi.yaml - truenas/core/12.0/core-nfs.yaml # 80 char limit - #- truenas/core-smb.yaml + - truenas/core/12.0/core-smb.yaml runs-on: - self-hosted - csi-sanity-zfs-local @@ -137,7 +137,7 @@ jobs: - truenas/core/13.0/core-iscsi.yaml - truenas/core/13.0/core-nfs.yaml # 80 char limit - #- truenas/core-smb.yaml + - truenas/core/13.0/core-smb.yaml runs-on: - self-hosted - csi-sanity-zfs-local diff --git a/ci/configs/truenas/core/12.0/core-iscsi.yaml b/ci/configs/truenas/core/12.0/core-iscsi.yaml index 2cf1d84..7d65a5a 100644 --- a/ci/configs/truenas/core/12.0/core-iscsi.yaml +++ b/ci/configs/truenas/core/12.0/core-iscsi.yaml @@ -35,3 +35,10 @@ iscsi: targetGroupAuthGroup: # 0-100 (0 == ignore) extentAvailThreshold: 0 + +# overcome the 63 char limit for testing purposes only +_private: + csi: + volume: + idHash: + strategy: crc16 diff --git a/ci/configs/truenas/core/12.0/core-nfs.yaml b/ci/configs/truenas/core/12.0/core-nfs.yaml index 04f2744..0205cb0 100644 --- a/ci/configs/truenas/core/12.0/core-nfs.yaml +++ b/ci/configs/truenas/core/12.0/core-nfs.yaml @@ -19,7 +19,7 @@ zfs: detachedSnapshotsDatasetParentName: tank/ci/${CI_BUILD_KEY}/s datasetEnableQuotas: true - datasetEnableReservation: true + datasetEnableReservation: false datasetPermissionsMode: "0777" datasetPermissionsUser: 0 datasetPermissionsGroup: 0 diff --git a/ci/configs/truenas/core/12.0/core-smb.yaml b/ci/configs/truenas/core/12.0/core-smb.yaml index 9460255..2559c5b 100644 --- a/ci/configs/truenas/core/12.0/core-smb.yaml +++ b/ci/configs/truenas/core/12.0/core-smb.yaml @@ -17,28 +17,24 @@ sshConnection: zfs: datasetProperties: # smb options - #aclmode: restricted - #casesensitivity: mixed + aclmode: restricted + aclinherit: passthrough + acltype: nfsv4 + casesensitivity: insensitive datasetParentName: tank/ci/${CI_BUILD_KEY}/v detachedSnapshotsDatasetParentName: tank/ci/${CI_BUILD_KEY}/s datasetEnableQuotas: true - datasetEnableReservation: true - datasetPermissionsMode: "0777" - datasetPermissionsUser: 0 - datasetPermissionsGroup: 0 + datasetEnableReservation: false + datasetPermissionsMode: "0770" + datasetPermissionsUser: 1001 + datasetPermissionsGroup: 1001 - # for smb with guest - #datasetPermissionsUser: nobody - #datasetPermissionsGroup: nobody - - #datasetPermissionsGroup: root - #datasetPermissionsAcls: - #- "-m everyone@:full_set:allow" - - #datasetPermissionsAcls: - #- "-m u:kube:full_set:allow" + datasetPermissionsAcls: + - "-m g:builtin_users:full_set:fd:allow" + - "-m group@:modify_set:fd:allow" + - "-m owner@:full_set:fd:allow" smb: shareHost: ${TRUENAS_HOST} diff --git a/ci/configs/truenas/core/13.0/core-nfs.yaml b/ci/configs/truenas/core/13.0/core-nfs.yaml index 04f2744..0205cb0 100644 --- a/ci/configs/truenas/core/13.0/core-nfs.yaml +++ b/ci/configs/truenas/core/13.0/core-nfs.yaml @@ -19,7 +19,7 @@ zfs: detachedSnapshotsDatasetParentName: tank/ci/${CI_BUILD_KEY}/s datasetEnableQuotas: true - datasetEnableReservation: true + datasetEnableReservation: false datasetPermissionsMode: "0777" datasetPermissionsUser: 0 datasetPermissionsGroup: 0 diff --git a/ci/configs/truenas/core/13.0/core-smb.yaml b/ci/configs/truenas/core/13.0/core-smb.yaml index 9460255..f5efbf3 100644 --- a/ci/configs/truenas/core/13.0/core-smb.yaml +++ b/ci/configs/truenas/core/13.0/core-smb.yaml @@ -17,28 +17,24 @@ sshConnection: zfs: datasetProperties: # smb options - #aclmode: restricted - #casesensitivity: mixed + aclmode: restricted + aclinherit: passthrough + acltype: nfsv4 + casesensitivity: insensitive datasetParentName: tank/ci/${CI_BUILD_KEY}/v detachedSnapshotsDatasetParentName: tank/ci/${CI_BUILD_KEY}/s datasetEnableQuotas: true - datasetEnableReservation: true - datasetPermissionsMode: "0777" - datasetPermissionsUser: 0 - datasetPermissionsGroup: 0 + datasetEnableReservation: false + datasetPermissionsMode: "0770" + datasetPermissionsUser: 1001 + datasetPermissionsGroup: 1001 - # for smb with guest - #datasetPermissionsUser: nobody - #datasetPermissionsGroup: nobody - - #datasetPermissionsGroup: root - #datasetPermissionsAcls: - #- "-m everyone@:full_set:allow" - - #datasetPermissionsAcls: - #- "-m u:kube:full_set:allow" + datasetPermissionsAcls: + - "-m g:builtin_users:full_set:fd:allow" + - "-m group@:modify_set:fd:allow" + - "-m owner@:full_set:fd:allow" smb: shareHost: ${TRUENAS_HOST} @@ -52,7 +48,7 @@ smb: shareAllowedHosts: [] shareDeniedHosts: [] #shareDefaultPermissions: true - shareGuestOk: true + shareGuestOk: false #shareGuestOnly: true #shareShowHiddenFiles: true shareRecycleBin: true @@ -60,3 +56,13 @@ smb: shareAccessBasedEnumeration: true shareTimeMachine: false #shareStorageTask: + +node: + mount: + mount_flags: "username=smbroot,password=smbroot" + +_private: + csi: + volume: + idHash: + strategy: crc16 diff --git a/ci/configs/truenas/scale/22.02/scale-nfs.yaml b/ci/configs/truenas/scale/22.02/scale-nfs.yaml index 0e817ce..42818ae 100644 --- a/ci/configs/truenas/scale/22.02/scale-nfs.yaml +++ b/ci/configs/truenas/scale/22.02/scale-nfs.yaml @@ -13,7 +13,7 @@ zfs: detachedSnapshotsDatasetParentName: tank/ci/${CI_BUILD_KEY}/s datasetEnableQuotas: true - datasetEnableReservation: true + datasetEnableReservation: false datasetPermissionsMode: "0777" datasetPermissionsUser: 0 datasetPermissionsGroup: 0 diff --git a/ci/configs/truenas/scale/22.02/scale-smb.yaml b/ci/configs/truenas/scale/22.02/scale-smb.yaml index 74964ea..95b0b9a 100644 --- a/ci/configs/truenas/scale/22.02/scale-smb.yaml +++ b/ci/configs/truenas/scale/22.02/scale-smb.yaml @@ -9,31 +9,15 @@ httpConnection: password: ${TRUENAS_PASSWORD} zfs: - datasetProperties: - # smb options - #aclmode: restricted - #casesensitivity: mixed - datasetParentName: tank/ci/${CI_BUILD_KEY}/v detachedSnapshotsDatasetParentName: tank/ci/${CI_BUILD_KEY}/s datasetEnableQuotas: true - datasetEnableReservation: true - datasetPermissionsMode: "0777" - datasetPermissionsUser: 0 - datasetPermissionsGroup: 0 + datasetEnableReservation: false + datasetPermissionsMode: "0770" + datasetPermissionsUser: 1001 + datasetPermissionsGroup: 1001 - # for smb with guest - #datasetPermissionsUser: nobody - #datasetPermissionsGroup: nobody - - #datasetPermissionsGroup: root - #datasetPermissionsAcls: - #- "-m everyone@:full_set:allow" - - #datasetPermissionsAcls: - #- "-m u:kube:full_set:allow" - smb: shareHost: ${TRUENAS_HOST} #nameTemplate: "" @@ -46,7 +30,7 @@ smb: shareAllowedHosts: [] shareDeniedHosts: [] #shareDefaultPermissions: true - shareGuestOk: true + shareGuestOk: false #shareGuestOnly: true #shareShowHiddenFiles: true shareRecycleBin: true @@ -54,3 +38,13 @@ smb: shareAccessBasedEnumeration: true shareTimeMachine: false #shareStorageTask: + +node: + mount: + mount_flags: "username=smbroot,password=smbroot" + +_private: + csi: + volume: + idHash: + strategy: crc16 diff --git a/docker/mount b/docker/mount index 0f7c17a..229e526 100755 --- a/docker/mount +++ b/docker/mount @@ -20,15 +20,17 @@ container_supported_filesystems=( while getopts "t:" opt; do case "$opt" in t) - [[ "${OPTARG,,}" == "zfs" ]] && USE_HOST_MOUNT_TOOLS=1 - [[ "${OPTARG,,}" == "lustre" ]] && USE_HOST_MOUNT_TOOLS=1 - [[ "${OPTARG,,}" == "onedata" ]] && USE_HOST_MOUNT_TOOLS=1 - #(printf '%s\0' "${container_supported_filesystems[@]}" | grep -Fqxz -- "${OPTARG}") || USE_HOST_MOUNT_TOOLS=1 + if [[ "x${USE_HOST_MOUNT_TOOLS}" == "x" ]]; then + [[ "${OPTARG,,}" == "zfs" ]] && USE_HOST_MOUNT_TOOLS=1 + [[ "${OPTARG,,}" == "lustre" ]] && USE_HOST_MOUNT_TOOLS=1 + [[ "${OPTARG,,}" == "onedata" ]] && USE_HOST_MOUNT_TOOLS=1 + #(printf '%s\0' "${container_supported_filesystems[@]}" | grep -Fqxz -- "${OPTARG}") || USE_HOST_MOUNT_TOOLS=1 + fi ;; esac done -if [[ ${USE_HOST_MOUNT_TOOLS} -eq 1 ]];then +if [[ ${USE_HOST_MOUNT_TOOLS} -eq 1 ]]; then chroot /host /usr/bin/env -i PATH="/sbin:/bin:/usr/bin:/usr/sbin" mount "${@:1}" else /usr/bin/env -i PATH="/sbin:/bin:/usr/bin:/usr/sbin" mount "${@:1}" diff --git a/docker/umount b/docker/umount index 9a4b184..b38b078 100755 --- a/docker/umount +++ b/docker/umount @@ -20,15 +20,17 @@ container_supported_filesystems=( while getopts "t:" opt; do case "$opt" in t) - [[ "${OPTARG,,}" == "zfs" ]] && USE_HOST_MOUNT_TOOLS=1 - [[ "${OPTARG,,}" == "lustre" ]] && USE_HOST_MOUNT_TOOLS=1 - [[ "${OPTARG,,}" == "onedata" ]] && USE_HOST_MOUNT_TOOLS=1 - #(printf '%s\0' "${container_supported_filesystems[@]}" | grep -Fqxz -- "${OPTARG}") || USE_HOST_MOUNT_TOOLS=1 + if [[ "x${USE_HOST_MOUNT_TOOLS}" == "x" ]]; then + [[ "${OPTARG,,}" == "zfs" ]] && USE_HOST_MOUNT_TOOLS=1 + [[ "${OPTARG,,}" == "lustre" ]] && USE_HOST_MOUNT_TOOLS=1 + [[ "${OPTARG,,}" == "onedata" ]] && USE_HOST_MOUNT_TOOLS=1 + #(printf '%s\0' "${container_supported_filesystems[@]}" | grep -Fqxz -- "${OPTARG}") || USE_HOST_MOUNT_TOOLS=1 + fi ;; esac done -if [[ ${USE_HOST_MOUNT_TOOLS} -eq 1 ]];then +if [[ ${USE_HOST_MOUNT_TOOLS} -eq 1 ]]; then chroot /host /usr/bin/env -i PATH="/sbin:/bin:/usr/bin:/usr/sbin" umount "${@:1}" else /usr/bin/env -i PATH="/sbin:/bin:/usr/bin:/usr/sbin" umount "${@:1}" diff --git a/examples/node-common.yaml b/examples/node-common.yaml index 1f0f3df..1cda789 100644 --- a/examples/node-common.yaml +++ b/examples/node-common.yaml @@ -30,3 +30,30 @@ node: # ... btrfs: customOptions: [] + + csiProxy: + # should be left unset in most situation, will be auto-detected + #enabled: true + + # connection attributes can be set to grpc endpoint + # ie: hostname:port, or /some/path, or \\.\pipe\foo + # connection and version will use internal defaults and should generally be left unset + services: + filesystem: + #version: v1 + #connection: + disk: + #version: v1 + #connection: + volume: + #version: v1 + #connection: + smb: + #version: v1 + #connection: + system: + #version: v1alpha1 + #connection: + iscsi: + #version: v1alpha2 + #connection: