[manila-csi-plugin] support muilple share rules #2915
Conversation
k8s-ci-robot
added
release-note
|
Welcome @silvacarloss! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @silvacarloss. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/L
|
/ok-to-test I'll make a review a bit later |
k8s-ci-robot
added
ok-to-test
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
e100d6b to
e7984fb
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
e7984fb to
e1c1dfc
Compare
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
e1c1dfc to
a4a50ea
Compare
examples/manila-csi-plugin/nfs/static-provisioning/preprovisioned-pvc.yaml
Outdated
Show resolved
Hide resolved
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
a4a50ea to
978dd3d
Compare
|
|
k8s-ci-robot
added
cncf-cla: no
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
cc098b5 to
7e80d0a
Compare
|
/retest |
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
7e80d0a to
bcfd545
Compare
There was a problem hiding this comment.
Hi, a comment inline regarding backwards compatibility; I think you've demonstrated that it works well with NFS, and it'd be nice to test with CephFS as well to be sure. Thanks @silvacarloss
There was a problem hiding this comment.
I believe we need to polish the options for cleanliness and more importantly to avoid breaking backward compatibility. I'm also surprised that it's working at all since we seems to be using a deprecated API call to list accesses which is supposed to return 404.
pkg/csi/manila/nodeserver.go
Outdated
| // Build volume context for fwd plugin | ||
|
|
||
| sa := getShareAdapter(ns.d.shareProto) | ||
| accessRight = getAccessRightBasedOnShareAdapter(sa, accessRights, shareOpts.ShareAccessIDs) |
There was a problem hiding this comment.
If we're not using the returned value, perhaps replace the variable with _ ?
There was a problem hiding this comment.
good question... accessRight was defined in the function signature, so it's empty. When we get to this getAccessRightBasedOnShareAdapter function, it might (or might not) return an access right, which should populate the accessRight value that will be returned, so it's part of assigning a value so it will work with the naked return behavior. I'm kinda new to go and not sure if the naked return is a good practice, so please let me know if this is okay :)
| klog.V(4).Infof("cephx access right for share %s already exists", args.Share.Name) | ||
| accessToList := []string{args.Share.Name} | ||
| if args.Options.CephfsClientID != "" { | ||
| accessToList = strings.Split(args.Options.CephfsClientID, ",") |
There was a problem hiding this comment.
Same comment as for NFS, we should document that cephfs-clientID takes a list of comma-separated IDs.
That being said, we probably need a new option in plural form, deprecating cephfs-clientID. Same goes for nfs-shareClient.
There was a problem hiding this comment.
Changed the doc. Can we keep the current options for now and follow-up on this later? We should also introduce one of the things I mentioned in the todos: get the node's context and simplify the nodeserver code by only looking up for the access rule that will be used for that given node.
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
bcfd545 to
d308dc2
Compare
pkg/csi/manila/nodeserver.go
Outdated
| // Build volume context for fwd plugin | ||
|
|
||
| sa := getShareAdapter(ns.d.shareProto) | ||
| accessRight = getAccessRightBasedOnShareAdapter(sa, accessRights, shareOpts.ShareAccessIDs) |
There was a problem hiding this comment.
good question... accessRight was defined in the function signature, so it's empty. When we get to this getAccessRightBasedOnShareAdapter function, it might (or might not) return an access right, which should populate the accessRight value that will be returned, so it's part of assigning a value so it will work with the naked return behavior. I'm kinda new to go and not sure if the naked return is a good practice, so please let me know if this is okay :)
| klog.V(4).Infof("cephx access right for share %s already exists", args.Share.Name) | ||
| accessToList := []string{args.Share.Name} | ||
| if args.Options.CephfsClientID != "" { | ||
| accessToList = strings.Split(args.Options.CephfsClientID, ",") |
There was a problem hiding this comment.
Changed the doc. Can we keep the current options for now and follow-up on this later? We should also introduce one of the things I mentioned in the todos: get the node's context and simplify the nodeserver code by only looking up for the access rule that will be used for that given node.
There was a problem hiding this comment.
Thank you @silvacarloss ; this looks good to me hoping CI passes.
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
d308dc2 to
bf72548
Compare
|
Hello, as we mentioned a couple of weeks ago we were testing further with CephFS. We can confirm that all tests passed. |
|
/lgtm thank you @silvacarloss |
k8s-ci-robot
added
the
lgtm
| `shareID` | if `shareName` is not given | The UUID of the share | ||
| `shareName` | if `shareID` is not given | The name of the share | ||
| `shareAccessID` | _yes_ | The UUID of the access rule for the share | ||
| `shareAccessIDs` | _yes_ | Comma separated UUIDs of access rules for the share |
There was a problem hiding this comment.
This breaks backward compatibility with the old schema. Can you rework the PR and add an ability to use both shareAccessIDs (prioritized) and shareAccessID (failover)?
There was a problem hiding this comment.
The code does that: https://github.com/kubernetes/cloud-provider-openstack/pull/2915/files#diff-b8c02436df6d507c2e4c14d7e8ae1380ff392de803e3778f2ba187a9ffd24cb2R41-R49
I didn't insist that in the documentation though; should be okay? I don't know if we need another line below here that states shareAccessID is also possible to be used.
There was a problem hiding this comment.
Hey, good point and thanks for the feedback! So the share adapter file in this PR is handling that situation in this function: getAccessIDs. So we first check if there is a value for shareAccessIDs and then we attempt with shareAccessID. If you prefer, we can keep the shareAccessID in this part of the documentation and add a note mentioning that multiple access IDS field is encouraged, as we did in the shareoptions.go. Is there some other place I'm missing this though?
There was a problem hiding this comment.
Hey, I have just updated the documentation to keep the shareAccessID parameter as well. We are doing the handling in the code and I was also able to test it and ensure this is working just fine.
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
bf72548 to
e48032d
Compare
k8s-ci-robot
removed
the
lgtm
@kayrus thank you for the heads-up and for the review. Can we keep #3000 as a separate issue and deal with it in another pull request? The current pull request is addressing an RFE we heard from a couple of deployments, so would be nice if we don't need to hold because of the access rule state issue. We can fix the other issue as soon as we have the cycles to. |
|
/retest-required |
|
/retest-required Apparently hitting an image pull issue |
Signed-off-by: moonek <[email protected]> Signed-off-by: Carlos da Silva <[email protected]>
silvacarloss
force-pushed
the
support-multiple-share-rules-manila-csi
branch
from
e48032d to
6f5d44e
Compare
|
Rebased on top of master to pick up the image pull fix. |
k8s-ci-robot
added
the
lgtm
6 participants
What this PR does / why we need it:
Manila currently supports only setting a single access rule, making it difficult to have multiple access rules to a shared file system, which is a common scenario in a cloud where we need to have multiple clients being able to mount the shares simultaneously. This PR introduces support for multiple share access rules by accepting a list of IPs/Cephx users instead of a single string.
Which issue this PR fixes(if applicable):
fixes #2725
Special notes for reviewers:
Author of the change stated that they didn't have a CephFS environment, so could not test it with CephFS.
Another pull request was proposed for this issue [1], but due to maintainers not being able to update and rebase the original author's PR, we opened a new PR.
[1] #2727
Release note: