Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rbd: setup encryption if rbdVol exits during CreateVol #3422

Merged
merged 1 commit into from
Nov 7, 2022
Merged

rbd: setup encryption if rbdVol exits during CreateVol #3422

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 9 additions & 0 deletions internal/rbd/controllerserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,15 @@ func (cs *ControllerServer) repairExistingVolume(ctx context.Context, req *csi.C

return nil, err
}

default:
// setup encryption again to make sure everything is in place.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question:

  • This is only for PVC. What about the PVC Clone and PVC Snapshot?
  • What about the fileEncryption?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question:

  • This is only for PVC. What about the PVC Clone and PVC Snapshot?

For clone

ceph-csi/internal/rbd/rbd_journal.go

Line 337 in 07e9ded

err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)

For snapshot, just few ones above to copy encryption config

  • What about the fileEncryption?

This pr handles for block encryption,
We can handle the same for file encryption in another pr.
@irq0 can you please take a look at this?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Open an issue so that we dont forget it?

if rbdVol.isBlockEncrypted() {
err := rbdVol.setupBlockEncryption(ctx)
if err != nil {
return nil, fmt.Errorf("failed to setup encryption for image %s: %w", rbdVol, err)
}
}
}

// Set metadata on restart of provisioner pod when image exist
Expand Down