Should Resize() after EncryptionLoad() account for the encryption header space?
#972
Comments
|
Here's a potentially silly question: did you verify that the resize procedure in the docs that you quoted works? If yes, we can probably look into what apis the command line tool might be using that is different from go-ceph. Otherwise, it could possibly be a docs issue. Thanks! |
|
@phlogistonjohn Yes, it does look to me like that resize procedure for the |
|
OK, I took a look at the source for the rbd command line tool's resize action: I looked over the code and saw the only major differences were uses of After looking at a few other options I decided to try to replicate your test case by adapting the code you shared into the go-ceph tests. Here's a copy-n-paste of the code: // added to rbd/encryption_test.go
func TestEncryptedResize(t *testing.T) {
conn := radosConnect(t)
defer conn.Shutdown()
poolname := GetUUID()
err := conn.MakePool(poolname)
assert.NoError(t, err)
defer conn.DeletePool(poolname)
imageName := "resizeme"
imageSize := uint64(50) * 1024 * 1024
encOpts := EncryptionOptionsLUKS2{
Alg: EncryptionAlgorithmAES256,
Passphrase: []byte("test-password"),
}
t.Run("create", func(t *testing.T) {
ioctx, err := conn.OpenIOContext(poolname)
require.NoError(t, err)
defer ioctx.Destroy()
err = CreateImage(ioctx, imageName, imageSize, NewRbdImageOptions())
require.NoError(t, err)
image, err := OpenImage(ioctx, imageName, NoSnapshot)
require.NoError(t, err)
defer image.Close()
s, err := image.GetSize()
require.NoError(t, err)
t.Logf("image size before encryption: %d", s)
err = image.EncryptionFormat(encOpts)
require.NoError(t, err)
s, err = image.GetSize()
require.NoError(t, err)
t.Logf("image size after encryption: %d", s)
})
t.Run("resize", func(t *testing.T) {
ioctx, err := conn.OpenIOContext(poolname)
require.NoError(t, err)
defer ioctx.Destroy()
image, err := OpenImage(ioctx, imageName, NoSnapshot)
require.NoError(t, err)
defer image.Close()
err = image.EncryptionLoad(encOpts)
assert.NoError(t, err)
s, err := image.GetSize()
require.NoError(t, err)
t.Logf("image size before resize: %d", s)
assert.NotEqual(t, s, imageSize)
err = image.Resize(imageSize)
assert.NoError(t, err)
s, err = image.GetSize()
require.NoError(t, err)
t.Logf("image size after encryption: %d", s)
})
}Fortunately, or unfortunately, the test passed for me: I did try using one ioctx for both blocks of the test without seeing any difference. But using multiple ioctx is a tad bit closer to the working CLI version because ioctx's aren't shared across cli invocation (neither are connections, but I digress). Anyway, I'm not sure where we differ. I'll note that I did my run with reef libraries against a reef cluster (based on our CI container image). What versions of the ceph libraries and cluster are you using? |
|
I reran the test on quincy and pacific. Both passed. FWIW, now that we have this test I plan on making a PR out of it to at least serve as a regression test for this use case. But I'll hold off on that for a little while in order not to side-track our conversation too much. |
|
Thanks for checking that out, that's a surprising result but it definitely looks like it's an issue on my end. I'm running the go-ceph tests from a machine with quincy client libraries and using a microceph single VM running reef. However when I tested the |
|
I upgraded the machine running go-ceph from quincy to reef and now I see the same result you do from |
|
OK, thanks for letting me know. If you want to you could report it to ceph's tracker (https://tracker.ceph.com). Otherwise I'm going to consider it solved. I will now use this issue tracker to add the test I shared earlier as a regression test. Thanks! |
Add a test to verify that an encrypted volume can be resized to the desired unencrypted size similar to how the rbd command line tool is documented as able to do. Fixes: ceph#972 Original-Version-By: Will Gorman <will.gorman@gmail.com> Signed-off-by: John Mulligan <jmulligan@redhat.com>
Add a test to verify that an encrypted volume can be resized to the desired unencrypted size similar to how the rbd command line tool is documented as able to do. Fixes: ceph#972 Original-Version-By: Will Gorman <will.gorman@gmail.com> Signed-off-by: John Mulligan <jmulligan@redhat.com>
Add a test to verify that an encrypted volume can be resized to the desired unencrypted size similar to how the rbd command line tool is documented as able to do. Fixes: ceph#972 Original-Version-By: Will Gorman <will.gorman@gmail.com> Signed-off-by: John Mulligan <jmulligan@redhat.com>
Add a test to verify that an encrypted volume can be resized to the desired unencrypted size similar to how the rbd command line tool is documented as able to do. Fixes: #972 Original-Version-By: Will Gorman <will.gorman@gmail.com> Signed-off-by: John Mulligan <jmulligan@redhat.com>
I have a question about the expected behavior for calling
Resize()on an encrypted image after applyingEncryptionLoad(). As I expect, callingGetSize()afterEncryptionLoad()returns the effective size available in the image minus the space consumed by the LUKS header. However, callingResize()with a size that is less than the total size of the image (including the header) appears to have no effect. I had expected that resizing in this case would be similar to the example of therbd resizeCLI command:The following test demonstrates the scenario:
Since
GetSize()in "after encryption load" returns 34MiB I expected thatResize()to 50MiB would increase the available space inside of the encrypted image back to 50MiB but it appears to be unchanged at 34MiB. Is this expected? Is there a different way that Resize() should be used in order to get it to account for the encryption header?The text was updated successfully, but these errors were encountered: