unexpected deleting of contents of mount points due to symbolic link … #77507
Conversation
k8s-ci-robot
added
size/S
|
Hi @cuericlee. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/test |
There was a problem hiding this comment.
thanks for the PR @cuericlee
added some comments.
@kubernetes/sig-cluster-lifecycle-pr-reviews
/priority awaiting-more-evidence
cmd/kubeadm/app/cmd/reset.go
Outdated
| @@ -179,20 +179,27 @@ func (r *Reset) Run(out io.Writer, client clientset.Interface, cfg *kubeadmapi.I | |||
|
|
|||
| // Try to unmount mounted directories under kubeadmconstants.KubeletRunDirectory in order to be able to remove the kubeadmconstants.KubeletRunDirectory directory later | |||
| fmt.Printf("[reset] Unmounting mounted directories in %q\n", kubeadmconstants.KubeletRunDirectory) | |||
| umountDirsCmd := fmt.Sprintf("awk '$2 ~ path {print $2}' path=%s/ /proc/mounts | xargs -r umount", kubeadmconstants.KubeletRunDirectory) | |||
|
|
|||
| // In case KubeletRunDirectory is symbolic link, kubeadm failed to find the exact mount points, so it likely clean up content from mount points under KubeletRunDirectory | |||
There was a problem hiding this comment.
please change this comment to:
// In case KubeletRunDirectory holds a symbolic link, evaluate it
cmd/kubeadm/app/cmd/reset.go
Outdated
| } else { | ||
| // Once success to unmount mounted directories then removeAll contents of /var/lib/kubelet avoid to remove moounted filesystem by accident | ||
| dirsToClean = append(dirsToClean, absoluteKubeletRunDirectory) | ||
| } |
There was a problem hiding this comment.
this } seems out of place?
also please change your text editor to use TABs instead of spaces.
cmd/kubeadm/app/cmd/reset.go
Outdated
| } | ||
| } else { | ||
| // Once success to unmount mounted directories then removeAll contents of /var/lib/kubelet avoid to remove moounted filesystem by accident | ||
| dirsToClean = append(dirsToClean, absoluteKubeletRunDirectory) |
There was a problem hiding this comment.
i guess this makes some sense, but then again why is KubeletRunDirectory a symbolic link on your system?
There was a problem hiding this comment.
This is issue reported by user, who intend to replace the /var/lib/kubelet with additional disk space. It cause this issue while kubeadm reset remove the data from the mount points. It looks like risky operation, but we have to prevent such condition by any case.
There was a problem hiding this comment.
/ok-to-test
i'm not sure this is a setup we should support, but i personally don't mind the symbolic link evaluation....let's leave this for others to comment.
k8s-ci-robot
added
priority/awaiting-more-evidence
cmd/kubeadm/app/cmd/reset.go
Outdated
|
|
||
| klog.V(1).Infof("[reset] Executing command %q", umountDirsCmd) | ||
| umountOutputBytes, err := exec.Command("sh", "-c", umountDirsCmd).Output() | ||
| if err != nil { | ||
| klog.Errorf("[reset] Failed to unmount mounted directories in %s: %s\n", kubeadmconstants.KubeletRunDirectory, string(umountOutputBytes)) | ||
| } | ||
| } else { | ||
| // Once success to unmount mounted directories then removeAll contents of /var/lib/kubelet avoid to remove moounted filesystem by accident |
There was a problem hiding this comment.
// Only clean absoluteKubeletRunDirectory if umountDirsCmd passed without error
|
/test |
k8s-ci-robot
added
kind/bug
this job is failing because you are using spaces, instead of tabs in your text editor. |
|
fix gofmt |
cmd/kubeadm/app/cmd/reset.go
Outdated
| var absoluteKubeletRunDirectory string | ||
| absoluteKubeletRunDirectory, err = filepath.EvalSymlinks(kubeadmconstants.KubeletRunDirectory) | ||
| if err != nil { | ||
| klog.Errorf("[reset] Failed to evaluate KubeletRunDirectory directories: %v\n", err) |
|
please add a release note under waiting on more opinions by @kubernetes/sig-cluster-lifecycle-pr-reviews |
There was a problem hiding this comment.
Thanks for tackling this @cuericlee !
This can be avoided by replacing the symlink with a binding mount. However, since symlinks are popular and easy way to do this and not handling things properly is causing data loss, then it's best to merge the fix when it's ready.
cmd/kubeadm/app/cmd/reset.go
Outdated
| if err != nil { | ||
| klog.Errorf("[reset] Failed to evaluate KubeletRunDirectory directories: %v\n", err) | ||
| } | ||
| umountDirsCmd := fmt.Sprintf("awk '$2 ~ path {print $2}' path=%s/ /proc/mounts | xargs -r umount", absoluteKubeletRunDirectory) |
There was a problem hiding this comment.
If absoluteKubeletRunDirectory is empty string (which will be if EvalSymlinks returns error), the awk command will return all mount paths in the system. With that in mind, and the fact that we are running as root, we'll get everything dismounted by accident.
Hence, the whole unmount dirs stuff in here needs to be performed in an else clause appended to the if that checks for error in EvalSymlinks.
|
/retest |
|
@cuericlee thanks |
k8s-ci-robot
added
the
do-not-merge/hold
|
/retest |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cuericlee, neolit123 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
|
squash is done |
cmd/kubeadm/app/cmd/reset.go
Outdated
| if err != nil { | ||
| klog.Errorf("[reset] Failed to unmount mounted directories in %s: %s\n", kubeadmconstants.KubeletRunDirectory, string(umountOutputBytes)) | ||
| klog.Errorf("[reset] Failed to evaluate KubeletRunDirectory directory and skip umount and clean: %v\n", err) |
There was a problem hiding this comment.
please change this to:
klog.Errorf("[reset] Failed to evaluate the %q directory. Skipping its unmount and cleanup: %v", kubeadmconstants.KubeletRunDirectory, err)
There was a problem hiding this comment.
kubeadmconstants.KubeletRunDirectory is print out on line 181. But it is fine, I could refine log error message for easy pd accordingly.
fmt.Printf("[reset] Unmounting mounted directories in %q\n", kubeadmconstants.KubeletRunDirectory)
…tory is a symbolic link unexpected deleting of contents of mount points due to symbolic link of KubeletRunDirectory
|
/retest |
| // Only unmount mount points which start with "/var/lib/kubelet" or absolute path of symbolic link, and avoid using empty absoluteKubeletRunDirectory | ||
| umountDirsCmd := fmt.Sprintf("awk '$2 ~ path {print $2}' path=%s/ /proc/mounts | xargs -r umount", absoluteKubeletRunDirectory) | ||
| klog.V(1).Infof("[reset] Executing command %q", umountDirsCmd) | ||
| umountOutputBytes, err := exec.Command("sh", "-c", umountDirsCmd).Output() |
There was a problem hiding this comment.
this might need a CombinedOutput instead, but since it was part of the old code let's leave it as is...
|
/lgtm |
k8s-ci-robot
added
the
lgtm
@neolit123 anything is needed from me to make merge happen? It looks still hold. |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
/retest Review the full test history for this PR. Silence the bot with an |
…of KubeletRunDirectory
symbolic link of KubeletRunDirectory cause unexpected deleting of contents of mount points
What type of PR is this?
/kind bug
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
In case KubeletRunDirectory holds a symbolic link, evaluate it
Special notes for your reviewer:
Does this PR introduce a user-facing change?: