-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCSI persistent reservation with device plugin #9177
Conversation
/cc @vladikr |
@alicefr: GitHub didn't allow me to request PR reviews from the following users: reservation, this, scsi, persistent, device, plugin, is, the, version, with. Note that only kubevirt members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@vladikr @xpivarc it is a question for you. About the feature gate, I'm not sure if we should simply avoid starting the device plugin for the socket or also deploying the pr-helper container. Another alternative could be to deploy the pr-helper in a separate daemon set. I have avoid so fare this solution because it complicates the deployment of KubeVirt as we need an additional daemonset to manage. |
10bf69e
to
69e8d13
Compare
69e8d13
to
7f22b8d
Compare
6364d74
to
739cfac
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Therefore, the simplest solution would be to deploy the pr-helper container in all cases and simply enable or not the device plugin.
Since the pr-helper
container is privileged, it brings additional security risks. I would try to avoid running it at all if it is not explicitly enabled by the end-user via the feature gate.
Another alternative could be to deploy the pr-helper in a separate daemon set. I have avoid so fare this solution because it complicates the deployment of KubeVirt as we need an additional daemonset to manage.
I think we need to consider how critical the impact of restarting virt-handler might be. As I understand, it should not affect running workloads (hopefully :P ). If it's smth we can live with, then we probably just need to properly document the behavior (i.e. that virt-handler needs to be restarted if the feature gate is enabled/disabled).
739cfac
to
7b40a12
Compare
Yes, I'd like to have also some more dynamic mechanism.
Again, the other option could be to introduce new daemonset just for the pr-helper. Virt-operator could create (or remove) this new damonset based on the feature gates. The part that worries me more is the upgrade path. It is an additional components to upgrade. |
7b40a12
to
48c4115
Compare
48c4115
to
ff031ca
Compare
ff031ca
to
80a8e86
Compare
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Signed-off-by: Alice Frosi <afrosi@redhat.com>
The new fedora VM image includes the sg3_util needed to test the SCSI persitent reservation. Signed-off-by: Alice Frosi <afrosi@redhat.com>
If the VM requests the persistent reservation, it cannot be migrated as the reservation is done on the node. Signed-off-by: Alice Frosi <afrosi@redhat.com>
Add unit test for scsi persistent reservation condition Signed-off-by: Alice Frosi <afrosi@redhat.com>
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Test if the validation works when the PersistentReservation feature gate is enable/disable and the VMI requests the feature. Signed-off-by: Alice Frosi <afrosi@redhat.com>
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Update the rpmtree Signed-off-by: Alice Frosi <afrosi@redhat.com>
The SCSI persistent reservation is controlled and enabled with the PersistentReservation feature gate. The pr-helper deployment is also run only if this feature gate is set. The enablement and removal of the feature gate causes the virt-handler to be redeployed. Signed-off-by: Alice Frosi <afrosi@redhat.com>
Export on every node the max number of device in this way the pr-helper can be used by multiple VMs. Signed-off-by: Alice Frosi <afrosi@redhat.com>
Signed-off-by: Alice Frosi <afrosi@redhat.com>
This test suite adds 3 tests to verify: - A single VM can request the persistent reservation - 2 VMs can be successfully started on the same LUN and requesting the persistent reservation. The first VM reserves the LUN, while the second VM is able to see the reservation from the first and a second reservation request faild - disabling the persistent reservation feature gate should trigger the virt-handler redeployment Targetcli utility is deployed in a container with a backend PVC on a node. This creates a SCSI loopback device on the backend PVC. Afterwards, a PV/PVC couple is generated referencing the SCSI device and it can be used by the testsuite. These tests needs to run serially as they require the enablement of the PersistentReservation feature gate and the virt-handler redeployment. Signed-off-by: Alice Frosi <afrosi@redhat.com>
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Certain feature gates might require the redeployment of virt-handler. This needs to be taken into account before checking the health status of the pod when KubeVirt CR is updated. Signed-off-by: Alice Frosi <afrosi@redhat.com>
226cc64
to
fccb139
Compare
Rebased and addressed ci failure in commit: fccb139 |
/lgtm |
/test pull-kubevirt-e2e-k8s-1.26-sig-storage |
/retest-required |
@alicefr: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest-required |
The signature of NewHandlerDaemonSet was changed by kubevirt#9177 but not updated in this test. This was noticed after introducing a second run of golangci-lint and ginkgolinter against all directories. Signed-off-by: Lee Yarwood <lyarwood@redhat.com>
What this PR does / why we need it:
SCSI protocol offers dedicated commands in order to reserve and control access to the LUNs. This can be used to prevent data corruption if the disk is shared by multiple VMs (or more in general processes).
The SCSI persistent reservation is handled by the qemu-pr-helper. The pr-helper is a privileged daemon that can be either started by libvirt directly or managed externally.
In case of KubeVirt, the qemu-pr-helper needs to be started externally because it requires high privileges in order to perform the persistent SCSI reservation. Afterward, the pr-helper socket is accessed by the unprivileged virt-launcher pod for enabling the SCSI persistent reservation.
This PR is a second version of #8210 using device plugin framework.
The pr-helper daemon is deployed in the same pod as virt-handler in a separate container. This PR introduces a new device plugin for mounting the pr-socket inside the virt-launcher container if it requests the resource
devices.kubevirt.io/pr-helper
and is enabled by thereservations
field in the VMI declaration.VMI example:
The device plugin framework doesn't offer any access control. However, having access to the pr-helper socket isn't enough to perform the reservation, as the pod requires also access to the SCSI device. The SCSI device is managed through PVCs and k8s RBAC.
This feature is controlled by the feature gate
PersistentReservation
:Once the feature gate is enabled, then the additional container with the
qemu-pr-helper
is deployed inside the virt-handler pod. Enabling (or removing) the feature gate causes the redeployment of the virt-handler pod.An important aspect of this feature is that the SCSI persistent reservation doesn't support migration. Even if you apply the reservation to an RWX PVC provisioning SCSI devices, the restriction is due to the reservation done by the initiator on the node. The VM could be migrated but not the reservation.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #8115
Release note: