Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config option flasharray.iSCSIAllowedCIDR is ignored #166

Closed
L4rS6 opened this issue Apr 22, 2021 · 7 comments · Fixed by #180
Closed

Config option flasharray.iSCSIAllowedCIDR is ignored #166

L4rS6 opened this issue Apr 22, 2021 · 7 comments · Fixed by #180
Labels
bug Something isn't working

Comments

@L4rS6
Copy link

L4rS6 commented Apr 22, 2021

I installed the pso-csi by helm (helm install pure-pso pure/pure-pso --namespace pure -f values.yaml) and configured the values.yaml as follow:

...
flasharray:
  iSCSIAllowedCIDR: 10.4.1.0/26
...

But on some containers, which fail to start, I still can see that those containers try to connect to other target which are not in the allowed list above:

time="2021-04-22T09:01:01Z" level=debug msg="Running command" args="[--mount=/proc/1/ns/mnt --ipc=/proc/1/ns/ipc --net=/proc/1/ns/net -- iscsiadm -m node -T iqn.2010-06.com.purestorage:flasharray.1234567812345678 -p 10.3.0.14:3260 --login]" command=nsenter timeout=20
time="2021-04-22T09:01:01Z" level=debug msg="Running command" args="[--mount=/proc/1/ns/mnt --ipc=/proc/1/ns/ipc --net=/proc/1/ns/net -- iscsiadm -m node -T iqn.2010-06.com.purestorage:flasharray.1234567812345678 -p 10.3.0.15:3260 --login]" command=nsenter timeout=20
time="2021-04-22T09:01:01Z" level=debug msg="Running command" args="[--mount=/proc/1/ns/mnt --ipc=/proc/1/ns/ipc --net=/proc/1/ns/net -- iscsiadm -m node -T iqn.2010-06.com.purestorage:flasharray.1234567812345678 -p 10.3.0.16:3260 --login]" command=nsenter timeout=20
time="2021-04-22T09:01:01Z" level=debug msg="Running command" args="[--mount=/proc/1/ns/mnt --ipc=/proc/1/ns/ipc --net=/proc/1/ns/net -- iscsiadm -m node -T iqn.2010-06.com.purestorage:flasharray.1234567812345678 -p 10.3.0.17:3260 --login]" command=nsenter timeout=20

The overall status of the pure pso-csi pods are as follow:

kubectl get pods -n pure
NAME                                         READY   STATUS                  RESTARTS   AGE
pso-csi-controller-0                         5/6     Running                 7          30m
pso-csi-node-r6vbf                           2/3     Running                 7          30m
pso-csi-node-vv9mj                           2/3     Running                 7          30m
pso-db-0-0                                   0/1     Running                 0          30m
pso-db-1-0                                   0/1     Running                 0          30m
pso-db-2-0                                   0/1     Init:CrashLoopBackOff   6          30m
pso-db-3-0                                   0/1     Init:CrashLoopBackOff   7          30m
pso-db-4-0                                   0/1     Init:CrashLoopBackOff   6          30m
pso-db-cockroach-operator-5867dc494d-l8vxf   1/1     Running                 0          30m
pso-db-deployer-6cff94ff4d-8txsh             1/1     Running                 0          30m

It's quiet interesting that on all containers the ENV variable isn't set properly:

kubectl describe pods pso-db-0-0 -n pure|grep PURE_ISCSI_ALLOWED_CIDRS:
      PURE_ISCSI_ALLOWED_CIDRS:

kubectl describe pods pso-db-2-0 -n pure|grep PURE_ISCSI_ALLOWED_CIDRS:
      PURE_ISCSI_ALLOWED_CIDRS:

Any help is highly appreciated.
@haibinxie
Copy link
Contributor

After some investigation, this parameter isn't used by the DB pods, it is only used by CSI, we will discuss the mitigation and fix and get back.

@haibinxie haibinxie added the bug Something isn't working label Apr 23, 2021
@dsupure
Copy link
Contributor

dsupure commented Apr 26, 2021

Hi @L4rS6, we identify it's a bug that we do not pass the iSCSIAllowedCIDR parameter to the PSO's db pods. We plan to release the next version in June. We will discuss the issue again in late May and give an update to see if we can squeeze the fix into the new release. We will get back to you later next month.

@L4rS6
Copy link
Author

L4rS6 commented Apr 27, 2021

Hi @dsupure, thank you for clarification. Is there a possibility to get that fix earlier? For us it is currently impossible to use that plugin due to that bug.

@L4rS6
Copy link
Author

L4rS6 commented Jun 1, 2021

Hi @dsupure, are there any news regarding the new version including that fix?

@L4rS6
Copy link
Author

L4rS6 commented Jul 14, 2021

Are there any news regarding the release date for the next release including that fix?

@L4rS6
Copy link
Author

L4rS6 commented Aug 11, 2021

Hi @dsupure and @haibinxie, has this been fixed in the v6.2.0-rc1 release candidate? We are still unable to deploy the pso-csi plugin due to that bug...

@pure-jliao pure-jliao mentioned this issue Aug 11, 2021
Merged
@pure-jliao
Copy link
Contributor

@L4rS6 sorry for the late response, I have a PR out to fix this issue, it will be in v6.2.0 GA release. But the release date has not been determined. If you need a workaround, you could simply add the missing env PURE_ISCSI_ALLOWED_CIDRS to cockroach-operator.yaml according to the PR, or wait for the GA release which should be in August or September.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[NEWSTACK-190] Add iSCSI CIDR to cockroack-operator pod pure-jliao/pso-csi
4 participants
@haibinxie @L4rS6 @dsupure @pure-jliao