Revert "debug"

This reverts commit 3f6e384.
rook · Mar 13, 2024 · beac9ea · beac9ea
1 parent 7c6f81a
commit beac9ea
Showing 1 changed file with 1 addition and 70 deletions.
diff --git a/pkg/operator/ceph/cluster/osd/spec.go b/pkg/operator/ceph/cluster/osd/spec.go
@@ -224,56 +224,6 @@ dmsetup version
 function open_encrypted_block {
 	echo "Opening encrypted device $BLOCK_PATH at $DM_PATH"
 	cryptsetup luksOpen --verbose --disable-keyring --allow-discards --key-file "$KEY_FILE_PATH" "$BLOCK_PATH" "$DM_NAME"
-}
-
-# This is done for upgraded clusters that did not have the subsystem and label set by the prepare job
-function set_luks_subsystem_and_label {
-	echo "setting LUKS label and subsystem"
-	cryptsetup config $BLOCK_PATH --subsystem ceph_fsid="$CEPH_FSID" --label pvc_name="$PVC_NAME"
-}
-
-if [ -b "$DM_PATH" ]; then
-	echo "Encrypted device $BLOCK_PATH already opened at $DM_PATH"
-	for field in $(dmsetup table "$DM_NAME"); do
-		if [[ "$field" =~ ^[0-9]+\:[0-9]+ ]]; then
-			underlaying_block="/sys/dev/block/$field"
-			if [ ! -d "$underlaying_block" ]; then
-				echo "Underlying block device $underlaying_block of crypt $DM_NAME disappeared!"
-				echo "Removing stale dm device $DM_NAME"
-				dmsetup remove --force "$DM_NAME"
-				open_encrypted_block
-			fi
-		fi
-	done
-else
-	open_encrypted_block
-fi
-
-# Setting label and subsystem on LUKS1 is not supported and the command will fail
-if cryptsetup luksDump $BLOCK_PATH|grep -qEs "Version:.*2"; then
-	set_luks_subsystem_and_label
-else
-	echo "LUKS version is not 2 so not setting label and subsystem"
-fi
-`
-
-	openEncryptedBlockMeta = `
-set -xe
-
-CEPH_FSID=%s
-PVC_NAME=%s
-KEY_FILE_PATH=%s
-BLOCK_PATH=%s
-DM_NAME=%s
-DM_PATH=%s
-
-# Helps debugging
-dmsetup version
-
-function open_encrypted_block {
-	echo "Opening encrypted device $BLOCK_PATH at $DM_PATH"
-	cryptsetup luksOpen --verbose --disable-keyring --allow-discards --key-file "$KEY_FILE_PATH" "$BLOCK_PATH" "$DM_NAME"
-	ls -l $KEY_FILE_PATH
 	rm -f "$KEY_FILE_PATH"
 }
 
@@ -1049,24 +999,6 @@ func (c *Cluster) generateEncryptionOpenBlockContainer(resources v1.ResourceRequ
 	}
 }
 
-func (c *Cluster) generateEncryptionOpenBlockContainerMeta(resources v1.ResourceRequirements, containerName, pvcName, volumeMountPVCName, cryptBlockType, blockType, mountPath string) v1.Container {
-	return v1.Container{
-		Name:            containerName,
-		Image:           c.spec.CephVersion.Image,
-		ImagePullPolicy: controller.GetContainerImagePullPolicy(c.spec.CephVersion.ImagePullPolicy),
-		// Running via bash allows us to check whether the device is already opened or not
-		// If we don't the cryptsetup command will fail saying the device is already opened
-		Command: []string{
-			"/bin/bash",
-			"-c",
-			fmt.Sprintf(openEncryptedBlockMeta, c.clusterInfo.FSID, pvcName, encryptionKeyPath(), encryptionBlockDestinationCopy(mountPath, blockType), EncryptionDMName(pvcName, cryptBlockType), EncryptionDMPath(pvcName, cryptBlockType)),
-		},
-		VolumeMounts:    []v1.VolumeMount{getPvcOSDBridgeMountActivate(mountPath, volumeMountPVCName), getDeviceMapperMount()},
-		SecurityContext: controller.PrivilegedContext(true),
-		Resources:       resources,
-	}
-}
-
 func (c *Cluster) generateVaultGetKEK(osdProps osdProperties) v1.Container {
 	keyName := osdProps.pvc.ClaimName
 	keyPath := encryptionKeyPath()
@@ -1094,7 +1026,6 @@ func (c *Cluster) getPVCEncryptionOpenInitContainerActivate(mountPath string, os
 
 	// If a KMS is enabled we need to add an init container to fetch the KEK
 	if c.spec.Security.KeyManagementService.IsEnabled() {
-		logger.Debugf("KMS is enabled")
 		getKEKFromKMSContainer := c.generateVaultGetKEK(osdProps)
 
 		// Volume mount to store the encrypted key
@@ -1120,7 +1051,7 @@ func (c *Cluster) getPVCEncryptionOpenInitContainerActivate(mountPath string, os
 
 	// If there is a metadata PVC
 	if osdProps.onPVCWithMetadata() {
-		metadataContainer := c.generateEncryptionOpenBlockContainerMeta(osdProps.resources, blockEncryptionOpenMetadataInitContainer, osdProps.metadataPVC.ClaimName, osdProps.pvc.ClaimName, DmcryptMetadataType, bluestoreMetadataName, mountPath)
+		metadataContainer := c.generateEncryptionOpenBlockContainer(osdProps.resources, blockEncryptionOpenMetadataInitContainer, osdProps.metadataPVC.ClaimName, osdProps.pvc.ClaimName, DmcryptMetadataType, bluestoreMetadataName, mountPath)
 		// We use the same key for both block and block.db so we must use osdProps.pvc.ClaimName for the getEncryptionVolume()
 		_, volMount := c.getEncryptionVolume(osdProps)
 		metadataContainer.VolumeMounts = append(metadataContainer.VolumeMounts, volMount)