rbd: node fencing, skip pv when pv is not backed by csi

[subhamkrai]

Description of your changes:
when node fencing is triggered and a negative case where one deployment pod consuming pv not provisioned by csi and another deployment pod with rbd rwo are on the same node and node fencing is triggered.

In this case, rook operator panics since it is triggered to get field pv.Spec.CSI.Driver which will be nil

Which issue is resolved by this Pull Request:
Resolves #12558

Checklist:

• Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
• Skip Tests for Docs: If this is only a documentation change, add the label skip-ci on the PR.
• Reviewed the developer guide on Submitting a Pull Request
• Pending release notes updated with breaking and/or notable changes for the next minor release.
• Documentation has been updated, if necessary.
• Unit tests have been added, if necessary.
• Integration tests have been added, if necessary.

[Madhu-1]

LGTM. we might need to handle static PVC also.

[Rakshith-R]

LGTM, thanks !

[subhamkrai]

LGTM. we might need to handle static PVC also.

can you explain more? @Madhu-1

[Madhu-1]

LGTM. we might need to handle static PVC also.

can you explain more? @Madhu-1

Take a look at the doc https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md#create-rbd-static-pv. the RBD static PV doesn't contains some parameters like rbdImage in the volumeAttributes and volumeHandle looks different from regular volume. i suggest you also test node fencing with static PVC and see how its behavior

[subhamkrai]

LGTM. we might need to handle static PVC also.

can you explain more? @Madhu-1

Take a look at the doc https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md#create-rbd-static-pv. the RBD static PV doesn't contain some parameters like rbdImage in the volumeAttributes and volumeHandle looks different from regular volume. I suggest you also test node fencing with static PVC and see how its behavior

okay, I'll test in this pr and update here, adding do-not-merge tag

[subhamkrai]

LGTM. we might need to handle static PVC also.

can you explain more? @Madhu-1

Take a look at the doc https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md#create-rbd-static-pv. the RBD static PV doesn't contains some parameters like rbdImage in the volumeAttributes and volumeHandle looks different from regular volume. i suggest you also test node fencing with static PVC and see how its behavior

I was testing with same example mentioned in the doc and noticed that pvc is not getting bound
with error
Warning VolumeMismatch 8s (x2 over 19s) persistentvolume-controller Cannot bind to requested volume "fs-static-pv": storageClassName does not match

Edit: nevermind, storageClass was not present

Also, in the example mentioned in the doc has driver name "driver":"rbd.csi.ceph.com" and in code we
update rbdPVlist only if

rook/pkg/operator/ceph/cluster/watcher.go

Line 269 in cb44c7b

if pv.Spec.CSI.Driver == fmt.Sprintf("%s.rbd.csi.ceph.com", cluster.Namespace) {

so, I believe based on code nodeFencing will not be applied to static pv which I think make sense as well since static pv life time is same as pod and in case of nodeLoss pod is gone.

[Madhu-1]

LGTM. we might need to handle static PVC also.

can you explain more? @Madhu-1

Take a look at the doc https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md#create-rbd-static-pv. the RBD static PV doesn't contains some parameters like rbdImage in the volumeAttributes and volumeHandle looks different from regular volume. i suggest you also test node fencing with static PVC and see how its behavior

I was testing with same example mentioned in the doc and noticed that pvc is not getting bound with error Warning VolumeMismatch 8s (x2 over 19s) persistentvolume-controller Cannot bind to requested volume "fs-static-pv": storageClassName does not match

Edit: nevermind, storageClass was not present

Also, in the example mentioned in the doc has driver name "driver":"rbd.csi.ceph.com" and in code we update rbdPVlist only if

rook/pkg/operator/ceph/cluster/watcher.go

Line 269 in cb44c7b

if pv.Spec.CSI.Driver == fmt.Sprintf("%s.rbd.csi.ceph.com", cluster.Namespace) {

You need to create static PVC with the same driver deployed by csi driver. you need to use rbd storageclass with what ever the csi driver is deployed by Rook.

so, I believe based on code nodeFencing will not be applied to static pv which I think make sense as well since static pv life time is same as pod and in case of nodeLoss pod is gone.

Sorry I didn't get above comment.

[subhamkrai]

@Madhu-1 NodeFence cr was not created because the code failed to run command rbd status pool/imageName with static pv there is no ImageName in the spec

 volumeAttributes:
        clusterID: rook-ceph
        imageFeatures: layering
        pool: replicapool
        staticVolume: "true"
      volumeHandle: static-image

[Madhu-1]

You can add a check for rbdPV.Spec.CSI.VolumeAttributes["pool"] !="" || rbdPV.Spec.CSI.VolumeAttributes["imageName"] != "" provide a better warning/error message.

[Madhu-1]

LGTM

[parth-gr]

can we keep this comment?

[subhamkrai]

it was mistake, restored, thanks

[parth-gr]

maybe we can add a function donotPrrovision and can move all this check there

[subhamkrai]

hmm, this is comparably very small function, I think we can keep in a single function.

[BlaineEXE]

I'm glad to see these changes are functionally pretty small. Only a few fairly minor comments

[Madhu-1]

LGTM