Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

csi: default to ReadWriteOnceWithFSType for cephfs #9729

Merged
merged 1 commit into from Feb 25, 2022
Merged

csi: default to ReadWriteOnceWithFSType for cephfs #9729

merged 1 commit into from Feb 25, 2022

Conversation

humblec
Copy link
Contributor

@humblec humblec commented Feb 11, 2022 

ReadWriteOnceWithFSType: Indicates that volumes will be examined
to determine if volume ownership and permissions should be modified
to match the pod's security policy. Changes will only occur if the
fsType is defined and the persistent volume's accessModes contains
ReadWriteOnce.

In between considering we are giving 0777 permission on nodestage
of cephfs shares, we defaulted to NONE. However giving worldwide
permission to the volume is not the right thing and it has been
fixed in cephfs via ceph/ceph-csi#2847

This commit brings it back to the value which is also in parity
with RBD driver.

Signed-off-by: Humble Chirammal hchiramm@redhat.com

Description of your changes:

Which issue is resolved by this Pull Request:
Resolves #

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
  • Skip Tests for Docs: Add the flag for skipping the build if this is only a documentation change. See here for the flag.
  • Skip Unrelated Tests: Add a flag to run tests for a specific storage provider. See test options.
  • Reviewed the developer guide on Submitting a Pull Request
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.
  • Pending release notes updated with breaking and/or notable changes, if necessary.
  • Upgrade from previous release is tested and upgrade user guide is updated, if necessary.
  • Code generation (make codegen) has been run to update object specifications, if necessary.

@humblec
Copy link
Contributor Author

humblec commented Feb 11, 2022

Cc @travisn @leseb

Madhu-1
Madhu-1 requested changes Feb 11, 2022
View reviewed changes
Copy link
Member

@Madhu-1 Madhu-1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need change at below places

https://github.com/rook/rook/blob/master/deploy/examples/operator.yaml#L71
https://github.com/rook/rook/blob/master/deploy/examples/operator-openshift.yaml#L153

Do we need documentation to change this value in upgraded clusters?

@humblec
csi: default to ReadWriteOnceWithFSType for cephfs
6561bda 
```
ReadWriteOnceWithFSType: Indicates that volumes will be examined
to determine if volume ownership and permissions should be modified
to match the pod's security policy. Changes will only occur if the
fsType is defined and the persistent volume's accessModes contains
ReadWriteOnce.
```

In between considering we are giving 0777 permission on nodestage
of cephfs shares, we defaulted to NONE. However giving worldwide
permission to the volume is not the right thing and it has been
fixed in cephfs via ceph/ceph-csi#2847

This commit brings it back to the value which is also in parity
with RBD driver.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
@humblec
Copy link
Contributor Author

humblec commented Feb 11, 2022

Do we need documentation to change this value in upgraded clusters?

Considering the changes are opt in and out as always, we dont need to ask the users I believe.

@humblec humblec requested a review from Madhu-1 February 11, 2022 11:57
@humblec
Copy link
Contributor Author

humblec commented Feb 14, 2022

@Madhu-1 can you revisit the PR?

@humblec
Copy link
Contributor Author

humblec commented Feb 14, 2022

@leseb @travisn ptal.. thanks,

@travisn
Copy link
Member

travisn commented Feb 14, 2022

@humblec

  • Should this only be merged after we pick up the next CSI release with the related fix?
  • If someone doesn't use the CSI release with the related fix, is there any concern? Or the new default is ok either way.

@humblec
Copy link
Contributor Author

humblec commented Feb 25, 2022

@humblec

* Should this only be merged after we pick up the next CSI release with the related fix?

* If someone doesn't use the CSI release with the related fix, is there any concern? Or the new default is ok either way.

Yeah, afaict, it should be fine to pick the change even in absence of CSI fix @travisn

@travisn travisn merged commit ba165ec into rook:master Feb 25, 2022
@mergify mergify bot mentioned this pull request Feb 28, 2022
Merged
mergify bot added a commit that referenced this pull request Feb 28, 2022
@mergify
Merge pull request #9812 from rook/mergify/bp/release-1.8/pr-9729
380fa7c 
csi: default to ReadWriteOnceWithFSType for cephfs (backport #9729)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leseb leseb leseb approved these changes

@Madhu-1 Madhu-1 Madhu-1 approved these changes

Assignees
No one assigned
Labels
backport-release-1.8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@humblec @travisn @leseb @Madhu-1