-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE-1051] Handle Kubelet's Wrong CSI Call Inconsistent with Real Volume Status #1050
base: master
Are you sure you want to change the base?
Changes from all commits
5f071d6
2e6ab7f
fdc5970
a50a7f1
bfb1d98
1a77d43
d36e785
4376b10
c835b96
a3abfb9
af81d9a
7ecd953
330960f
5a36eea
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -353,10 +353,15 @@ | |
} | ||
|
||
currStatus := volumeCR.Spec.CSIStatus | ||
if currStatus == apiV1.Created { | ||
switch currStatus { | ||
case apiV1.Failed: | ||
ll.Warningf("Volume status: %s. Need to retry.", currStatus) | ||
case apiV1.Created: | ||
ll.Info("Volume has been already unstaged") | ||
return &csi.NodeUnstageVolumeResponse{}, nil | ||
} else if currStatus != apiV1.VolumeReady { | ||
case apiV1.VolumeReady: | ||
ll.Infof("Expected volume status: %s", currStatus) | ||
default: | ||
msg := fmt.Sprintf("current volume CR status - %s, expected to be in [%s, %s]", | ||
currStatus, apiV1.Created, apiV1.VolumeReady) | ||
ll.Error(msg) | ||
|
@@ -468,8 +473,9 @@ | |
} | ||
|
||
currStatus := volumeCR.Spec.CSIStatus | ||
// if currStatus not in [VolumeReady, Published] | ||
if currStatus != apiV1.VolumeReady && currStatus != apiV1.Published { | ||
if currStatus == apiV1.Failed { | ||
ll.Warningf("Volume status: %s. Need to retry.", currStatus) | ||
} else if currStatus != apiV1.VolumeReady && currStatus != apiV1.Published { | ||
msg := fmt.Sprintf("current volume CR status - %s, expected to be in [%s, %s]", | ||
currStatus, apiV1.VolumeReady, apiV1.Published) | ||
ll.Error(msg) | ||
|
@@ -488,6 +494,46 @@ | |
resp, errToReturn = nil, fmt.Errorf("failed to publish volume: fake attach error %s", err.Error()) | ||
} | ||
} else { | ||
// will check whether srcPath is mounted, if not, need to redo NodeStageVolume | ||
srcMounted, err := s.fsOps.IsMounted(srcPath) | ||
if err != nil { | ||
errMsg := fmt.Sprintf("execute IsMounted on %s with error: %s", srcPath, err.Error()) | ||
ll.Error(errMsg) | ||
return nil, fmt.Errorf("failed to publish volume: %s", errMsg) | ||
} | ||
if !srcMounted { | ||
ll.Warnf("staging path %s is not mounted! need to redo NodeStageVolume!", srcPath) | ||
nodeStageReq := &csi.NodeStageVolumeRequest{ | ||
VolumeId: volumeID, | ||
StagingTargetPath: req.GetStagingTargetPath(), | ||
VolumeCapability: req.GetVolumeCapability(), | ||
} | ||
|
||
// unlock volume to redo NodeStageVolume | ||
err := s.volMu.UnlockKey(req.GetVolumeId()) | ||
if err != nil { | ||
errMsg := fmt.Sprintf("unlock volume %s to redo NodeStageVolume with error: %s", volumeID, err.Error()) | ||
ll.Error(errMsg) | ||
return nil, fmt.Errorf("failed to publish volume: %s", errMsg) | ||
} | ||
nodeStageResp, err := s.NodeStageVolume(ctx, nodeStageReq) | ||
|
||
// re-lock the volume to proceed NodePublishVolume | ||
s.volMu.LockKey(req.GetVolumeId()) | ||
|
||
if nodeStageResp == nil && err != nil { | ||
errMsg := fmt.Sprintf("redo NodeStageVolume on volume %s with error: %s", volumeID, err.Error()) | ||
ll.Error(errMsg) | ||
return nil, fmt.Errorf("failed to publish volume: %s", errMsg) | ||
} | ||
|
||
// update the content of volume | ||
volumeCR, err = s.crHelper.GetVolumeByID(volumeID) | ||
if err != nil { | ||
return nil, status.Error(codes.Internal, fmt.Sprintf("unable to get updated volume %s", volumeID)) | ||
} | ||
} | ||
|
||
_, isBlock := req.GetVolumeCapability().GetAccessType().(*csi.VolumeCapability_Block) | ||
if err := s.fsOps.PrepareAndPerformMount(srcPath, dstPath, isBlock, !isBlock, mountOptions...); err != nil { | ||
ll.Errorf("Unable to mount volume: %v", err) | ||
|
@@ -554,8 +600,9 @@ | |
} | ||
|
||
currStatus := volumeCR.Spec.CSIStatus | ||
// if currStatus not in [VolumeReady, Published] | ||
if currStatus != apiV1.VolumeReady && currStatus != apiV1.Published { | ||
if currStatus == apiV1.Failed { | ||
ll.Warningf("Volume status: %s. Need to retry.", currStatus) | ||
} else if currStatus != apiV1.VolumeReady && currStatus != apiV1.Published { | ||
msg := fmt.Sprintf("current volume CR status - %s, expected to be in [%s, %s]", | ||
currStatus, apiV1.VolumeReady, apiV1.Published) | ||
ll.Error(msg) | ||
|
@@ -602,6 +649,9 @@ | |
volumeCR.Spec.Owners = owners | ||
if len(volumeCR.Spec.Owners) == 0 { | ||
volumeCR.Spec.CSIStatus = apiV1.VolumeReady | ||
} else { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. it seems this is not needed, the default state is Published in this function. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. because we will proceed on the failed volume now, here the set of status to Published is for Failed volume successfully unpublished and used by multiple pods. |
||
// ensure the Published status of volume in the successful processing | ||
volumeCR.Spec.CSIStatus = apiV1.Published | ||
} | ||
if updateErr := s.k8sClient.UpdateCR(ctxWithID, volumeCR); updateErr != nil { | ||
ll.Errorf("Unable to set volume CR status to VolumeReady: %v", updateErr) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am a little concerned about this process, as some mount logic(like global path setup) is done in kubelet. there redo nodeStage may not help in such case. do we have a test can prove that this will help in the failure case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The kubelet issued wrong CSI call NodePublishVolume in this case assumed that the volume's device global path's mountpoint has been successfully setup in some successful previous CSI call NodeStageVolume. But acutally the volume's device global path has been unmounted in the possible forceful node-removal and kubelet cannot successfully sync the volume's real status because of its continually-failed "orphan" pod's volume cleanup by calling CSI NodeUnpublish when CSI pods have not been intialized yet.
In spite of this, the device global path still exists there if the volume still exists in the most cases. Even though the device global path has also been removed in the worst case, CSI current logic can still create the device global path itself.
I will do the functional test on this code change to verify it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've similuated the scenario of volume's k8s global device mountpoint missing in my standalone test. This CSI defensive enhancement can work well as expected in the test.