From f9a8dc565dadc1bf41110508a452223df56df312 Mon Sep 17 00:00:00 2001 From: Shanmugapriya M <97021994+spriya-m@users.noreply.github.com> Date: Thu, 24 Feb 2022 16:06:47 +0530 Subject: [PATCH 1/4] Documentation update for POSIX and NFSv4 ACLs support (#147) --- content/docs/csidriver/features/powerstore.md | 26 +++++++++++++++++++ .../csidriver/installation/helm/powerstore.md | 4 +-- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index 291499bb25..96cc564bcc 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -576,6 +576,32 @@ parameters: > The 1.4 version and later of the driver also enables any container user, to have full access to provisioned NFS volume, in earlier versions only `root` user had access + +## POSIX and NFSv4 ACLs + +CSI PowerStore driver version 2.2.0 and later allows users to set user-defined permissions on NFS target mount directory using POSIX mode bits or NFSv4 ACLs. + +NFSv4 ACLs are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Please ensure the order when providing the NFSv4 ACLs. + +To use this feature, provide permissions in `nfsAcls` parameter in values.yaml, secrets or NFS storage class. + +For example: + +1. POSIX mode bits + +```yaml +nfsAcls: "0755" +``` + +2. NFSv4 ACLs + +```yaml +nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@domain.com:rxtncy" +``` + +If no values are specified, default value of "0777" is set. + + ## Dynamic Logging Configuration This feature is introduced in CSI Driver for PowerStore version 2.0.0. diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index e60827d549..40283a5942 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -141,8 +141,8 @@ CRDs should be configured during replication prepare stage with repctl as descri - *isDefault*: defines if we should treat the current array as a default. - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). - *nasName*: defines what NAS should be used for NFS volumes. - - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. - NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only. + - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. + NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only . Add more blocks similar to above for each PowerStore array if necessary. 5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` From c8100b839957d6b0efe3586f99739b3795787467 Mon Sep 17 00:00:00 2001 From: Francis Nijay Date: Fri, 25 Feb 2022 11:43:29 +0530 Subject: [PATCH 2/4] Added documentation for NVMeTCP for Powerstore (#154) Co-authored-by: shanmydell <82038610+shanmydell@users.noreply.github.com> --- content/docs/csidriver/features/powerstore.md | 13 +++++++++++++ .../docs/csidriver/installation/helm/powerstore.md | 2 +- .../csidriver/installation/operator/powerstore.md | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index 96cc564bcc..1b0ef9654d 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -688,3 +688,16 @@ nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@doma ``` >Note: If no values are specified, default value of "0777" will be set. + +## NVMe/TCP Support + +CSI Driver for Dell Powerstore 2.2.0 and above supports NVMe/TCP provisioning. To enable NVMe/TCP provisioning, blockProtocol on secret should be specified as `NVMeTCP`. In case blockProtocol is specified as `auto`, the driver will be able to find the initiators on the host and choose the protocol accordingly. If the host has multiple protocols enabled, then FC gets the highest priority followed by iSCSI and then NVMeTCP. + +Prerequisites + +1. The driver requires NVMe management command-line interface (nvme-cli) to use configure, edit, view or start the NVMe client and target. The nvme-cli utility provides a command-line and interactive shell option. The NVMe CLI tool is installed in the host using the below command. +`sudo apt install nvme-cli` + +2. Modules including the nvme, nvme_core, nvme_fabrics, and nvme_tcp are required for using NVMe over Fabrics using TCP. Load the NVMe and NVMe-OF Modules using the below commands. +```modprobe nvme + modprobe nvme-tcp``` diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index 40283a5942..708c53af82 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -139,7 +139,7 @@ CRDs should be configured during replication prepare stage with repctl as descri - *username*, *password*: defines credentials for connecting to array. - *skipCertificateValidation*: defines if we should use insecure connection or not. - *isDefault*: defines if we should treat the current array as a default. - - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). + - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, NVMeTCP, None, or auto). - *nasName*: defines what NAS should be used for NFS volumes. - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only . diff --git a/content/docs/csidriver/installation/operator/powerstore.md b/content/docs/csidriver/installation/operator/powerstore.md index 6fc98a126e..2d68a940de 100644 --- a/content/docs/csidriver/installation/operator/powerstore.md +++ b/content/docs/csidriver/installation/operator/powerstore.md @@ -30,7 +30,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c password: "password" # password for connecting to API skipCertificateValidation: true # indicates if client side validation of (management)server's certificate can be skipped isDefault: true # treat current array as a default (would be used by storage classes without arrayID parameter) - blockProtocol: "auto" # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto) + blockProtocol: "auto" # what SCSI transport protocol use on node side (FC, ISCSI, NVMeTCP, None, or auto) nasName: "nas-server" # what NAS should be used for NFS volumes ``` Change the parameters with relevant values for your PowerStore array. From e62e39992f47de598f2ee18ac309632f2f95385e Mon Sep 17 00:00:00 2001 From: NITESH_REWATKAR Date: Fri, 25 Feb 2022 15:18:24 +0530 Subject: [PATCH 3/4] fsgroupolicy changes for powerscale --- content/docs/csidriver/features/powerscale.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/content/docs/csidriver/features/powerscale.md b/content/docs/csidriver/features/powerscale.md index 0a82876765..ac23a47d4b 100644 --- a/content/docs/csidriver/features/powerscale.md +++ b/content/docs/csidriver/features/powerscale.md @@ -565,3 +565,19 @@ When this feature is enabled, the existing `ReadWriteOnce(RWO)` access mode rest To migrate existing PersistentVolumes to use `ReadWriteOncePod`, please follow the instruction from [here](https://kubernetes.io/blog/2021/09/13/read-write-once-pod-access-mode-alpha/#migrating-existing-persistentvolumes). +## FSGroupPolicy + +FSGroupPolicy is made configurable via CSI Driver for Dell EMC PowerScale 2.2.0 and above, supports modifying a volume's ownership or permissions when the volume is being mounted. + +It supports three different modes: +- ReadWriteOnceWithFSType +- File +- None + +ReadWriteOnceWithFSType: Volume ownership and permissions should be modified to match the pod's security policy only if the "fsType" is defined and the persistent volume's accessModes contains "ReadWriteOnce". +File: Volume ownership and permissions change supported via CSI Driver and kubernetes may use fsGroup to change permissions and ownership of the volume to match user requested fsGroup in the pod's SecurityPolicy regardless of the fsType or access mode. +None: CSI Driver doesn't support these operations and volume will be mounted with no modifications. + +fsGroupPolicy will be default to "ReadWriteOnceWithFSType", keeping the previous behavior. + +Note: FSGroupPolicy may not work as expected with "root_squash", to get the desired behavior "no_root_squash" has to be enabled. \ No newline at end of file From 82ee66bf5c4dabd8855757b29c7a1704a30428d4 Mon Sep 17 00:00:00 2001 From: NITESH_REWATKAR Date: Fri, 25 Feb 2022 16:30:06 +0530 Subject: [PATCH 4/4] added some more notes --- content/docs/csidriver/features/powerscale.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/docs/csidriver/features/powerscale.md b/content/docs/csidriver/features/powerscale.md index ac23a47d4b..e9b8979845 100644 --- a/content/docs/csidriver/features/powerscale.md +++ b/content/docs/csidriver/features/powerscale.md @@ -580,4 +580,6 @@ None: CSI Driver doesn't support these operations and volume will be mounted wit fsGroupPolicy will be default to "ReadWriteOnceWithFSType", keeping the previous behavior. -Note: FSGroupPolicy may not work as expected with "root_squash", to get the desired behavior "no_root_squash" has to be enabled. \ No newline at end of file +Note: +1. Volume ownership and permissions change would be taken care by kubernetes based on the FSGroupPolicy mode set in the CSI Driver. [here](https://kubernetes-csi.github.io/docs/support-fsgroup.html#csi-volume-fsgroup-policy). +2. FSGroupPolicy may not work as expected with "root_squash", to get the desired behavior "no_root_squash" has to be enabled. \ No newline at end of file