From 99d48218d3cad0d0b399e941b0aa63895716b3a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20Wanzenb=C3=B6ck?= Date: Wed, 24 Jan 2024 16:10:09 +0100 Subject: [PATCH] set default acces policy for resources without replication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit if a user creates a resource without replication, it does not make sense to access it from anywhere but the local node. So we set the default access policy accordingly. Signed-off-by: Moritz Wanzenböck --- CHANGELOG.md | 4 ++++ go.mod | 1 + go.sum | 2 ++ pkg/volume/parameter.go | 22 +++++++++++++++------- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 89d2241..74f274b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Default access policy for resources without replication layer is now "local only". + ### Fixed - Do not try to create diskless resource if there is no compatible diskless layer (DRBD or NVMe) available. diff --git a/go.mod b/go.mod index 9196032..da50424 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,7 @@ require ( github.com/pborman/uuid v1.2.1 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 + golang.org/x/exp v0.0.0-20240119083558-1b970713d09a golang.org/x/sys v0.16.0 golang.org/x/time v0.5.0 google.golang.org/grpc v1.60.1 diff --git a/go.sum b/go.sum index 0071377..4982629 100644 --- a/go.sum +++ b/go.sum @@ -122,6 +122,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= +golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= diff --git a/pkg/volume/parameter.go b/pkg/volume/parameter.go index a7933a5..9b68ab8 100644 --- a/pkg/volume/parameter.go +++ b/pkg/volume/parameter.go @@ -11,6 +11,7 @@ import ( "github.com/LINBIT/golinstor/devicelayerkind" "github.com/pborman/uuid" log "github.com/sirupsen/logrus" + "golang.org/x/exp/slices" "github.com/piraeusdatastore/linstor-csi/pkg/linstor" "github.com/piraeusdatastore/linstor-csi/pkg/topology" @@ -108,13 +109,12 @@ var DefaultRemoteAccessPolicy = RemoteAccessPolicyAnywhere func NewParameters(params map[string]string, topologyPrefix string) (Parameters, error) { // set zero values p := Parameters{ - LayerList: []devicelayerkind.DeviceLayerKind{devicelayerkind.Drbd, devicelayerkind.Storage}, - PlacementCount: 1, - DisklessStoragePool: DefaultDisklessStoragePoolName, - Encryption: false, - PlacementPolicy: topology.AutoPlaceTopology, - AllowRemoteVolumeAccess: DefaultRemoteAccessPolicy, - Properties: make(map[string]string), + LayerList: []devicelayerkind.DeviceLayerKind{devicelayerkind.Drbd, devicelayerkind.Storage}, + PlacementCount: 1, + DisklessStoragePool: DefaultDisklessStoragePoolName, + Encryption: false, + PlacementPolicy: topology.AutoPlaceTopology, + Properties: make(map[string]string), } for k, v := range params { @@ -260,6 +260,14 @@ func NewParameters(params map[string]string, topologyPrefix string) (Parameters, p.ResourceGroup = "sc-" + uuid.NewSHA1(namespace, encoded).String() } + if p.AllowRemoteVolumeAccess == nil { + if slices.Contains(p.LayerList, devicelayerkind.Drbd) || slices.Contains(p.LayerList, devicelayerkind.Nvme) { + p.AllowRemoteVolumeAccess = DefaultRemoteAccessPolicy + } else { + p.AllowRemoteVolumeAccess = RemoteAccessPolicyLocalOnly + } + } + // User has manually configured deployments, ignore autoplacing options. if len(p.NodeList)+len(p.ClientList) != 0 { p.PlacementCount = 0