mirror of
https://github.com/TECHNOFAB11/zfs-localpv.git
synced 2025-12-12 06:20:11 +01:00
feat(ZFSPV): adding encryption in ZFSVolume CR (#6)
Adding support for enabling encryption using a custom key. Also, adding support to inherit the properties from ZPOOL which are not listed in the storage class, ZFS driver will not pass default values while creating the volume. Those properties will be inherited from the ZPOOL. we can use the encryption option in storage class ``` apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: openebs-zfspv allowVolumeExpansion: true parameters: blocksize: "4k" compression: "on" dedup: "on" thinprovision: "yes" encryption: "on" keyformat: "raw" keylocation: "file:///home/keys/key" poolname: "zfspv-pool" provisioner: openebs.io/zfs ``` Just a note, the key file should be mounted inside the node-agent container so that we can use that file while provisioning the volume. keyformat can be raw, hex or passphrase. Signed-off-by: Pawan <pawan@mayadata.io>
This commit is contained in:
Pawan Prakash Sharma
Kiran Mova
parent
cc6ff6c520
commit
0218dacea0
7 changed files with 288 additions and 68 deletions
|
|
@ -18,14 +18,18 @@ package zfs
|
|||
|
||||
import (
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
apis "github.com/openebs/zfs-localpv/pkg/apis/openebs.io/core/v1alpha1"
|
||||
"k8s.io/kubernetes/pkg/util/mount"
|
||||
)
|
||||
|
||||
const (
|
||||
ZFS_DEVPATH = "/dev/zvol/"
|
||||
ZFS_DEVPATH = "/dev/zvol/"
|
||||
ZFSVolCmd = "zfs"
|
||||
ZFSCreateArg = "create"
|
||||
ZFSDestroyArg = "destroy"
|
||||
ZFSSetArg = "set"
|
||||
)
|
||||
|
||||
func PropertyChanged(oldVol *apis.ZFSVolume, newVol *apis.ZFSVolume) bool {
|
||||
|
|
@ -34,38 +38,102 @@ func PropertyChanged(oldVol *apis.ZFSVolume, newVol *apis.ZFSVolume) bool {
|
|||
oldVol.Spec.Capacity != newVol.Spec.Capacity
|
||||
}
|
||||
|
||||
// builldVolumeCreateArgs returns zvol create command along with attributes as a string array
|
||||
func buildVolumeCreateArgs(vol *apis.ZFSVolume) []string {
|
||||
var ZFSVolCmd []string
|
||||
|
||||
zvol := vol.Spec.PoolName + "/" + vol.Name
|
||||
|
||||
ZFSVolCmd = append(ZFSVolCmd, ZFSCreateArg)
|
||||
|
||||
if vol.Spec.ThinProvision == "yes" {
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-s")
|
||||
}
|
||||
if len(vol.Spec.Capacity) != 0 {
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-V", vol.Spec.Capacity)
|
||||
}
|
||||
if len(vol.Spec.BlockSize) != 0 {
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-b", vol.Spec.BlockSize)
|
||||
}
|
||||
if len(vol.Spec.Dedup) != 0 {
|
||||
dedupProperty := "dedup=" + vol.Spec.Dedup
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-o", dedupProperty)
|
||||
}
|
||||
if len(vol.Spec.Compression) != 0 {
|
||||
compressionProperty := "compression=" + vol.Spec.Compression
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-o", compressionProperty)
|
||||
}
|
||||
if len(vol.Spec.Encryption) != 0 {
|
||||
encryptionProperty := "encryption=" + vol.Spec.Encryption
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-o", encryptionProperty)
|
||||
}
|
||||
if len(vol.Spec.KeyLocation) != 0 {
|
||||
keyLocation := "keylocation=" + vol.Spec.KeyLocation
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-o", keyLocation)
|
||||
}
|
||||
if len(vol.Spec.KeyFormat) != 0 {
|
||||
keyFormat := "keyformat=" + vol.Spec.KeyFormat
|
||||
ZFSVolCmd = append(ZFSVolCmd, "-o", keyFormat)
|
||||
}
|
||||
|
||||
ZFSVolCmd = append(ZFSVolCmd, zvol)
|
||||
|
||||
return ZFSVolCmd
|
||||
}
|
||||
|
||||
// builldVolumeSetArgs returns zvol set command along with attributes as a string array
|
||||
// TODO(pawan) need to find a way to identify which property has changed
|
||||
func buildVolumeSetArgs(vol *apis.ZFSVolume) []string {
|
||||
var ZFSVolCmd []string
|
||||
|
||||
zvol := vol.Spec.PoolName + "/" + vol.Name
|
||||
|
||||
ZFSVolCmd = append(ZFSVolCmd, ZFSSetArg)
|
||||
|
||||
if len(vol.Spec.Capacity) != 0 {
|
||||
volsize := "volsize=" + vol.Spec.Capacity
|
||||
ZFSVolCmd = append(ZFSVolCmd, volsize)
|
||||
}
|
||||
if len(vol.Spec.Dedup) != 0 {
|
||||
dedupProperty := "dedup=" + vol.Spec.Dedup
|
||||
ZFSVolCmd = append(ZFSVolCmd, dedupProperty)
|
||||
}
|
||||
if len(vol.Spec.Compression) != 0 {
|
||||
compressionProperty := "compression=" + vol.Spec.Compression
|
||||
ZFSVolCmd = append(ZFSVolCmd, compressionProperty)
|
||||
}
|
||||
|
||||
ZFSVolCmd = append(ZFSVolCmd, zvol)
|
||||
|
||||
return ZFSVolCmd
|
||||
}
|
||||
|
||||
// builldVolumeDestroyArgs returns zvol destroy command along with attributes as a string array
|
||||
func buildVolumeDestroyArgs(vol *apis.ZFSVolume) []string {
|
||||
var ZFSVolCmd []string
|
||||
|
||||
zvol := vol.Spec.PoolName + "/" + vol.Name
|
||||
|
||||
ZFSVolCmd = append(ZFSVolCmd, ZFSDestroyArg, "-R", zvol)
|
||||
|
||||
return ZFSVolCmd
|
||||
}
|
||||
|
||||
// createZvol creates the zvol and returns the corresponding diskPath
|
||||
// of the volume which gets created on the node
|
||||
func createZvol(vol *apis.ZFSVolume) (string, error) {
|
||||
var out []byte
|
||||
zvol := vol.Spec.PoolName + "/" + vol.Name
|
||||
devicePath := ZFS_DEVPATH + zvol
|
||||
|
||||
if _, err := os.Stat(devicePath); os.IsNotExist(err) {
|
||||
if vol.Spec.ThinProvision == "yes" {
|
||||
out, err = mount.NewOsExec().Run(
|
||||
"zfs", "create",
|
||||
"-s",
|
||||
"-V", vol.Spec.Capacity,
|
||||
"-b", vol.Spec.BlockSize,
|
||||
"-o", "compression="+vol.Spec.Compression,
|
||||
"-o", "dedup="+vol.Spec.Dedup,
|
||||
zvol,
|
||||
)
|
||||
} else {
|
||||
out, err = mount.NewOsExec().Run(
|
||||
"zfs", "create",
|
||||
"-V", vol.Spec.Capacity,
|
||||
"-b", vol.Spec.BlockSize,
|
||||
"-o", "compression="+vol.Spec.Compression,
|
||||
"-o", "dedup="+vol.Spec.Dedup,
|
||||
zvol,
|
||||
)
|
||||
}
|
||||
|
||||
args := buildVolumeCreateArgs(vol)
|
||||
cmd := exec.Command(ZFSVolCmd, args...)
|
||||
out, err := cmd.CombinedOutput()
|
||||
|
||||
if err != nil {
|
||||
logrus.Errorf(
|
||||
"zfs: could not create zvol %v vol %v error: %s", zvol, vol, string(out),
|
||||
"zfs: could not create zvol %v cmd %v error: %s", zvol, args, string(out),
|
||||
)
|
||||
return "", err
|
||||
}
|
||||
|
|
@ -81,24 +149,18 @@ func createZvol(vol *apis.ZFSVolume) (string, error) {
|
|||
|
||||
// SetZvolProp sets the zvol property
|
||||
func SetZvolProp(vol *apis.ZFSVolume) error {
|
||||
var out []byte
|
||||
var err error
|
||||
zvol := vol.Spec.PoolName + "/" + vol.Name
|
||||
devicePath := ZFS_DEVPATH + zvol
|
||||
|
||||
if _, err = os.Stat(devicePath); err == nil {
|
||||
// TODO(pawan) need to find a way to identify
|
||||
// which property has changed
|
||||
out, err = mount.NewOsExec().Run(
|
||||
"zfs", "set",
|
||||
"volsize="+vol.Spec.Capacity,
|
||||
"compression="+vol.Spec.Compression,
|
||||
"dedup="+vol.Spec.Dedup,
|
||||
zvol,
|
||||
)
|
||||
args := buildVolumeSetArgs(vol)
|
||||
cmd := exec.Command(ZFSVolCmd, args...)
|
||||
out, err := cmd.CombinedOutput()
|
||||
|
||||
if err != nil {
|
||||
logrus.Errorf(
|
||||
"zfs: could not set property on zvol %v vol %v error: %s", zvol, vol, string(out),
|
||||
"zfs: could not set property on zvol %v cmd %v error: %s", zvol, args, string(out),
|
||||
)
|
||||
return err
|
||||
}
|
||||
|
|
@ -110,19 +172,17 @@ func SetZvolProp(vol *apis.ZFSVolume) error {
|
|||
|
||||
// DestroyZvol deletes the zvol
|
||||
func DestroyZvol(vol *apis.ZFSVolume) error {
|
||||
var out []byte
|
||||
zvol := vol.Spec.PoolName + "/" + vol.Name
|
||||
devicePath := ZFS_DEVPATH + zvol
|
||||
|
||||
if _, err := os.Stat(devicePath); err == nil {
|
||||
out, err = mount.NewOsExec().Run(
|
||||
"zfs", "destroy",
|
||||
"-R",
|
||||
zvol,
|
||||
)
|
||||
args := buildVolumeDestroyArgs(vol)
|
||||
cmd := exec.Command(ZFSVolCmd, args...)
|
||||
out, err := cmd.CombinedOutput()
|
||||
|
||||
if err != nil {
|
||||
logrus.Errorf(
|
||||
"zfs: could not destroy zvol %v vol %v error: %s", zvol, vol, string(out),
|
||||
"zfs: could not destroy zvol %v cmd %v error: %s", zvol, args, string(out),
|
||||
)
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue