Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rbd: use blocklist range cmd, fallback if it fails #3385

Merged
merged 1 commit into from
Sep 13, 2022
Merged

rbd: use blocklist range cmd, fallback if it fails #3385

merged 1 commit into from
Sep 13, 2022

Conversation

Rakshith-R
Copy link
Contributor

This commit adds blocklist range cmd feature,
while fallbacks to old blocklist one ip at a
time if the cmd is invalid(not available).

Signed-off-by: Rakshith R [email protected]

I0913 11:56:29.787215       1 utils.go:195] ID: 21 GRPC call: /fence.FenceController/UnfenceClusterNetwork
I0913 11:56:29.788168       1 utils.go:206] ID: 21 GRPC request: {"cidrs":[{"cidr":"10.90.89.66/32"}],"parameters":{"clusterID":"rook-ceph"},"secrets":"***stripped***"}
I0913 11:56:31.335384       1 cephcmds.go:105] ID: 21 command succeeded: ceph [osd blocklist range rm 10.90.89.66/32 --id csi-rbd-provisioner --keyfile=***stripped*** -m 10.99.96.253:6789]
I0913 11:56:31.335467       1 fencing.go:189] ID: 21 unblocked IP "10.90.89.66/32" successfully
I0913 11:56:31.336029       1 utils.go:212] ID: 21 GRPC response: {}
I0913 11:56:52.346352       1 utils.go:195] ID: 22 GRPC call: /fence.FenceController/FenceClusterNetwork
I0913 11:56:52.346578       1 utils.go:206] ID: 22 GRPC request: {"cidrs":[{"cidr":"10.90.89.66/32"}],"parameters":{"clusterID":"rook-ceph"},"secrets":"***stripped***"}
I0913 11:56:53.821075       1 cephcmds.go:105] ID: 22 command succeeded: ceph [osd blocklist range add 10.90.89.66/32 157784760 --id csi-rbd-provisioner --keyfile=***stripped*** -m 10.99.96.253:6789]
I0913 11:56:53.821230       1 fencing.go:91] ID: 22 blocklisted IP "10.90.89.66/32" successfully
I0913 11:56:53.822079       1 utils.go:212] ID: 22 GRPC response: {}

@mergify mergify bot added the component/rbd Issues related to RBD label Sep 13, 2022
@Rakshith-R Rakshith-R requested review from Madhu-1, nixpanic and a team September 13, 2022 12:05
Madhu-1
Madhu-1 requested changes Sep 13, 2022
View reviewed changes
internal/csi-addons/networkfence/fencing.go Outdated
// iterating through IP range.
err := nf.addCephBlocklist(ctx, cidr, true)
if err == nil {
return nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should not return here its for loop.

internal/csi-addons/networkfence/fencing.go Outdated
// iterating through IP range.
err := nf.removeCephBlocklist(ctx, cidr, true)
if err == nil {
return nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

continue instead of return

internal/csi-addons/networkfence/fencing.go Outdated
return nil
}
if !strings.Contains(err.Error(), "invalid command") {
return fmt.Errorf("failed to blocklist range rm %q: %w", cidr, err)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return fmt.Errorf("failed to blocklist range rm %q: %w", cidr, err)
return fmt.Errorf("failed to remove blocklist range %q: %w", cidr, err)

internal/csi-addons/networkfence/fencing.go Outdated
if !strings.Contains(err.Error(), "invalid command") {
return fmt.Errorf("failed to blocklist range rm %q: %w", cidr, err)
}
log.DebugLog(ctx, "failed to use blocklist range cmd, falling back to single ip blocklisting: %s", err)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove debug log

internal/csi-addons/networkfence/fencing.go Outdated
return nil
}
if !strings.Contains(err.Error(), "invalid command") {
return fmt.Errorf("failed to blocklist range add %q: %w", cidr, err)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return fmt.Errorf("failed to blocklist range add %q: %w", cidr, err)
return fmt.Errorf("failed to add blocklist range %q: %w", cidr, err)

nixpanic
nixpanic reviewed Sep 13, 2022
View reviewed changes
internal/csi-addons/networkfence/fencing.go Outdated
@@ -93,6 +98,16 @@ func (nf *NetworkFence) addCephBlocklist(ctx context.Context, ip string) error {
func (nf *NetworkFence) AddNetworkFence(ctx context.Context) error {
// for each CIDR block, convert it into a range of IPs so as to perform blocklisting operation.
for _, cidr := range nf.Cidr {
// try range blocklist cmd, if invalid fallback to
// iterating through IP range.
err := nf.addCephBlocklist(ctx, cidr, true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you move this to a helper and use a NetworkFence.hasBlocklistRange bool? No need to pass it around that way, and it will only be tried once for the cidr in nf.Cidr.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made modifications so we only check fail with invalid command in the first iteration.

@Rakshith-R Rakshith-R force-pushed the add-cidr-range branch 2 times, most recently from 4b06c7b to 082dba4 Compare September 13, 2022 12:29
Madhu-1
Madhu-1 reviewed Sep 13, 2022
View reviewed changes
internal/csi-addons/networkfence/fencing.go
// try range blocklist cmd, if invalid fallback to
// iterating through IP range.
if hasBlocklistRangeSupport {
err := nf.addCephBlocklist(ctx, cidr, true)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of true and false pass hasBlocklistRangeSupport

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pass it where ?

We would still need to parse and loop through the range in this layer.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of passing true to addCephBlocklist pass hasBlocklistRangeSupport

Madhu-1
Madhu-1 reviewed Sep 13, 2022
View reviewed changes
internal/csi-addons/networkfence/fencing.go Outdated
if err == nil {
continue
}
if !strings.Contains(err.Error(), "invalid command") {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

define const of invalid command

@Madhu-1
Copy link
Collaborator

Madhu-1 commented Sep 13, 2022

@Rakshith-R planning to backport this to 3.7?

@Rakshith-R
rbd: use blocklist range cmd, fallback if it fails
3a5f29d 
This commit adds blocklist range cmd feature,
while fallbacks to old blocklist one ip at a
time if the cmd is invalid(not available).

Signed-off-by: Rakshith R <[email protected]>
@Rakshith-R
Copy link
Contributor Author

@Rakshith-R planning to backport this to 3.7?

yes

@Rakshith-R Rakshith-R requested a review from Madhu-1 September 13, 2022 12:39
@Rakshith-R Rakshith-R mentioned this pull request Sep 13, 2022
Closed
@Rakshith-R Rakshith-R added the ci/skip/e2e skip running e2e CI jobs label Sep 13, 2022
@Rakshith-R
Copy link
Contributor Author

/retest all

skipping e2e, since we dont have any for networkfence

@Rakshith-R
Copy link
Contributor Author

/retest all

@mergify mergify bot merged commit a57859d into ceph:devel Sep 13, 2022
@mergify mergify bot mentioned this pull request Sep 13, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Madhu-1 Madhu-1 Madhu-1 approved these changes

@yati1998 yati1998 yati1998 approved these changes

@nixpanic nixpanic Awaiting requested review from nixpanic

Assignees
No one assigned
Labels
ci/skip/e2e skip running e2e CI jobs component/rbd Issues related to RBD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Rakshith-R @Madhu-1 @nixpanic @yati1998