diff --git a/pkg/volume/awsebs/aws_ebs.go b/pkg/volume/awsebs/aws_ebs.go index 2d3d459c0ea..ff5c0ab46ec 100644 --- a/pkg/volume/awsebs/aws_ebs.go +++ b/pkg/volume/awsebs/aws_ebs.go @@ -399,7 +399,7 @@ func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, mounterArgs volume.Mou options = append(options, "ro") } mountOptions := util.JoinMountOptions(options, b.mountOptions) - err = b.mounter.Mount(globalPDPath, dir, "", mountOptions) + err = b.mounter.MountSensitiveWithoutSystemd(globalPDPath, dir, "", mountOptions, nil) if err != nil { notMnt, mntErr := b.mounter.IsLikelyNotMountPoint(dir) if mntErr != nil { diff --git a/pkg/volume/azure_file/azure_file.go b/pkg/volume/azure_file/azure_file.go index 456112f205d..4b77a447f4b 100644 --- a/pkg/volume/azure_file/azure_file.go +++ b/pkg/volume/azure_file/azure_file.go @@ -305,7 +305,7 @@ func (b *azureFileMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e mountComplete := false err = wait.PollImmediate(1*time.Second, 2*time.Minute, func() (bool, error) { - err := b.mounter.MountSensitive(source, dir, "cifs", mountOptions, sensitiveMountOptions) + err := b.mounter.MountSensitiveWithoutSystemd(source, dir, "cifs", mountOptions, sensitiveMountOptions) mountComplete = true return true, err }) diff --git a/pkg/volume/azuredd/azure_mounter.go b/pkg/volume/azuredd/azure_mounter.go index d4c2a6b80a2..b71448fd932 100644 --- a/pkg/volume/azuredd/azure_mounter.go +++ b/pkg/volume/azuredd/azure_mounter.go @@ -131,7 +131,7 @@ func (m *azureDiskMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e return err } - mountErr := mounter.Mount(globalPDPath, dir, *volumeSource.FSType, options) + mountErr := mounter.MountSensitiveWithoutSystemd(globalPDPath, dir, *volumeSource.FSType, options, nil) // Everything in the following control flow is meant as an // attempt cleanup a failed setupAt (bind mount) if mountErr != nil { diff --git a/pkg/volume/cinder/cinder.go b/pkg/volume/cinder/cinder.go index 1c95a21f53a..8247047d165 100644 --- a/pkg/volume/cinder/cinder.go +++ b/pkg/volume/cinder/cinder.go @@ -418,7 +418,7 @@ func (b *cinderVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs mountOptions := util.JoinMountOptions(options, b.mountOptions) // Perform a bind mount to the full path to allow duplicate mounts of the same PD. klog.V(4).Infof("Attempting to mount cinder volume %s to %s with options %v", b.pdName, dir, mountOptions) - err = b.mounter.Mount(globalPDPath, dir, "", options) + err = b.mounter.MountSensitiveWithoutSystemd(globalPDPath, dir, "", options, nil) if err != nil { klog.V(4).Infof("Mount failed: %v", err) notmnt, mntErr := b.mounter.IsLikelyNotMountPoint(dir) diff --git a/pkg/volume/cinder/cinder_test.go b/pkg/volume/cinder/cinder_test.go index ecbe2e5f038..1e6f5fa597f 100644 --- a/pkg/volume/cinder/cinder_test.go +++ b/pkg/volume/cinder/cinder_test.go @@ -96,7 +96,7 @@ func (fake *fakePDManager) AttachDisk(b *cinderVolumeMounter, globalPDPath strin } } if notmnt { - err = b.mounter.Mount(fakeDeviceName, globalPath, "", []string{"bind"}) + err = b.mounter.MountSensitiveWithoutSystemd(fakeDeviceName, globalPath, "", []string{"bind"}, nil) if err != nil { return err } diff --git a/pkg/volume/emptydir/empty_dir.go b/pkg/volume/emptydir/empty_dir.go index c46dcf83a6a..d619765c875 100644 --- a/pkg/volume/emptydir/empty_dir.go +++ b/pkg/volume/emptydir/empty_dir.go @@ -272,7 +272,7 @@ func (ed *emptyDir) setupTmpfs(dir string) error { } klog.V(3).Infof("pod %v: mounting tmpfs for volume %v", ed.pod.UID, ed.volName) - return ed.mounter.Mount("tmpfs", dir, "tmpfs", nil /* options */) + return ed.mounter.MountSensitiveWithoutSystemd("tmpfs", dir, "tmpfs", nil /* options */, nil) } // setupHugepages creates a hugepage mount at the specified directory. @@ -317,7 +317,7 @@ func (ed *emptyDir) setupHugepages(dir string) error { } klog.V(3).Infof("pod %v: mounting hugepages for volume %v", ed.pod.UID, ed.volName) - return ed.mounter.Mount("nodev", dir, "hugetlbfs", []string{pageSizeMountOption}) + return ed.mounter.MountSensitiveWithoutSystemd("nodev", dir, "hugetlbfs", []string{pageSizeMountOption}, nil) } // getPageSizeMountOption retrieves pageSize mount option from Pod's resources diff --git a/pkg/volume/fc/disk_manager.go b/pkg/volume/fc/disk_manager.go index dbcdd2cd033..328db7278fa 100644 --- a/pkg/volume/fc/disk_manager.go +++ b/pkg/volume/fc/disk_manager.go @@ -61,7 +61,7 @@ func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mou options = append(options, "ro") } mountOptions := util.JoinMountOptions(options, b.mountOptions) - err = mounter.Mount(globalPDPath, volPath, "", mountOptions) + err = mounter.MountSensitiveWithoutSystemd(globalPDPath, volPath, "", mountOptions, nil) if err != nil { klog.Errorf("Failed to bind mount: source:%s, target:%s, err:%v", globalPDPath, volPath, err) noMnt, mntErr := b.mounter.IsLikelyNotMountPoint(volPath) diff --git a/pkg/volume/flexvolume/util.go b/pkg/volume/flexvolume/util.go index 59e437a9018..b87127d63ab 100644 --- a/pkg/volume/flexvolume/util.go +++ b/pkg/volume/flexvolume/util.go @@ -140,7 +140,7 @@ func prepareForMount(mounter mount.Interface, deviceMountPath string) (bool, err // Mounts the device at the given path. // It is expected that prepareForMount has been called before. func doMount(mounter mount.Interface, devicePath, deviceMountPath, fsType string, options []string) error { - err := mounter.Mount(devicePath, deviceMountPath, fsType, options) + err := mounter.MountSensitiveWithoutSystemd(devicePath, deviceMountPath, fsType, options, nil) if err != nil { klog.Errorf("Failed to mount the volume at %s, device: %s, error: %s", deviceMountPath, devicePath, err.Error()) return err diff --git a/pkg/volume/flocker/flocker.go b/pkg/volume/flocker/flocker.go index d527be5cb9c..b34d78cf37f 100644 --- a/pkg/volume/flocker/flocker.go +++ b/pkg/volume/flocker/flocker.go @@ -332,7 +332,7 @@ func (b *flockerVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg globalFlockerPath := makeGlobalFlockerPath(datasetUUID) klog.V(4).Infof("attempting to mount %s", dir) - err = b.mounter.Mount(globalFlockerPath, dir, "", options) + err = b.mounter.MountSensitiveWithoutSystemd(globalFlockerPath, dir, "", options, nil) if err != nil { notMnt, mntErr := b.mounter.IsLikelyNotMountPoint(dir) if mntErr != nil { diff --git a/pkg/volume/gcepd/gce_pd.go b/pkg/volume/gcepd/gce_pd.go index 0743c2cb6d6..39fe43e3e84 100644 --- a/pkg/volume/gcepd/gce_pd.go +++ b/pkg/volume/gcepd/gce_pd.go @@ -401,7 +401,7 @@ func (b *gcePersistentDiskMounter) SetUpAt(dir string, mounterArgs volume.Mounte mountOptions := util.JoinMountOptions(b.mountOptions, options) - err = b.mounter.Mount(globalPDPath, dir, "", mountOptions) + err = b.mounter.MountSensitiveWithoutSystemd(globalPDPath, dir, "", mountOptions, nil) if err != nil { notMnt, mntErr := b.mounter.IsLikelyNotMountPoint(dir) if mntErr != nil { diff --git a/pkg/volume/iscsi/disk_manager.go b/pkg/volume/iscsi/disk_manager.go index 7ebc85d8563..48ed9168376 100644 --- a/pkg/volume/iscsi/disk_manager.go +++ b/pkg/volume/iscsi/disk_manager.go @@ -67,7 +67,7 @@ func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter } globalPDPath := manager.MakeGlobalPDName(*b.iscsiDisk) mountOptions := util.JoinMountOptions(b.mountOptions, options) - err = mounter.Mount(globalPDPath, volPath, "", mountOptions) + err = mounter.MountSensitiveWithoutSystemd(globalPDPath, volPath, "", mountOptions, nil) if err != nil { klog.Errorf("Failed to bind mount: source:%s, target:%s, err:%v", globalPDPath, volPath, err) noMnt, mntErr := b.mounter.IsLikelyNotMountPoint(volPath) diff --git a/pkg/volume/iscsi/iscsi_test.go b/pkg/volume/iscsi/iscsi_test.go index 476caafb0d3..23168b1c007 100644 --- a/pkg/volume/iscsi/iscsi_test.go +++ b/pkg/volume/iscsi/iscsi_test.go @@ -120,7 +120,7 @@ func (fake *fakeDiskManager) AttachDisk(b iscsiDiskMounter) (string, error) { } // Simulate the global mount so that the fakeMounter returns the // expected number of mounts for the attached disk. - b.mounter.Mount(globalPath, globalPath, b.fsType, nil) + b.mounter.MountSensitiveWithoutSystemd(globalPath, globalPath, b.fsType, nil, nil) return "/dev/sdb", nil } diff --git a/pkg/volume/local/local.go b/pkg/volume/local/local.go index b2c5fe7120e..2b558730705 100644 --- a/pkg/volume/local/local.go +++ b/pkg/volume/local/local.go @@ -534,7 +534,7 @@ func (m *localVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) klog.V(4).Infof("attempting to mount %s", dir) globalPath := util.MakeAbsolutePath(runtime.GOOS, m.globalPath) - err = m.mounter.Mount(globalPath, dir, "", mountOptions) + err = m.mounter.MountSensitiveWithoutSystemd(globalPath, dir, "", mountOptions, nil) if err != nil { klog.Errorf("Mount of volume %s failed: %v", dir, err) notMnt, mntErr := mount.IsNotMountPoint(m.mounter, dir) diff --git a/pkg/volume/nfs/nfs.go b/pkg/volume/nfs/nfs.go index 1daf5e952d8..38d5bda1cc5 100644 --- a/pkg/volume/nfs/nfs.go +++ b/pkg/volume/nfs/nfs.go @@ -259,7 +259,7 @@ func (nfsMounter *nfsMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs options = append(options, "ro") } mountOptions := util.JoinMountOptions(nfsMounter.mountOptions, options) - err = nfsMounter.mounter.Mount(source, dir, "nfs", mountOptions) + err = nfsMounter.mounter.MountSensitiveWithoutSystemd(source, dir, "nfs", mountOptions, nil) if err != nil { notMnt, mntErr := mount.IsNotMountPoint(nfsMounter.mounter, dir) if mntErr != nil { diff --git a/pkg/volume/quobyte/quobyte.go b/pkg/volume/quobyte/quobyte.go index 929639d8ad9..199b871b43e 100644 --- a/pkg/volume/quobyte/quobyte.go +++ b/pkg/volume/quobyte/quobyte.go @@ -259,7 +259,7 @@ func (mounter *quobyteMounter) SetUpAt(dir string, mounterArgs volume.MounterArg //if a trailing slash is missing we add it here mountOptions := util.JoinMountOptions(mounter.mountOptions, options) - if err := mounter.mounter.Mount(mounter.correctTraillingSlash(mounter.registry), dir, "quobyte", mountOptions); err != nil { + if err := mounter.mounter.MountSensitiveWithoutSystemd(mounter.correctTraillingSlash(mounter.registry), dir, "quobyte", mountOptions, nil); err != nil { return fmt.Errorf("quobyte: mount failed: %v", err) } diff --git a/pkg/volume/storageos/storageos.go b/pkg/volume/storageos/storageos.go index af4259b6d10..b5b9e796e8e 100644 --- a/pkg/volume/storageos/storageos.go +++ b/pkg/volume/storageos/storageos.go @@ -402,7 +402,7 @@ func (b *storageosMounter) SetUpAt(dir string, mounterArgs volume.MounterArgs) e globalPDPath := makeGlobalPDName(b.plugin.host, b.pvName, b.volNamespace, b.volName) klog.V(4).Infof("Attempting to bind mount to pod volume at %s", dir) - err = b.mounter.Mount(globalPDPath, dir, "", mountOptions) + err = b.mounter.MountSensitiveWithoutSystemd(globalPDPath, dir, "", mountOptions, nil) if err != nil { notMnt, mntErr := b.mounter.IsLikelyNotMountPoint(dir) if mntErr != nil { diff --git a/pkg/volume/util/subpath/subpath_linux.go b/pkg/volume/util/subpath/subpath_linux.go index b4595090dee..ef696d95a6b 100644 --- a/pkg/volume/util/subpath/subpath_linux.go +++ b/pkg/volume/util/subpath/subpath_linux.go @@ -210,7 +210,7 @@ func doBindSubPath(mounter mount.Interface, subpath Subpath) (hostPath string, e // Do the bind mount options := []string{"bind"} klog.V(5).Infof("bind mounting %q at %q", mountSource, bindPathTarget) - if err = mounter.Mount(mountSource, bindPathTarget, "" /*fstype*/, options); err != nil { + if err = mounter.MountSensitiveWithoutSystemd(mountSource, bindPathTarget, "" /*fstype*/, options, nil); err != nil { return "", fmt.Errorf("error mounting %s: %s", subpath.Path, err) } success = true diff --git a/pkg/volume/util/volumepathhandler/volume_path_handler.go b/pkg/volume/util/volumepathhandler/volume_path_handler.go index ce63b6a1bb4..e07f457aac3 100644 --- a/pkg/volume/util/volumepathhandler/volume_path_handler.go +++ b/pkg/volume/util/volumepathhandler/volume_path_handler.go @@ -141,7 +141,7 @@ func mapBindMountDevice(v VolumePathHandler, devicePath string, mapPath string, // Bind mount file mounter := &mount.SafeFormatAndMount{Interface: mount.New(""), Exec: utilexec.New()} - if err := mounter.Mount(devicePath, linkPath, "" /* fsType */, []string{"bind"}); err != nil { + if err := mounter.MountSensitiveWithoutSystemd(devicePath, linkPath, "" /* fsType */, []string{"bind"}, nil); err != nil { return fmt.Errorf("failed to bind mount devicePath: %s to linkPath %s: %v", devicePath, linkPath, err) } diff --git a/pkg/volume/vsphere_volume/vsphere_volume.go b/pkg/volume/vsphere_volume/vsphere_volume.go index 1b1b9d0e1f1..59c4e696264 100644 --- a/pkg/volume/vsphere_volume/vsphere_volume.go +++ b/pkg/volume/vsphere_volume/vsphere_volume.go @@ -253,7 +253,7 @@ func (b *vsphereVolumeMounter) SetUpAt(dir string, mounterArgs volume.MounterArg // Perform a bind mount to the full path to allow duplicate mounts of the same PD. globalPDPath := makeGlobalPDPath(b.plugin.host, b.volPath) mountOptions := util.JoinMountOptions(options, b.mountOptions) - err = b.mounter.Mount(globalPDPath, dir, "", mountOptions) + err = b.mounter.MountSensitiveWithoutSystemd(globalPDPath, dir, "", mountOptions, nil) if err != nil { notmnt, mntErr := b.mounter.IsLikelyNotMountPoint(dir) if mntErr != nil { diff --git a/staging/src/k8s.io/mount-utils/fake_mounter.go b/staging/src/k8s.io/mount-utils/fake_mounter.go index f48c2badba6..393ed043ba0 100644 --- a/staging/src/k8s.io/mount-utils/fake_mounter.go +++ b/staging/src/k8s.io/mount-utils/fake_mounter.go @@ -132,6 +132,10 @@ func (f *FakeMounter) MountSensitive(source string, target string, fstype string return nil } +func (f *FakeMounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { + return f.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) +} + // Unmount records the unmount event and updates the in-memory mount points for FakeMounter func (f *FakeMounter) Unmount(target string) error { f.mutex.Lock() diff --git a/staging/src/k8s.io/mount-utils/mount.go b/staging/src/k8s.io/mount-utils/mount.go index 2847da46bcc..c78cf13df91 100644 --- a/staging/src/k8s.io/mount-utils/mount.go +++ b/staging/src/k8s.io/mount-utils/mount.go @@ -46,6 +46,8 @@ type Interface interface { // method should be used by callers that pass sensitive material (like // passwords) as mount options. MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error + // MountSensitiveWithoutSystemd is the same as MountSensitive() but this method disable using systemd mount. + MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error // Unmount unmounts given target. Unmount(target string) error // List returns a list of all mounted filesystems. This can be large. diff --git a/staging/src/k8s.io/mount-utils/mount_linux.go b/staging/src/k8s.io/mount-utils/mount_linux.go index 10f046e86ba..c6984cd0b6e 100644 --- a/staging/src/k8s.io/mount-utils/mount_linux.go +++ b/staging/src/k8s.io/mount-utils/mount_linux.go @@ -83,11 +83,11 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri mounterPath := "" bind, bindOpts, bindRemountOpts, bindRemountOptsSensitive := MakeBindOptsSensitive(options, sensitiveOptions) if bind { - err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive) + err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, true) if err != nil { return err } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive) + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, true) } // The list of filesystems that require containerized mounter on GCI image cluster fsTypesNeedMounter := map[string]struct{}{ @@ -99,12 +99,37 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri if _, ok := fsTypesNeedMounter[fstype]; ok { mounterPath = mounter.mounterPath } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions) + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, true) +} + +// MountSensitiveWithoutSystemd is the same as MountSensitive() but disable using systemd mount. +func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { + mounterPath := "" + bind, bindOpts, bindRemountOpts, bindRemountOptsSensitive := MakeBindOptsSensitive(options, sensitiveOptions) + if bind { + err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, false) + if err != nil { + return err + } + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, false) + } + // The list of filesystems that require containerized mounter on GCI image cluster + fsTypesNeedMounter := map[string]struct{}{ + "nfs": {}, + "glusterfs": {}, + "ceph": {}, + "cifs": {}, + } + if _, ok := fsTypesNeedMounter[fstype]; ok { + mounterPath = mounter.mounterPath + } + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, false) } // doMount runs the mount command. mounterPath is the path to mounter binary if containerized mounter is used. // sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) -func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string) error { +// systemdMountRequired is an extension of option to decide whether uses systemd mount. +func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string, systemdMountRequired bool) error { mountArgs, mountArgsLogStr := MakeMountArgsSensitive(source, target, fstype, options, sensitiveOptions) if len(mounterPath) > 0 { mountArgs = append([]string{mountCmd}, mountArgs...) @@ -112,7 +137,7 @@ func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source stri mountCmd = mounterPath } - if mounter.withSystemd { + if mounter.withSystemd && systemdMountRequired { // Try to run mount via systemd-run --scope. This will escape the // service where kubelet runs and any fuse daemons will be started in a // specific scope. kubelet service than can be restarted without killing diff --git a/staging/src/k8s.io/mount-utils/mount_unsupported.go b/staging/src/k8s.io/mount-utils/mount_unsupported.go index 985edbe3d56..0e8e683ae3a 100644 --- a/staging/src/k8s.io/mount-utils/mount_unsupported.go +++ b/staging/src/k8s.io/mount-utils/mount_unsupported.go @@ -43,11 +43,16 @@ func (mounter *Mounter) Mount(source string, target string, fstype string, optio return errUnsupported } -// Mount always returns an error on unsupported platforms +// MountSensitive always returns an error on unsupported platforms func (mounter *Mounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { return errUnsupported } +// MountSensitiveWithoutSystemd always returns an error on unsupported platforms +func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { + return errUnsupported +} + // Unmount always returns an error on unsupported platforms func (mounter *Mounter) Unmount(target string) error { return errUnsupported diff --git a/staging/src/k8s.io/mount-utils/mount_windows.go b/staging/src/k8s.io/mount-utils/mount_windows.go index 02df7099172..316bf15d7ee 100644 --- a/staging/src/k8s.io/mount-utils/mount_windows.go +++ b/staging/src/k8s.io/mount-utils/mount_windows.go @@ -54,6 +54,12 @@ func (mounter *Mounter) Mount(source string, target string, fstype string, optio return mounter.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) } +// MountSensitiveWithoutSystemd is the same as MountSensitive() but disable using ssytemd mount. +// Windows not supported systemd mount, this function degrades to MountSensitive(). +func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { + return mounter.MountSensitive(source, target, fstype, options, sensitiveOptions /* sensitiveOptions */) +} + // MountSensitive is the same as Mount() but this method allows // sensitiveOptions to be passed in a separate parameter from the normal // mount options and ensures the sensitiveOptions are never logged. This