Merge pull request #37122 from childsb/revert_gid

Automatic merge from submit-queue

Revert "Use Gid when provisioning Gluster Volumes."

On further inspection the design in #35460 was not secure enough.  This PR reverts the change. 

This reverts commit 7a0d219d12.
This commit is contained in:
Kubernetes Submit Queue 2016-11-21 12:11:31 -08:00 committed by GitHub
commit a47614dd15
2 changed files with 4 additions and 15 deletions

View File

@ -29,7 +29,6 @@ go_library(
"//pkg/util/strings:go_default_library", "//pkg/util/strings:go_default_library",
"//pkg/volume:go_default_library", "//pkg/volume:go_default_library",
"//pkg/volume/util:go_default_library", "//pkg/volume/util:go_default_library",
"//pkg/volume/util/volumehelper:go_default_library",
"//vendor:github.com/golang/glog", "//vendor:github.com/golang/glog",
"//vendor:github.com/heketi/heketi/client/api/go-client", "//vendor:github.com/heketi/heketi/client/api/go-client",
"//vendor:github.com/heketi/heketi/pkg/glusterfs/api", "//vendor:github.com/heketi/heketi/pkg/glusterfs/api",

View File

@ -18,12 +18,9 @@ package glusterfs
import ( import (
"fmt" "fmt"
"math/rand"
"os" "os"
"path" "path"
"strconv"
dstrings "strings" dstrings "strings"
"time"
"github.com/golang/glog" "github.com/golang/glog"
gcli "github.com/heketi/heketi/client/api/go-client" gcli "github.com/heketi/heketi/client/api/go-client"
@ -38,7 +35,6 @@ import (
"k8s.io/kubernetes/pkg/util/strings" "k8s.io/kubernetes/pkg/util/strings"
"k8s.io/kubernetes/pkg/volume" "k8s.io/kubernetes/pkg/volume"
volutil "k8s.io/kubernetes/pkg/volume/util" volutil "k8s.io/kubernetes/pkg/volume/util"
"k8s.io/kubernetes/pkg/volume/util/volumehelper"
"runtime" "runtime"
) )
@ -64,8 +60,6 @@ const (
volPrefix = "vol_" volPrefix = "vol_"
dynamicEpSvcPrefix = "glusterfs-dynamic-" dynamicEpSvcPrefix = "glusterfs-dynamic-"
replicaCount = 3 replicaCount = 3
gidMax = 600000
gidMin = 2000
durabilityType = "replicate" durabilityType = "replicate"
secretKeyName = "key" // key name used in secret secretKeyName = "key" // key name used in secret
annGlusterURL = "glusterfs.kubernetes.io/url" annGlusterURL = "glusterfs.kubernetes.io/url"
@ -487,8 +481,6 @@ func (d *glusterfsVolumeDeleter) Delete() error {
func (r *glusterfsVolumeProvisioner) Provision() (*api.PersistentVolume, error) { func (r *glusterfsVolumeProvisioner) Provision() (*api.PersistentVolume, error) {
var err error var err error
var reqGid int64
gidRandomizer := rand.New(rand.NewSource(time.Now().UnixNano()))
if r.options.PVC.Spec.Selector != nil { if r.options.PVC.Spec.Selector != nil {
glog.V(4).Infof("glusterfs: not able to parse your claim Selector") glog.V(4).Infof("glusterfs: not able to parse your claim Selector")
return nil, fmt.Errorf("glusterfs: not able to parse your claim Selector") return nil, fmt.Errorf("glusterfs: not able to parse your claim Selector")
@ -500,9 +492,9 @@ func (r *glusterfsVolumeProvisioner) Provision() (*api.PersistentVolume, error)
return nil, err return nil, err
} }
r.provisioningConfig = *cfg r.provisioningConfig = *cfg
glog.V(4).Infof("glusterfs: creating volume with configuration %+v", r.provisioningConfig) glog.V(4).Infof("glusterfs: creating volume with configuration %+v", r.provisioningConfig)
reqGid = gidMin + gidRandomizer.Int63n(gidMax) glusterfs, sizeGB, err := r.CreateVolume()
glusterfs, sizeGB, err := r.CreateVolume(reqGid)
if err != nil { if err != nil {
glog.Errorf("glusterfs: create volume err: %v.", err) glog.Errorf("glusterfs: create volume err: %v.", err)
return nil, fmt.Errorf("glusterfs: create volume err: %v.", err) return nil, fmt.Errorf("glusterfs: create volume err: %v.", err)
@ -514,15 +506,13 @@ func (r *glusterfsVolumeProvisioner) Provision() (*api.PersistentVolume, error)
if len(pv.Spec.AccessModes) == 0 { if len(pv.Spec.AccessModes) == 0 {
pv.Spec.AccessModes = r.plugin.GetAccessModes() pv.Spec.AccessModes = r.plugin.GetAccessModes()
} }
sGid := strconv.FormatInt(reqGid, 10)
pv.Annotations = map[string]string{volumehelper.VolumeGidAnnotationKey: sGid}
pv.Spec.Capacity = api.ResourceList{ pv.Spec.Capacity = api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse(fmt.Sprintf("%dGi", sizeGB)), api.ResourceName(api.ResourceStorage): resource.MustParse(fmt.Sprintf("%dGi", sizeGB)),
} }
return pv, nil return pv, nil
} }
func (p *glusterfsVolumeProvisioner) CreateVolume(reqGid int64) (r *api.GlusterfsVolumeSource, size int, err error) { func (p *glusterfsVolumeProvisioner) CreateVolume() (r *api.GlusterfsVolumeSource, size int, err error) {
capacity := p.options.PVC.Spec.Resources.Requests[api.ResourceName(api.ResourceStorage)] capacity := p.options.PVC.Spec.Resources.Requests[api.ResourceName(api.ResourceStorage)]
volSizeBytes := capacity.Value() volSizeBytes := capacity.Value()
sz := int(volume.RoundUpSize(volSizeBytes, 1024*1024*1024)) sz := int(volume.RoundUpSize(volSizeBytes, 1024*1024*1024))
@ -536,7 +526,7 @@ func (p *glusterfsVolumeProvisioner) CreateVolume(reqGid int64) (r *api.Glusterf
glog.Errorf("glusterfs: failed to create glusterfs rest client") glog.Errorf("glusterfs: failed to create glusterfs rest client")
return nil, 0, fmt.Errorf("failed to create glusterfs REST client, REST server authentication failed") return nil, 0, fmt.Errorf("failed to create glusterfs REST client, REST server authentication failed")
} }
volumeReq := &gapi.VolumeCreateRequest{Size: sz, Gid: reqGid, Durability: gapi.VolumeDurabilityInfo{Type: durabilityType, Replicate: gapi.ReplicaDurability{Replica: replicaCount}}} volumeReq := &gapi.VolumeCreateRequest{Size: sz, Durability: gapi.VolumeDurabilityInfo{Type: durabilityType, Replicate: gapi.ReplicaDurability{Replica: replicaCount}}}
volume, err := cli.VolumeCreate(volumeReq) volume, err := cli.VolumeCreate(volumeReq)
if err != nil { if err != nil {
glog.Errorf("glusterfs: error creating volume %v ", err) glog.Errorf("glusterfs: error creating volume %v ", err)