volsync icon indicating copy to clipboard operation
volsync copied to clipboard

Published 20 hours ago verified publisher icon backube

rsync when using ROX access modes for the replicationsource - the source job fails to start

Open tesshuflower opened this issue 2 years ago • 2 comments

Describe the bug

When working with RamenDR where they are using Cephfs, a workaround is required to create a read-only pvc from snapshot for the replication source. This avoids a performance issue with creating the pvc from snapshot.

So in the replicationsource, accessModes of [ ReadOnlyMany ] is specified so that volsync will create a cephfs ROX pvc from a snapshot.

However when using this PVC as the data source for the rsync replicationsource, we see a CreateContainerError

From the pod:

    started: false
    state:
      waiting:
        message: 'relabel failed /var/lib/kubelet/pods/c74f09dc-1953-49f5-a401-0f09c27c7f40/volumes/kubernetes.io~csi/pvc-e8a5d133-6149-41ce-b9d2-2aeb4b2d24a3/mount: lsetxattr /var/lib/kubelet/pods/c74f09dc-1953-49f5-a401-0f09c27c7f40/volumes/kubernetes.io~csi/pvc-e8a5d133-6149-41ce-b9d2-2aeb4b2d24a3/mount: read-only file system'
        reason: CreateContainerError

Steps to reproduce

Use ROX as the source volume in an rsync replicationsource.

Expected behavior

Ideally we should not need write access on the replicationsource side.

Actual results

Additional context

tesshuflower avatar Aug 30 '22 17:08 tesshuflower

/assign @tesshuflower

tesshuflower avatar Aug 30 '22 17:08 tesshuflower

Unfortunately it looks like using readOnly: true for volumes in general does not always work for replicationsource - When testing with gp2-csi and gp3-csi I've encountered permissions errors (most likely related to selinux settings) when trying to read from the volume when it's set to read-only.

Possible solution:

  • If the source PVC only supports ROX, then for the replicationsource, specify readOnly: true for the volume in the job spec. This allows ROX pvcs to be mounted and read, while for other readable PVCs we can maintain the current behavior.

tesshuflower avatar Aug 30 '22 17:08 tesshuflower

/close

Fixed by: https://github.com/backube/volsync/pull/406

tesshuflower avatar Sep 09 '22 14:09 tesshuflower

@tesshuflower: Closing this issue.

In response to this:

/close

Fixed by: https://github.com/backube/volsync/pull/406

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Sep 09 '22 14:09 openshift-ci[bot]