Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Pure Storage storage driver #14599

Open
wants to merge 44 commits into
base: main
Choose a base branch
from

Conversation

MusicDin
Copy link
Member

@MusicDin MusicDin commented Dec 6, 2024

This PR adds pure storage driver for Pure Storage remote storage.
Driver supports communication over either iSCSI or NVMe/TCP.

@github-actions github-actions bot added the Documentation Documentation needs updating label Dec 6, 2024
return err
}

err = os.Remove(mountPath)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe @simondeziel is planning to address this issue more generally higher up the call stack, so wont block this PR.

@MusicDin MusicDin force-pushed the feat/pure-driver branch 2 times, most recently from c53014e to 69f6cae Compare December 6, 2024 16:27

Create a storage pool named `pool1` that uses NVMe/TCP by default:

lxc storage create pool1 pure pure.gateway=https://<purestorage-address> pure.api.token=<purestorage-api-token> pure.array.address=<nvme-ip>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That gateway HTTPS verification presumably relies on the OS provided trust store so it would work if it's an "official TLS" cert like one signed by Let's Encrypt.

I must admit not knowing how to provide a different trusted CA if one doesn't have an official cert.

doc/metadata.txt Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
doc/reference/storage_pure.md Outdated Show resolved Hide resolved
@MusicDin
Copy link
Member Author

MusicDin commented Dec 9, 2024

@minaelee Thanks for the comments. I've addressed all of them, but will ask you for another review just before we merge the PR, as there may still be some changes to the docs. Thanks again :)

@MusicDin MusicDin marked this pull request as ready for review December 9, 2024 16:07
@MusicDin MusicDin requested a review from roosterfish December 9, 2024 16:07
lxd/storage/drivers/driver_pure.go Outdated Show resolved Hide resolved
doc/reference/storage_drivers.md Outdated Show resolved Hide resolved
parentName, _, isSnapshot := api.GetParentAndSnapshotName(vol.Name())
if !isSnapshot {
// Volume has no parent.
return "", nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be an error as it means the vol passed in is not a snapshot and the function is being used incorrectly?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking about this one, and decided to just return an empty string to avoid checking for snapshot on every place where the function is called. However, in such case the function name "GetParentVolumeUUID" would probably be more appropirate, as non-snapshot volumes have no parent.

On the other side, returning an error as you have suggested prevents unnecessary or incorrect usage of the function.

}

reqHeaders := map[string]string{
"Api-Token": p.driver.config["pure.api.token"],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to have this casing of Api?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not matter. I think it can be all lower case if preferred?


p.accessToken = respHeaders["X-Auth-Token"]
if p.accessToken == "" {
return errors.New("Failed to obtain access token")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we get any other sort of error message from this post?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we get any error from this post, it will be returned as "Failed to login: ".
For example: Error: Failed to create storage pool "pure": Failed to login: Unable to list user for API token where Unable to list user for API token is PureStorage error.

The check p.accessToken == "" is just to ensure that we also successfully parsed the the access token from the response. This code is only reached if Post request was successful.

Pure Storage does not allow mounting snapshots directly, therefore
we have to create a new volume from it before mounting it.

Signed-off-by: Din Music <[email protected]>
Correctly initialize Pure Storage pool.

Signed-off-by: Din Music <[email protected]>
Currently, Pure Storage driver does not support recovery. Mainly bacuse the storage volume names
are encoded, which would result in indistinguishable storage volume names after the recovery.

Signed-off-by: Din Music <[email protected]>
Signed-off-by: Din Music <[email protected]>
Signed-off-by: Din Music <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Documentation Documentation needs updating
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants