Hi everyone,
We encountered an issue with KRBD mounting after mapping it to the host with read-only
option.
We try to pinpoint where the problem is, but not able to do it.
The image is mounted well if we map it without the "read-only" option.
This leads to an issue that the pod in k8s cannot use the snapshotted persistent volume
created by ceph-csi rbd provisioner.
Thank you for reading.
I have reported the bug here: Bug #50234: krbd failed to mount after map image with
read-only option - Ceph -
Ceph<https://tracker.ceph.com/issues/50234>
Context
- Using admin keyring
- Linux Kernel: 3.10.0-1160.15.2.el7.x86_64
- Linux Distribution: Red Hat Enterprise Linux Server 7.8 (Maipo)
- Ceph version: "ceph version 14.2.8 (2d095e947a02261ce61424021bb43bd3022d35cb)
nautilus (stable)"
rbd image 'csi-vol-85919409-9797-11eb-80ba-720b2b57c790':
size 10 GiB in 2560 objects
order 22 (4 MiB objects)
snapshot_count: 0
id: 533a03bba388ea
block_name_prefix: rbd_data.533a03bba388ea
format: 2
features: layering
op_features:
flags:
create_timestamp: Wed Apr 7 13:51:02 2021
access_timestamp: Wed Apr 7 13:51:02 2021
modify_timestamp: Wed Apr 7 13:51:02 2021
Bug Reproduction
# Map RBD image WITH read-only option, CANNOT mount with both readonly or readwrite
option
sudo rbd device map -p k8s-sharedpool csi-vol-85919409-9797-11eb-80ba-720b2b57c790 -ro
/dev/rbd0
sudo mount -v -r -t ext4 /dev/rbd0 /mnt/test1
mount: cannot mount /dev/rbd0 read-only
sudo mount -v -r -t ext4 /dev/rbd0 /mnt/test1
mount: /dev/rbd0 is write-protected, mounting read-only
mount: cannot mount /dev/rbd0 read-only
# Map RBD image WITHOUT read-only option, CAN mount with both readonly or readwrite
option
sudo rbd device map -p k8s-sharedpool csi-vol-85919409-9797-11eb-80ba-720b2b57c790
/dev/rbd0
sudo mount -v -r -t ext4 /dev/rbd0 /mnt/test1
mount: /mnt/test1 does not contain SELinux labels.
You just mounted an file system that supports labels which does not
contain labels, onto an SELinux box. It is likely that confined
applications will generate AVC messages and not be allowed access to
this file system. For more details see restorecon(8) and mount(8).
mount: /dev/rbd0 mounted on /mnt/test1.
sudo mount -v -t ext4 /dev/rbd0 /mnt/test1
mount: /mnt/test1 does not contain SELinux labels.
You just mounted an file system that supports labels which does not
contain labels, onto an SELinux box. It is likely that confined
applications will generate AVC messages and not be allowed access to
this file system. For more details see restorecon(8) and mount(8).
mount: /dev/rbd0 mounted on /mnt/test1.
With my best regards,
Son Hai Ha
--
KPMG IT Service GmbH
Sitz/Registergericht: Berlin/Amtsgericht Charlottenburg, HRB 87521 B
Geschäftsführer: Hans-Christian Schwieger, Helmar Symmank
Aufsichtsratsvorsitzender: WP StB Klaus Becker
Allgemeine Informationen zur Datenverarbeitung im Rahmen unserer allgemeinen
Geschäftstätigkeit sowie im Mandatsverhältnis gemäß EU Datenschutz-Grundverordnung sind
hier
<https://home.kpmg.com/content/dam/kpmg/de/pdf/Themen/2018/datenschutzinformationen-fuer-betroffene-kpmg-it-service-gmbh.pdf>
abrufbar.
Die Information in dieser E-Mail ist vertraulich und kann dem Berufsgeheimnis unterliegen.
Sie ist ausschließlich für den Adressaten bestimmt. Jeglicher Zugriff auf diese E-Mail
durch andere Personen als den Adressaten ist untersagt. Sollten Sie nicht der für diese
E-Mail bestimmte Adressat sein, ist Ihnen jede Veröffentlichung, Vervielfältigung oder
Weitergabe wie auch das Ergreifen oder Unterlassen von Maßnahmen im Vertrauen auf erlangte
Information untersagt. In dieser E-Mail enthaltene Meinungen oder Empfehlungen unterliegen
den Bedingungen des jeweiligen Mandatsverhältnisses mit dem Adressaten.
The information in this e-mail is confidential and may be legally privileged. It is
intended solely for the addressee. Access to this e-mail by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any
opinions or advice contained in this e-mail are subject to the terms and conditions
expressed in the governing KPMG client engagement letter.