satellite: try to integrate with host LVM/udevd

There is a race condition when running lvm tools in containers with other lvm tools running on the host. Most notably, in certain situations symlinks to the LVs could suddently disappear. To prevent this, we try our best to integrate with the hosts LVM/udev tools: * Reuse /run/lock/lvm and /run/lvm from the host. * Run the container with hostIPC, some lvm tools use sysV semaphores. * Create per-host lvmconfig: * If there is no lvm.conf on the host, create one where we disable all udev interactions: most likely the rules are not installed. * If there is a lvm.conf on the host, create one where we only disable monitoring with dmeventd. Signed-off-by: Moritz Wanzenböck <[email protected]>
piraeusdatastore · Nov 6, 2024 · 0ebb9f6 · 0ebb9f6
1 parent 8a339a9
commit 0ebb9f6
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 5 deletions.
diff --git a/internal/controller/linstorsatellite_test.go b/internal/controller/linstorsatellite_test.go
@@ -80,9 +80,10 @@ var _ = Describe("LinstorSatelliteReconciler", func() {
 			var ds appsv1.DaemonSet
 			err := k8sClient.Get(ctx, types.NamespacedName{Namespace: Namespace, Name: "linstor-satellite." + ExampleNodeName}, &ds)
 			Expect(err).NotTo(HaveOccurred())
-			Expect(ds.Spec.Template.Spec.InitContainers).To(HaveLen(2))
+			Expect(ds.Spec.Template.Spec.InitContainers).To(HaveLen(3))
 			Expect(ds.Spec.Template.Spec.InitContainers[0].Image).To(ContainSubstring("quay.io/piraeusdatastore/drbd9-almalinux9:"))
 			Expect(ds.Spec.Template.Spec.InitContainers[1].Image).To(ContainSubstring("quay.io/piraeusdatastore/drbd-shutdown-guard:"))
+			Expect(ds.Spec.Template.Spec.InitContainers[2].Image).To(ContainSubstring("quay.io/piraeusdatastore/piraeus-server:"))
 		})
 
 		It("should create pod with TLS secret", func(ctx context.Context) {

diff --git a/pkg/resources/satellite/satellite/daemonset.yaml b/pkg/resources/satellite/satellite/daemonset.yaml
@@ -20,6 +20,7 @@ spec:
       enableServiceLinks: false
       serviceAccountName: satellite
       priorityClassName: system-node-critical
+      hostIPC: true
       initContainers:
         - name: drbd-module-loader
           image: drbd-module-loader
@@ -62,6 +63,36 @@ spec:
               name: run-drbd-shutdown-guard
             - mountPath: /run/dbus/system_bus_socket
               name: systemd-bus-socket
+        - name: setup-lvm-configuration
+          image: linstor-satellite
+          command:
+          - sh
+          - -exc
+          - |
+            if [ -e /host/etc/lvm/lvm.conf ]; then
+              # Looks like the host has LVM configured:
+              # * disable monitoring via dmeventd
+              # * do not look at DRBD devices
+              lvmconfig --type current --mergedconfig --config 'activation { monitoring = 0 } devices { global_filter = [ "r|^/dev/drbd|" ] }' > /etc/lvm/lvm.conf
+            else
+              # Most likely, no LVM installed, which also means no udev rules
+              # * disable udev sync and rules
+              # * do not look at udev for device lists
+              # * disable monitoring via dmeventd
+              # * do not look at DRBD devices
+              lvmconfig --type current --mergedconfig --config 'activation { udev_sync = 0 udev_rules = 0 monitoring = 0 } devices { global_filter = [ "r|^/dev/drbd|" ] obtain_device_list_from_udev = 0}' > /etc/lvm/lvm.conf
+            fi
+          securityContext:
+            privileged: true
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - mountPath: /host/etc/lvm
+              name: etc-lvm
+              readOnly: true
+            - mountPath: /etc/lvm
+              name: container-etc-lvm
+            - mountPath: /run/udev
+              name: run-udev
       containers:
         - name: linstor-satellite
           image: linstor-satellite
@@ -95,6 +126,8 @@ spec:
               name: var-lib-drbd
             - mountPath: /var/lib/linstor.d
               name: var-lib-linstor-d
+            - mountPath: /etc/lvm
+              name: container-etc-lvm
             - mountPath: /etc/lvm/archive
               name: etc-lvm-archive
             - mountPath: /etc/lvm/backup
@@ -103,8 +136,10 @@ spec:
               name: run
             - mountPath: /tmp
               name: tmp
-            - mountPath: /run/lock
-              name: run-lock
+            - mountPath: /run/lock/lvm
+              name: run-lock-lvm
+            - mountPath: /run/lvm
+              name: run-lvm
             - mountPath: /run/udev
               name: run-udev
               readOnly: true
@@ -140,6 +175,10 @@ spec:
           hostPath:
             path: /etc/lvm/archive
             type: DirectoryOrCreate
+        - name: etc-lvm
+          hostPath:
+            path: /etc/lvm
+            type: DirectoryOrCreate
         - name: etc-lvm-backup
           hostPath:
             path: /etc/lvm/backup
@@ -164,6 +203,14 @@ spec:
           hostPath:
             path: /run/dbus/system_bus_socket
             type: Socket
+        - name: run-lock-lvm
+          hostPath:
+            path: /run/lock/lvm
+            type: DirectoryOrCreate
+        - name: run-lvm
+          hostPath:
+            path: /run/lvm
+            type: DirectoryOrCreate
         - name: run-udev
           hostPath:
             path: /run/udev
@@ -180,9 +227,9 @@ spec:
           configMap:
             name: reactor-config
             defaultMode: 0440
-        - name: tmp
+        - name: container-etc-lvm
           emptyDir: { }
-        - name: run-lock
+        - name: tmp
           emptyDir: { }
         - name: run
           emptyDir: { }