cephfs: Fix Removal of IPs from blocklist

While dealing with CephFS fencing we evict the clients and block the IPs from the CIDR range that do not have any active clients. While Unfencing, the IP is removed via the CIDR range which fails to remove the individual IPs from Ceph's blacklist. This PR modifies the unfencing logic to only use range based unblocks in cases of RBD. Signed-off-by: Niraj Yadav <niryadav@redhat.com>
ceph · Aug 30, 2024 · 68b761d · 68b761d
1 parent 3fbe7a8
commit 68b761d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/internal/csi-addons/cephfs/network_fence.go b/internal/csi-addons/cephfs/network_fence.go
@@ -111,7 +111,7 @@ func (fcs *FenceControllerServer) UnfenceClusterNetwork(
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	err = nwFence.RemoveNetworkFence(ctx)
+	err = nwFence.RemoveNetworkFence(ctx, true)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to unfence CIDR block %q: %s", nwFence.Cidr, err.Error())
 	}

diff --git a/internal/csi-addons/networkfence/fencing.go b/internal/csi-addons/networkfence/fencing.go
@@ -389,13 +389,13 @@ func (nf *NetworkFence) removeCephBlocklist(ctx context.Context, ip string, useR
 // Created CephFS NetworkFence CR for IP range but above IP comes in the Range
 // Delete the CephFS Network Fence CR to unblocklist the IP
 // So now the IP (10.10.10.10) is (un)blocklisted and can be used by both protocols.
-func (nf *NetworkFence) RemoveNetworkFence(ctx context.Context) error {
+func (nf *NetworkFence) RemoveNetworkFence(ctx context.Context, isCephFS bool) error {
 	hasBlocklistRangeSupport := true
 	// for each CIDR block, convert it into a range of IPs so as to undo blocklisting operation.
 	for _, cidr := range nf.Cidr {
 		// try range blocklist cmd, if invalid fallback to
 		// iterating through IP range.
-		if hasBlocklistRangeSupport {
+		if hasBlocklistRangeSupport && !isCephFS {
 			err := nf.removeCephBlocklist(ctx, cidr, true)
 			if err == nil {
 				continue

diff --git a/internal/csi-addons/rbd/network_fence.go b/internal/csi-addons/rbd/network_fence.go
@@ -107,7 +107,7 @@ func (fcs *FenceControllerServer) UnfenceClusterNetwork(
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	err = nwFence.RemoveNetworkFence(ctx)
+	err = nwFence.RemoveNetworkFence(ctx, false)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to unfence CIDR block %q: %s", nwFence.Cidr, err.Error())
 	}