From 68b761d6ae1b05ebfd97dad78863f4b379d84fb0 Mon Sep 17 00:00:00 2001
From: Niraj Yadav <niryadav@redhat.com>
Date: Fri, 30 Aug 2024 20:32:21 +0530
Subject: [PATCH] cephfs: Fix Removal of IPs from blocklist

While dealing with CephFS fencing we evict the
clients and block the IPs from the CIDR range
that do not have any active clients.

While Unfencing, the IP is removed via the
CIDR range which fails to remove the individual
IPs from Ceph's blacklist.

This PR modifies the unfencing logic to only use
range based unblocks in cases of RBD.

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
---
 internal/csi-addons/cephfs/network_fence.go | 2 +-
 internal/csi-addons/networkfence/fencing.go | 4 ++--
 internal/csi-addons/rbd/network_fence.go    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/csi-addons/cephfs/network_fence.go b/internal/csi-addons/cephfs/network_fence.go
index ecef1a4e0e7..1b8a5714763 100644
--- a/internal/csi-addons/cephfs/network_fence.go
+++ b/internal/csi-addons/cephfs/network_fence.go
@@ -111,7 +111,7 @@ func (fcs *FenceControllerServer) UnfenceClusterNetwork(
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	err = nwFence.RemoveNetworkFence(ctx)
+	err = nwFence.RemoveNetworkFence(ctx, true)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to unfence CIDR block %q: %s", nwFence.Cidr, err.Error())
 	}
diff --git a/internal/csi-addons/networkfence/fencing.go b/internal/csi-addons/networkfence/fencing.go
index d49c621e3ed..5b921edd531 100644
--- a/internal/csi-addons/networkfence/fencing.go
+++ b/internal/csi-addons/networkfence/fencing.go
@@ -389,13 +389,13 @@ func (nf *NetworkFence) removeCephBlocklist(ctx context.Context, ip string, useR
 // Created CephFS NetworkFence CR for IP range but above IP comes in the Range
 // Delete the CephFS Network Fence CR to unblocklist the IP
 // So now the IP (10.10.10.10) is (un)blocklisted and can be used by both protocols.
-func (nf *NetworkFence) RemoveNetworkFence(ctx context.Context) error {
+func (nf *NetworkFence) RemoveNetworkFence(ctx context.Context, isCephFS bool) error {
 	hasBlocklistRangeSupport := true
 	// for each CIDR block, convert it into a range of IPs so as to undo blocklisting operation.
 	for _, cidr := range nf.Cidr {
 		// try range blocklist cmd, if invalid fallback to
 		// iterating through IP range.
-		if hasBlocklistRangeSupport {
+		if hasBlocklistRangeSupport && !isCephFS {
 			err := nf.removeCephBlocklist(ctx, cidr, true)
 			if err == nil {
 				continue
diff --git a/internal/csi-addons/rbd/network_fence.go b/internal/csi-addons/rbd/network_fence.go
index b7f4d6bba0f..16198658f6a 100644
--- a/internal/csi-addons/rbd/network_fence.go
+++ b/internal/csi-addons/rbd/network_fence.go
@@ -107,7 +107,7 @@ func (fcs *FenceControllerServer) UnfenceClusterNetwork(
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	err = nwFence.RemoveNetworkFence(ctx)
+	err = nwFence.RemoveNetworkFence(ctx, false)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to unfence CIDR block %q: %s", nwFence.Cidr, err.Error())
 	}