rbd: Add timeout for cryptsetup commands

[black-dragon74]

Describe what this PR does

This PR introduces a new wrapper around LUKS utility functions that allow us to have context aware subsequent operations, util.NewLuksWrapperWithContext. This context is shared across the functions exposed by this wrapper.

A sample use case is to have a context that times out after certain period of time.

How to Test

We can simulate a timeout by replacing the cryptsetup binary with a wrapper script that introduces some delay.

• Exec into the pod where the cryptsetup binary is located (rbd-plugin in case of key rotation)
• mv /usr/sbin/cryptsetup /usr/sbin/cryptsetup_orig
• Create a new /usr/sbin/cryptsetup and paste the following:

#!/usr/bin/env bash

set -m

sleep 140

exec /usr/sbin/cryptsetup_orig "$@"

• chmod +x /usr/sbin/cryptsetup
• When the process is killed due to timeout you will see a log like:

timeout occurred while running cryptsetup args: [...]

[nixpanic]

This looks reasonable to me. Did you manage to test this somehow, and see how everything gets corrected by a different container?

[Madhu-1]

This looks reasonable to me. Did you manage to test this somehow, and see how everything gets corrected by a different container?

we need to ensure that the CLI command we start is killed and doesn't continue to execute, please test it the changes to ensure that it works as expected and also provide some test results on how this is tested

[Madhu-1]

Lets keep the timeout which is almost less than the GRPC timeout between the sidecar and the cephcsi so that we try and if it didn't work as will kill the process before the next GRPC kicks in on any other nodes/same node.

[black-dragon74]

I like the idea. Let's keep them a minute apart then? Accounting for any delays that might occur in sending gRPC request and also to keep some buffer period after sending SIGKILL?

[Madhu-1]

minute might be too much, we can reduce it by 30 seconds to be on safer side, @nixpanic thoughts?

[black-dragon74]

This looks reasonable to me. Did you manage to test this somehow, and see how everything gets corrected by a different container?

Trying but not able to yet. I am thinking of having a wrapper to cryptsetup that sleeps for some time and then tries to execute the intended command. The key is to kill the process in midst of operations.

I will test it and report.

[nixpanic]

Trying but not able to yet. I am thinking of having a wrapper to cryptsetup that sleeps for some time and then tries to execute the intended command. The key is to kill the process in midst of operations.

I also think the only way reproduce this, is by adding a wrapper for the command. It helps to make the command do something that can be verified after aborting, maybe something like this (untested):

#!/bin/sh
#
# Assume a 1GB block-device, write unencrypted data at 500MB offset.
#

# run normal crypsetup, it will be quick and exits cleanly
cryptsetup.real $@

# run dd in a loop, small I/O with sync to make it slower
# only runs the loop if /tmp/testing exists
while [ -e /tmp/testing ]
do
    # set correct device and verify parameters
    dd if=/dev/urandom of=/dev/rbd... bs=1 count=100m offset=500m
done

Make sure to name the script cryptsetup and place is in the location where cryptsetup normally lives. The original cryptsetup executable should be renamed to cryptsetup.real so that it still can be executed.

[nixpanic]

Hey @black-dragon74 , I'll mark this as a draft for now, otherwise I keep checking it for updates. Please move it back as ready for review once you have tested it. Thanks!

[Madhu-1]

LGTM

[nixpanic]

Renaming the type and functions make it better, please take care of that.

The suggestion with the interface and moving to a separate package are optional and can be done in a follow-up PR if you prefer.

Pull request has been modified.

[Rakshith-R]

LGTM, just need to start context before obtaining locks and use the same context for get/put calls to kms.

[Rakshith-R]

This should be done before obtaining locks at line 481.
Pass the same context to get/put cryptopassphrase calls as well.

[black-dragon74]

Done!

[nixpanic]

@Mergifyio rebase

[mergify]

rebase

✅ Branch has been successfully rebased

Rakshits concern has been addressed

[nixpanic]

@Mergifyio queue

[mergify]

queue

✅ The pull request has been merged automatically

The pull request has been merged automatically at 1c02e69

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.31

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.31

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.29

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.31

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.29

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.30

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.29

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.30

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.30

[ceph-csi-bot]

/test ci/centos/upgrade-tests-cephfs

[ceph-csi-bot]

/test ci/centos/upgrade-tests-rbd