From 1856647506df4b1c3fd2aec706921c6cd71f1260 Mon Sep 17 00:00:00 2001 From: Humble Chirammal Date: Thu, 10 Mar 2022 18:13:05 +0530 Subject: [PATCH] cephfs: go with default permissions while creating subvolumes While creating subvolumes, CephFS driver set the mode to `777` and pass it along to go ceph apis which cause the subvolume permission to be on 777, however if we create a subvolume directly in the ceph cluster, the default permission bits are set which is 755 for the subvolume. This commit try to stick to the default behaviour even while creating the subvolume. This also means that we can work with fsgrouppolicy set to `File` in csiDriver object which is also addressed in this commit. Signed-off-by: Humble Chirammal --- charts/ceph-csi-cephfs/templates/csidriver-crd.yaml | 1 + deploy/cephfs/kubernetes/csidriver.yaml | 1 + internal/cephfs/core/volume.go | 7 ------- 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml b/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml index c3ed01849..3dde576d0 100644 --- a/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml +++ b/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml @@ -9,3 +9,4 @@ metadata: spec: attachRequired: false podInfoOnMount: false + fsGroupPolicy: File diff --git a/deploy/cephfs/kubernetes/csidriver.yaml b/deploy/cephfs/kubernetes/csidriver.yaml index d347ff843..fdd17ca7f 100644 --- a/deploy/cephfs/kubernetes/csidriver.yaml +++ b/deploy/cephfs/kubernetes/csidriver.yaml @@ -8,3 +8,4 @@ metadata: spec: attachRequired: false podInfoOnMount: false + fsGroupPolicy: File diff --git a/internal/cephfs/core/volume.go b/internal/cephfs/core/volume.go index 35cd4c809..3c1d9b784 100644 --- a/internal/cephfs/core/volume.go +++ b/internal/cephfs/core/volume.go @@ -39,12 +39,6 @@ import ( // taken through this additional cluster information. var clusterAdditionalInfo = make(map[string]*localClusterState) -const ( - // modeAllRWX can be used for setting permissions to Read-Write-eXecute - // for User, Group and Other. - modeAllRWX = 0o777 -) - // Subvolume holds subvolume information. This includes only the needed members // from fsAdmin.SubVolumeInfo. type Subvolume struct { @@ -231,7 +225,6 @@ func (s *subVolumeClient) CreateVolume(ctx context.Context) error { opts := fsAdmin.SubVolumeOptions{ Size: fsAdmin.ByteCount(s.Size), - Mode: modeAllRWX, } if s.Pool != "" { opts.PoolLayout = s.Pool