From 764721e2c6c8156a7ccc2be7cc9a6c260efc32cf Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Sat, 8 May 2021 15:40:29 -0700 Subject: [PATCH] add root_disk threshold detection (#12259) as there is no automatic way to detect if there is a root disk mounted on / or /var for the container environments due to how the root disk information is masked inside overlay root inside container. this PR brings an environment variable to set root disk size threshold manually to detect the root disks in such situations. --- .github/workflows/go.yml | 5 +++++ .github/workflows/root.cert | 9 ++++++++ .github/workflows/root.key | 3 +++ cmd/config/constants.go | 2 ++ cmd/xl-storage.go | 43 ++++++++++++++++--------------------- 5 files changed, 37 insertions(+), 25 deletions(-) create mode 100644 .github/workflows/root.cert create mode 100644 .github/workflows/root.key diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index e5ae404ed..44094969a 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -34,6 +34,11 @@ jobs: env: CGO_ENABLED: 0 GO111MODULE: on + MINIO_KMS_KES_CERT_FILE: /home/runner/work/minio/minio/.github/workflows/root.cert + MINIO_KMS_KES_KEY_FILE: /home/runner/work/minio/minio/.github/workflows/root.key + MINIO_KMS_KES_ENDPOINT: "https://play.min.io:7373" + MINIO_KMS_KES_KEY_NAME: "my-minio-key" + MINIO_KMS_AUTO_ENCRYPTION: on run: | sudo sysctl net.ipv6.conf.all.disable_ipv6=0 sudo sysctl net.ipv6.conf.default.disable_ipv6=0 diff --git a/.github/workflows/root.cert b/.github/workflows/root.cert new file mode 100644 index 000000000..5f220f79b --- /dev/null +++ b/.github/workflows/root.cert @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBKDCB26ADAgECAhB6vebGMUfKnmBKyqoApRSOMAUGAytlcDAbMRkwFwYDVQQD +DBByb290QHBsYXkubWluLmlvMB4XDTIwMDQzMDE1MjIyNVoXDTI1MDQyOTE1MjIy +NVowGzEZMBcGA1UEAwwQcm9vdEBwbGF5Lm1pbi5pbzAqMAUGAytlcAMhALzn735W +fmSH/ghKs+4iPWziZMmWdiWr/sqvqeW+WwSxozUwMzAOBgNVHQ8BAf8EBAMCB4Aw +EwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAFBgMrZXADQQDZOrGK +b2ATkDlu2pTcP3LyhSBDpYh7V4TvjRkBTRgjkacCzwFLm+mh+7US8V4dBpIDsJ4u +uWoF0y6vbLVGIlkG +-----END CERTIFICATE----- diff --git a/.github/workflows/root.key b/.github/workflows/root.key new file mode 100644 index 000000000..53a47e25d --- /dev/null +++ b/.github/workflows/root.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEID9E7FSYWrMD+VjhI6q545cYT9YOyFxZb7UnjEepYDRc +-----END PRIVATE KEY----- diff --git a/cmd/config/constants.go b/cmd/config/constants.go index deab78c03..c792559f8 100644 --- a/cmd/config/constants.go +++ b/cmd/config/constants.go @@ -37,6 +37,8 @@ const ( EnvArgs = "MINIO_ARGS" EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT" + EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE" + EnvUpdate = "MINIO_UPDATE" EnvKMSMasterKey = "MINIO_KMS_MASTER_KEY" // legacy diff --git a/cmd/xl-storage.go b/cmd/xl-storage.go index 3ec61c480..cb0c45d8c 100644 --- a/cmd/xl-storage.go +++ b/cmd/xl-storage.go @@ -223,34 +223,27 @@ func newXLStorage(ep Endpoint) (*xlStorage, error) { if env.Get("MINIO_CI_CD", "") != "" { rootDisk = true } else { - if IsDocker() || IsKubernetes() { - // Start with overlay "/" to check if - // possible the path has device id as - // "overlay" that would mean the path - // is emphemeral and we should treat it - // as root disk from the baremetal - // terminology. - rootDisk, err = disk.IsRootDisk(path, SlashSeparator) - if err != nil { - return nil, err - } - if !rootDisk { - // No root disk was found, its possible that - // path is referenced at "/etc/hosts" which has - // different device ID that points to the original - // "/" on the host system, fall back to that instead - // to verify of the device id is same. - rootDisk, err = disk.IsRootDisk(path, "/etc/hosts") + rootDisk, err = disk.IsRootDisk(path, SlashSeparator) + if err != nil { + return nil, err + } + if !rootDisk { + // If for some reason we couldn't detect the + // root disk use - MINIO_ROOTDISK_THRESHOLD_SIZE + // to figure out if the disk is root disk or not. + if rootDiskSize := env.Get(config.EnvRootDiskThresholdSize, ""); rootDiskSize != "" { + info, err := disk.GetInfo(path) if err != nil { return nil, err } - } - - } else { - // On baremetal setups its always "/" is the root disk. - rootDisk, err = disk.IsRootDisk(path, SlashSeparator) - if err != nil { - return nil, err + size, err := humanize.ParseBytes(rootDiskSize) + if err != nil { + return nil, err + } + // size of the disk is less than the threshold or + // equal to the size of the disk at path, treat + // such disks as rootDisks and reject them. + rootDisk = info.Total <= size } } }