Description of problem: We have enabled the functionality to set *any* volume option ( for eg# encryption options, sharding..etc) when we create GlusterFS volumes in CNS/CRS. This required some work in heketi and also in kubernetes. The patch (https://github.com/heketi/heketi/pull/751) which enabled this functionality in heketi has been merged and available with CNS 3.6 heketi builds. The kubernetes support [1] was added and this feature has been exposed to kubernetes user via storage class parameter called 'volumeoptions'. However this is not available in OCP 3.6 provisioner builds. If we can qualify this for volume options we currently do by getting into the pod, we will be able to update the doc for those sections. For ex: encryption for statically provisioned volumes. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
As mentioned earlier, the following 2 volumes options when given together while statically provisioning volumes, doesn't work for some reason. See below: ########## # heketi-cli volume create --size=100 --gluster-volume-options="client.ssl on","server.ssl on" Error: Unable to execute command on glusterfs-2d0ls: volume start: vol_a6146d2a38ececd89096faf35b4042b6: failed: Commit failed on localhost. Please check log file for details. ########## However, I did checked with a few other volume options that are not related to "encryption" and they seems to be working fine. ************* # heketi-cli volume create --size=100 --durability=none --gluster-volume-options="performance.rda-cache-limit 10MB","performance.nl-cache-positive-entry no" Name: vol_daf2408e07e3d671f851cb4ff71b3783 Size: 100 Volume Id: daf2408e07e3d671f851cb4ff71b3783 Cluster Id: 16a6d9c045a4d5e9b967cf68000a04a8 Mount: 10.70.46.122:vol_daf2408e07e3d671f851cb4ff71b3783 Mount Options: backup-volfile-servers=10.70.46.134,10.70.46.9 Block: false Free Size: 0 Block Volumes: [] Durability Type: none # gluster vol info vol_daf2408e07e3d671f851cb4ff71b3783 Volume Name: vol_daf2408e07e3d671f851cb4ff71b3783 Type: Distribute Volume ID: 2bd2d3db-e3c4-4789-9283-54c695fed70d Status: Started Snapshot Count: 0 Number of Bricks: 1 Transport-type: tcp Bricks: Brick1: 10.70.46.9:/var/lib/heketi/mounts/vg_bf6c95919c2f982e63ede30025ed7aee/brick_f37211ba31978c37f993cb970f48fe70/brick Options Reconfigured: performance.nl-cache-positive-entry: no performance.rda-cache-limit: 10MB transport.address-family: inet nfs.disable: on cluster.brick-multiplex: on ************* ############# # heketi-cli volume create --size=100 --gluster-volume-options="features.shard enable" Name: vol_086bd53d6c3e6fa123baf2e40805c373 Size: 100 Volume Id: 086bd53d6c3e6fa123baf2e40805c373 Cluster Id: 16a6d9c045a4d5e9b967cf68000a04a8 Mount: 10.70.46.122:vol_086bd53d6c3e6fa123baf2e40805c373 Mount Options: backup-volfile-servers=10.70.46.134,10.70.46.9 Block: false Free Size: 0 Block Volumes: [] Durability Type: replicate Distributed+Replica: 3 # gluster vol info vol_086bd53d6c3e6fa123baf2e40805c373 Volume Name: vol_086bd53d6c3e6fa123baf2e40805c373 Type: Replicate Volume ID: 9f5c15b9-6fd1-41b0-beb5-476dddf06290 Status: Started Snapshot Count: 0 Number of Bricks: 1 x 3 = 3 Transport-type: tcp Bricks: Brick1: 10.70.46.134:/var/lib/heketi/mounts/vg_b492c8d52df1951f172b646760170fcc/brick_f3333adcc58e1a65675ecd6a409996a3/brick Brick2: 10.70.46.122:/var/lib/heketi/mounts/vg_b84f9572a9420fea886a1d4a9342f4b2/brick_34586acdc78b65626c08f83c21aa9f0f/brick Brick3: 10.70.46.9:/var/lib/heketi/mounts/vg_7bb6bea56bad591e075f5b945deafd0f/brick_57ff666d6358ca96308c78b7a14ef711/brick Options Reconfigured: features.shard: enable transport.address-family: inet nfs.disable: on cluster.brick-multiplex: on ############# However, I believe the main intention of including this RFE for this release was to support setting "encryption" for statically provisioned volumes. So in that case, let me know how do you want to proceed further with this BZ?
I had a discussion with Humble on the same and got to know that the command will work successfully *only* after enabling Management Encryption. So i'm clearing the needinfo on Humble as it works after doing the same! However, the corresponding section of the doc also needs some modifications and we will be tracking it via: https://bugzilla.redhat.com/show_bug.cgi?id=1482103
Moving this BZ to verified
doc text looks good to me
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2879