noload option appended

charts/ceph-csi-rbd/templates/csidriver-crd.yaml

@@ -8,4 +8,4 @@ metadata:
   name: {{ .Values.driverName }}
 spec:
   attachRequired: true
-  podInfoOnMount: false
+  podInfoOnMount: true

deploy/cephcsi/image/Dockerfile

@@ -36,7 +36,7 @@ RUN sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \
     /etc/yum.repos.d/CentOS-Stream-PowerTools.repo \
     /etc/yum.repos.d/CentOS-Stream-RealTime.repo 
 
-RUN dnf config-manager --disable apache-arrow-centos || true
+RUN dnf config-manager --disable apache-arrow-centos,tcmu-runner,tcmu-runner-source,tcmu-runner-noarch || true
 
 RUN yum clean all && yum makecache 
 

deploy/rbd/kubernetes/csidriver.yaml

@@ -7,4 +7,4 @@ metadata:
   name: rbd.csi.ceph.com
 spec:
   attachRequired: true
-  podInfoOnMount: false
+  podInfoOnMount: true

internal/rbd/controllerserver.go

@@ -677,7 +677,8 @@ func (cs *ControllerServer) ValidateVolumeCapabilities(ctx context.Context, req
 	}
 
 	for _, capability := range req.VolumeCapabilities {
-		if capability.GetAccessMode().GetMode() != csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER {
+		if capability.GetAccessMode().GetMode() != csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER &&
+			capability.GetAccessMode().GetMode() != csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY {
 			return &csi.ValidateVolumeCapabilitiesResponse{Message: ""}, nil
 		}
 	}
@@ -1131,7 +1132,9 @@ func (cs *ControllerServer) ControllerPublishVolume(ctx context.Context, req *cs
 		ro = "true"
 	}
 
-	return &csi.ControllerPublishVolumeResponse{PublishContext: map[string]string{readonlyAttachmentKey: ro}}, nil
+	mode := req.GetVolumeCapability().GetAccessMode().GetMode()
+	am := csi.VolumeCapability_AccessMode_Mode_name[int32(mode)]
+	return &csi.ControllerPublishVolumeResponse{PublishContext: map[string]string{readonlyAttachmentKey: ro, "Capability": am}}, nil
 }
 
 // ControllerUnpublishVolume does nothing.

internal/rbd/driver.go

@@ -142,7 +142,7 @@ func (r *Driver) Run(conf *util.Config) {
 		// will work those as follow up features
 		r.cd.AddVolumeCapabilityAccessModes(
 			[]csi.VolumeCapability_AccessMode_Mode{csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
-				csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER})
+				csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER, csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY})
 	}
 
 	// Create GRPC servers

internal/rbd/nodeserver.go

@@ -117,6 +117,13 @@ func (ns *NodeServer) NodeStageVolume(ctx context.Context, req *csi.NodeStageVol
 		return nil, err
 	}
 
+	// sync volcap with va's accessmode
+	if req.GetPublishContext()["Capability"] == csi.VolumeCapability_AccessMode_Mode_name[1] {
+		req.VolumeCapability.AccessMode.Mode = csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER
+	} else {
+		req.VolumeCapability.AccessMode.Mode = csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY
+	}
+
 	disableInUseChecks := req.GetPublishContext()[readonlyAttachmentKey] == "true"
 	isBlock := req.GetVolumeCapability().GetBlock() != nil
 	// disableInUseChecks := false
@@ -401,6 +408,26 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 	volID := req.GetVolumeId()
 	stagingPath += "/" + volID
 
+	// set podInfoOnMount = true to get the actual pod info
+	podName := req.GetVolumeContext()["csi.storage.k8s.io/pod.name"]
+	podNamespace := req.GetVolumeContext()["csi.storage.k8s.io/pod.namespace"]
+
+	pod, err := util.GetPod(podName, podNamespace)
+	if err != nil {
+		return nil, err
+	}
+
+	ro, err := util.CheckIfReadonlyMount(pod)
+	if err != nil {
+		req.Readonly = ro
+	}
+
+	if req.GetPublishContext()[readonlyAttachmentKey] == "true" || req.GetPublishContext()[readonlyAttachmentKey] == "" {
+		if !ro {
+			return nil, status.Errorf(codes.Aborted, "cannot mount readwrite pod for multi readonly capability", volID)
+		}
+	}
+
 	if acquired := ns.VolumeLocks.TryAcquire(volID); !acquired {
 		util.ErrorLog(ctx, util.VolumeOperationAlreadyExistsFmt, volID)
 		return nil, status.Errorf(codes.Aborted, util.VolumeOperationAlreadyExistsFmt, volID)
@@ -459,7 +486,9 @@ func (ns *NodeServer) mountVolumeToStagePath(ctx context.Context, req *csi.NodeS
 		}
 	}
 	if csicommon.MountOptionContains(opt, rOnly) {
+		// readOnly mount with noload option
 		readOnly = true
+		opt = append(opt, "noload")
 	}
 
 	if fsType == "xfs" {

internal/util/readonly.go

@@ -0,0 +1,46 @@
+package util
+
+import (
+	"context"
+	"fmt"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog/v2"
+)
+
+func CheckIfReadonlyMount(po *v1.Pod) (bool, error) {
+	for _, vol := range po.Spec.Volumes {
+		if vol.PersistentVolumeClaim != nil {
+
+			if !vol.PersistentVolumeClaim.ReadOnly {
+				for _, con := range po.Spec.Containers {
+					if con.VolumeMounts == nil {
+						continue
+					}
+					for _, vm := range con.VolumeMounts {
+						if vm.Name == vol.Name && vm.ReadOnly {
+							return true, nil
+						}
+					}
+				}
+				return false, nil
+			}
+			return true, nil
+
+		}
+	}
+	return false, fmt.Errorf("no matching conditions")
+}
+
+func GetPod(name string, namespace string) (*v1.Pod, error) {
+	c := NewK8sClient()
+	pod, err := c.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{})
+
+	if err != nil {
+		klog.V(6).Infof("Can't get pod %s namespace %s: %v", name, namespace, err)
+		return nil, err
+	}
+
+	return pod, nil
+}