Closed anemade closed 2 years ago
nitesh3108
commented
2 years ago @anemade Yes, "RootClientEnabled" is a immutable param and can only be modified while provisioning PVs via static provisioning. While importing NFS volumes from OneFS include "RootClientEnabled: true" to PV definition and can modify permissions further using POD definition. No straight forward option to revert "RootClientEnabled: false" unless again the PV is provisioned statically.
randeepdell
commented
2 years ago @anemade do you still need any help or clarification ?
randeepdell
commented
2 years ago Closing this as there is no response from @anemade . If you still need help, please do reach out to us.
anemade
commented
2 years ago @anemade Yes, "RootClientEnabled" is a immutable param and can only be modified while provisioning PVs via static provisioning. While importing NFS volumes from OneFS include "RootClientEnabled: true" to PV definition and can modify permissions further using POD definition. No straight forward option to revert "RootClientEnabled: false" unless again the PV is provisioned statically.
@randeepsharma Appreciate all the help. Do we have a sample to provide the PV statically? I'll try it out and update here. It won't fit in my use case but let me please discuss it with my team and get back here.
randeepdell
commented
2 years ago
Versions: Kubernetes: v1.21.0 Powerscale-csi helm chart: 2.3.0 https://www.dell.com/en-in/dt/products-solutions/trial-software-download/eula/isilonsoftwaredownload.htm (We just wanted to verify few things that's why we are using simulator.)
Issue/Question: I am taking a backup of my application running over k8s. That application is having PVC/PV provisioned using powerscale-csi storage class where provisioner is
csi-isilon.dellemc.comBackup is working fine. I am storing the backup in some directory created on NFS. At the time of restore, as I start copying data to the PV, I am seeing
Cannot change ownership to uid xxx, gid xxx: Operation not permittedThis is happening because of
RootClientEnabledparameter in the storage class. It is set tofalse. If I make it true, create new PVC/PV and perform restore in that, then it works. But, in my case I don't want to keep PV withRootClientEnabledset totrueas it is not recommendedI came across this https://www.dell.com/support/manuals/en-de/powerprotect-software/pp-dm_19.10_kubernetes_ug/support-network-file-system-nfs-root-squashing?guid=guid-d1a34d23-6987-41bf-93b4-2b806ebd3398&lang=en-us
I assumed that the mapping in the configmap explained in the above link, is getting maintained for kind of same issue. Just out of curiosity, I tried changing the storage class of existing PV(storage class of the PVC is immutable field, so tried with PV) and I could change the storage class where
RootClientEnabledis set totrue. But that change was not taking effect and I saw the same operation not permitted error. I observed that the storage class got updated in the PV butspec.csi.volumeAttributes.RootClientEnabledis still set tofalseand this option is immutable, so I can not update it.I tried adding
Root clientsin the PV's NFS export from oneFS cluster UI and after this I could restore my data, but this option is not feasible for me. IMO, if I could somehow changespec.csi.volumeAttributes.RootClientEnabledto true then things will work(provided that changingspec.csi.volumeAttributes.RootClientEnabledtakes actual effect on oneFS cluster).Any way to update the
RootClientEnabledflag of the existing PV? I just want to make it true before my restore operation, then make it false again after restore.