Cherry pick blkid luks fix

Cherry-pick blkid luks fix from master.
Fixes an intermittent issue where blkid misidentifies the filesystem type for LUKS devices preventing new volume creations.

Author: jharrod

core/orchestrator_core.go

@@ -38,7 +38,10 @@ import (
 	drivers "github.com/netapp/trident/storage_drivers"
 	"github.com/netapp/trident/storage_drivers/fake"
 	"github.com/netapp/trident/utils/autogrow"
+	"github.com/netapp/trident/utils/devices"
+	"github.com/netapp/trident/utils/devices/luks"
 	"github.com/netapp/trident/utils/errors"
+	"github.com/netapp/trident/utils/exec"
 	"github.com/netapp/trident/utils/fcp"
 	"github.com/netapp/trident/utils/filesystem"
 	"github.com/netapp/trident/utils/iscsi"
@@ -4076,13 +4079,52 @@ func (o *TridentOrchestrator) AttachVolume(
 		var err error
 		if publishInfo.SANType == sa.NVMe {
 			nvmeHandler := nvme.NewNVMeHandler()
-			err = nvmeHandler.AttachNVMeVolumeRetry(ctx, volumeName, mountpoint, publishInfo, map[string]string{},
-				nvme.NVMeAttachTimeout)
+			err = nvmeHandler.AttachNVMeVolumeRetry(ctx, publishInfo, nvme.NVMeAttachTimeout)
+			if err != nil {
+				return err
+			}
+
+			// Cryptsetup format if necessary and map to host
+			var luksFormatted bool
+			var safeToFsFormat bool
+			luksFormatted, safeToFsFormat, err = nvmeHandler.EnsureCryptsetupFormattedAndMappedOnHost(
+				ctx, volumeName, publishInfo, map[string]string{},
+			)
+			if err != nil {
+				return err
+			}
+
+			// Format and mount if necessary
+			if err = nvmeHandler.EnsureVolumeFormattedAndMounted(
+				ctx, volumeName, mountpoint, publishInfo, luksFormatted, safeToFsFormat,
+			); err != nil {
+				return err
+			}
 		}
 
 		if publishInfo.SANType == sa.ISCSI {
-			_, err = o.iscsi.AttachVolumeRetry(ctx, volumeName, mountpoint, publishInfo, map[string]string{},
-				AttachISCSIVolumeTimeoutLong)
+			_, err = o.iscsi.AttachVolumeRetry(ctx, publishInfo, AttachISCSIVolumeTimeoutLong)
+			if err != nil {
+				return err
+			}
+
+			// Cryptsetup format if necessary and map to host
+			command := exec.NewCommand()
+			var luksFormatted bool
+			var safeToFsFormat bool
+			luksFormatted, safeToFsFormat, err = luks.EnsureCryptsetupFormattedAndMappedOnHost(
+				ctx, volumeName, publishInfo, map[string]string{}, command, devices.New(),
+			)
+			if err != nil {
+				return err
+			}
+
+			// Format and mount if necessary
+			if err = o.iscsi.EnsureVolumeFormattedAndMounted(
+				ctx, volumeName, mountpoint, publishInfo, luksFormatted, safeToFsFormat,
+			); err != nil {
+				return err
+			}
 		}
 		return err
 	}

frontend/csi/node_server.go

@@ -1400,17 +1400,33 @@ func (p *Plugin) nodeStageFCPVolume(
 	}()
 
 	var mpathSize int64
-	mpathSize, err = p.ensureAttachFCPVolume(ctx, req, "", publishInfo, AttachFCPVolumeTimeoutShort)
+	// Attach the volume to the node
+	mpathSize, err = p.ensureAttachFCPVolume(ctx, publishInfo, AttachFCPVolumeTimeoutShort)
 	if err != nil {
 		return err
 	}
 
+	// Cryptsetup format if necessary and map to host
+	luksFormatted, safeToFsFormat, err := luks.EnsureCryptsetupFormattedAndMappedOnHost(
+		ctx, req.VolumeContext["internalName"], publishInfo, req.GetSecrets(), p.command, p.devices,
+	)
+	if err != nil {
+		return err
+	}
+
+	// Format and mount if necessary
+	if err = p.fcp.EnsureVolumeFormattedAndMounted(
+		ctx, req.VolumeContext["internalName"], "", publishInfo, luksFormatted, safeToFsFormat,
+	); err != nil {
+		return err
+	}
+
 	if isLUKS {
 		if err = betweenAttachAndLUKSPassphrase.Inject(); err != nil {
 			return err
 		}
 
-		luksDevice := luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command)
+		luksDevice := luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command, p.devices)
 
 		// Ensure we update the passphrase in case it has never been set before
 		err = ensureLUKSVolumePassphrase(ctx, p.restClient, luksDevice, volumeId, req.GetSecrets(), true)
@@ -1438,8 +1454,7 @@ func (p *Plugin) nodeStageFCPVolume(
 // ensureAttachFCPVolume attempts to attach the volume to the local host
 // with a retry logic based on the publish information passed in.
 func (p *Plugin) ensureAttachFCPVolume(
-	ctx context.Context, req *csi.NodeStageVolumeRequest, mountpoint string,
-	publishInfo *models.VolumePublishInfo, attachTimeout time.Duration,
+	ctx context.Context, publishInfo *models.VolumePublishInfo, attachTimeout time.Duration,
 ) (int64, error) {
 	var err error
 	var mpathSize int64
@@ -1448,8 +1463,7 @@ func (p *Plugin) ensureAttachFCPVolume(
 	defer Logc(ctx).Debug("<<<< ensureAttachFCPVolume")
 
 	// Perform the login/rescan/discovery/(optionally)format, mount & get the device back in the publish info
-	if mpathSize, err = p.fcp.AttachVolumeRetry(ctx, req.VolumeContext["internalName"], mountpoint,
-		publishInfo, req.GetSecrets(), attachTimeout); err != nil {
+	if mpathSize, err = p.fcp.AttachVolumeRetry(ctx, publishInfo, attachTimeout); err != nil {
 		return mpathSize, status.Error(codes.Internal, fmt.Sprintf("failed to stage volume: %v", err))
 	}
 
@@ -1697,13 +1711,13 @@ func (p *Plugin) nodePublishFCPVolume(
 		if luks.IsLegacyDevicePath(devicePath) {
 			// Supports legacy volumes that store the LUKS device path
 			luksDevice, err = luks.NewDeviceFromMappingPath(
-				ctx, p.command, devicePath, req.VolumeContext["internalName"],
+				ctx, p.command, p.devices, devicePath, req.VolumeContext["internalName"],
 			)
 			if err != nil {
 				return nil, status.Error(codes.Internal, err.Error())
 			}
 		} else {
-			luksDevice = luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command)
+			luksDevice = luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command, p.devices)
 		}
 
 		err = ensureLUKSVolumePassphrase(ctx, p.restClient, luksDevice, req.GetVolumeId(), req.GetSecrets(), false)
@@ -1864,17 +1878,33 @@ func (p *Plugin) nodeStageISCSIVolume(
 	}()
 
 	var mpathSize int64
-	mpathSize, err = p.ensureAttachISCSIVolume(ctx, req, "", publishInfo, AttachISCSIVolumeTimeoutShort)
+	// Attach the volume to the node
+	mpathSize, err = p.ensureAttachISCSIVolume(ctx, req, publishInfo, AttachISCSIVolumeTimeoutShort)
 	if err != nil {
 		return err
 	}
 
+	// Cryptsetup format if necessary and map to host
+	luksFormatted, safeToFsFormat, err := luks.EnsureCryptsetupFormattedAndMappedOnHost(
+		ctx, req.VolumeContext["internalName"], publishInfo, req.GetSecrets(), p.command, p.devices,
+	)
+	if err != nil {
+		return err
+	}
+
+	// Format and mount if necessary
+	if err = p.iscsi.EnsureVolumeFormattedAndMounted(
+		ctx, req.VolumeContext["internalName"], "", publishInfo, luksFormatted, safeToFsFormat,
+	); err != nil {
+		return err
+	}
+
 	if isLUKS {
 		if err = betweenAttachAndLUKSPassphrase.Inject(); err != nil {
 			return err
 		}
 
-		luksDevice := luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command)
+		luksDevice := luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command, p.devices)
 
 		// Ensure we update the passphrase in case it has never been set before
 		err = ensureLUKSVolumePassphrase(ctx, p.restClient, luksDevice, volumeId, req.GetSecrets(), true)
@@ -1918,25 +1948,22 @@ func (p *Plugin) nodeStageISCSIVolume(
 // ensureAttachISCSIVolume attempts to attach the volume to the local host
 // with a retry logic based on the publish information passed in.
 func (p *Plugin) ensureAttachISCSIVolume(
-	ctx context.Context, req *csi.NodeStageVolumeRequest, mountpoint string,
+	ctx context.Context, req *csi.NodeStageVolumeRequest,
 	publishInfo *models.VolumePublishInfo, attachTimeout time.Duration,
 ) (int64, error) {
 	var err error
 	var mpathSize int64
 
 	// Perform the login/rescan/discovery/(optionally)format, mount & get the device back in the publish info
-	if mpathSize, err = p.iscsi.AttachVolumeRetry(ctx, req.VolumeContext["internalName"], mountpoint,
-		publishInfo, req.GetSecrets(), attachTimeout); err != nil {
+	if mpathSize, err = p.iscsi.AttachVolumeRetry(ctx, publishInfo, attachTimeout); err != nil {
 		// Did we fail to log in?
 		if errors.IsAuthError(err) {
 			// Update CHAP info from the controller and try one more time.
 			Logc(ctx).Warn("iSCSI login failed; will retrieve CHAP credentials from Trident controller and try again.")
 			if err = p.updateChapInfoFromController(ctx, req, publishInfo); err != nil {
 				return mpathSize, status.Error(codes.Internal, err.Error())
 			}
-			if mpathSize, err = p.iscsi.AttachVolumeRetry(ctx, req.VolumeContext["internalName"], mountpoint,
-				publishInfo,
-				req.GetSecrets(), attachTimeout); err != nil {
+			if mpathSize, err = p.iscsi.AttachVolumeRetry(ctx, publishInfo, attachTimeout); err != nil {
 				// Bail out no matter what as we've now tried with updated credentials
 				return mpathSize, status.Error(codes.Internal, err.Error())
 			}
@@ -2303,10 +2330,10 @@ func (p *Plugin) nodePublishISCSIVolume(
 		var err error
 		if luks.IsLegacyDevicePath(devicePath) {
 			// Supports legacy volumes that store the LUKS device path
-			luksDevice, err = luks.NewDeviceFromMappingPath(ctx, p.command, devicePath,
+			luksDevice, err = luks.NewDeviceFromMappingPath(ctx, p.command, p.devices, devicePath,
 				req.VolumeContext["internalName"])
 		} else {
-			luksDevice = luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command)
+			luksDevice = luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command, p.devices)
 		}
 
 		if err != nil {
@@ -2669,7 +2696,7 @@ func (p *Plugin) selfHealingRectifySession(ctx context.Context, portal string, a
 		}
 
 		publishedCHAPCredentials := publishInfo.IscsiChapInfo
-		if _, err = p.ensureAttachISCSIVolume(ctx, req, "", publishInfo, iSCSILoginTimeout); err != nil {
+		if _, err = p.ensureAttachISCSIVolume(ctx, req, publishInfo, iSCSILoginTimeout); err != nil {
 			return fmt.Errorf("failed to login to the target")
 		}
 
@@ -3014,13 +3041,26 @@ func (p *Plugin) nodeStageNVMeVolume(
 	publishInfo.SANType = req.PublishContext["SANType"]
 	publishInfo.FormatOptions = req.PublishContext["formatOptions"]
 
-	err := p.nvmeHandler.AttachNVMeVolumeRetry(
-		ctx, req.VolumeContext["internalName"], "", publishInfo, req.GetSecrets(), nvme.NVMeAttachTimeout,
+	err := p.nvmeHandler.AttachNVMeVolumeRetry(ctx, publishInfo, nvme.NVMeAttachTimeout)
+	if err != nil {
+		return err
+	}
+
+	// Cryptsetup format if necessary and map to host
+	luksFormatted, safeToFormat, err := p.nvmeHandler.EnsureCryptsetupFormattedAndMappedOnHost(
+		ctx, req.VolumeContext["internalName"], publishInfo, req.GetSecrets(),
 	)
 	if err != nil {
 		return err
 	}
 
+	// Format and mount if necessary
+	if err = p.nvmeHandler.EnsureVolumeFormattedAndMounted(
+		ctx, req.VolumeContext["internalName"], "", publishInfo, luksFormatted, safeToFormat,
+	); err != nil {
+		return err
+	}
+
 	volumeId, stagingTargetPath, err := p.getVolumeIdAndStagingPath(req)
 	if err != nil {
 		return err
@@ -3031,7 +3071,7 @@ func (p *Plugin) nodeStageNVMeVolume(
 			return err
 		}
 
-		luksDevice := luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command)
+		luksDevice := luks.NewDevice(publishInfo.DevicePath, req.VolumeContext["internalName"], p.command, p.devices)
 
 		// Ensure we update the passphrase in case it has never been set before
 		err = ensureLUKSVolumePassphrase(ctx, p.restClient, luksDevice, volumeId, req.GetSecrets(), true)
@@ -3259,7 +3299,7 @@ func (p *Plugin) nodePublishNVMeVolume(
 	devicePath := publishInfo.DevicePath
 	if convert.ToBool(publishInfo.LUKSEncryption) {
 		// Rotate the LUKS passphrase if needed, on failure, log and continue to publish
-		luksDevice := luks.NewDevice(devicePath, req.VolumeContext["internalName"], p.command)
+		luksDevice := luks.NewDevice(devicePath, req.VolumeContext["internalName"], p.command, p.devices)
 
 		err = ensureLUKSVolumePassphrase(ctx, p.restClient, luksDevice, req.GetVolumeId(), req.GetSecrets(), false)
 		if err != nil {