Skip to content

CWCOW: Unmount CIM volume #2588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MahatiC wants to merge 1 commit into
base: main
Choose a base branch
from
Open

CWCOW: Unmount CIM volume #2588

MahatiC wants to merge 1 commit into from
+110 −103

Conversation

@MahatiC
Copy link
Member

@MahatiC MahatiC commented Jan 15, 2026

  • This PR has two changes:
    • Implements CIM volume unmount as part of container shut down process
    • Before this change, Scratch disk gets unmounted twice and it errors out on second attempt and as a result it never reaches to CIM unmount operation. This PR fixes it by removing it from ResourceCloser list as it is already unmounted previously i.e. lc.scratchMount.Release(ctx);

@MahatiC MahatiC requested a review from a team as a code owner January 15, 2026 11:50
@KenGordon
Copy link
Collaborator

KenGordon commented Jan 15, 2026

I have tested this on nord1 and it works at least as well as before with the simple attestation report web server nanoserver based container.

KenGordon
KenGordon reviewed Jan 15, 2026
View reviewed changes
internal/gcs-sidecar/handlers.go
BlockPath: physicalDevPath,
CimName: blockCimDevice.CimName,

// skip the merged cim and verify individual layer hashes
Copy link
Collaborator

@KenGordon KenGordon Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a written explanation anywhere of why we don't need to check the merged CIM root hash? I think it needs to be explained here.

KenGordon
KenGordon reviewed Jan 15, 2026
View reviewed changes
internal/gcs-sidecar/handlers.go
log.G(ctx).Tracef("WCOWBlockCIMMounts Add { %v}", wcowBlockCimMounts)

// The block device takes some time to show up. Wait for a few seconds.
time.Sleep(2 * time.Second)
Copy link
Collaborator

@KenGordon KenGordon Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed (but not for today) this can't be a sleep before check but needs to be more like the LCOW scheme where it only sleeps if it fails. See

hcsshim/internal/guest/storage/scsi/scsi.go

Line 205 in cbc0126

// todo (maksiman): add better retry logic, similar to how SCSI device mounts are
which is a bit nasty but illustrates the point.

KenGordon
KenGordon reviewed Jan 15, 2026
View reviewed changes
internal/gcs-sidecar/handlers.go
return fmt.Errorf("failed to get CIM verification info: %w", err)
}
layerDigests[i] = cimRootDigestBytes
layerHashes[i] = base64.URLEncoding.EncodeToString(cimRootDigestBytes)
Copy link
Collaborator

@KenGordon KenGordon Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed (also not for today), the layer hash strings ought to be hex encoded as per the linux ones.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anmaxvl anmaxvl Awaiting requested review from anmaxvl

@helsaawy helsaawy Awaiting requested review from helsaawy

1 more reviewer

@KenGordon KenGordon KenGordon left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MahatiC @KenGordon