Add Pure Storage storage driver #14599

MusicDin · 2024-12-06T15:45:37Z

This PR adds pure storage driver for Pure Storage remote storage.
Driver supports communication over either iSCSI or NVMe/TCP.

For iSCSI, this PR is required to ensure LXD redirects iscsiadm to the LXD host: commands/daemon: Redirect iscsiadm to the host lxd-pkg-snap#646

test/suites/storage_local_volume_handling.sh

tomponline · 2024-12-09T13:36:45Z

lxd/storage/drivers/driver_pure_volumes.go

+			return err
+		}
+
+		err = os.Remove(mountPath)


I believe @simondeziel is planning to address this issue more generally higher up the call stack, so wont block this PR.

simondeziel · 2024-12-06T16:59:14Z

doc/howto/storage_pools.md

+
+Create a storage pool named `pool1` that uses NVMe/TCP by default:
+
+    lxc storage create pool1 pure pure.gateway=https://<purestorage-address> pure.api.token=<purestorage-api-token> pure.array.address=<nvme-ip>


That gateway HTTPS verification presumably relies on the OS provided trust store so it would work if it's an "official TLS" cert like one signed by Let's Encrypt.

I must admit not knowing how to provide a different trusted CA if one doesn't have an official cert.

doc/metadata.txt

doc/reference/storage_pure.md

MusicDin · 2024-12-09T12:52:23Z

@minaelee Thanks for the comments. I've addressed all of them, but will ask you for another review just before we merge the PR, as there may still be some changes to the docs. Thanks again :)

lxd/storage/drivers/driver_pure.go

doc/reference/storage_drivers.md

lxd/storage/drivers/driver_pure.go

tomponline · 2024-12-10T10:31:01Z

lxd/storage/backend_lxd.go

+	parentName, _, isSnapshot := api.GetParentAndSnapshotName(vol.Name())
+	if !isSnapshot {
+		// Volume has no parent.
+		return "", nil


should this be an error as it means the vol passed in is not a snapshot and the function is being used incorrectly?

I was thinking about this one, and decided to just return an empty string to avoid checking for snapshot on every place where the function is called. However, in such case the function name "GetParentVolumeUUID" would probably be more appropirate, as non-snapshot volumes have no parent.

On the other side, returning an error as you have suggested prevents unnecessary or incorrect usage of the function.

lxd/storage/backend_lxd.go

lxd/storage/drivers/driver_pure_util.go

tomponline · 2024-12-10T10:41:51Z

lxd/storage/drivers/driver_pure_util.go

+	}
+
+	reqHeaders := map[string]string{
+		"Api-Token": p.driver.config["pure.api.token"],


does this need to have this casing of Api?

Should not matter. I think it can be all lower case if preferred?

tomponline · 2024-12-10T10:42:23Z

lxd/storage/drivers/driver_pure_util.go

+
+	p.accessToken = respHeaders["X-Auth-Token"]
+	if p.accessToken == "" {
+		return errors.New("Failed to obtain access token")


do we get any other sort of error message from this post?

If we get any error from this post, it will be returned as "Failed to login: ".
For example: Error: Failed to create storage pool "pure": Failed to login: Unable to list user for API token where Unable to list user for API token is PureStorage error.

The check p.accessToken == "" is just to ensure that we also successfully parsed the the access token from the response. This code is only reached if Post request was successful.

lxd/storage/drivers/driver_pure.go

lxd/storage/drivers/driver_pure_util.go

Signed-off-by: Din Music <[email protected]>

…ce information Signed-off-by: Din Music <[email protected]>

…volumes Signed-off-by: Din Music <[email protected]>

Signed-off-by: Din Music <[email protected]>

…zed images Signed-off-by: Din Music <[email protected]>

Signed-off-by: Din Music <[email protected]>

Pure Storage does not allow mounting snapshots directly, therefore we have to create a new volume from it before mounting it. Signed-off-by: Din Music <[email protected]>

Signed-off-by: Din Music <[email protected]>

Correctly initialize Pure Storage pool. Signed-off-by: Din Music <[email protected]>

…lable storage drivers Signed-off-by: Din Music <[email protected]>

Signed-off-by: Din Music <[email protected]>

Currently, Pure Storage driver does not support recovery. Mainly bacuse the storage volume names are encoded, which would result in indistinguishable storage volume names after the recovery. Signed-off-by: Din Music <[email protected]>

Signed-off-by: Din Music <[email protected]>

… drivers Signed-off-by: Din Music <[email protected]>

Signed-off-by: Din Music <[email protected]>

github-actions bot added the Documentation Documentation needs updating label Dec 6, 2024

github-advanced-security bot found potential problems Dec 6, 2024

View reviewed changes

test/suites/storage_local_volume_handling.sh Fixed Show fixed Hide fixed

github-advanced-security bot found potential problems Dec 6, 2024

View reviewed changes

MusicDin force-pushed the feat/pure-driver branch 2 times, most recently from c53014e to 69f6cae Compare December 6, 2024 16:27

simondeziel reviewed Dec 6, 2024

View reviewed changes

MusicDin force-pushed the feat/pure-driver branch from 69f6cae to 231d0f0 Compare December 6, 2024 19:10

minaelee reviewed Dec 6, 2024

View reviewed changes

MusicDin force-pushed the feat/pure-driver branch from 231d0f0 to 276bb1b Compare December 9, 2024 12:49

MusicDin marked this pull request as ready for review December 9, 2024 16:07

MusicDin requested a review from roosterfish December 9, 2024 16:07

simondeziel reviewed Dec 9, 2024

View reviewed changes

lxd/storage/drivers/driver_pure.go Outdated Show resolved Hide resolved

doc/reference/storage_drivers.md Outdated Show resolved Hide resolved