<fix>[storage]: ZSV-12579 avoid rbd cli for ceph encryption#4448
<fix>[storage]: ZSV-12579 avoid rbd cli for ceph encryption#4448MatheMatrix wants to merge 1 commit into
Conversation
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 59 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
Walkthrough本次改动为卷原地加密流程新增“目标安装路径”支持: Changes卷原地加密路径变更
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant VolumeInPlaceEncryptor
participant CephPrimaryStorageBase
participant KVMHost
VolumeInPlaceEncryptor->>CephPrimaryStorageBase: EncryptVolumeBitsOnPrimaryStorageMsg(targetInstallPath)
CephPrimaryStorageBase->>KVMHost: httpCallToKvmHost(targetInstallPath)
alt 调用失败
KVMHost-->>CephPrimaryStorageBase: 错误响应
CephPrimaryStorageBase->>CephPrimaryStorageBase: deleteRbdBitsBestEffort(targetInstallPath)
CephPrimaryStorageBase-->>VolumeInPlaceEncryptor: 返回原错误
else 调用成功
KVMHost-->>CephPrimaryStorageBase: KVMHostLuksRsp(installPath)
CephPrimaryStorageBase-->>VolumeInPlaceEncryptor: reply.installPath
VolumeInPlaceEncryptor->>VolumeInPlaceEncryptor: 更新 VolumeVO.installPath / encrypted
VolumeInPlaceEncryptor->>CephPrimaryStorageBase: deleteOldVolumeBitsBestEffort(旧路径)
end
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
579a3f2 to
f5dbe01
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java`:
- Around line 289-298: The delete-old-bits flow in deleteOldVolumeBitsBestEffort
is missing the volume size and any failure handling. Update the
DeleteVolumeBitsOnPrimaryStorageMsg construction to include the current volume
size from VolumeVO via setSize(volume.getSize()), and send it with a failure
callback or equivalent logging so bus.send(dmsg) reports cleanup errors instead
of failing silently.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: eff7b002-628e-414a-b60d-a68f37743daf
📒 Files selected for processing (4)
header/src/main/java/org/zstack/header/storage/primary/EncryptVolumeBitsOnPrimaryStorageMsg.javaheader/src/main/java/org/zstack/header/storage/primary/EncryptVolumeBitsOnPrimaryStorageReply.javaplugin/ceph/src/main/java/org/zstack/storage/ceph/primary/CephPrimaryStorageBase.javastorage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java
| private void deleteOldVolumeBitsBestEffort(String psUuid, VolumeVO volume, String oldInstallPath) { | ||
| DeleteVolumeBitsOnPrimaryStorageMsg dmsg = new DeleteVolumeBitsOnPrimaryStorageMsg(); | ||
| dmsg.setPrimaryStorageUuid(psUuid); | ||
| dmsg.setInstallPath(oldInstallPath); | ||
| dmsg.setBitsUuid(volume.getUuid()); | ||
| dmsg.setBitsType(VolumeVO.class.getSimpleName()); | ||
| dmsg.setHypervisorType(VolumeFormat.getMasterHypervisorTypeByVolumeFormat(volume.getFormat()).toString()); | ||
| bus.makeTargetServiceIdByResourceUuid(dmsg, PrimaryStorageConstant.SERVICE_ID, psUuid); | ||
| bus.send(dmsg); | ||
| } |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# 确认 DeleteVolumeBitsOnPrimaryStorageMsg.size 字段类型/默认值
rg -n -A3 -B3 'class DeleteVolumeBitsOnPrimaryStorageMsg' --type=java
rg -n 'setSize|private.*size' --type=java -g '*DeleteVolumeBitsOnPrimaryStorageMsg.java'Repository: MatheMatrix/zstack
Length of output: 156
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) 定位相关类与调用点
git ls-files | rg 'VolumeInPlaceEncryptor\.java|DeleteVolumeBitsOnPrimaryStorageMsg\.java|CephPrimaryStorageBase\.java|cleanTrash|cleanUpTrash|deleteRbdBitsBestEffort'
# 2) 读取相关文件的结构/行号
for f in \
storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java \
plugin/ceph/src/main/java/org/zstack/storage/ceph/primary/CephPrimaryStorageBase.java \
$(git ls-files | rg 'DeleteVolumeBitsOnPrimaryStorageMsg\.java$'); do
[ -f "$f" ] && echo "===== $f =====" && wc -l "$f" && ast-grep outline "$f" --view expanded || true
doneRepository: MatheMatrix/zstack
Length of output: 34751
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 直接读取相关片段,确认 size 字段、默认值、发送模式和失败处理
for f in \
$(git ls-files | rg 'DeleteVolumeBitsOnPrimaryStorageMsg\.java$') \
storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java \
plugin/ceph/src/main/java/org/zstack/storage/ceph/primary/CephPrimaryStorageBase.java; do
if [ -f "$f" ]; then
echo "===== $f ====="
nl -ba "$f" | sed -n '1,240p'
fi
doneRepository: MatheMatrix/zstack
Length of output: 305
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 读取消息定义与调用/处理路径的关键片段
echo "===== DeleteVolumeBitsOnPrimaryStorageMsg ====="
sed -n '1,130p' header/src/main/java/org/zstack/header/storage/primary/DeleteVolumeBitsOnPrimaryStorageMsg.java
echo "===== VolumeInPlaceEncryptor.deleteOldVolumeBitsBestEffort ====="
sed -n '280,315p' storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java
echo "===== CephPrimaryStorageBase.deleteVolumeBitsOnPrimaryStorage ====="
sed -n '3478,3518p' plugin/ceph/src/main/java/org/zstack/storage/ceph/primary/CephPrimaryStorageBase.java
echo "===== CephPrimaryStorageBase.deleteRbdBitsBestEffort ====="
sed -n '3788,3832p' plugin/ceph/src/main/java/org/zstack/storage/ceph/primary/CephPrimaryStorageBase.javaRepository: MatheMatrix/zstack
Length of output: 8439
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 查找同类 best-effort 删除是否已有回调/日志模式
rg -n -A6 -B6 'bus\.send\(.*new CloudBusCallBack|logger\.(warn|info|debug)\(' \
storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java \
plugin/ceph/src/main/java/org/zstack/storage/ceph/primary/CephPrimaryStorageBase.javaRepository: MatheMatrix/zstack
Length of output: 50374
补上删除消息的 size,并加失败日志
storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java:289 这里构造 DeleteVolumeBitsOnPrimaryStorageMsg 时漏了 setSize(volume.getSize());下游会用这个字段做容量回收,默认 0 会导致旧 bits 删除后容量不回收。bus.send(dmsg) 也没有失败回调,清理失败会静默留下旧明文 bits。
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@storage/src/main/java/org/zstack/storage/volume/VolumeInPlaceEncryptor.java`
around lines 289 - 298, The delete-old-bits flow in
deleteOldVolumeBitsBestEffort is missing the volume size and any failure
handling. Update the DeleteVolumeBitsOnPrimaryStorageMsg construction to include
the current volume size from VolumeVO via setSize(volume.getSize()), and send it
with a failure callback or equivalent logging so bus.send(dmsg) reports cleanup
errors instead of failing silently.
a23c592 to
f6cf8f6
Compare
|
Comment from yaohua.wu: Review: MR !10410 — ZSV-12579Background (preserved across rounds)
关联 MR
🔴 Critical
🟡 Warning
Coverage
Verdict: REVISION_REQUIRED需要先修复 1 个会造成 DB 加密状态与真实 RBD 格式不一致的 Critical;Warning 建议同轮补上,避免失败重试产生孤儿 RBD。 🤖 Robot Reviewer |
f6cf8f6 to
f680ae0
Compare
Resolves: ZSV-12469 Change-Id: I5ed4f9f00e700e4818a5c440b6dc5b04edee9c79
f680ae0 to
72b9588
Compare
Summary
Move Ceph volume-encryption replacement away from KVM-side rbd mv/rm. KVM now only performs qemu-img IO and writes encrypted bits to the target install path; Java switches installPath after success when needed.
Changes
Testing
Resolves: ZSV-12579
sync from gitlab !10410