k8s-csi-s3/pkg/mounter/geesefs.go

package mounter

import (
	"context"
	"fmt"
	"os"
	"strings"
	"time"
	"path/filepath"

	systemd "github.com/coreos/go-systemd/v22/dbus"
	dbus "github.com/godbus/dbus/v5"
	"github.com/golang/glog"

	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/rest"
	api "k8s.io/api/core/v1"
	meta "k8s.io/apimachinery/pkg/apis/meta/v1"

	"github.com/yandex-cloud/k8s-csi-s3/pkg/s3"
)

const (
	geesefsCmd    = "geesefs"
)

// Implements Mounter
type geesefsMounter struct {
	meta            *s3.FSMeta
	endpoint        string
	region          string
	accessKeyID     string
	secretAccessKey string
}

var clientset *kubernetes.Clientset

func newGeeseFSMounter(meta *s3.FSMeta, cfg *s3.Config) (Mounter, error) {
	return &geesefsMounter{
		meta:            meta,
		endpoint:        cfg.Endpoint,
		region:          cfg.Region,
		accessKeyID:     cfg.AccessKeyID,
		secretAccessKey: cfg.SecretAccessKey,
	}, nil
}

func (geesefs *geesefsMounter) CopyBinary(from, to string) error {
	st, err := os.Stat(from)
	if err != nil {
		return fmt.Errorf("Failed to stat %s: %v", from, err)
	}
	st2, err := os.Stat(to)
	if err != nil && !os.IsNotExist(err) {
		return fmt.Errorf("Failed to stat %s: %v", to, err)
	}
	if err != nil || st2.Size() != st.Size() || st2.ModTime() != st.ModTime() {
		if err == nil {
			// remove the file first to not hit "text file busy" errors
			err = os.Remove(to)
			if err != nil {
				return fmt.Errorf("Error removing %s to update it: %v", to, err)
			}
		}
		bin, err := os.ReadFile(from)
		if err != nil {
			return fmt.Errorf("Error copying %s to %s: %v", from, to, err)
		}
		err = os.WriteFile(to, bin, 0755)
		if err != nil {
			return fmt.Errorf("Error copying %s to %s: %v", from, to, err)
		}
		err = os.Chtimes(to, st.ModTime(), st.ModTime())
		if err != nil {
			return fmt.Errorf("Error copying %s to %s: %v", from, to, err)
		}
	}
	return nil
}

func (geesefs *geesefsMounter) Mount(ctx context.Context, target, volumeID string) error {
	fullPath := fmt.Sprintf("%s:%s", geesefs.meta.BucketName, geesefs.meta.Prefix)
	var args []string
	if geesefs.region != "" {
		args = append(args, "--region", geesefs.region)
	}
	args = append(
		args,
		"--setuid", "65534", // nobody. drop root privileges
		"--setgid", "65534", // nogroup
	)
	mode := modePod
	for i := 0; i < len(geesefs.meta.MountOptions); i++ {
		} else {
			args = append(args, geesefs.meta.MountOptions[i])
		}
	}
	for i := 0; i < len(geesefs.meta.MountOptions); i++ {
		opt := geesefs.meta.MountOptions[i]
		if opt == "--no-systemd" || opt == "--use-exec" {
			mode = modeExec
		} else if opt == "--use-systemd" {
			mode = modeSystemd
		} else if len(opt) > 0 && opt[0] == '-' {
			// Remove unsafe options
			s := 1
			if len(opt) > 1 && opt[1] == '-' {
				s++
			}
			key := opt[s:]
			e := strings.Index(opt, "=")
			if e >= 0 {
				key = opt[s:e]
			}
			if key == "log-file" || key == "shared-config" || key == "cache" {
				// Skip options accessing local FS
				if e < 0 {
					i++
				}
			} else if key != "" {
				args = append(args, opt)
			}
		} else if len(opt) > 0 {
			args = append(args, opt)
		}
	}
	args = append(args, fullPath, target)
	// Try to start geesefs using systemd so it doesn't get killed when the container exits
	if mode == 1 {
		return geesefs.MountSystemd(target, volumeID, args)
	} else if mode == 2 {
		return geesefs.MountPod(ctx, target, volumeID, args)
	}
	return geesefs.MountDirect(target, args)
}

func (geesefs *geesefsMounter) MountPod(ctx context.Context, target, volumeID string, args []string) error {
	if clientset == nil {
		cfg, err := rest.InClusterConfig()
		if err != nil {
			glog.Error(err.Error())
			return err
		}
		clientset, err = kubernetes.NewForConfig(cfg)
		if err != nil {
			glog.Error(err.Error())
			return err
		}
	}
	myNodeName := os.Getenv("MY_NODE_NAME")
	podName := "csi-s3-mount-"+volumeID+"-"+myNodeName
	priv := true
	mp := api.MountPropagationBidirectional
	hpt := api.HostPathDirectoryOrCreate
	clientset.CoreV1().Pods("kube-system").Delete(ctx, podName, meta.DeleteOptions{})
	_, err := clientset.CoreV1().Pods("kube-system").Create(ctx, &api.Pod{
		TypeMeta: meta.TypeMeta{
			Kind: "Pod",
			APIVersion: "v1",
		},
		ObjectMeta: meta.ObjectMeta{
			Namespace: "kube-system",
			Name: podName,
		},
		Spec: api.PodSpec{
			Containers: []api.Container{ {
				Name: "mounter",
				Image: os.Getenv("MY_CONTAINER_IMAGE"),
				Command: []string{ "/usr/bin/geesefs" },
				Args: append([]string{
					"--endpoint", geesefs.endpoint,
					"-o", "allow_other",
					"--log-file", "/dev/stderr", "-f",
				}, args...),
				Env: []api.EnvVar{
					{ Name: "AWS_ACCESS_KEY_ID", Value: geesefs.accessKeyID },
					{ Name: "AWS_SECRET_ACCESS_KEY", Value: geesefs.secretAccessKey },
				},
				VolumeMounts: []api.VolumeMount{
					{
						Name: "stage-dir",
						MountPath: filepath.Dir(target),
						MountPropagation: &mp,
					},
					{
						Name: "fuse-device",
						MountPath: "/dev/fuse",
					},
				},
				SecurityContext: &api.SecurityContext{
					Privileged: &priv,
					Capabilities: &api.Capabilities{
						Add: []api.Capability{ "SYS_ADMIN" },
					},
				},
			} },
			RestartPolicy: "Never",
			Volumes: []api.Volume{
				{
					Name: "stage-dir",
					VolumeSource: api.VolumeSource{
						HostPath: &api.HostPathVolumeSource{
							Path: filepath.Dir(target),
							Type: &hpt,
						},
					},
				},
				{
					Name: "fuse-device",
					VolumeSource: api.VolumeSource{
						HostPath: &api.HostPathVolumeSource{
							Path: "/dev/fuse",
						},
					},
				},
			},
			NodeName: myNodeName,
		},
	}, meta.CreateOptions{})
	if err != nil {
		glog.Error(err.Error())
		return err
	}
	return waitForMount(target, 20*time.Second)
}

func (geesefs *geesefsMounter) MountDirect(target string, args []string) error {
	args = append([]string{
		"--endpoint", geesefs.endpoint,
		"-o", "allow_other",
		"--log-file", "/dev/stderr",
	}, args...)
	envs := []string{
		"AWS_ACCESS_KEY_ID=" + geesefs.accessKeyID,
		"AWS_SECRET_ACCESS_KEY=" + geesefs.secretAccessKey,
	}
	return fuseMount(target, geesefsCmd, args, envs)
}

type execCmd struct {
	Path             string
	Args             []string
	UncleanIsFailure bool
}

func (geesefs *geesefsMounter) MountSystemd(target, volumeID string, args []string) error {
	conn, err := systemd.New()
	if err != nil {
		glog.Errorf("Failed to connect to systemd dbus service: %v, starting geesefs directly", err)
		return err
	}
	defer conn.Close()
	// systemd is present
	if err = geesefs.CopyBinary("/usr/bin/geesefs", "/csi/geesefs"); err != nil {
		return err
	}
	pluginDir := os.Getenv("PLUGIN_DIR")
	if pluginDir == "" {
		pluginDir = "/var/lib/kubelet/plugins/ru.yandex.s3.csi"
	}
	args = append([]string{pluginDir+"/geesefs", "-f", "-o", "allow_other", "--endpoint", geesefs.endpoint}, args...)
	glog.Info("Starting geesefs using systemd: "+strings.Join(args, " "))
	unitName := "geesefs-"+systemd.PathBusEscape(volumeID)+".service"
	newProps := []systemd.Property{
		systemd.Property{
			Name: "Description",
			Value: dbus.MakeVariant("GeeseFS mount for Kubernetes volume "+volumeID),
		},
		systemd.PropExecStart(args, false),
		systemd.Property{
			Name: "ExecStopPost",
			// force & lazy unmount to cleanup possibly dead mountpoints
			Value: dbus.MakeVariant([]execCmd{ execCmd{ "/bin/umount", []string{ "/bin/umount", "-f", "-l", target }, false } }),
		},
		systemd.Property{
			Name: "Environment",
			Value: dbus.MakeVariant([]string{ "AWS_ACCESS_KEY_ID="+geesefs.accessKeyID, "AWS_SECRET_ACCESS_KEY="+geesefs.secretAccessKey }),
		},
		systemd.Property{
			Name: "CollectMode",
			Value: dbus.MakeVariant("inactive-or-failed"),
		},
	}
	unitProps, err := conn.GetAllProperties(unitName)
	if err == nil {
		// Unit already exists
		if s, ok := unitProps["ActiveState"].(string); ok && (s == "active" || s == "activating" || s == "reloading") {
			// Unit is already active
			curPath := ""
			prevExec, ok := unitProps["ExecStart"].([][]interface{})
			if ok && len(prevExec) > 0 && len(prevExec[0]) >= 2 {
				execArgs, ok := prevExec[0][1].([]string)
				if ok && len(execArgs) >= 2 {
					curPath = execArgs[len(execArgs)-1]
				}
			}
			if curPath != target {
				return fmt.Errorf(
					"GeeseFS for volume %v is already mounted on host, but"+
					" in a different directory. We want %v, but it's in %v",
					volumeID, target, curPath,
				)
			}
			// Already mounted at right location
			return nil
		} else {
			// Stop and garbage collect the unit if automatic collection didn't work for some reason
			conn.StopUnit(unitName, "replace", nil)
			conn.ResetFailedUnit(unitName)
		}
	}
	_, err = conn.StartTransientUnit(unitName, "replace", newProps, nil)
	if err != nil {
		return fmt.Errorf("Error starting systemd unit %s on host: %v", unitName, err)
	}
	return waitForMount(target, 10*time.Second)
}
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`package mounter`

			`import (`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`"context"`
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`"fmt"`
			`"os"`
Filter out unsafe options 2023-04-26 08:47:00 +00:00			`"strings"`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`"time"`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`"path/filepath"`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00
			`systemd "github.com/coreos/go-systemd/v22/dbus"`
			`dbus "github.com/godbus/dbus/v5"`
Implement mounting via stage directory Previously, multiple containers with the same mounted volume resulted in multiple FUSE processes. This behaviour was breaking parallel modifications from different containers, consumed extra resources, and after mounting via systemd was introduced, led to the total inability to mount the same volume into multiple containers on the same host. Now only one FUSE process is started per volume, per host. 2023-03-06 21:41:41 +00:00			`"github.com/golang/glog"`
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`"k8s.io/client-go/kubernetes"`
			`"k8s.io/client-go/rest"`
			`api "k8s.io/api/core/v1"`
			`meta "k8s.io/apimachinery/pkg/apis/meta/v1"`

Rename repository to k8s-csi-s3 2021-08-24 10:33:26 +00:00			`"github.com/yandex-cloud/k8s-csi-s3/pkg/s3"`
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`)`

			`const (`
			`geesefsCmd = "geesefs"`
			`)`

			`// Implements Mounter`
			`type geesefsMounter struct {`
			`meta *s3.FSMeta`
			`endpoint string`
			`region string`
			`accessKeyID string`
			`secretAccessKey string`
			`}`

WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`var clientset *kubernetes.Clientset`

Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`func newGeeseFSMounter(meta s3.FSMeta, cfg s3.Config) (Mounter, error) {`
			`return &geesefsMounter{`
			`meta: meta,`
			`endpoint: cfg.Endpoint,`
Remove default region 2021-07-27 10:53:34 +00:00			`region: cfg.Region,`
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`accessKeyID: cfg.AccessKeyID,`
			`secretAccessKey: cfg.SecretAccessKey,`
			`}, nil`
			`}`

Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`func (geesefs *geesefsMounter) CopyBinary(from, to string) error {`
			`st, err := os.Stat(from)`
			`if err != nil {`
			`return fmt.Errorf("Failed to stat %s: %v", from, err)`
			`}`
			`st2, err := os.Stat(to)`
			`if err != nil && !os.IsNotExist(err) {`
			`return fmt.Errorf("Failed to stat %s: %v", to, err)`
			`}`
			`if err != nil \|\| st2.Size() != st.Size() \|\| st2.ModTime() != st.ModTime() {`
			`if err == nil {`
			`// remove the file first to not hit "text file busy" errors`
			`err = os.Remove(to)`
			`if err != nil {`
			`return fmt.Errorf("Error removing %s to update it: %v", to, err)`
			`}`
			`}`
			`bin, err := os.ReadFile(from)`
			`if err != nil {`
			`return fmt.Errorf("Error copying %s to %s: %v", from, to, err)`
			`}`
			`err = os.WriteFile(to, bin, 0755)`
			`if err != nil {`
			`return fmt.Errorf("Error copying %s to %s: %v", from, to, err)`
			`}`
			`err = os.Chtimes(to, st.ModTime(), st.ModTime())`
			`if err != nil {`
			`return fmt.Errorf("Error copying %s to %s: %v", from, to, err)`
			`}`
			`}`
			`return nil`
			`}`

WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`func (geesefs *geesefsMounter) Mount(ctx context.Context, target, volumeID string) error {`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`fullPath := fmt.Sprintf("%s:%s", geesefs.meta.BucketName, geesefs.meta.Prefix)`
			`var args []string`
Do not pass empty region, use stderr for GeeseFS log 2021-09-07 10:37:04 +00:00			`if geesefs.region != "" {`
			`args = append(args, "--region", geesefs.region)`
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`}`
Drop geesefs root privileges 2023-03-04 10:03:58 +00:00			`args = append(`
			`args,`
			`"--setuid", "65534", // nobody. drop root privileges`
			`"--setgid", "65534", // nogroup`
			`)`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`mode := modePod`
			`for i := 0; i < len(geesefs.meta.MountOptions); i++ {`
			`} else {`
			`args = append(args, geesefs.meta.MountOptions[i])`
			`}`
			`}`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`for i := 0; i < len(geesefs.meta.MountOptions); i++ {`
Filter out unsafe options 2023-04-26 08:47:00 +00:00			`opt := geesefs.meta.MountOptions[i]`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`if opt == "--no-systemd" \|\| opt == "--use-exec" {`
			`mode = modeExec`
			`} else if opt == "--use-systemd" {`
			`mode = modeSystemd`
Filter out unsafe options 2023-04-26 08:47:00 +00:00			`} else if len(opt) > 0 && opt[0] == '-' {`
			`// Remove unsafe options`
			`s := 1`
			`if len(opt) > 1 && opt[1] == '-' {`
			`s++`
			`}`
			`key := opt[s:]`
			`e := strings.Index(opt, "=")`
			`if e >= 0 {`
			`key = opt[s:e]`
			`}`
			`if key == "log-file" \|\| key == "shared-config" \|\| key == "cache" {`
			`// Skip options accessing local FS`
			`if e < 0 {`
			`i++`
			`}`
			`} else if key != "" {`
			`args = append(args, opt)`
			`}`
			`} else if len(opt) > 0 {`
			`args = append(args, opt)`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`}`
			`}`
geesefs/goofys does not accept options after arguments because of urfave/cli 2021-07-27 10:49:43 +00:00			`args = append(args, fullPath, target)`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`// Try to start geesefs using systemd so it doesn't get killed when the container exits`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`if mode == 1 {`
			`return geesefs.MountSystemd(target, volumeID, args)`
			`} else if mode == 2 {`
			`return geesefs.MountPod(ctx, target, volumeID, args)`
			`}`
			`return geesefs.MountDirect(target, args)`
			`}`

			`func (geesefs *geesefsMounter) MountPod(ctx context.Context, target, volumeID string, args []string) error {`
			`if clientset == nil {`
			`cfg, err := rest.InClusterConfig()`
			`if err != nil {`
			`glog.Error(err.Error())`
			`return err`
			`}`
			`clientset, err = kubernetes.NewForConfig(cfg)`
			`if err != nil {`
			`glog.Error(err.Error())`
			`return err`
			`}`
			`}`
			`myNodeName := os.Getenv("MY_NODE_NAME")`
			`podName := "csi-s3-mount-"+volumeID+"-"+myNodeName`
			`priv := true`
			`mp := api.MountPropagationBidirectional`
			`hpt := api.HostPathDirectoryOrCreate`
			`clientset.CoreV1().Pods("kube-system").Delete(ctx, podName, meta.DeleteOptions{})`
			`_, err := clientset.CoreV1().Pods("kube-system").Create(ctx, &api.Pod{`
			`TypeMeta: meta.TypeMeta{`
			`Kind: "Pod",`
			`APIVersion: "v1",`
			`},`
			`ObjectMeta: meta.ObjectMeta{`
			`Namespace: "kube-system",`
			`Name: podName,`
			`},`
			`Spec: api.PodSpec{`
			`Containers: []api.Container{ {`
			`Name: "mounter",`
			`Image: os.Getenv("MY_CONTAINER_IMAGE"),`
			`Command: []string{ "/usr/bin/geesefs" },`
			`Args: append([]string{`
			`"--endpoint", geesefs.endpoint,`
			`"-o", "allow_other",`
			`"--log-file", "/dev/stderr", "-f",`
			`}, args...),`
			`Env: []api.EnvVar{`
			`{ Name: "AWS_ACCESS_KEY_ID", Value: geesefs.accessKeyID },`
			`{ Name: "AWS_SECRET_ACCESS_KEY", Value: geesefs.secretAccessKey },`
			`},`
			`VolumeMounts: []api.VolumeMount{`
			`{`
			`Name: "stage-dir",`
			`MountPath: filepath.Dir(target),`
			`MountPropagation: &mp,`
			`},`
			`{`
			`Name: "fuse-device",`
			`MountPath: "/dev/fuse",`
			`},`
			`},`
			`SecurityContext: &api.SecurityContext{`
			`Privileged: &priv,`
			`Capabilities: &api.Capabilities{`
			`Add: []api.Capability{ "SYS_ADMIN" },`
			`},`
			`},`
			`} },`
			`RestartPolicy: "Never",`
			`Volumes: []api.Volume{`
			`{`
			`Name: "stage-dir",`
			`VolumeSource: api.VolumeSource{`
			`HostPath: &api.HostPathVolumeSource{`
			`Path: filepath.Dir(target),`
			`Type: &hpt,`
			`},`
			`},`
			`},`
			`{`
			`Name: "fuse-device",`
			`VolumeSource: api.VolumeSource{`
			`HostPath: &api.HostPathVolumeSource{`
			`Path: "/dev/fuse",`
			`},`
			`},`
			`},`
			`},`
			`NodeName: myNodeName,`
			`},`
			`}, meta.CreateOptions{})`
			`if err != nil {`
			`glog.Error(err.Error())`
			`return err`
			`}`
			`return waitForMount(target, 20*time.Second)`
			`}`

			`func (geesefs *geesefsMounter) MountDirect(target string, args []string) error {`
			`args = append([]string{`
			`"--endpoint", geesefs.endpoint,`
			`"-o", "allow_other",`
			`"--log-file", "/dev/stderr",`
			`}, args...)`
			`envs := []string{`
			`"AWS_ACCESS_KEY_ID=" + geesefs.accessKeyID,`
			`"AWS_SECRET_ACCESS_KEY=" + geesefs.secretAccessKey,`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`}`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`return fuseMount(target, geesefsCmd, args, envs)`
			`}`

			`type execCmd struct {`
			`Path string`
			`Args []string`
			`UncleanIsFailure bool`
			`}`

			`func (geesefs *geesefsMounter) MountSystemd(target, volumeID string, args []string) error {`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`conn, err := systemd.New()`
			`if err != nil {`
Implement mounting via stage directory Previously, multiple containers with the same mounted volume resulted in multiple FUSE processes. This behaviour was breaking parallel modifications from different containers, consumed extra resources, and after mounting via systemd was introduced, led to the total inability to mount the same volume into multiple containers on the same host. Now only one FUSE process is started per volume, per host. 2023-03-06 21:41:41 +00:00			`glog.Errorf("Failed to connect to systemd dbus service: %v, starting geesefs directly", err)`
WIP Start GeeseFS in separate pods instead of using systemd 2023-04-25 22:39:22 +00:00			`return err`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`}`
			`defer conn.Close()`
			`// systemd is present`
			`if err = geesefs.CopyBinary("/usr/bin/geesefs", "/csi/geesefs"); err != nil {`
			`return err`
			`}`
			`pluginDir := os.Getenv("PLUGIN_DIR")`
			`if pluginDir == "" {`
			`pluginDir = "/var/lib/kubelet/plugins/ru.yandex.s3.csi"`
			`}`
			`args = append([]string{pluginDir+"/geesefs", "-f", "-o", "allow_other", "--endpoint", geesefs.endpoint}, args...)`
Filter out unsafe options 2023-04-26 08:47:00 +00:00			`glog.Info("Starting geesefs using systemd: "+strings.Join(args, " "))`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`unitName := "geesefs-"+systemd.PathBusEscape(volumeID)+".service"`
Implement mounting via stage directory Previously, multiple containers with the same mounted volume resulted in multiple FUSE processes. This behaviour was breaking parallel modifications from different containers, consumed extra resources, and after mounting via systemd was introduced, led to the total inability to mount the same volume into multiple containers on the same host. Now only one FUSE process is started per volume, per host. 2023-03-06 21:41:41 +00:00			`newProps := []systemd.Property{`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`systemd.Property{`
			`Name: "Description",`
			`Value: dbus.MakeVariant("GeeseFS mount for Kubernetes volume "+volumeID),`
			`},`
			`systemd.PropExecStart(args, false),`
Cleanup mounts after stopping them using systemd 2023-05-23 10:02:32 +00:00			`systemd.Property{`
			`Name: "ExecStopPost",`
			`// force & lazy unmount to cleanup possibly dead mountpoints`
			`Value: dbus.MakeVariant([]execCmd{ execCmd{ "/bin/umount", []string{ "/bin/umount", "-f", "-l", target }, false } }),`
			`},`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`systemd.Property{`
			`Name: "Environment",`
			`Value: dbus.MakeVariant([]string{ "AWS_ACCESS_KEY_ID="+geesefs.accessKeyID, "AWS_SECRET_ACCESS_KEY="+geesefs.secretAccessKey }),`
			`},`
			`systemd.Property{`
			`Name: "CollectMode",`
			`Value: dbus.MakeVariant("inactive-or-failed"),`
			`},`
			`}`
Implement mounting via stage directory Previously, multiple containers with the same mounted volume resulted in multiple FUSE processes. This behaviour was breaking parallel modifications from different containers, consumed extra resources, and after mounting via systemd was introduced, led to the total inability to mount the same volume into multiple containers on the same host. Now only one FUSE process is started per volume, per host. 2023-03-06 21:41:41 +00:00			`unitProps, err := conn.GetAllProperties(unitName)`
			`if err == nil {`
			`// Unit already exists`
			`if s, ok := unitProps["ActiveState"].(string); ok && (s == "active" \|\| s == "activating" \|\| s == "reloading") {`
			`// Unit is already active`
			`curPath := ""`
			`prevExec, ok := unitProps["ExecStart"].([][]interface{})`
			`if ok && len(prevExec) > 0 && len(prevExec[0]) >= 2 {`
			`execArgs, ok := prevExec[0][1].([]string)`
			`if ok && len(execArgs) >= 2 {`
			`curPath = execArgs[len(execArgs)-1]`
			`}`
			`}`
			`if curPath != target {`
			`return fmt.Errorf(`
			`"GeeseFS for volume %v is already mounted on host, but"+`
			`" in a different directory. We want %v, but it's in %v",`
			`volumeID, target, curPath,`
			`)`
			`}`
			`// Already mounted at right location`
			`return nil`
			`} else {`
			`// Stop and garbage collect the unit if automatic collection didn't work for some reason`
			`conn.StopUnit(unitName, "replace", nil)`
			`conn.ResetFailedUnit(unitName)`
			`}`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`}`
Implement mounting via stage directory Previously, multiple containers with the same mounted volume resulted in multiple FUSE processes. This behaviour was breaking parallel modifications from different containers, consumed extra resources, and after mounting via systemd was introduced, led to the total inability to mount the same volume into multiple containers on the same host. Now only one FUSE process is started per volume, per host. 2023-03-06 21:41:41 +00:00			`_, err = conn.StartTransientUnit(unitName, "replace", newProps, nil)`
Implement support for running geesefs OUTSIDE of the container using systemd to not crash mountpoints when csi-s3 is upgraded or restarted 2023-03-02 13:12:41 +00:00			`if err != nil {`
			`return fmt.Errorf("Error starting systemd unit %s on host: %v", unitName, err)`
			`}`
			`return waitForMount(target, 10*time.Second)`
Rename Goofys mounter to GeeseFS and use it by default 2021-07-26 11:51:19 +00:00			`}`