You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: spec.md
+8-8
Original file line number
Diff line number
Diff line change
@@ -265,7 +265,7 @@ The full list of plugin capabilities is documented in the `ControllerGetCapabili
265
265
266
266
The purpose of the `QUARANTINE_S`, `QUARANTINE_P`, and `QUARANTINE_SP` states are to enable recovery from node problems.
267
267
Because CSI is designed to be used in distributed systems, it is inevitable that sometimes volumes will become attached to nodes that get stuck or lost, temporarily or permanently.
268
-
Rather than require an administrator to manually clean up such situation, CSI offers a way disconnect a volume from a node "out of order" such that a volume can be disconnected from a problematic node, and safely connected to a different node, and the node can be reliably and safely cleaned up before accessing that volume again, as opposed to the normal path where the node must confirm a volume is disconnected before the controller can unpublish it.
268
+
Rather than require an administrator to manually clean up in such a situation, CSI offers a way to disconnect a volume from a node "out of order" such that a volume can be disconnected from problematic *node A*, and safely connected to a different *node B*, and then *node A*can be reliably and safely cleaned up before accessing that volume again; as opposed to the normal path whereby *node A*must confirm a volume is disconnected before the controller can unpublish it.
269
269
270
270
## Container Storage Interface
271
271
@@ -1303,13 +1303,13 @@ The CO MUST implement the specified error recovery behavior when it encounters t
1303
1303
1304
1304
Controller Plugin MUST implement this RPC call if it has `PUBLISH_UNPUBLISH_VOLUME` controller capability.
1305
1305
This RPC is a reverse operation of `ControllerPublishVolume`.
1306
-
It MUST be called after all`NodeUnstageVolume` and `NodeUnpublishVolume` on the volume are called and succeed unless the plugin has the `UNPUBLISH_FENCE` capability.
1306
+
It MUST be called after both`NodeUnstageVolume` and `NodeUnpublishVolume` on the volume are called and succeed unless the plugin has the `UNPUBLISH_FENCE` capability.
1307
1307
The Plugin SHOULD perform the work that is necessary for making the volume ready to be consumed by a different node.
1308
1308
The Plugin MUST NOT assume that this RPC will be executed on the node where the volume was previously used.
1309
1309
1310
1310
If the plugin has the `UNPUBLISH_FENCE` capability, the CO MAY specify `fence` as `true`, in which case the SP MUST ensure that the node may no longer access the volume before returning a successful response.
1311
1311
This results in a transition into one of the `QUARANTINE` states where the node must be cleaned up without being able to access the volume like usual.
1312
-
This is intended cut off an unreachable node from accessing volumes so those volumes may be safely published to another node.
1312
+
This is intended to cut off an unreachable node from accessing volumes so those volumes may be safely published to another node.
1313
1313
Once in one of the `QUARANTINE` states the volume MAY NOT be published to that node again until appropriate cleanup has happened using `NodeUnpublishVolume` and `NodeUnstageVolume` (if applicable).
1314
1314
1315
1315
This RPC is typically called by the CO when the workload using the volume is being moved to a different node, or all the workload using the volume on a node has finished.
// Indicates the SP supports ControllerUnpublishVolume.fence
1735
-
// field.
1734
+
// Indicates the SP supports the
1735
+
// ControllerUnpublishVolume.fence field.
1736
1736
UNPUBLISH_FENCE = 13 [(alpha_enum_value) = true];
1737
1737
}
1738
1738
@@ -2191,7 +2191,7 @@ This RPC is a reverse operation of `NodeStageVolume`.
2191
2191
This RPC MUST undo the work by the corresponding `NodeStageVolume`.
2192
2192
This RPC SHALL be called by the CO once for each `staging_target_path` that was successfully setup via `NodeStageVolume`.
2193
2193
2194
-
If the corresponding Controller Plugin has `PUBLISH_UNPUBLISH_VOLUME` controller capability and the Node Plugin has `STAGE_UNSTAGE_VOLUME` capability, the CO MUST guarantee that this RPC is called and returns success before calling `ControllerUnpublishVolume` for the given node and the given volume, unless the Controller Plugin has `UNPUBLISH_FENCE` capability and the Node Plugin has the `FORCE_UNPUBLISH` capability and the `force` flag is `true`.
2194
+
If the corresponding Controller Plugin has the `PUBLISH_UNPUBLISH_VOLUME` controller capability and the Node Plugin has the `STAGE_UNSTAGE_VOLUME` capability, the CO MUST guarantee that this RPC is called and returns success before calling `ControllerUnpublishVolume` for the given node and the given volume, unless the Controller Plugin has the`UNPUBLISH_FENCE` capability and the Node Plugin has the `FORCE_UNPUBLISH` capability and the `force` flag is `true`.
2195
2195
The CO MUST guarantee that this RPC is called after all `NodeUnpublishVolume` have been called and returned success for the given volume on the given node.
2196
2196
2197
2197
If the Node Plugin has the `FORCE_UNPUBLISH` capability, the CO MAY specify `force` as `true` in which case the Node Plugin MUST support unstaging volumes even when access has been revoked with `ControllerUnpublishVolume`.
@@ -2364,12 +2364,12 @@ A Node Plugin MUST implement this RPC call.
2364
2364
This RPC is a reverse operation of `NodePublishVolume`.
2365
2365
This RPC MUST undo the work by the corresponding `NodePublishVolume`.
2366
2366
This RPC SHALL be called by the CO at least once for each `target_path` that was successfully setup via `NodePublishVolume`.
2367
-
If the corresponding Controller Plugin has `PUBLISH_UNPUBLISH_VOLUME` controller capability, the CO SHOULD issue all `NodeUnpublishVolume` (as specified above) before calling `ControllerUnpublishVolume` for the given node and the given volume, unless the Controller Plugin has `UNPUBLISH_FENCE` capability and the Node Plugin has the `FORCE_UNPUBLISH` capability and the `force` flag is `true`.
2367
+
If the corresponding Controller Plugin has the `PUBLISH_UNPUBLISH_VOLUME` controller capability, the CO SHOULD issue `NodeUnpublishVolume` (as specified above) before calling `ControllerUnpublishVolume` for the given node and the given volume, unless the Controller Plugin has the`UNPUBLISH_FENCE` capability and the Node Plugin has the `FORCE_UNPUBLISH` capability and the `force` flag is `true`.
2368
2368
The Plugin SHALL assume that this RPC will be executed on the node where the volume is being used.
2369
2369
2370
2370
If the Node Plugin has the `FORCE_UNPUBLISH` capability, the CO MAY specify `force` as `true` in which case the Node Plugin MUST support unpublishing volumes even when access has been revoked with `ControllerUnpublishVolume`.
2371
2371
Because data loss is inevitable in such circumstances, the `force` flag is an indication that success is desired even if it means losing data.
2372
-
It is essential that after a successful call to `NodeUnpublishVolume` that there will be no buffered data on the node related to the volume which might result in unintetional modification of the volume if it was to be subsequently re-published to that node.
2372
+
It is essential that after a successful call to `NodeUnpublishVolume` that there will be no buffered data on the node related to the volume that might result in unintentional modification of the volume if it was to be subsequently re-published to that node.
2373
2373
2374
2374
This RPC is typically called by the CO when the workload using the volume is being moved to a different node, or all the workload using the volume on a node has finished.
0 commit comments