diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index e5ae404ed..44094969a 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -34,6 +34,11 @@ jobs: env: CGO_ENABLED: 0 GO111MODULE: on + MINIO_KMS_KES_CERT_FILE: /home/runner/work/minio/minio/.github/workflows/root.cert + MINIO_KMS_KES_KEY_FILE: /home/runner/work/minio/minio/.github/workflows/root.key + MINIO_KMS_KES_ENDPOINT: "https://play.min.io:7373" + MINIO_KMS_KES_KEY_NAME: "my-minio-key" + MINIO_KMS_AUTO_ENCRYPTION: on run: | sudo sysctl net.ipv6.conf.all.disable_ipv6=0 sudo sysctl net.ipv6.conf.default.disable_ipv6=0 diff --git a/.github/workflows/root.cert b/.github/workflows/root.cert new file mode 100644 index 000000000..5f220f79b --- /dev/null +++ b/.github/workflows/root.cert @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBKDCB26ADAgECAhB6vebGMUfKnmBKyqoApRSOMAUGAytlcDAbMRkwFwYDVQQD +DBByb290QHBsYXkubWluLmlvMB4XDTIwMDQzMDE1MjIyNVoXDTI1MDQyOTE1MjIy +NVowGzEZMBcGA1UEAwwQcm9vdEBwbGF5Lm1pbi5pbzAqMAUGAytlcAMhALzn735W +fmSH/ghKs+4iPWziZMmWdiWr/sqvqeW+WwSxozUwMzAOBgNVHQ8BAf8EBAMCB4Aw +EwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAFBgMrZXADQQDZOrGK +b2ATkDlu2pTcP3LyhSBDpYh7V4TvjRkBTRgjkacCzwFLm+mh+7US8V4dBpIDsJ4u +uWoF0y6vbLVGIlkG +-----END CERTIFICATE----- diff --git a/.github/workflows/root.key b/.github/workflows/root.key new file mode 100644 index 000000000..53a47e25d --- /dev/null +++ b/.github/workflows/root.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEID9E7FSYWrMD+VjhI6q545cYT9YOyFxZb7UnjEepYDRc +-----END PRIVATE KEY----- diff --git a/cmd/config/constants.go b/cmd/config/constants.go index deab78c03..c792559f8 100644 --- a/cmd/config/constants.go +++ b/cmd/config/constants.go @@ -37,6 +37,8 @@ const ( EnvArgs = "MINIO_ARGS" EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT" + EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE" + EnvUpdate = "MINIO_UPDATE" EnvKMSMasterKey = "MINIO_KMS_MASTER_KEY" // legacy diff --git a/cmd/xl-storage.go b/cmd/xl-storage.go index 3ec61c480..cb0c45d8c 100644 --- a/cmd/xl-storage.go +++ b/cmd/xl-storage.go @@ -223,34 +223,27 @@ func newXLStorage(ep Endpoint) (*xlStorage, error) { if env.Get("MINIO_CI_CD", "") != "" { rootDisk = true } else { - if IsDocker() || IsKubernetes() { - // Start with overlay "/" to check if - // possible the path has device id as - // "overlay" that would mean the path - // is emphemeral and we should treat it - // as root disk from the baremetal - // terminology. - rootDisk, err = disk.IsRootDisk(path, SlashSeparator) - if err != nil { - return nil, err - } - if !rootDisk { - // No root disk was found, its possible that - // path is referenced at "/etc/hosts" which has - // different device ID that points to the original - // "/" on the host system, fall back to that instead - // to verify of the device id is same. - rootDisk, err = disk.IsRootDisk(path, "/etc/hosts") + rootDisk, err = disk.IsRootDisk(path, SlashSeparator) + if err != nil { + return nil, err + } + if !rootDisk { + // If for some reason we couldn't detect the + // root disk use - MINIO_ROOTDISK_THRESHOLD_SIZE + // to figure out if the disk is root disk or not. + if rootDiskSize := env.Get(config.EnvRootDiskThresholdSize, ""); rootDiskSize != "" { + info, err := disk.GetInfo(path) if err != nil { return nil, err } - } - - } else { - // On baremetal setups its always "/" is the root disk. - rootDisk, err = disk.IsRootDisk(path, SlashSeparator) - if err != nil { - return nil, err + size, err := humanize.ParseBytes(rootDiskSize) + if err != nil { + return nil, err + } + // size of the disk is less than the threshold or + // equal to the size of the disk at path, treat + // such disks as rootDisks and reject them. + rootDisk = info.Total <= size } } }