Skip to content

feat: simplify pipeline, add direct TLS transport, and improve Ceph workers#24

Merged
Rakshith-R merged 7 commits into
RamenDR:mainfrom
Rakshith-R:clean-super-fast
May 18, 2026
Merged

feat: simplify pipeline, add direct TLS transport, and improve Ceph workers#24
Rakshith-R merged 7 commits into
RamenDR:mainfrom
Rakshith-R:clean-super-fast

Conversation

@Rakshith-R

@Rakshith-R Rakshith-R commented May 18, 2026

Copy link
Copy Markdown
Collaborator

Summary

Refactor the data transfer pipeline and Ceph worker implementations for better
performance, reliability, and maintainability.

Pipeline simplification

  • Remove hash-based deduplication and LZ4 compression stages, reducing pipeline
    from 6 stages to 3 (Read → SendData → gRPC)
  • Remove hash RPCs from protobuf API
  • Increase max chunk size to 16MB; match gRPC send/recv buffer sizes (16MB)
  • Add transfer stats tracking and comprehensive pipeline test suite (1007 lines)

Direct TLS transport

  • Add direct TLS listener and client as an alternative to stunnel for gRPC
    transport, eliminating the stunnel process dependency
  • Generate ephemeral ECDSA P-256 certificates (10h validity) with fingerprint
    verification
  • Add direct-tls port to all mover services

CephFS worker improvements

  • Add fallocate-based zero-range support
  • Improve block iterator: split large extents (>16MB), small-file threshold
    bypass, buffered boundary emission (fixes deadlock)
  • Remove hash server (superseded by simplified pipeline)

RBD worker improvements

  • Enable whole-object mode in block diff iterator
  • Add fallocate-based zero-range support
  • Remove hash server

Mover configuration

  • Fetch ceph-csi-config ConfigMap via Kubernetes API instead of volume mount
  • Extract ReadClusterInfoFromData for in-memory config parsing
  • Add FSGroupChangeOnRootMismatch and spc_t SELinux context to mover pods
  • Fix RBD FilesystemMode → Block PVC volume mode annotation

Rsync tunnel

  • Fix race-free premature-exit detection (channel-based vs signal probing)
  • Increase max connections 4 → 8; add munge symlinks = no

Rakshith-R added 7 commits May 18, 2026 15:25
@Rakshith-R
refactor: simplify data transfer pipeline - remove hash dedup and LZ4…
9c4cc82 
… compression

Remove hash-based deduplication and LZ4 compression stages from the pipeline,
reducing it from 6 stages to 3 (Read → SendData → gRPC). Remove corresponding
hash RPCs from the protobuf API. Add transfer stats tracking and comprehensive
pipeline test suite. Increase max chunk size to 16MB.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R
feat: add direct TLS transport and common worker infrastructure
4b2a9b8 
Add direct TLS listener and client as an alternative to stunnel for gRPC
transport. Add TLS certificate generation helpers, CopyUID/CopyGID utilities,
and refactor base source/destination implementations.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R
feat: improve CephFS worker - zero-range support and block iterator e…
f748d3c 
…nhancements

Add fallocate-based zero-range support for CephFS. Improve block iterator with
large block splitting (>16MB), small file threshold bypass, and buffered boundary
emission to prevent deadlocks. Remove hash server (superseded by simplified
pipeline). Add destination tests.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R
feat: improve RBD worker - whole-object mode and zero-range support
3a9c4cc 
Enable whole-object mode in RBD block diff iterator for better performance.
Add fallocate-based zero-range support for RBD. Remove hash server (superseded
by simplified pipeline). Add source and zero-range tests.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R
refactor: fetch ceph-csi-config via k8s API and improve mover configu…
2221c5a 
…ration

Refactor mover to fetch ceph-csi-config ConfigMap via Kubernetes API instead
of volume mount. Extract ReadClusterInfoFromData for in-memory config parsing.
Add direct-TLS port to services. Improve pod security with FSGroupChangeOnRootMismatch
and spc_t SELinux context. Fix RBD snapshot volume mode annotation. Add tests for
secrets, snapshot method, and CSI config parsing.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R
fix: improve rsync tunnel reliability and mover pod security
1ebe402 
Fix race-free premature-exit detection in rsync daemon using channel-based
select instead of signal probing. Increase max connections from 4 to 8. Add
munge symlinks and SELinux label/numeric ID sync for rsync passes. Add SCC
rules for mover pods.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R
chore: update build configuration and e2e test helpers
3d69b06 
Add ceph-csi-config name/namespace env var substitution to Makefile deploy,
build-installer, and bundle targets. Update manager deployment with ConfigMap
env vars. Add retry-on-conflict to e2e spec update helpers.

Assisted-by: Claude <noreply@anthropic.com>
Signed-off-by: Rakshith R <rar@redhat.com>
@Rakshith-R Rakshith-R merged commit 2a0c67f into RamenDR:main May 18, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Rakshith-R