add root_disk threshold detection (#12259)

as there is no automatic way to detect if there
is a root disk mounted on / or /var for the container
environments due to how the root disk information
is masked inside overlay root inside container.

this PR brings an environment variable to set
root disk size threshold manually to detect the
root disks in such situations.

.github/workflows/go.yml

@@ -34,6 +34,11 @@ jobs:
         env:
           CGO_ENABLED: 0
           GO111MODULE: on
+          MINIO_KMS_KES_CERT_FILE: /home/runner/work/minio/minio/.github/workflows/root.cert
+          MINIO_KMS_KES_KEY_FILE: /home/runner/work/minio/minio/.github/workflows/root.key
+          MINIO_KMS_KES_ENDPOINT: "https://play.min.io:7373"
+          MINIO_KMS_KES_KEY_NAME: "my-minio-key"
+          MINIO_KMS_AUTO_ENCRYPTION: on
         run: |
           sudo sysctl net.ipv6.conf.all.disable_ipv6=0
           sudo sysctl net.ipv6.conf.default.disable_ipv6=0

.github/workflows/root.cert

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBKDCB26ADAgECAhB6vebGMUfKnmBKyqoApRSOMAUGAytlcDAbMRkwFwYDVQQD
+DBByb290QHBsYXkubWluLmlvMB4XDTIwMDQzMDE1MjIyNVoXDTI1MDQyOTE1MjIy
+NVowGzEZMBcGA1UEAwwQcm9vdEBwbGF5Lm1pbi5pbzAqMAUGAytlcAMhALzn735W
+fmSH/ghKs+4iPWziZMmWdiWr/sqvqeW+WwSxozUwMzAOBgNVHQ8BAf8EBAMCB4Aw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAFBgMrZXADQQDZOrGK
+b2ATkDlu2pTcP3LyhSBDpYh7V4TvjRkBTRgjkacCzwFLm+mh+7US8V4dBpIDsJ4u
+uWoF0y6vbLVGIlkG
+-----END CERTIFICATE-----

.github/workflows/root.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEID9E7FSYWrMD+VjhI6q545cYT9YOyFxZb7UnjEepYDRc
+-----END PRIVATE KEY-----

cmd/config/constants.go

@@ -37,6 +37,8 @@ const (
 	EnvArgs       = "MINIO_ARGS"
 	EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT"
 
+	EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE"
+
 	EnvUpdate = "MINIO_UPDATE"
 
 	EnvKMSMasterKey  = "MINIO_KMS_MASTER_KEY" // legacy

cmd/xl-storage.go

@@ -223,34 +223,27 @@ func newXLStorage(ep Endpoint) (*xlStorage, error) {
 	if env.Get("MINIO_CI_CD", "") != "" {
 		rootDisk = true
 	} else {
-		if IsDocker() || IsKubernetes() {
+		rootDisk, err = disk.IsRootDisk(path, SlashSeparator)
-			// Start with overlay "/" to check if
+		if err != nil {
-			// possible the path has device id as
+			return nil, err
-			// "overlay" that would mean the path
+		}
-			// is emphemeral and we should treat it
+		if !rootDisk {
-			// as root disk from the baremetal
+			// If for some reason we couldn't detect the
-			// terminology.
+			// root disk use - MINIO_ROOTDISK_THRESHOLD_SIZE
-			rootDisk, err = disk.IsRootDisk(path, SlashSeparator)
+			// to figure out if the disk is root disk or not.
-			if err != nil {
+			if rootDiskSize := env.Get(config.EnvRootDiskThresholdSize, ""); rootDiskSize != "" {
-				return nil, err
+				info, err := disk.GetInfo(path)
-			}
-			if !rootDisk {
-				// No root disk was found, its possible that
-				// path is referenced at "/etc/hosts" which has
-				// different device ID that points to the original
-				// "/" on the host system, fall back to that instead
-				// to verify of the device id is same.
-				rootDisk, err = disk.IsRootDisk(path, "/etc/hosts")
 				if err != nil {
 					return nil, err
 				}
-			}
+				size, err := humanize.ParseBytes(rootDiskSize)
-
+				if err != nil {
-		} else {
+					return nil, err
-			// On baremetal setups its always "/" is the root disk.
+				}
-			rootDisk, err = disk.IsRootDisk(path, SlashSeparator)
+				// size of the disk is less than the threshold or
-			if err != nil {
+				// equal to the size of the disk at path, treat
-				return nil, err
+				// such disks as rootDisks and reject them.
+				rootDisk = info.Total <= size
 			}
 		}
 	}