CephFS-CSI Volume Mount Fails with Encryption Enabled Due to Lock File Error (rados: ret=-36, File Name Too Long)

[thiennn-neji]

Describe the bug

When encryption is enabled on a StorageClass using CephFS-CSI, the volume can be provisioned (when creating a standalone PVC), but it cannot be attached or mounted to a pod (the pod remains stuck in the ContainerCreating status). The potential issue may be related to a lock file, specifically in the code at https://github.com/ceph/ceph-csi/blob/devel/internal/cephfs/nodeserver.go#L155.

Environment details

• Image/version of Ceph CSI driver: v3.14.1
• Helm chart version : 3.14.1
• Kernel version : Linux K8S-NODE-WORKER-N01-A1B2C3D4E5F6A1 6.11.0-29-generic #29~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Jun 26 14:16:59 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
• Mounter used for mounting PVC (for cephFS its fuse or kernel. for rbd its
  krbd or rbd-nbd) : cephFS-kernel
• Kubernetes cluster version : v1.32.3
• Ceph cluster version : 19.2.1

Steps to reproduce

Steps to reproduce the behavior:

1. Configure CephFS-CSI Helm Values File:

   • Use the following configurations for encryptionKMSConfig in the ceph-csi-cephfs Helm values file:

   csiConfig:
     - clusterID: "23fcac3f-1dd2-11b2-8000-080027b246c3"
       monitors: <list-of-mon-nodes>
   
   encryptionKMSConfig:
     vault-cephcsi-kms-tenant-sa:
       encryptionKMSType: "vaulttenantsa"
       vaultAddress: "http://vault-active.vault.svc.cluster.local:8200"
       vaultAuthPath: /v1/auth/kubernetes/login
       vaultRole: "ceph-csi-cephfs"
       vaultBackend: "kv-v2"
       vaultBackendPath: "ceph-csi-cephfs-kms"
       tenantSAName: "ceph-csi-cephfs-vault-sa"
       vaultDestroyKeys: "false"
     test-kms-metadata:
       encryptionKMSType: "metadata"
       secretNamespace: "ceph-csi-cephfs"
       secretName: "storage-encryption-secret"

2. Create StorageClasses:

   • Define two StorageClasses, sc-vault and sc-metadata, with encryption enabled:

   apiVersion: storage.k8s.io/v1
   kind: StorageClass
   metadata:
     name: sc-vault
   provisioner: cephfs.csi.ceph.com
   parameters:
     clusterID: 23fcac3f-1dd2-11b2-8000-080027b246c3
     fsName: fs.ssd
     encrypted: "true"
     encryptionKMSID: vault-cephcsi-kms-tenant-sa
     mounter: "kernel"
     volumeNamePrefix: "csi-vol-"
     csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
     csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
     csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
     csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
     csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
     csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs
   reclaimPolicy: Delete
   allowVolumeExpansion: true

   apiVersion: storage.k8s.io/v1
   kind: StorageClass
   metadata:
     name: sc-metadata
   provisioner: cephfs.csi.ceph.com
   parameters:
     clusterID: 23fcac3f-1dd2-11b2-8000-080027b246c3
     fsName: fs.ssd
     encrypted: "true"
     encryptionKMSID: test-kms-metadata
     mounter: "kernel"
     volumeNamePrefix: "csi-vol-"
     csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
     csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
     csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
     csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
     csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
     csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs
   reclaimPolicy: Delete
   allowVolumeExpansion: true

3. Configure Ceph Keyring:

   • Set up the Ceph keyring for the client kubernetes_cephfs:

   [client.kubernetes_cephfs]
           key = <key>
           caps mds = "allow rws fsname=fs.ssd"
           caps mgr = "allow rw"
           caps mon = "allow r fsname=fs.ssd"
           caps osd = "allow rw tag cephfs data=fs.ssd, allow rwx tag cephfs metadata=fs.ssd"

4. Create PersistentVolumeClaims (PVCs):

   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: data-test-cephfs-1
     namespace: test-pvc
     labels:
       app: test-cephfs-1
   spec:
     accessModes:
     - ReadWriteMany
     resources:
       requests:
         storage: 1Gi
     storageClassName: sc-vault
     volumeMode: Filesystem
   ---
   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: data-test-cephfs-2
     namespace: test-pvc
     labels:
       app: test-cephfs-2
   spec:
     accessModes:
     - ReadWriteMany
     resources:
       requests:
         storage: 1Gi
     storageClassName: sc-metadata
     volumeMode: Filesystem

5. Create Deployment and Mount PVCs:

   • Deploy a Kubernetes Deployment and mount the PVCs created in step 4.

6. Observe the Error:

   • At step 4, the ceph-csi-cephfs-provisioner pod logs indicate successful volume provisioning for both PVCs (data-test-cephfs-1 and data-test-cephfs-2).

   • At step 5, when creating the Deployment and mounting the PVCs (with replicas=1 or replicas=2, the behavior is identical), the ceph-csi-cephfs-nodeplugin pod logs show an error related to locking the volume: rados: ret=-36, File name too long.

   • The Deployment’s pod remains stuck in the ContainerCreating state, and kubectl describe pod shows:

     Type     Reason       Age                 From               Message
     ----     ------       ----                ----               -------
     Normal   Scheduled    10m                 default-scheduler  Successfully assigned test-pvc/rwx-test-3-9b7659759-gj78n to k8s-node-worker-n01-a1b2c3d4e5f6a1
     Warning  FailedMount  34s (x13 over 10m)  kubelet            MountVolume.MountDevice failed for volume "pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa" : rpc error: code = Internal desc = failed to lock volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: rados: ret=-36, File name too long
     

Actual results

The Deployment pod(s) cannot mount the volume from the PVC.

The ceph-csi-cephfs-nodeplugin pod logs indicate an error related to a lock file.

Expected behavior

The Deployment should mount the volume from the PVC and run normally.

For more info: When using the same ceph-csi-cephfs setup but with a StorageClass that does not enable encryption, everything works smoothly.

Logs

• csi-provisioner and csi-rbdplugin/csi-cephfsplugin container logs from the
  provisioner pod.

  # Container: csi-cephfsplugin
  
  I0708 11:05:47.897578       1 utils.go:265] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa GRPC call: /csi.v1.Controller/CreateVolume
  I0708 11:05:47.897721       1 utils.go:266] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa GRPC request: {"capacity_range":{"required_bytes":1073741824},"name":"pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa","parameters":{"clusterID":"23fcac3f-1dd2-11b2-8000-080027b246c3","csi.storage.k8s.io/pv/name":"pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa","csi.storage.k8s.io/pvc/name":"sc-vault","csi.storage.k8s.io/pvc/namespace":"test-pvc","encrypted":"true","encryptionKMSID":"vault-cephcsi-kms-tenant-sa","fsName":"fs.ssd","mounter":"kernel","volumeNamePrefix":"csi-vol-"},"secrets":"***stripped***","volume_capabilities":[{"access_mode":{"mode":"MULTI_NODE_MULTI_WRITER"},"mount":{}}]}
  time="2025-07-08T11:05:47Z" level=info msg="Authenticated to Vault with kubernetes\n"
  I0708 11:05:47.977957       1 omap.go:89] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa got omap values: (pool="fs.ssd.meta", namespace="csi", name="csi.volumes.7bbaa04d-53a1-5c34-be16-67354e9993b0"): map[]
  I0708 11:05:47.984302       1 omap.go:159] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa set omap keys (pool="fs.ssd.meta", namespace="csi", name="csi.volumes.7bbaa04d-53a1-5c34-be16-67354e9993b0"): map[csi.volume.pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa:f0317fad-23fd-45ad-85e0-abf4b26f7db1])
  I0708 11:05:47.986654       1 omap.go:159] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa set omap keys (pool="fs.ssd.meta", namespace="csi", name="csi.volume.f0317fad-23fd-45ad-85e0-abf4b26f7db1"): map[csi.imagename:csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1 csi.volname:pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa csi.volume.encryptKMS:vault-cephcsi-kms-tenant-sa csi.volume.encryptionType:file csi.volume.owner:test-pvc])
  I0708 11:05:47.986680       1 fsjournal.go:320] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa Generated Volume ID (0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1) and subvolume name (csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1) for request name (pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa)
  I0708 11:05:48.096258       1 controllerserver.go:475] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa cephfs: successfully created backing volume named csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1 for request name pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa
  I0708 11:05:48.096423       1 utils.go:272] ID: 69 Req-ID: pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa GRPC response: {"volume":{"capacity_bytes":1073741824,"volume_context":{"clusterID":"23fcac3f-1dd2-11b2-8000-080027b246c3","encrypted":"true","encryptionKMSID":"vault-cephcsi-kms-tenant-sa","fsName":"fs.ssd","mounter":"kernel","subvolumeName":"csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1","subvolumePath":"/volumes/csi/csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1/0316892d-485a-49b1-8e66-eb0616b7a6e7","volumeNamePrefix":"csi-vol-"},"volume_id":"0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1"}}
  

  # Container: csi-provisioner
  
  I0708 10:13:16.682280       1 controller.go:824] "Starting provisioner controller" component="cephfs.csi.ceph.com_K8S-NODE-WORKER-N01-A1B2C3D4E5F6A1_d1de16cf-fa15-4793-81a6-6e1be9afdd43"
  I0708 10:13:16.682371       1 clone_controller.go:66] Starting CloningProtection controller
  I0708 10:13:16.682385       1 volume_store.go:98] "Starting save volume queue"
  I0708 10:13:16.683828       1 clone_controller.go:82] Started CloningProtection controller
  I0708 10:13:16.983805       1 controller.go:873] "Started provisioner controller" component="cephfs.csi.ceph.com_K8S-NODE-WORKER-N01-A1B2C3D4E5F6A1_d1de16cf-fa15-4793-81a6-6e1be9afdd43"
  I0708 11:05:47.894450       1 event.go:389] "Event occurred" object="test-pvc/data-test-cephfs-1" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="Provisioning" message="External provisioner is provisioning volume for claim \"test-pvc/data-test-cephfs-1\""
  I0708 11:05:48.101394       1 event.go:389] "Event occurred" object="test-pvc/data-test-cephfs-1" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="ProvisioningSucceeded" message="Successfully provisioned volume pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa"
  

• csi-rbdplugin/csi-cephfsplugin and driver-registrar container logs from
  plugin pod from the node where the mount is failing.

  I0708 11:17:50.385120 1860388 utils.go:265] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 GRPC call: /csi.v1.Node/NodeStageVolume
  I0708 11:17:50.385228 1860388 utils.go:266] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 GRPC request: {"secrets":"***stripped***","staging_target_path":"/var/lib/kubelet/plugins/kubernetes.io/csi/cephfs.csi.ceph.com/be344c85429e4f51d90940dfbfcade41e99ca990fafeda5d25c5bda139c4ffb1/globalmount","volume_capability":{"access_mode":{"mode":"MULTI_NODE_MULTI_WRITER"},"mount":{}},"volume_context":{"clusterID":"23fcac3f-1dd2-11b2-8000-080027b246c3","encrypted":"true","encryptionKMSID":"vault-cephcsi-kms-tenant-sa","fsName":"fs.ssd","mounter":"kernel","storage.kubernetes.io/csiProvisionerIdentity":"1751969579180-8943-cephfs.csi.ceph.com","subvolumeName":"csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1","subvolumePath":"/volumes/csi/csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1/0316892d-485a-49b1-8e66-eb0616b7a6e7","volumeNamePrefix":"csi-vol-"},"volume_id":"0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1"}
  I0708 11:17:50.397831 1860388 omap.go:89] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 got omap values: (pool="fs.ssd.meta", namespace="csi", name="csi.volume.f0317fad-23fd-45ad-85e0-abf4b26f7db1"): map[csi.imagename:csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1 csi.volname:pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa csi.volume.encryptKMS:vault-cephcsi-kms-tenant-sa csi.volume.encryptionType:file csi.volume.owner:test-pvc]
  time="2025-07-08T11:17:50Z" level=info msg="Authenticated to Vault with kubernetes\n"
  E0708 11:17:50.488070 1860388 fscrypt.go:357] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 fscrypt: config file "/etc/fscrypt.conf" already exists. Skipping fscrypt node setup
  I0708 11:17:50.488204 1860388 nodeserver.go:358] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 cephfs: mounting volume 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 with Ceph kernel client
  I0708 11:17:50.527607 1860388 cephcmds.go:106] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 command succeeded: mount [-t ceph kubernetes_cephfs@23fcac3f-1dd2-11b2-8000-080027b246c3.fs.ssd=/volumes/csi/csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1/0316892d-485a-49b1-8e66-eb0616b7a6e7 /var/lib/kubelet/plugins/kubernetes.io/csi/cephfs.csi.ceph.com/be344c85429e4f51d90940dfbfcade41e99ca990fafeda5d25c5bda139c4ffb1/globalmount -o mon_addr=<list-mon-nodes-port-6789>,secretfile=/tmp/csi/keys/keyfile-1789868272,_netdev]
  I0708 11:17:50.527663 1860388 nodeserver.go:298] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 cephfs: successfully mounted volume 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 to /var/lib/kubelet/plugins/kubernetes.io/csi/cephfs.csi.ceph.com/be344c85429e4f51d90940dfbfcade41e99ca990fafeda5d25c5bda139c4ffb1/globalmount
  I0708 11:17:50.527688 1860388 nodeserver.go:144] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 Creating lock for the following volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1
  E0708 11:17:50.531638 1860388 nodeserver.go:157] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 failed to create lock for volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: failed to lock volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: rados: ret=-36, File name too long
  E0708 11:17:50.531676 1860388 utils.go:270] ID: 384 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 GRPC error: rpc error: code = Internal desc = failed to lock volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: rados: ret=-36, File name too long
  I0708 11:17:51.087622 1860388 utils.go:265] ID: 385 GRPC call: /csi.v1.Node/NodeGetCapabilities
  I0708 11:17:51.087662 1860388 utils.go:266] ID: 385 GRPC request: {}
  I0708 11:17:51.087756 1860388 utils.go:272] ID: 385 GRPC response: {"capabilities":[{"rpc":{"type":"STAGE_UNSTAGE_VOLUME"}},{"rpc":{"type":"GET_VOLUME_STATS"}},{"rpc":{"type":"VOLUME_CONDITION"}},{"rpc":{"type":"SINGLE_NODE_MULTI_WRITER"}}]}
  I0708 11:17:51.092169 1860388 utils.go:265] ID: 386 GRPC call: /csi.v1.Node/NodeGetCapabilities
  I0708 11:17:51.092195 1860388 utils.go:266] ID: 386 GRPC request: {}
  I0708 11:17:51.092263 1860388 utils.go:272] ID: 386 GRPC response: {"capabilities":[{"rpc":{"type":"STAGE_UNSTAGE_VOLUME"}},{"rpc":{"type":"GET_VOLUME_STATS"}},{"rpc":{"type":"VOLUME_CONDITION"}},{"rpc":{"type":"SINGLE_NODE_MULTI_WRITER"}}]}
  I0708 11:17:51.093051 1860388 utils.go:265] ID: 387 GRPC call: /csi.v1.Node/NodeGetCapabilities
  I0708 11:17:51.093066 1860388 utils.go:266] ID: 387 GRPC request: {}
  I0708 11:17:51.093122 1860388 utils.go:272] ID: 387 GRPC response: {"capabilities":[{"rpc":{"type":"STAGE_UNSTAGE_VOLUME"}},{"rpc":{"type":"GET_VOLUME_STATS"}},{"rpc":{"type":"VOLUME_CONDITION"}},{"rpc":{"type":"SINGLE_NODE_MULTI_WRITER"}}]}
  I0708 11:17:51.093947 1860388 utils.go:265] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 GRPC call: /csi.v1.Node/NodeStageVolume
  I0708 11:17:51.094047 1860388 utils.go:266] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 GRPC request: {"secrets":"***stripped***","staging_target_path":"/var/lib/kubelet/plugins/kubernetes.io/csi/cephfs.csi.ceph.com/be344c85429e4f51d90940dfbfcade41e99ca990fafeda5d25c5bda139c4ffb1/globalmount","volume_capability":{"access_mode":{"mode":"MULTI_NODE_MULTI_WRITER"},"mount":{}},"volume_context":{"clusterID":"23fcac3f-1dd2-11b2-8000-080027b246c3","encrypted":"true","encryptionKMSID":"vault-cephcsi-kms-tenant-sa","fsName":"fs.ssd","mounter":"kernel","storage.kubernetes.io/csiProvisionerIdentity":"1751969579180-8943-cephfs.csi.ceph.com","subvolumeName":"csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1","subvolumePath":"/volumes/csi/csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1/0316892d-485a-49b1-8e66-eb0616b7a6e7","volumeNamePrefix":"csi-vol-"},"volume_id":"0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1"}
  I0708 11:17:51.097905 1860388 omap.go:89] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 got omap values: (pool="fs.ssd.meta", namespace="csi", name="csi.volume.f0317fad-23fd-45ad-85e0-abf4b26f7db1"): map[csi.imagename:csi-vol-f0317fad-23fd-45ad-85e0-abf4b26f7db1 csi.volname:pvc-b32fa8f1-d9d4-4f4e-aaab-d7018fd601aa csi.volume.encryptKMS:vault-cephcsi-kms-tenant-sa csi.volume.encryptionType:file csi.volume.owner:test-pvc]
  time="2025-07-08T11:17:51Z" level=info msg="Authenticated to Vault with kubernetes\n"
  E0708 11:17:51.174260 1860388 fscrypt.go:357] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 fscrypt: config file "/etc/fscrypt.conf" already exists. Skipping fscrypt node setup
  I0708 11:17:51.174354 1860388 nodeserver.go:274] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 cephfs: volume 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 is already mounted to /var/lib/kubelet/plugins/kubernetes.io/csi/cephfs.csi.ceph.com/be344c85429e4f51d90940dfbfcade41e99ca990fafeda5d25c5bda139c4ffb1/globalmount, skipping
  I0708 11:17:51.174373 1860388 nodeserver.go:144] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 Creating lock for the following volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1
  E0708 11:17:51.177767 1860388 nodeserver.go:157] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 failed to create lock for volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: failed to lock volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: rados: ret=-36, File name too long
  E0708 11:17:51.177794 1860388 utils.go:270] ID: 388 Req-ID: 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1 GRPC error: rpc error: code = Internal desc = failed to lock volume ID 0001-0024-23fcac3f-1dd2-11b2-8000-080027b246c3-0000000000000002-f0317fad-23fd-45ad-85e0-abf4b26f7db1: rados: ret=-36, File name too long
  

• dmesg logs.

  [Tue Jul  8 18:17:48 2025] libceph: mon2 (1)<mon-node-ip>:6789 session established
  [Tue Jul  8 18:17:48 2025] libceph: client79814917 fsid 23fcac3f-1dd2-11b2-8000-080027b246c3
  

[Madhu-1]

@black-dragon74 PTAL, when we added this feature we have test it because the volumeID will remain the same, i expect ceph to throw the same error in that case, if there are any limit in the rados with lock name we need to cut the length of the lock name

[Madhu-1]

This should also happen for the key rotation as well

[black-dragon74]

we need to cut the length of the lock name

Thinking out loud, Is it a good idea to use some hashing for the volume names, like md5 (128bits,32chars) or sha-256(256bits,64chars)

We can make do with hashing as we do not need the encoding symmetrically.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation.

[thiennn-neji]

Any ongoing work or plan to address it?

[black-dragon74]

/keepalive