Jenkins Build Slave User [Mon, 19 Apr 2021 14:11:15 +0000 (14:11 +0000)]
14.2.20
Ilya Dryomov [Thu, 15 Apr 2021 13:18:58 +0000 (15:18 +0200)]
auth/cephx: make KeyServer::build_session_auth_info() less confusing
The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication. The monitor passes in
service_secret (mon secret) and secret_id (-1). The TTL is irrelevant
because there is no rotation.
However the signature doesn't make it obvious. Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
6f12cd3688b753633c8ff29fb3bd64758f960b2b)
Ilya Dryomov [Thu, 15 Apr 2021 07:48:13 +0000 (09:48 +0200)]
auth/cephx: cap ticket validity by expiration of "next" key
If auth_mon_ticket_ttl is increased by several times as done in
commit
522a52e6c258 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity. The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL. As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once. When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.
Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
370c9b13970d47a55b1b20ef983c6f01236c9565)
Conflicts:
src/auth/cephx/CephxKeyServer.cc [ commit
ef3c42cd6481 ("auth:
EACCES, not EPERM") not in nautilus ]
Ilya Dryomov [Thu, 15 Apr 2021 07:47:50 +0000 (09:47 +0200)]
auth/cephx: drop redundant KeyServerData::get_service_secret() overload
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
3078af716505ae754723864786a41a6d6af0534c)
Sage Weil [Sun, 28 Mar 2021 22:07:57 +0000 (18:07 -0400)]
qa/standalone: default to disable insecure global id reclaim
Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit
72c4fc75ad301980baebc7789ed6391444057e5b)
Sage Weil [Fri, 26 Mar 2021 22:08:46 +0000 (18:08 -0400)]
qa/tasks/ceph[adm].conf[.template]: disable insecure global_id reclaim health alerts
Turn these off everywhere for our tests so they don't interfere with our health checks.
Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit
9f6fd4fe563c9cd4cf65316921d511b677c972e4)
Conflicts:
qa/tasks/cephadm.conf [ no cephadm in nautilus ]
Sage Weil [Thu, 25 Mar 2021 22:07:53 +0000 (18:07 -0400)]
mon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]
Two new alerts:
- AUTH_INSECURE_GLOBAL_ID_RENEWAL_ALLOWED if we are allowing clients to reclaim
global_ids in an insecure manner (for backwards compatibility until
clients are upgraded)
- AUTH_INSECURE_GLBOAL_ID_RENEWAL if there are currently clients connected that
do not know how to securely renew their global_id, as exposed by
auth_expose_insecure_global_id_reclaim=true. The client auth names and IPs
are listed the alert details (up to a limit, at least).
The docs recommend operators mute these alerts instead of silencing, but
we still include option that allow the alerts to be disabled entirely.
Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit
18b343b06e5dd904af425dc99e2c848e12f3b552)
Conflicts:
doc/rados/operations/health-checks.rst [ MON_DISK_* alerts
present but not documented in nautilus; "ceph health mute"
not in nautilus -- silencing temporarily is not possible ]
src/mon/HealthMonitor.cc [ commits
e4bf716bfa07 ("mon: store
a reference as member variable") and
d0eb22f3ba55
("mon/health_checks: associate a count with health_alert_t")
not in nautilus ]
Ilya Dryomov [Tue, 2 Mar 2021 14:09:26 +0000 (15:09 +0100)]
auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys
When handling CEPHX_GET_AUTH_SESSION_KEY requests from nautilus+
clients, ignore CEPH_ENTITY_TYPE_AUTH in CephXAuthenticate::other_keys.
Similarly, when handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests,
ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys.
These fields are intended for requesting service tickets, the auth
ticket (which is really a ticket granting ticket) must not be shared
this way.
Otherwise we end up sharing an auth ticket that a) isn't encrypted
with the old session key even if needed (should_enc_ticket == true)
and b) has the wrong validity, namely auth_service_ticket_ttl instead
of auth_mon_ticket_ttl. In the CEPHX_GET_AUTH_SESSION_KEY case, this
undue ticket immediately supersedes the actual auth ticket already
encoded in the same reply (the reply frame ends up containing two auth
tickets).
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
05772ab6127bdd9ed2f63fceef840f197ecd9ea8)
Ilya Dryomov [Mon, 22 Mar 2021 18:16:32 +0000 (19:16 +0100)]
auth/cephx: rotate auth tickets less often
If unauthorized global_id (re)use is disallowed, a client that has
been disconnected from the network long enough for keys to rotate
and its auth ticket to expire (i.e. become invalid/unverifiable)
would not be able to reconnect.
The default TTL is 12 hours, resulting in a 12-24 hour reconnect
window (the previous key is kept around, so the actual window can be
up to double the TTL). The setting has stayed the same since 2009,
but it also hasn't been enforced. Bump it to get a 72 hour reconnect
window to cover for something breaking on Friday and not getting fixed
until Monday.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
522a52e6c258932274f0753feb623ce008519216)
Ilya Dryomov [Thu, 25 Mar 2021 19:59:13 +0000 (20:59 +0100)]
mon: fail fast when unauthorized global_id (re)use is disallowed
When unauthorized global_id (re)use is disallowed, we don't want to
let unpatched clients in because they wouldn't be able to reestablish
their monitor session later, resulting in subtle hangs and disrupted
user workloads.
Denying the initial connect for all legacy (CephXAuthenticate < v3)
clients is not feasible because a large subset of them never stopped
presenting their ticket on reconnects and are therefore compatible with
enforcing mode: most notably all kernel clients but also pre-luminous
userspace clients. They don't need to be patched and excluding them
would significantly hamper the adoption of enforcing mode.
Instead, force clients that we are not sure about to reconnect shortly
after they go through authentication and obtain global_id. This is
done in Monitor::dispatch_op() to capture both msgr1 and msgr2, most
likely instead of dispatching mon_subscribe.
We need to let mon_getmap through for "ceph ping" and "ceph tell" to
work. This does mean that we share the monmap, which lets the client
return from MonClient::authenticate() considering authentication to be
finished and causing the potential reconnect error to not propagate to
the user -- the client would hang waiting for remaining cluster maps.
For msgr1, this is unavoidable because the monmap is sent immediately
after the final MAuthReply. But for msgr2 this is rare: most of the
time we get to their mon_subscribe and cut the connection before they
process the monmap!
Regardless, the user doesn't get a chance to start a workload since
there is no proper higher-level session at that point.
To help with identifying clients that need patching, add global_id and
global_id_status to "sessions" output.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
08766a17edebb7450cd9b17cc2dc01efc068bb94)
Conflicts:
src/mon/Monitor.cc [ commit
e1163b445bbf ("mon: print
entity_name along with caps to debug log") not in nautilus ]
Ilya Dryomov [Sat, 13 Mar 2021 13:53:52 +0000 (14:53 +0100)]
auth/cephx: option to disallow unauthorized global_id (re)use
global_id is a cluster-wide unique id that must remain stable for the
lifetime of the client instance. The cephx protocol has a facility to
allow clients to preserve their global_id across reconnects:
(1) the client should provide its global_id in the initial handshake
message/frame and later include its auth ticket proving previous
possession of that global_id in CEPHX_GET_AUTH_SESSION_KEY request
(2) the monitor should verify that the included auth ticket is valid
and has the same global_id and, if so, allow the reclaim
(3) if the reclaim is allowed, the new auth ticket should be
encrypted with the session key of the included auth ticket to
ensure authenticity of the client performing reclaim. (The
included auth ticket could have been snooped when the monitor
originally shared it with the client or any time the client
provided it back to the monitor as part of requesting service
tickets, but only the genuine client would have its session key
and be able to decrypt.)
Unfortunately, all (1), (2) and (3) have been broken for a while:
- (1) was broken in 2016 by commit
a2eb6ae3fb57 ("mon/monclient:
hunt for multiple monitor in parallel") and is addressed in patch
"mon/MonClient: preserve auth state on reconnects"
- it turns out that (2) has never been enforced. When cephx was
being designed and implemented in 2009, two changes to the protocol
raced with each other pulling it in different directions: commits
0669ca21f4f7 ("auth: reuse global_id when requesting tickets")
and
fec31964a12b ("auth: when renewing session, encrypt ticket")
added the reclaim mechanism based strictly on auth tickets, while
commit
5eeb711b6b2b ("auth: change server side negotiation a bit")
allowed the client to provide global_id in the initial handshake.
These changes didn't get reconciled and as a result a malicious
client can assign itself any global_id of its choosing by simply
passing something other than 0 in MAuth message or AUTH_REQUEST
frame and not even bother supplying any ticket. This includes
getting a global_id that is being used by another client.
- (3) was broken in 2019 with addition of support for msgr2, where
the new auth ticket ends up being shared unencrypted. However the
root cause is deeper and a malicious client can coerce msgr1 into
the same. This also goes back to 2009 and is addressed in patch
"auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys".
Because (2) has never been enforced, no one noticed when (1) got
broken and we began to rely on this flaw for normal operation in
the face of reconnects due to network hiccups or otherwise. As of
today, only pre-luminous userspace clients and kernel clients are
not exercising it on a daily basis.
Bump CephXAuthenticate version and use a dummy v3 to distinguish
between legacy clients that don't (may not) include their auth ticket
and new clients. For new clients, unconditionally disallow claiming
global_id without a corresponding auth ticket. For legacy clients,
introduce a choice between permissive (current behavior, default for
the foreseeable future) and enforcing mode.
If the reclaim is disallowed, return EACCES. While MonClient does
have some provision for global_id changes and we could conceivably
implement enforcement by handing out a fresh global_id instead of
the provided one, those code paths have never been tested and there
are too many ways a sudden global_id change could go wrong.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
abebd643cc60fa8a7cb82dc29a9d5041fb3c3d36)
Conflicts:
src/auth/AuthServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/cephx/CephxProtocol.h [ ditto ]
src/auth/cephx/CephxServiceHandler.h [ ditto ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]
Ilya Dryomov [Tue, 30 Mar 2021 09:10:17 +0000 (11:10 +0200)]
auth/cephx: make cephx_decode_ticket() take a const ticket_blob
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
6b860684c6e59b11c727206819805f89f0518575)
Ilya Dryomov [Tue, 9 Mar 2021 15:33:55 +0000 (16:33 +0100)]
auth/AuthServiceHandler: keep track of global_id and whether it is new
AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.
Lift the setting of entity_name into AuthServiceHandler.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
b50b6abd60e730176a7ef602bdd25d789a3c467d)
Conflicts:
src/auth/AuthServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/cephx/CephxServiceHandler.cc [ ditto ]
src/auth/cephx/CephxServiceHandler.h [ ditto ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]
Ilya Dryomov [Tue, 9 Mar 2021 13:36:39 +0000 (14:36 +0100)]
auth/AuthServiceHandler: build_cephx_response_header() is cephx-specific
Make the one in CephxServiceHandler private and drop the stub in
AuthNoneServiceHandler.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
49cba02a750d4c1ab68399401f0c04f9c9be5b9e)
Conflicts:
src/auth/cephx/CephxServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]
Ilya Dryomov [Tue, 9 Mar 2021 13:25:39 +0000 (14:25 +0100)]
auth/AuthServiceHandler: drop unused start_session() args
session_key, connection_secret and connection_secret_required_length
aren't material for start_session() across all three implementations.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
c151c9659bdb71f30b520bbd62f91cc009ec51cd)
Conflicts:
src/auth/AuthServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/cephx/CephxServiceHandler.h [ ditto ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]
Ilya Dryomov [Tue, 30 Mar 2021 13:19:41 +0000 (15:19 +0200)]
mon/MonClient: drop global_id arg from _add_conn() and _add_conns()
Passing anything but MonClient instance's global_id doesn't make
sense.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
a71f6e90d43cca5a79db92ca6a640598796ae7ee)
Conflicts:
src/mon/MonClient.cc [ commit
1e9b18008c5e ("mon: set
MonClient::_add_conn return type to void") not in nautilus ]
src/mon/MonClient.h [ ditto ]
Ilya Dryomov [Thu, 1 Apr 2021 08:55:36 +0000 (10:55 +0200)]
mon/MonClient: reset auth state in shutdown()
Destroying AuthClientHandler and not resetting global_id is another
way to get MonClient to send CEPHX_GET_AUTH_SESSION_KEY requests with
CephXAuthenticate::old_ticket not populated. This is particularly
pertinent to get_monmap_and_config() which shuts down the bootstrap
MonClient between retry attempts.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
c9b022e07392979e7f9ea6c11484a7dd872cc235)
Ilya Dryomov [Mon, 8 Mar 2021 14:37:02 +0000 (15:37 +0100)]
mon/MonClient: preserve auth state on reconnects
Commit
a2eb6ae3fb57 ("mon/monclient: hunt for multiple monitor in
parallel") introduced a regression where auth state (global_id and
AuthClientHandler) was no longer preserved on reconnects. The ensuing
breakage was quickly noticed and prompted a follow-on fix
8bb6193c8f53
("mon/MonClient: persist global_id across re-connecting").
However, as evident from the subject, the follow-on fix only took
care of the global_id part. AuthClientHandler is still destroyed
and all cephx tickets are discarded. A new from-scratch instance
is created for each MonConnection and CEPHX_GET_AUTH_SESSION_KEY
requests end up with CephXAuthenticate::old_ticket not populated.
The bug is in MonClient, so both msgr1 and msgr2 are affected.
This should have resulted in a similar sort of breakage but didn't
because of a much larger bug. The monitor should have denied the
attempt to reclaim global_id with no valid ticket proving previous
possession of that global_id presented. Alas, it appears that this
aspect of the cephx protocol has never been enforced. This is dealt
with in the next patch.
To fix the issue at hand, clone AuthClientHandler into each
MonConnection so that each respective CEPHX_GET_AUTH_SESSION_KEY
request gets a copy of the current auth ticket.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
236b536b28482ec9d8b872de03da7d702ce4787b)
Conflicts:
src/mon/MonClient.cc [ commit
1e9b18008c5e ("mon: set
MonClient::_add_conn return type to void") not in nautilus ]
Ilya Dryomov [Sat, 6 Mar 2021 10:15:40 +0000 (11:15 +0100)]
mon/MonClient: claim active_con's auth explicitly
Eliminate confusion by moving auth from active_con into MonClient
instead of swapping them.
The existing MonClient::auth can be destroyed right away -- I don't
see why active_con would need it or a reason to delay its destruction
(which is what stashing in active_con effectively does).
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
eec24e4d119c57c7eb5119dc0083616a61b33b89)
Sage Weil [Wed, 29 Jan 2020 21:37:03 +0000 (15:37 -0600)]
mon: dump json from 'sessions' asok/tell command
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit
71a0d8a568bd0034cc1e6329cd20269f11635697)
Conflicts:
src/mon/Monitor.cc [ commit
adf1486e46cb ("common/admin_socket:
pass Formatter from generic infrastructure") not in nautilus ]
Sage Weil [Mon, 5 Apr 2021 18:08:30 +0000 (13:08 -0500)]
qa/tasks/ceph.conf: shorten cephx TTL for testing
Rotate tickets frequently to exercise those code paths during testing.
Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit
94df76244798cdc0bafd74c9e5197adb5aa990c0)
Conflicts:
qa/tasks/cephadm.conf [ no cephadm in nautilus ]
Jenkins Build Slave User [Tue, 30 Mar 2021 16:19:18 +0000 (16:19 +0000)]
14.2.19
Dan van der Ster [Tue, 23 Mar 2021 08:00:11 +0000 (09:00 +0100)]
common/ipaddr: also skip just `lo`
Skip iface's with name like 'lo' or of the form 'lo:0', 'lo:1'. This
brings back the original behavior from
b6d0fc9e0e515e50894c08217d688a8c94db7570
Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
Fixes: https://tracker.ceph.com/issues/49938
(cherry picked from commit
6147c0917157efd2d35610e759685656a4989abb)
(cherry picked from commit
bed79d5bea3183b153ffb223d049074912947516)
Jenkins Build Slave User [Mon, 15 Mar 2021 17:46:20 +0000 (17:46 +0000)]
14.2.18
Josh Durgin [Mon, 15 Mar 2021 17:21:30 +0000 (10:21 -0700)]
Merge pull request #40116 from votdev/issue_49802
nautilus: mgr/dashboard: Python2 Cookie module import fails on Python3
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Tatjana Dehler <tdehler@suse.com>
Reviewed-by: Aashish Sharma <aasharma@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Nathan Cutler <ncutler@suse.com>
Reviewed-by: Laura Paduano <lpaduano@suse.com>
Josh Durgin [Mon, 15 Mar 2021 13:57:47 +0000 (06:57 -0700)]
Merge pull request #40095 from jdurgin/wip-typing-nautilus
nautilus: mgr/volumes: don't require typing
Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Volker Theile [Mon, 15 Mar 2021 12:10:53 +0000 (13:10 +0100)]
mgr/dashboard: Python2 Cookie module import fails on Python3
This fix only affects Nautilus because all successor versions are based on Python3 only.
Fixes: https://tracker.ceph.com/issues/49802
Signed-off-by: Volker Theile <vtheile@suse.com>
Josh Durgin [Fri, 12 Mar 2021 21:53:04 +0000 (16:53 -0500)]
mgr/volumes: don't require typing
This isn't available for python2 on centos 7. This is only needed
for nautilus because that's the last release using python 2 and centos 7.
Fixes: https://tracker.ceph.com/issues/49762
Signed-off-by: Josh Durgin <jdurgin@redhat.com>
Ilya Dryomov [Fri, 12 Mar 2021 15:27:34 +0000 (16:27 +0100)]
Merge pull request #40064 from idryomov/wip-krbd-xfstests-fixes-nautilus
nautilus: qa/suites/krbd: address recent issues caused by newer kernels
Reviewed-by: Jason Dillaman <dillaman@redhat.com>
Kefu Chai [Fri, 12 Mar 2021 05:47:12 +0000 (13:47 +0800)]
Merge pull request #39926 from tchaikov/nautilus-pr-triage
nautilus: .github: add workflow for adding labels and milestone
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Jenkins Build Slave User [Thu, 11 Mar 2021 17:07:32 +0000 (17:07 +0000)]
14.2.17
Ilya Dryomov [Wed, 24 Feb 2021 10:41:24 +0000 (11:41 +0100)]
qa/suites/krbd: bump scratch image size to 15G
Allow generic/038 and generic/048 to run.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
37d56e13544fa06b88196b1a4d6edd1b3425325e)
Ilya Dryomov [Fri, 26 Feb 2021 12:54:49 +0000 (13:54 +0100)]
qa/suites/krbd: exclude ext4/002
ext4/002 exercises obsolete EXT4_EOFBLOCKS_FL feature that was removed
in kernel 5.7 and therefore always fails.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
d2bdf0ac43a35f755ea70103f497625d882a4592)
Ilya Dryomov [Sat, 27 Feb 2021 13:58:45 +0000 (14:58 +0100)]
qa/tasks/rbd: fix xfstests_branch/url example
- don't mention xfstests_branch together with xfstests_url as
xfstests_branch gets superseded by xfstests_url
- make xfstests_url example more clear
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
ec36d501ed5f875d26d1362ec097187697170a4d)
Yuri Weinstein [Tue, 9 Mar 2021 22:22:45 +0000 (14:22 -0800)]
Merge pull request #39960 from neha-ojha/wip-49672-nautilus
nautilus: qa/tasks/ceph_manager.py: don't use log-early in raw_cluster_cmd
Reviewed-by: Yuri Weinstein <yweinste@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Neha Ojha [Tue, 9 Mar 2021 19:40:31 +0000 (19:40 +0000)]
qa/tasks/ceph_manager.py: don't use log-early in raw_cluster_cmd
This option is not present in older versions due to which upgrade tests
using the nautilus version of the task will fail.
Caused by https://github.com/ceph/ceph/pull/37906
Fixes: https://tracker.ceph.com/issues/49672
Signed-off-by: Neha Ojha <nojha@redhat.com>
Kefu Chai [Tue, 9 Mar 2021 04:16:26 +0000 (12:16 +0800)]
.github/workflows: use a released sha1
otherwise the action cannot be found
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
ae8ea10f415ec170be4a7be48567dbac83221dc0)
Kefu Chai [Mon, 8 Mar 2021 18:46:46 +0000 (02:46 +0800)]
.github/workflows: rename labeler.yml to pr-triage.yml
to reflect the change in the actions in it.
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
453cd5fd602c54809dc091f0c3a498f903366c8f)
Kefu Chai [Mon, 8 Mar 2021 18:26:34 +0000 (02:26 +0800)]
.github/workflows: use @{sha1} for actions
more secure this way. see also https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
point the sha1 to
* labeler@v3
* milestone@main HEAD
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
79e8038046092053b0c0b120e0d7ca07a33a1c00)
Kefu Chai [Sun, 7 Mar 2021 11:21:25 +0000 (19:21 +0800)]
.github/workflows: move milestone.yml into labeler.yml
no need to have two actions triggered by the same event.
we could backport this labeler.yml to LTS branches.
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
98b90189791d3f4d2524fd829edb616d0ffd94f7)
Kefu Chai [Sat, 6 Mar 2021 16:32:42 +0000 (00:32 +0800)]
.github: correct the regex in mileston workflow
also use pull_request_target event so the action is run in the
context of the base of the pull request. this helps us to overcome
the "Resource not accessible by integration" issue where the action
is run in the context of the pull request.
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
c5f6d15e36fdd019196a1520525382f73f276f14)
Kefu Chai [Sat, 6 Mar 2021 13:18:13 +0000 (21:18 +0800)]
.github: add workflow for adding milestone
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
1657a44750442ff2582d601fb028aa89e3a95999)
Ernesto Puerta [Wed, 18 Nov 2020 12:00:00 +0000 (13:00 +0100)]
github/labeler: disable sync-labels
Yaml syntax cleaned too.
Fixes: https://github.com/ceph/ceph/pull/38107#issuecomment-729300615
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
(cherry picked from commit
59702b6198c59b84f1695e37256ae351b331b604)
Ernesto Puerta [Thu, 12 Nov 2020 17:07:44 +0000 (18:07 +0100)]
github: autolabel PRs
... starting with dashboard ones.
Requires https://github.com/marketplace/actions/labeler
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
(cherry picked from commit
298bc67f7b8d1c64520b543f4749b29f7be67379)
Conflicts:
.github/CODEOWNERS: drop change in .github/CODEOWNERS
as we don't have this file in nautilus.
Yuri Weinstein [Fri, 5 Mar 2021 20:41:05 +0000 (12:41 -0800)]
Merge pull request #39837 from rhcs-dashboard/wip-49596-nautilus
nautilus: mgr/dashboard: fix issues related with PyJWT versions >=2.0.0
Reviewed-by: Yuri Weinstein <yweinste@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Alfonso Martínez [Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)]
mgr/dashboard: fix issues related with PyJWT versions >=2.0.0
Fixes: https://tracker.ceph.com/issues/49574
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
(cherry picked from commit
4b96bb51e8f133badd7bc651bcb4dcd755b43d75)
Conflicts:
src/pybind/mgr/dashboard/controllers/auth.py
- Resolved branch divergence conflicts.
src/pybind/mgr/dashboard/services/auth.py
- Resolved branch divergence conflicts.
src/pybind/mgr/dashboard/requirements.txt
- Removed specific version (already done in master branch).
Yuri Weinstein [Thu, 4 Mar 2021 17:54:56 +0000 (09:54 -0800)]
Merge pull request #39720 from ifed01/wip-ifed-fix-no-cache-trim-nau
nautilus: os/bluestore: go beyond pinned onodes while trimming the cache.
Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>
Yuri Weinstein [Thu, 4 Mar 2021 17:54:15 +0000 (09:54 -0800)]
Merge pull request #39747 from pcuzner/wip-49540-nautilus
nautilus: mgr/prometheus: Add SLOW_OPS healthcheck as a metric
Reviewed-by: Neha Ojha <nojha@redhat.com>
Yuri Weinstein [Thu, 4 Mar 2021 16:11:27 +0000 (08:11 -0800)]
Merge pull request #39756 from ifed01/wip-ifed-zero-read-retry-nau
nautilus: os/bluestore: Add option to check BlueFS reads
Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>
Ernesto Puerta [Thu, 4 Mar 2021 12:57:57 +0000 (13:57 +0100)]
Merge pull request #39646 from rhcs-dashboard/wip-49389-nautilus
nautilus: mgr/dashboard: fix tooltip for Provisioned/Total Provisioned fields
Reviewed-by: Aashish Sharma <aasharma@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
Ernesto Puerta [Thu, 4 Mar 2021 12:56:48 +0000 (13:56 +0100)]
Merge pull request #39526 from rhcs-dashboard/wip-49327-nautilus
nautilus: mgr/dashboard: avoid using document.write()
Reviewed-by: Laura Paduano <lpaduano@suse.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
Yuri Weinstein [Wed, 3 Mar 2021 16:09:38 +0000 (08:09 -0800)]
Merge pull request #39342 from smithfarm/wip-49202-nautilus
nautilus: common: skip interfaces starting with "lo" in find_ipv{4,6}_in_subnet()
Reviewed-by: Kefu Chai <kchai@redhat.com>
Yuri Weinstein [Wed, 3 Mar 2021 16:09:11 +0000 (08:09 -0800)]
Merge pull request #39340 from smithfarm/wip-48897-nautilus
nautilus: mgr: fix deadlock in ActivePyModules::get_osdmap()
Reviewed-by: Kefu Chai <kchai@redhat.com>
Yuri Weinstein [Wed, 3 Mar 2021 16:08:19 +0000 (08:08 -0800)]
Merge pull request #39339 from smithfarm/wip-48558-nautilus
nautilus: mgr/restful: fix TypeError occurring in _gather_osds()
Reviewed-by: Boris Ranto <branto@redhat.com>
Yuri Weinstein [Wed, 3 Mar 2021 16:07:57 +0000 (08:07 -0800)]
Merge pull request #39338 from smithfarm/wip-48575-nautilus
nautilus: mgr/crash: Serialize command handling
Reviewed-by: Brad Hubbard <bhubbard@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>
Yuri Weinstein [Wed, 3 Mar 2021 16:07:02 +0000 (08:07 -0800)]
Merge pull request #39255 from ifed01/wip-ifed-fsck-spanning-nau
nautilus: os/bluestore: detect and fix "zombie" spanning blobs using fsck.
Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>
Reviewed-by: Neha Ojha <nojha@redhat.com>
Yuri Weinstein [Wed, 3 Mar 2021 16:04:50 +0000 (08:04 -0800)]
Merge pull request #39126 from smithfarm/wip-48987-nautilus
nautilus: core: osd: An empty bucket or OSD is not an error
Reviewed-by: Brad Hubbard <bhubbard@redhat.com>
Ernesto Puerta [Tue, 2 Mar 2021 09:46:55 +0000 (10:46 +0100)]
Merge pull request #39543 from aaSharma14/wip-48588-nautilus
nautilus: mgr/dashboard: RGW User Form is validating disabled fields
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
Guillaume Abrioux [Tue, 2 Mar 2021 07:29:58 +0000 (08:29 +0100)]
Merge pull request #39470 from jan--f/wip-49290-nautilus
nautilus: ceph-volume: Update batch.py
Igor Fedotov [Fri, 26 Feb 2021 14:16:11 +0000 (17:16 +0300)]
os/bluestore: go beyond pinned onodes while trimming the cache.
One might face lack of cache trimming when there is a bunch of pinned entries on the top of Onode's cache LRU list. If these pinned entries stay in the state for a long time cache might start using too much memory causing OSD to go out of osd-memory-target limit. Pinned state tend to happen to osdmap onodes.
The proposed patch preserves last trim position in the LRU list (if it pointed to a pinned entry) and proceeds trimming from that position if it wasn't invalidated. LRU nature of the list enables to do that safely since no new entries appear above the previously present entry while it's not touched.
Fixes: https://tracker.ceph.com/issues/48729
Signed-off-by: Igor Fedotov <ifedotov@suse.com>
Yuri Weinstein [Mon, 1 Mar 2021 17:56:49 +0000 (09:56 -0800)]
Merge pull request #39706 from batrick/i48286
nautilus: rados/upgrade/nautilus-x-singleton fails due to cluster [WRN] evicting unresponsive client
Reviewed-by: Yuri Weinstein <yweinste@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 17:39:32 +0000 (09:39 -0800)]
Merge pull request #39276 from smithfarm/wip-49130-nautilus
nautilus: rgw: fix trailing null in object names of multipart reuploads
Reviewed-by: Casey Bodley <cbodley@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 17:16:05 +0000 (09:16 -0800)]
Merge pull request #39661 from pponnuvel/wip-49440-nautilus
nautilus: rgw: radosgw-admin: clarify error when email address already in use
Reviewed-by: Casey Bodley <cbodley@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 17:15:14 +0000 (09:15 -0800)]
Merge pull request #39651 from smithfarm/wip-49055-nautilus
nautilus: common/mempool: Improve mempool shard selection
Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 17:11:10 +0000 (09:11 -0800)]
Merge pull request #39698 from ifed01/wip-ifed-fix-huge-bluefs-nau
nautilus: os/bluestore: fix huge read/writes in BlueFS
Reviewed-by: Jianpeng Ma <jianpeng.ma@intel.com>
Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 17:07:52 +0000 (09:07 -0800)]
Merge pull request #39650 from smithfarm/wip-49182-nautilus
nautilus: test/rbd-mirror: fix broken ceph_test_rbd_mirror_random_write
Reviewed-by: Mykola Golub <mgolub@mirantis.com>
Yuri Weinstein [Mon, 1 Mar 2021 16:32:41 +0000 (08:32 -0800)]
Merge pull request #39324 from rzarzynski/wip-librados-nul-objname-nautilus
nautilus: librados, tests: allow to list objects with the NUL character in names
Reviewed-by: J. Eric Ivancich <ivancich@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 16:30:10 +0000 (08:30 -0800)]
Merge pull request #39708 from smithfarm/wip-48282-nautilus
nautilus: osd: fix bluestore bitmap allocator calculate wrong last_pos with hint
Reviewed-by: Igor Fedotov <ifedotov@suse.com>
Reviewed-by: Neha Ojha <nojha@redhat.com>
Yuri Weinstein [Mon, 1 Mar 2021 16:28:28 +0000 (08:28 -0800)]
Merge pull request #39509 from k0ste/wip-49314-nautilus
nautilus: mgr/dashboard: prometheus alerting: add some leeway for package drops and errors
Reviewed-by: Patrick Seidensal <pnawracay@suse.com>
Yuri Weinstein [Mon, 1 Mar 2021 16:27:49 +0000 (08:27 -0800)]
Merge pull request #39329 from rzarzynski/wip-tool-nul-in-rados-nautilus
nautilus: tools/rados: add support for binary object names in the rados CLI
Reviewed-by: J. Eric Ivancich <ivancich@redhat.com>
Adam Kupczyk [Sat, 30 Jan 2021 11:57:05 +0000 (12:57 +0100)]
os/bluestore: Add option to check BlueFS reads
Add option "bluefs_check_for_zeros" to check if there are any zero-filled page.
If so, reread data. It is known that sometimes BlueStore gets such pages.
See "bluestore_retry_disk_reads".
Signed-off-by: Adam Kupczyk <akupczyk@redhat.com>
(cherry picked from commit
7e495c57fe0ec8d8bdb1dbff90b177e656a22cbe)
Conflicts:
(lack of fresh stuff in bufferlist) src/os/bluestore/BlueFS.cc
Paul Cuzner [Thu, 8 Oct 2020 03:35:45 +0000 (16:35 +1300)]
mgr: add doc to describe relationship to prometheus
The healthcheck for slow_ops is used by the mgr/prometheus
module so it's important the alert generated matches the
format expected in mgr/prometheus.
Signed-off-by: Paul Cuzner <pcuzner@redhat.com>
(cherry picked from commit
fc1905b4a74aedc6bdbc928b6d6e514183bbf090)
Conflicts:
src/mgr/DaemonHealthMetricCollector.cc
- docstring added to describe the link to mgr/prometheus conflicted with the
const fmt definition for the message. resolved by adding doc under the const
definition.
Paul Cuzner [Thu, 8 Oct 2020 03:30:56 +0000 (16:30 +1300)]
mgr/prometheus: Add healthcheck metric for SLOW_OPS
SLOW_OPS is triggered by op tracker, and generates a health
alert but healthchecks do not create metrics for prometheus to
use as alert triggers. This change adds SLOW_OPS metric, and
provides a simple means to extend to other relevant health
checks in the future
If the extract of the value from the health check message fails
we log an error and remove the metric from the metric set. In
addition the metric description has changed to better reflect
the scenarios where SLOW_OPS can be triggered.
Signed-off-by: Paul Cuzner <pcuzner@redhat.com>
(cherry picked from commit
2010432b5045c8f1dd0c052def497e590a1bf2fe)
Conflicts:
src/pybind/mgr/prometheus/module.py
- Nautilus doesn't have the profile_method decorator, so needed to be removed
Yuri Weinstein [Fri, 26 Feb 2021 17:28:26 +0000 (09:28 -0800)]
Merge pull request #39441 from rhcs-dashboard/49278-py2-unicode-password
nautilus: mgr/dashboard: python 2: error when setting non-ASCII password
Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Yuri Weinstein [Fri, 26 Feb 2021 01:11:01 +0000 (17:11 -0800)]
Merge pull request #39129 from smithfarm/wip-48376-nautilus
nautilus: cephfs: client: check rdonly file handle on truncate
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Yuri Weinstein [Fri, 26 Feb 2021 01:09:56 +0000 (17:09 -0800)]
Merge pull request #37906 from ideepika/backport-
a7f18e4
nautilus: qa/tasks/{ceph,ceph_manager}: drop py2 support
Reviewed-by: Ramana Raja <rraja@redhat.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Yuri Weinstein <yweinste@redhat.com>
jhonxue [Thu, 12 Nov 2020 15:17:13 +0000 (23:17 +0800)]
osd: fix bluestore bitmap allocator calculated wrong last_pos with hint
Fixes: https://tracker.ceph.com/issues/48214
Signed-off-by: Xue Yantao <jhonxue@tencent.com>
(cherry picked from commit
ad3c7cdf6fabbb4a8b542b793d632cae87ee3640)
Nathan Cutler [Thu, 25 Feb 2021 20:50:20 +0000 (21:50 +0100)]
common/mempool: include standard thread library
Attempt to address FTBFS:
/home/jenkins-build/build/workspace/ceph-pull-requests/src/test/test_mempool.cc:399:11: error: request for member 'clear' in 'workers', which is of non-class type 'int'
399 | workers.clear();
| ^~~~~
seen in nautilus.
Signed-off-by: Nathan Cutler <ncutler@suse.com>
Patrick Donnelly [Fri, 2 Oct 2020 18:05:32 +0000 (11:05 -0700)]
qa: ignore evicted client warnings for nautilus upgrades
Nautilus monitors do not note the client sessions in the mgrmap. So when
we upgrade the warnings are unavoidable.
Fixes: https://tracker.ceph.com/issues/47689
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit
2163c60916bb1e5249dcff3e33822ddb1ead4653)
Conflicts:
qa/suites/upgrade/mimic-x/parallel/1-ceph-install/mimic.yaml
qa/suites/upgrade/nautilus-x-singleton/1-install/nautilus.yaml
qa/suites/upgrade/nautilus-x/stress-split/1-ceph-install/nautilus.yaml
Patrick Donnelly [Fri, 2 Oct 2020 17:55:45 +0000 (10:55 -0700)]
mgr: log reason for respawn
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit
b835b07bc3c2936169dc3e6a212a2e29885246f7)
Yuri Weinstein [Thu, 25 Feb 2021 19:40:27 +0000 (11:40 -0800)]
Merge pull request #39001 from Vicente-Cheng/wip-48520-nautilus
nautilus: client: add ceph.{cluster_fsid/client_id} vxattrs suppport
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Adam Kupczyk [Mon, 2 Mar 2020 08:08:45 +0000 (09:08 +0100)]
common/mempool: Add test for mempool in btree_map
Signed-off-by: Adam Kupczyk <akupczyk@redhat.com>
(cherry picked from commit
b426e52d0425f3ececf48c7936d3d6d0eeb69ebf)
Conflicts:
src/test/test_mempool.cc
- tests went into nautilus in a different order
Yuri Weinstein [Thu, 25 Feb 2021 18:07:54 +0000 (10:07 -0800)]
Merge pull request #39544 from aaSharma14/wip-48733-nautilus
nautilus: mgr/dashboard: minimize console log traces of Ceph backend API tests
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Yuri Weinstein [Thu, 25 Feb 2021 18:07:25 +0000 (10:07 -0800)]
Merge pull request #39518 from aaSharma14/wip-49323-nautilus
nautilus: mgr/dashboard: fix MTU Mismatch alert
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
Yuri Weinstein [Thu, 25 Feb 2021 18:06:21 +0000 (10:06 -0800)]
Merge pull request #38885 from yanghonggang/wip-48857-nautilus
nautilus: rgw: multisite: Verify if the synced object is identical to source
Reviewed-by: Casey Bodley <cbodley@redhat.com>
Adam Kupczyk [Tue, 16 Jun 2020 07:36:55 +0000 (09:36 +0200)]
common/mempool: copies bufferlist assignment to mempool through rebuild
Fixes: https://tracker.ceph.com/issues/46027
Signed-off-by: Adam Kupczyk <akupczyk@redhat.com>
(cherry picked from commit
b3a6d18ea64e0f70e0d3371cbfcd21280677000e)
Conflicts:
src/test/test_mempool.cc
- nautilus version of this file has less tests than master
Alfonso Martínez [Thu, 25 Feb 2021 14:55:06 +0000 (15:55 +0100)]
nautilus: mgr/dashboard: python 2: error when setting user's non-ASCII password
Fixes: https://tracker.ceph.com/issues/49278
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
Ramana Raja [Thu, 25 Feb 2021 14:26:17 +0000 (09:26 -0500)]
Merge pull request #39658 from kotreshhr/ceph-vol-client-update-fix-volumes-key-nautilus
nautilus: pybind/ceph_volume_client: Update the 'volumes' key to 'subvolumes' in auth-metadata file
Reviewed-by: Ramana Raja <rraja@redhat.com>
Igor Fedotov [Wed, 8 Apr 2020 21:06:14 +0000 (00:06 +0300)]
os/bluestore: fix huge (>4GB) bluefs reads
Signed-off-by: Igor Fedotov <ifedotov@suse.com>
(cherry picked from commit
fe558c4dd12b25b2d523987f22fde5b5898cfb83)
Conflicts:
(still present buf param in BlueFS::read, lack of )https://github.com/ceph/ceph/pull/34421)
src/os/bluestore/BlueFS.cc
src/os/bluestore/BlueFS.h
src/os/bluestore/BlueRocksEnv.cc
src/test/objectstore/test_bluefs.cc
Igor Fedotov [Fri, 5 Feb 2021 11:03:48 +0000 (14:03 +0300)]
os/bluestore: fix huge(>4GB) writes from RocksDB to BlueFS.
Fixes: https://tracker.ceph.com/issues/49168
Signed-off-by: Igor Fedotov <ifedotov@suse.com>
(cherry picked from commit
5f94883ec8d64c02b2bb499caad8eaf91dd715f7)
Conflicts:
(lack of bufferlist refactor from https://github.com/ceph/ceph/pull/36754)
(lack of single allocator support from https://github.com/ceph/ceph/pull/30838)
src/os/bluestore/BlueFS.h
src/test/objectstore/test_bluefs.cc
Kefu Chai [Tue, 13 Aug 2019 02:29:24 +0000 (10:29 +0800)]
test/unittest_bluefs: always remove temp bdev file
we leave files in build directory if the test fails. better off
removing them.
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
a38122fdf77378d67eb97a5a2c55805181d921c2)
Jianpeng Ma [Mon, 10 Aug 2020 07:56:13 +0000 (15:56 +0800)]
os/bluestore/BlueRocksEnv: Avoid flushing too much data at once.
Although, in _flush func we already check length. If length of dirty
is less then bluefs_min_flush_size, we will skip this flush.
But in fact, we found rocksdb can call many times Append() and then
call Flush(). This make flush_data is much larger than
bluefs_min_flush_size.
From my test, w/o this patch, it can reduce 99.99% latency(from
145.753ms to 20.474ms) for 4k randwrite with bluefs_buffered_io=true.
Because Bluefs::flush acquire lock. So we add new api try_flush
to avoid lock contention.
Signed-off-by: Jianpeng Ma <jianpeng.ma@intel.com>
(cherry picked from commit
3a1d4ff6dcdcd897d31a85ef82c726599624b66d)
Kotresh HR [Fri, 19 Feb 2021 11:27:23 +0000 (16:57 +0530)]
mgr/volumes: Bump up AuthMetadataManager's version
With ceph_volume_client and mgr-volumes co-existing
for sometime, the version of both needs to be same.
The ceph_volume_client version <=5 can't decode
'subvolumes' key in auth-metadata file. Hence to
handle version in-compatibility, the version of
ceph_volume_client is bumped up to 6 and the same
needs to be done in mgr-volume's AuthMetadataManager
Fixes: https://tracker.ceph.com/issues/49374
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit
818c7781ff0467c6521bf2b3002b094fb8a71257)
Kotresh HR [Fri, 19 Feb 2021 11:12:33 +0000 (16:42 +0530)]
pybind/ceph_volume_client: Bump up the version and compat_version to 6
With 'volumes' key updated to 'subvolumes', the version of
ceph_volume_client <= 5 can't decode auth-metadata file. Hence
bumping up ceph_volume_client version and compat_version to 6.
Fixes: https://tracker.ceph.com/issues/49294
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit
ce55a0bcdc5db139fc8f39665c372f1b7cc274a7)
Kotresh HR [Fri, 19 Feb 2021 11:08:31 +0000 (16:38 +0530)]
pybind/ceph_volume_client: Fix auth-metadata file recovery
Fixes: https://tracker.ceph.com/issues/49294
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit
99cdfdad59175a19bc06859e69301ca0478a2db4)
Kotresh HR [Mon, 15 Feb 2021 16:26:51 +0000 (21:56 +0530)]
pybind/ceph_volume_client: Update the 'volumes' key to 'subvolumes' in auth metadata file
The older auth metadata files before nautilus release stores
the authorized subvolumes using the 'volumes' key. As the
notion of 'subvolumes' brought in by mgr/volumes, it makes
sense to use 'subvolumes' key. This patch would be tranparently
update 'volumes' key to 'subvolumes' and newer auth metadata
files would store them with 'subvolumes' key.
Also fails the deauthorize if the auth-id doesn't exist.
Fixes: https://tracker.ceph.com/issues/49294
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit
dee03c8d5c0b86cf51865090bec203419a3008a9)
Michael Fritch [Wed, 13 May 2020 23:14:35 +0000 (17:14 -0600)]
pybind/ceph_volume_client: logger.warn() -> logger.warning()
logger.warn() is the same as logger.warning(), but was removed in py3.3
Signed-off-by: Michael Fritch <mfritch@suse.com>
(cherry picked from commit
fe4c7fd7471bf724c4a1f027580d9bae3ddc24eb)
Kefu Chai [Wed, 24 Feb 2021 14:24:50 +0000 (22:24 +0800)]
tools/rados: assign to optional<> without deref'ing it
this change addresses a regression introduced by
d333b35aa10bf03a8bc047994d5cf3fed019b49a
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit
41d68594ae6df343782a1c382ac0bddc8cb7cb69)
Matthew Vernon [Thu, 4 Feb 2021 11:41:14 +0000 (11:41 +0000)]
rgw/radosgw-admin clarify error when email address already in use
The error message if you try and create an S3 user with an email
address that is already associated with another S3 account is very
confusing; this patch makes it much clearer
To reproduce:
radosgw-admin user create --uid=foo --display-name="Foo test" --email=bar@domain.invalid
radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid
could not create user: unable to parse parameters, user id mismatch, operation id: foo does not match: test
With this patch:
radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid
could not create user: unable to create user test because user id foo already exists with email bar@domain.invalid
Fixes: https://tracker.ceph.com/issues/49137
Fixes: https://tracker.ceph.com/issues/19411
Signed-off-by: Matthew Vernon <mv3@sanger.ac.uk>
(cherry picked from commit
05318d6f71e45a42a46518a0ef17047dfab83990)
Casey Bodley [Fri, 8 Nov 2019 20:52:44 +0000 (15:52 -0500)]
common: move gen_rand_alphanumeric() helpers into common
and adds overloads that return std::string directly
the motivation is to remove cls_otp's dependency on rgw_common.h
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit
bfa76731aa338ca2c8a9e6dc52a19ae71aeb0bbf)
Conflicts:
src/common/CMakeLists.txt
- no rabin.cc in nautilus