tools/ceph_authtool: allow configuring a preferred cipher

This makes testing easier as we can configure all keys in the cluster to be the
given "old" type without modifying each location that ceph-authtool is used.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/AuthMonitor: shutdown session connection on auth failure

Currently the mons will allow the session to persist even though an auth
failure has occurred, probably while trying to obtain new tickets.

A sequence to easily trigger this:

    ceph auth rotate osd.0
    ceph auth wipe-rotating-service-keys

The osd.0 will continue interacting with the mons until restart or a network
interruption occurs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

msg: add interface to shutdown Connection

Unfortunately this doesn't work as-is because I couldn't find primitives to
flush the out_queue. It's left as a to-do for now.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/mon/MonClient: refacor Client::handle_monmap

Use coroutines, should help with future changes.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/mon/MonClient: introduce handle_auth_failure

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/mon/MonClient: add asock TODO comment

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())

Similar to MonClient::_wipe_secrets_and_tickets())

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/mon/MonClient: imitate Classic's _check_auth_tickets

Imitating this interface from Classicals MonClient::_check_auth_tickets()
should make it easier to understand Crimson's counterpart.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

crimson/mon/MonClient: cleanup redundant private

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/MonClient: wipe secrets and invalidate tickets on auth epoch change

* This causes service daemons to drop all known service tickets and request new
  ones from the auth server.

* This causes the clients (and service daemons) to request new tickets from the
  auth server which will include tickets signed with the new service keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/AuthMonitor: bump auth epoch when wiping service keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/MonmapMonitor: wire up interface to bump auth epoch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/MonMap: add auth epoch

This will be used to indicate to clients / service daemons that the auth
service keys have been rotated. Clients and service daemons are expected to
invalidate their tickets and reauth. Service daemons should wipe their service
keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/AuthMonitor: add key-type switch

So it's possible to test with various key-types.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

common/cmdparse: add another template cmd_getval_or helper

To mimic the conventional signature where you pass the lvalue you want to set.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/Monitor: perfect forward universal ref of lambda

This method doesn't currently work for std::move of a lambda.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon/Monitor: add debugging for monmap handling

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

mon: notify_new_monmap via MonmapMonitor::init

Otherwise, configurations are not updated during startup.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

doc/man: document new --key-type option for ceph-authtool

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

tools/ceph_authtool: add help message for key-type switch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

common/buffer: accept "-" as stdin

These methods are used for reading files from tools like "authtool". Read from
stdin if the conventional "-" filename is passed.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth/cephx: make some parameters const

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth: cleanup error message formatting

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth,mon: lookup ticket ttl at runtime

and improve debugging.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth: add API to invalidate all tickets

This will prompt the client to request new ones from the auth server.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth/cephx: enforce sorted config keys

Makes future additions avoid conflicts.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth/cephx: update get_tracked_keys signature

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth: fix return type

key type is an unsigned.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

common: break print template into separate header

To avoid pulling in all the debug includes for some primitive headers.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

common: remove dead option

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

test: fix compiler error

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

auth,*: remove conflicting fwd declarations

Signed-off-by: Matan Breizman <mbreizma@redhat.com>

include/common_fwd: Include Crypto classes

CryptoManager::cct is now used in CephContext ctor. To provide this
defintion
any ceph_context.cc target must also include Crypto.cc.

crimson-alien-common library which only had ceph_context.cc must now
also include Crypto.cc.
However, the fact that crimson-common also includes Crypto.cc would
cause multiple defintions
to any Crypto classes methods.

To resolve this, let's wrap all Crypto classes with TOPNSPC::common that
would be forwarded using common_fwd logic.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>

cephx: sign messages using hmac_sha256

if key type is newer than the original AES, calculate message
hash by using HMAC-SHA256.
We cannot use plain aes256k like we do with the aes key because
of the confounder. The other option would be to inject a
confounder, but that would weaken the cipher.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: create slice api for calculating hmac_sha256

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

test/auth: more aes256krb5 tests

 - DecryptNoBl
 - multiple test vectos per each test

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: test slice interface for aes256k

AES256KRB5 uses the default slice encryption implementation, testing that
it works correctly.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

test/crypto: more aes256krb5 tests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: add usage param to crypto handler

Allow different usage for crypto handler users. Currently being used
in the crypto unitest to match the test vectors.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: aes256krb5: add confounder config for unitests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

cephx: add configurable to set allowed ciphers

cephx allowed ciphers: a list of ciphers that  sets what type
of keys are allowed to be used to authenticate

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: remove unused code

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: add a configurable to control rotating keys cipher type

auth_service_cipher: a mon configurable that determines what type of cipher
the rotating keys are using. The configurable can change at runtime. Note
that the change does not invalidate existing keys, these would expire
based on their ttl.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth/cephx: session key type is set to client key type

This ensures that the client supports the specific key type.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth/cephx: switch default cipher to AES256KRB5

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth/cephx: modify client + server challenges hashing

This applies when using ciphers that are not the original
AES-128 one. Use the hmac-sha256 hash now. With AES256KRB5
the original method of encrypting the combined challenges
doesn't work as the confounder randomizes the result.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

ceph-authtool: support --key-type param

Also move the encryption handlers out of the ceph_context.
Handlers are now returned as a shared_ptr, to support the
creation of new handlers with different params (such as
the usage param).

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth/crypto: add support for aes256-hmac384-192

Using the encryption standard set in RFC 8009. This is the
encryption that is used in Kerberos 5, so naming this variation
as AES256KRB5.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

auth: propagate ceph context to encrypt/decrypt

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

Merge pull request #65720 from rhcs-dashboard/fix-73307-main

.github: pin GH Actions to SHA-1 commit

Merge pull request #65730 from tchaikov/mailmap-kefu

mailmap: update affiliation for Kefu Chai

Reviewed-by: Laura Flores <lflores@ibm.com>

Merge pull request #65733 from anthonyeleven/typofix

doc: Fix typo in src/common/options/global.yaml.in

Merge pull request #65391 from MaxKellermann/osdc_uninline

osdc: uninline methods to reduce header dependencies and compile times

Reviewed-by: Greg Farnum <gfarnum@redhat.com>

Merge pull request #64727 from bluikko/doc-mount-ceph-formatting-man

doc/man/8: Fix small errors and small improvements in mount.ceph.rst

Merge pull request #65134 from xxhdx1985126/wip-seastore-clone-range-latest

crimson/os/seastore: OP_CLONERANGE2 support ---- another approach

Reviewed-by: Samuel Just <sjust@redhat.com>

doc: Fix typo in src/common/options/global.yaml.in

Signed-off-by: Anthony D'Atri <anthonyeleven@users.noreply.github.com>

Merge pull request #65479 from smanjara/wip-fix-object-sync-trace

rgw/multisite: fix sync requests on existing objects

Reviewed-by: Casey Bodley <cbodley@redhat.com>

mailmap: update affiliation for Kefu Chai

he's now affiliated to Proxmox, so map his contribution to
his employer email address.

Signed-off-by: Kefu Chai <k.chai@proxmox.com>

Merge pull request #65459 from rhcs-dashboard/72944-hide-suppresed-alerts-on-dashboard

mgr/dashboard : Hide suppressed  alert on landing page

Reviewed-by: Afreen Misbah <afreen@ibm.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #65700 from a16bitsysop/crimson-systemd

crimson: fix building without systemd

Merge pull request #65612 from Hezko/nvmeof-cli-fix-aliases-help

mgr/dashboard: fix command alias help message

Reviewed-by: Afreen Misbah <afreen@ibm.com>

Merge pull request #65610 from Hezko/nvmeof-cli-ns-list-nsid-param

mgr/dashboard: add nsid param to ns list command

Reviewed-by: Nizamudeen A <nia@redhat.com>

scripts: add script to fix GH workflows

Fixes: https://tracker.ceph.com/issues/73307
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>

.github: pin GH Actions to SHA-1 commit

Fixes: https://tracker.ceph.com/issues/73307
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>

Merge PR #59676 into main

* refs/pull/59676/head:

Reviewed-by: Rishabh Dave <ridave@redhat.com>
Reviewed-by: Kotresh Hiremath Ravishankar <khiremat@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>

Merge PR #65232 into main

* refs/pull/65232/head:

Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Mark Nelson <mnelson@redhat.com>

Merge pull request #65410 from anthonyeleven/ec-overwrite

doc/rados/operations: Clarify overwrites in erasure-code.rst

Merge pull request #65501 from anthonyeleven/ceph-osd-df

doc: Enhance the ceph df and ceph osd commands

Merge PR #65483 into main

* refs/pull/65483/head:

Reviewed-by: Patrick Donnelly <pdonnell@ibm.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>

Merge PR #61173 into main

* refs/pull/61173/head:

Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Reviewed-by: Anthony D Atri <anthony.datri@gmail.com>

Merge pull request #64830 from AliMasarweh/wip-alimasa-conditional

RGW | fix conditional MultiWrite

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #65403 from MaxKellermann/Formatter__split

common/Formatter: move {JSON,Table,XML}Formatter to separate files

Reviewed-by: Adam Emerson <aemerson@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Tested-by: anrao19

Merge pull request #64912 from cloudbehl/Cephadm-daemon-status-metric

prometheus: Add Cephadm orch ps output metric to prometheus

Reviewed-by: Afreen Misbah <afreen23.git@gmail.com>
Reviewed-by: Anmol Babu <anmolbudugutta@gmail.com>
Reviewed-by: Redouane Kachach <rkachach@ibm.com>

Merge pull request #64562 from adam-lj/ceph_test_rados_io_sequence_copy_from

test/osd: Extend ceph_test_rados_io_sequence to support copy operations

Merge pull request #65649 from nbalacha/wip-nbalacha-cleanup-2

rgw/bucket-logging: fix typos

Merge pull request #64467 from ceph/fix-mtu-alert

monitoring: fix MTU Mismatch alert rule and expr

Reviewed-by: Afreen Misbah <afreen@ibm.com>

Merge pull request #65669 from rhcs-dashboard/inline-edit-fixes

mgr/dashboard: fix duplicated editing of cell

Reviewed-by: Afreen Misbah <afreen@ibm.com>

monitoring: fix MTU Mismatch alert rule and expr

Fixes: https://tracker.ceph.com/issues/73290
Signed-off-by: Aashish Sharma <aasharma@redhat.com>

mgr/dashboard: fix duplicated editing of cell

form control is applied with unique identifier. In the table where the
issue is present, let's support adding the `unique_identifier`.

Fixes: https://tracker.ceph.com/issues/73250
Signed-off-by: Nizamudeen A <nia@redhat.com>

crimson: fix building without systemd

Use BOOL WITH_SYSTEMD guard before including Jounald.cc in sources for crimson-common

Fixes: https://tracker.ceph.com/issues/73148
Signed-off-by: Duncan Bellamy <dunk@denkimushi.com>

qa/suites/crimson-rados/thrash_simple: enable osd down

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

test/crimson/seastore/test_seastore: add the clone_range UT case

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/os/seastore: support OP_CLONERANGE2

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/os/seastore/lba_manager: allow cloning part of the mapping

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/os/seastore: do "copy_on_write" if the to-be-modified object
needs it

At present, only clone objects may need COW, as HEAD objects won't be
sharing any direct lba mapping with other objects in non-recovery
scenarios.

Although the HEAD object may share its direct mappings with the temp
object that's going to be recovered and replace it, it won't be
accepting any modifications at that time.

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/osd/osd_meta: change osd_superblock to be a head object

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/os/seastore/object_data_handler: we don't have to maintain the
symmetric indirect lba relationship at the time of clone

OP_CLONE is done in the following way:
1. First, swap the layout of the head onode and the clone onode, so that
   clone onode's object_data, omap_root, xattr_root and log_root all
   point to the head onode's corresponding fields;
2. Do SeaStore::_clone() from the clone onode to the head onode, which
   is exactly what rollback is done.

This makes the code of ObjectDataHandler::clone() and
ObjectDataHandler::copy_on_write() even simpler, and can facilitate the
clone/rollback scenarios when the "128-bit" lba key layout is involved.

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/os/seastore/onode: add the interface for swapping onode layouts

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

crimson/os/seastore/onode: add the "need_cow" field to indicate whether
the onode's object data space needs to do clone before modification

At present, it's only when the onode's object data space is sharing its
own direct lba mappings with other onodes that the "need_cow" field
would be true.

Signed-off-by: Xuehan Xu <xuxuehan@qianxin.com>

mgr/dashboard: fix command alias help message

Signed-off-by: Tomer Haskalovitch <tomer.haska@ibm.com>

Merge pull request #65586 from dang/wip-dang-posix-cleanup

RGW - POSIXDriver - Cleanup vstart

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #65643 from dang/wip-dang-dedup

RGW - Fix dedup build

Reviewed by: Casey Bodley <cbodley@redhat.com>

Merge pull request #65593 from smanjara/wip-fix-period-pull

rgw/multisite: fix period pull command

Merge pull request #65631 from phlogistonjohn/jjm-fix-71992

mgr/smb: fix error handling for fundamental resource parsing

Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>

Merge pull request #65309 from joscollin/wip-72683-peer-add-deprecate

cephfs_mirror: deprecate peer_add command

Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

Merge pull request #65567 from rkachach/fix_issue_certs_migration

mgr/cephadm: cleaning up old migration logic and improving upgrade handling with certmgr

Reviewed-by: Adam King <adking@redhat.com>

Merge pull request #65599 from bachmanity1/cephadm-support-custom-distro

cephadm: support custom distros by falling back to `ID_LIKE`

Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>