Niklas Hambüchen [Sat, 30 Mar 2024 16:42:48 +0000 (17:42 +0100)]
doc/rados/operations: Improve crush_location docs
* Fix incorrect syntax
* Use underscores for config options, like other ceph docs did
* Fix incorrect statement that crush_location_hook adds fiels; it replaces
* Explain `root=default host=HOSTNAME` is not set if `crush_location` is given
* Remove duplication across sections
* Point out that `root=default` is important
Afreen [Fri, 1 Mar 2024 07:26:25 +0000 (12:56 +0530)]
mgr/dashboard: Locking improvements in bucket create form
Fixes https://tracker.ceph.com/issues/64658
- Addition of help texts
- Addition of info/warnings related to modes and versioning
- change of Locking section layout
- renaming locking to 'Object Locking'
- changes default retention period to 10
- edit bucket only shows lock when its enabled
Patrick Donnelly [Wed, 27 Mar 2024 13:02:43 +0000 (09:02 -0400)]
Merge PR #54468 into reef
* refs/pull/54468/head:
mds,client: update the oldest_client_tid via the renew caps
mds: add trim_completed_request_list() helper
client: return false if cannot link all the way to mountpoint
client: use the fs' full path instead of from mountpoint's root
qa/tasks/cephfs/test_admin: run root_squash tests only for FUSE client
qa/tasks/cephfs: Add reproducer for https://tracker.ceph.com/issues/56067
qa: add test for checking access in client side of root_squash
qa: add sudo paramter for read_file()
test/libcephfs: remove reduntant test for acccess
mds/Server: disallow clients that have root_squash
mds/Locker: remove session check access when doing cap updates
client: check the cephx mds auth access for open
client: always set the caller_uid/gid to -1
mds: add CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK feature bit
client: check the cephx mds auth access for setattr
client: save the cap_auths in client when session being opened
client: add make_path_string() helpers support
client: add _get_root_ino() helper support
test/libcephfs: add a tag for each test unique directory
client: rename MAY_* to CLIENT_MAY_* to avoid conflicts
mds: send the cap_auths to clients when openning the sessions
mds: add cap_auths in MClientSession
mds: add MDSCapAuth support
mds: encode/decode the MDSCapMatch
mds: add assign operator support for MDSCapMatch
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Xiubo Li [Thu, 19 Oct 2023 02:20:55 +0000 (10:20 +0800)]
client: use the fs' full path instead of from mountpoint's root
The mountpoint's root ino# possibly not be the full CephFS
filesystem root, it's just the mountpoint of this particular client.
Just prepend the mountpoint path to the full path.
Introduced-by: c1bf8d88e9d client: check the cephx mds auth access for setattr Introduced-by: ce216595c03 client: check the cephx mds auth access for open Fixes: https://github.com/ceph/ceph/pull/48027#issuecomment-1741019086 Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit e46dc20cdfb157f94781032451057d1e138535cc)
Ramana Raja [Mon, 8 Aug 2022 18:33:06 +0000 (14:33 -0400)]
qa/tasks/cephfs: Add reproducer for https://tracker.ceph.com/issues/56067
A kernel CephFS client with MDS root_squash caps is able to write to a
file as non-root user. However, the data written is lost after clearing
the kernel client cache, or re-mounting the client. This issue is not
observed with a FUSE CephFS client.
Xiubo Li [Wed, 2 Nov 2022 01:12:16 +0000 (09:12 +0800)]
qa: add test for checking access in client side of root_squash
Test the 'chown' and 'truncate', which will call the setattr and
'cat' will open the files. Before each testing will open the file
by non-root user and keep it to make sure the Fxw caps are issued,
and then user the 'sudo' do to the tests, which will set the uid/gid
to 0/0.
Ramana Raja [Tue, 15 Nov 2022 19:00:24 +0000 (14:00 -0500)]
mds/Server: disallow clients that have root_squash
... MDS auth caps but don't have CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK
feature bit (i.e., can't check the auth caps sent back to it by the
MDS) from establishing a session. Do this in
Server::handle_client_session(), and Server::handle_client_reconnect(),
where old clients try to reconnect to MDS servers after an upgrade.
If the client doesn't have the ability to authorize session access
based on the MDS auth caps send back to it by the MDS, then the
client may buffer changes locally during open and setattr operations
when it's not supposed to, e.g., when enforcing root_squash MDS auth
caps.
Xiubo Li [Fri, 9 Sep 2022 04:17:06 +0000 (12:17 +0800)]
client: always set the caller_uid/gid to -1
Since the setattr will check the cephx mds auth access before
buffering the changes, so it makes no sense any more to let the
cap update to check the access in MDS again.
Xiubo Li [Tue, 25 Apr 2023 09:31:25 +0000 (17:31 +0800)]
client: add make_path_string() helpers support
Will use this to get the path string to do the mds auth check. It
may fail when the there is no any dentry in local cache, which could
be caused by just unlinking the last dentry while the inode keeps
opening and then try to change the mode.
Nizamudeen A [Tue, 19 Mar 2024 14:57:13 +0000 (20:27 +0530)]
mgr/dashboard: rm warning/error threshold for cpu usage
for multi-core cpu's the value can be more than 100% so it doesn't make
sense to show warning/error when the usage is at or more than 100%.
hence removing it
Rishabh Dave [Fri, 22 Mar 2024 17:05:06 +0000 (22:35 +0530)]
qa/cephfs: in test_volumes.py, don't use deleted helper methods
_generate_random_group_name() and _generate_random_subvolume_name() were
deleted in one of the commit from this series of commits. And PR #54207
adds calls to these helper methods. This wasn't the case for the main
branch version of this series of commits. This is why this issue is
being fixed in Reef branch directly through a fresh/new commit instead
of backporting a commit.
Rishabh Dave [Sun, 19 Nov 2023 11:42:51 +0000 (17:12 +0530)]
mgr/vol: add comments in async_cloner
It's not obvious where the clone creation is performed. It's especially
obfuscated because we call the function/method for cloning indirectly.
Therefore, add comments where necessary and mark it with heavy rating.
Same goes for all other "subvolume snapshot clone" operations.
Rishabh Dave [Thu, 2 Nov 2023 15:15:27 +0000 (20:45 +0530)]
mgr/vol: fix flake8 warnings
Fix warnings printed by the command "flake8 --select=F,E9
--exclude=venv,.tox src/pybind/mgr/volumes/".
While working with mgr/vol, syntax errors are not printed anywhere. Any
attempt to run vstart.sh after such faulty patch causes vstart.sh to go
in a infinite loop. And running "ceph fs volume" command prints "no such
command exists". This doesn't tell the actual issue and causes
confusion.
When flake8 is run, the issue is not immediately apparent due to so many
warnings. Therefore, fix these warnings so that it becomes easier to
spot such critical issues here onwards.
Note: mypy uses comments like "#type: Dict" for type checking and
therefore counts 'from typechecking import Dict' as not unsued. But
flake8 doesn't recognize type hints embedded in comment. Therfore,
switch to actually using type hints instead of adding type hints to
comments.
Rishabh Dave [Fri, 10 Nov 2023 14:53:33 +0000 (20:23 +0530)]
qa/cephfs: don't write guest keyring to file "keyring"
Writing guest keyring to CWD's file named "keyring" will over-write
build/keyring on developer's machine which will make the cluster
inoperatable and also fail the test.
Fixes: https://tracker.ceph.com/issues/63506 Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 974c4f93b3cc485e9fd340d9e7d5d13948ab25f7)
Rishabh Dave [Thu, 23 Nov 2023 10:40:00 +0000 (16:10 +0530)]
qa/cephfs: improvements for name generators in test_volumes.py
Generate a name that is shorter and easier to remember.
Also, write a simpler, faster & better helper method for generating
unique names. This method will also have shorter and more concise name,
so this will be easier to type and easier to read.
Fixes: https://tracker.ceph.com/issues/63680 Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit ad96e91ee4f6d1bcd47cfd77725d27d64ee06c93)
Conflicts:
qa/tasks/cephfs/test_volumes.py
Unlike main branch, on Quincy branch test methods
test_rename_when_clients_arent_refused(),
test_rename_when_fs_is_online(),
test_periodic_async_work() and
test_subvolume_group_rm_when_its_not_empty() are absent.
Rishabh Dave [Tue, 31 Oct 2023 18:15:59 +0000 (23:45 +0530)]
qa/cephfs: create new class for "volume fs volume rename" tests
Move tests for "ceph fs volume rename" command to a new class. This
makes it possible to run this group of tests in a single command.
This provides a convenient way to execute these tests which is necessary
after the changes has been made to the code for the "ceph fs volume
rename" command.
Rishabh Dave [Sat, 24 Jun 2023 04:15:03 +0000 (09:45 +0530)]
MDSAuthCaps: use string and vector directly
Since std::string and std::vector are brought into the current namespace
at the beginning of MDSAuthCaps.cc, write "string" and "vector" instead
of "std::string" and "std::vector" respectively.
Conflicts:
src/mds/MDSAuthCaps.cc: some code using string/vector was
deleted by a different Reef backport due to which some patches
from this commit weren't applicable.
projects / ceph.git / log