]> git.apps.os.sepia.ceph.com Git - ceph.git/log
ceph.git
4 years agoMerge PR #40687 into pacific
Patrick Donnelly [Wed, 21 Apr 2021 00:01:13 +0000 (17:01 -0700)]
Merge PR #40687 into pacific

* refs/pull/40687/head:
doc/cephfs/nfs: add user id, fs name and key to FSAL block

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
4 years agoMerge branch 'pacific-saved' into pacific
Ilya Dryomov [Tue, 20 Apr 2021 09:01:15 +0000 (11:01 +0200)]
Merge branch 'pacific-saved' into pacific

Conflicts:
qa/tasks/ceph.conf.template [ commit 94df76244798
  ("qa/tasks/ceph.conf: shorten cephx TTL for testing") was
  cherry-picked to 16.2.0 separately and so exists both in
  16.2.0 and pacific-saved ]
qa/tasks/cephadm.conf [ ditto ]

4 years ago16.2.1 v16.2.1
Jenkins Build Slave User [Mon, 19 Apr 2021 13:50:07 +0000 (13:50 +0000)]
16.2.1

4 years agoauth/cephx: make KeyServer::build_session_auth_info() less confusing
Ilya Dryomov [Thu, 15 Apr 2021 13:18:58 +0000 (15:18 +0200)]
auth/cephx: make KeyServer::build_session_auth_info() less confusing

The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication.  The monitor passes in
service_secret (mon secret) and secret_id (-1).  The TTL is irrelevant
because there is no rotation.

However the signature doesn't make it obvious.  Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6f12cd3688b753633c8ff29fb3bd64758f960b2b)

4 years agoauth/cephx: cap ticket validity by expiration of "next" key
Ilya Dryomov [Thu, 15 Apr 2021 07:48:13 +0000 (09:48 +0200)]
auth/cephx: cap ticket validity by expiration of "next" key

If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c258 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity.  The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL.  As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once.  When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.

Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 370c9b13970d47a55b1b20ef983c6f01236c9565)

4 years agoauth/cephx: drop redundant KeyServerData::get_service_secret() overload
Ilya Dryomov [Thu, 15 Apr 2021 07:47:50 +0000 (09:47 +0200)]
auth/cephx: drop redundant KeyServerData::get_service_secret() overload

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 3078af716505ae754723864786a41a6d6af0534c)

4 years agoMerge pull request #40826 from idryomov/wip-no-cephxv2-for-unmap-pacific
Ilya Dryomov [Tue, 13 Apr 2021 16:41:54 +0000 (18:41 +0200)]
Merge pull request #40826 from idryomov/wip-no-cephxv2-for-unmap-pacific

pacific: qa/suites/krbd: don't require CEPHX_V2 for unmap subsuite

Reviewed-by: Greg Farnum <gfarnum@redhat.com>
4 years agoMerge pull request #40665 from idryomov/wip-require-ceph-common-for-ioc-pacific
Ilya Dryomov [Tue, 13 Apr 2021 09:44:48 +0000 (11:44 +0200)]
Merge pull request #40665 from idryomov/wip-require-ceph-common-for-ioc-pacific

pacific: packaging: require ceph-common for immutable object cache daemon

Reviewed-by: Greg Farnum <gfarnum@redhat.com>
4 years agoqa/suites/krbd: don't require CEPHX_V2 for unmap subsuite 40826/head
Ilya Dryomov [Sat, 3 Apr 2021 09:13:56 +0000 (11:13 +0200)]
qa/suites/krbd: don't require CEPHX_V2 for unmap subsuite

Starting with pacific, CEPHX_V2 is required by default but
pre-single-major.yaml kernel doesn't support it.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 4027eb864efeb8b85f3d459048aabdffb894b150)

4 years agoqa/standalone: default to disable insecure global id reclaim
Sage Weil [Sun, 28 Mar 2021 22:07:57 +0000 (18:07 -0400)]
qa/standalone: default to disable insecure global id reclaim

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 72c4fc75ad301980baebc7789ed6391444057e5b)

4 years agoqa/suites/upgrade/octopus-x: disable insecure global_id reclaim health warnings
Sage Weil [Thu, 25 Mar 2021 17:36:56 +0000 (13:36 -0400)]
qa/suites/upgrade/octopus-x: disable insecure global_id reclaim health warnings

These will trigger on upgrade; suppress them so that our health gates
will still work.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 3e80f61efeafc186ea8130984d64c05b2707d6ba)

Conflicts:
qa/suites/upgrade/octopus-x/rgw-multisite/overrides.yaml [
  commit b6773dd3f197 ("qa/rgw: add octopus-x upgrade suite for
  multisite") not in pacific ]

4 years agoqa/tasks/ceph[adm].conf[.template]: disable insecure global_id reclaim health alerts
Sage Weil [Fri, 26 Mar 2021 22:08:46 +0000 (18:08 -0400)]
qa/tasks/ceph[adm].conf[.template]: disable insecure global_id reclaim health alerts

Turn these off everywhere for our tests so they don't interfere with our health checks.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 9f6fd4fe563c9cd4cf65316921d511b677c972e4)

4 years agocephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap
Sage Weil [Fri, 26 Mar 2021 16:02:50 +0000 (12:02 -0400)]
cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap

If this is a fresh pacific cluster, let's assume that there won't be
legacy clients connecting.  (And if there are, let's put the burden on
the user to enable them to do so insecurely.)

This is in contrast to upgrades, where our focus is on not breaking
anything.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 7ca74183226b1125b29f4ea8f324ae9e38b46795)

4 years agomon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]
Sage Weil [Thu, 25 Mar 2021 22:07:53 +0000 (18:07 -0400)]
mon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]

Two new alerts:

- AUTH_INSECURE_GLOBAL_ID_RENEWAL_ALLOWED if we are allowing clients to reclaim
global_ids in an insecure manner (for backwards compatibility until
clients are upgraded)

- AUTH_INSECURE_GLBOAL_ID_RENEWAL if there are currently clients connected that
do not know how to securely renew their global_id, as exposed by
auth_expose_insecure_global_id_reclaim=true.  The client auth names and IPs
are listed the alert details (up to a limit, at least).

The docs recommend operators mute these alerts instead of silencing, but
we still include option that allow the alerts to be disabled entirely.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 18b343b06e5dd904af425dc99e2c848e12f3b552)

4 years agoauth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys
Ilya Dryomov [Tue, 2 Mar 2021 14:09:26 +0000 (15:09 +0100)]
auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys

When handling CEPHX_GET_AUTH_SESSION_KEY requests from nautilus+
clients, ignore CEPH_ENTITY_TYPE_AUTH in CephXAuthenticate::other_keys.
Similarly, when handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests,
ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys.
These fields are intended for requesting service tickets, the auth
ticket (which is really a ticket granting ticket) must not be shared
this way.

Otherwise we end up sharing an auth ticket that a) isn't encrypted
with the old session key even if needed (should_enc_ticket == true)
and b) has the wrong validity, namely auth_service_ticket_ttl instead
of auth_mon_ticket_ttl.  In the CEPHX_GET_AUTH_SESSION_KEY case, this
undue ticket immediately supersedes the actual auth ticket already
encoded in the same reply (the reply frame ends up containing two auth
tickets).

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 05772ab6127bdd9ed2f63fceef840f197ecd9ea8)

4 years agoauth/cephx: rotate auth tickets less often
Ilya Dryomov [Mon, 22 Mar 2021 18:16:32 +0000 (19:16 +0100)]
auth/cephx: rotate auth tickets less often

If unauthorized global_id (re)use is disallowed, a client that has
been disconnected from the network long enough for keys to rotate
and its auth ticket to expire (i.e. become invalid/unverifiable)
would not be able to reconnect.

The default TTL is 12 hours, resulting in a 12-24 hour reconnect
window (the previous key is kept around, so the actual window can be
up to double the TTL).  The setting has stayed the same since 2009,
but it also hasn't been enforced.  Bump it to get a 72 hour reconnect
window to cover for something breaking on Friday and not getting fixed
until Monday.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 522a52e6c258932274f0753feb623ce008519216)

4 years agomon: fail fast when unauthorized global_id (re)use is disallowed
Ilya Dryomov [Thu, 25 Mar 2021 19:59:13 +0000 (20:59 +0100)]
mon: fail fast when unauthorized global_id (re)use is disallowed

When unauthorized global_id (re)use is disallowed, we don't want to
let unpatched clients in because they wouldn't be able to reestablish
their monitor session later, resulting in subtle hangs and disrupted
user workloads.

Denying the initial connect for all legacy (CephXAuthenticate < v3)
clients is not feasible because a large subset of them never stopped
presenting their ticket on reconnects and are therefore compatible with
enforcing mode: most notably all kernel clients but also pre-luminous
userspace clients.  They don't need to be patched and excluding them
would significantly hamper the adoption of enforcing mode.

Instead, force clients that we are not sure about to reconnect shortly
after they go through authentication and obtain global_id.  This is
done in Monitor::dispatch_op() to capture both msgr1 and msgr2, most
likely instead of dispatching mon_subscribe.

We need to let mon_getmap through for "ceph ping" and "ceph tell" to
work.  This does mean that we share the monmap, which lets the client
return from MonClient::authenticate() considering authentication to be
finished and causing the potential reconnect error to not propagate to
the user -- the client would hang waiting for remaining cluster maps.
For msgr1, this is unavoidable because the monmap is sent immediately
after the final MAuthReply.  But for msgr2 this is rare: most of the
time we get to their mon_subscribe and cut the connection before they
process the monmap!

Regardless, the user doesn't get a chance to start a workload since
there is no proper higher-level session at that point.

To help with identifying clients that need patching, add global_id and
global_id_status to "sessions" output.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 08766a17edebb7450cd9b17cc2dc01efc068bb94)

4 years agoauth/cephx: option to disallow unauthorized global_id (re)use
Ilya Dryomov [Sat, 13 Mar 2021 13:53:52 +0000 (14:53 +0100)]
auth/cephx: option to disallow unauthorized global_id (re)use

global_id is a cluster-wide unique id that must remain stable for the
lifetime of the client instance.  The cephx protocol has a facility to
allow clients to preserve their global_id across reconnects:

(1) the client should provide its global_id in the initial handshake
    message/frame and later include its auth ticket proving previous
    possession of that global_id in CEPHX_GET_AUTH_SESSION_KEY request

(2) the monitor should verify that the included auth ticket is valid
    and has the same global_id and, if so, allow the reclaim

(3) if the reclaim is allowed, the new auth ticket should be
    encrypted with the session key of the included auth ticket to
    ensure authenticity of the client performing reclaim.  (The
    included auth ticket could have been snooped when the monitor
    originally shared it with the client or any time the client
    provided it back to the monitor as part of requesting service
    tickets, but only the genuine client would have its session key
    and be able to decrypt.)

Unfortunately, all (1), (2) and (3) have been broken for a while:

- (1) was broken in 2016 by commit a2eb6ae3fb57 ("mon/monclient:
  hunt for multiple monitor in parallel") and is addressed in patch
  "mon/MonClient: preserve auth state on reconnects"

- it turns out that (2) has never been enforced.  When cephx was
  being designed and implemented in 2009, two changes to the protocol
  raced with each other pulling it in different directions: commits
  0669ca21f4f7 ("auth: reuse global_id when requesting tickets")
  and fec31964a12b ("auth: when renewing session, encrypt ticket")
  added the reclaim mechanism based strictly on auth tickets, while
  commit 5eeb711b6b2b ("auth: change server side negotiation a bit")
  allowed the client to provide global_id in the initial handshake.
  These changes didn't get reconciled and as a result a malicious
  client can assign itself any global_id of its choosing by simply
  passing something other than 0 in MAuth message or AUTH_REQUEST
  frame and not even bother supplying any ticket.  This includes
  getting a global_id that is being used by another client.

- (3) was broken in 2019 with addition of support for msgr2, where
  the new auth ticket ends up being shared unencrypted.  However the
  root cause is deeper and a malicious client can coerce msgr1 into
  the same.  This also goes back to 2009 and is addressed in patch
  "auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys".

Because (2) has never been enforced, no one noticed when (1) got
broken and we began to rely on this flaw for normal operation in
the face of reconnects due to network hiccups or otherwise.  As of
today, only pre-luminous userspace clients and kernel clients are
not exercising it on a daily basis.

Bump CephXAuthenticate version and use a dummy v3 to distinguish
between legacy clients that don't (may not) include their auth ticket
and new clients.  For new clients, unconditionally disallow claiming
global_id without a corresponding auth ticket.  For legacy clients,
introduce a choice between permissive (current behavior, default for
the foreseeable future) and enforcing mode.

If the reclaim is disallowed, return EACCES.  While MonClient does
have some provision for global_id changes and we could conceivably
implement enforcement by handing out a fresh global_id instead of
the provided one, those code paths have never been tested and there
are too many ways a sudden global_id change could go wrong.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit abebd643cc60fa8a7cb82dc29a9d5041fb3c3d36)

4 years agoauth/cephx: make cephx_decode_ticket() take a const ticket_blob
Ilya Dryomov [Tue, 30 Mar 2021 09:10:17 +0000 (11:10 +0200)]
auth/cephx: make cephx_decode_ticket() take a const ticket_blob

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6b860684c6e59b11c727206819805f89f0518575)

4 years agoauth/AuthServiceHandler: keep track of global_id and whether it is new
Ilya Dryomov [Tue, 9 Mar 2021 15:33:55 +0000 (16:33 +0100)]
auth/AuthServiceHandler: keep track of global_id and whether it is new

AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.

Lift the setting of entity_name into AuthServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit b50b6abd60e730176a7ef602bdd25d789a3c467d)

4 years agoauth/AuthServiceHandler: build_cephx_response_header() is cephx-specific
Ilya Dryomov [Tue, 9 Mar 2021 13:36:39 +0000 (14:36 +0100)]
auth/AuthServiceHandler: build_cephx_response_header() is cephx-specific

Make the one in CephxServiceHandler private and drop the stub in
AuthNoneServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 49cba02a750d4c1ab68399401f0c04f9c9be5b9e)

4 years agoauth/AuthServiceHandler: drop unused start_session() args
Ilya Dryomov [Tue, 9 Mar 2021 13:25:39 +0000 (14:25 +0100)]
auth/AuthServiceHandler: drop unused start_session() args

session_key, connection_secret and connection_secret_required_length
aren't material for start_session() across all three implementations.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit c151c9659bdb71f30b520bbd62f91cc009ec51cd)

4 years agomon/MonClient: drop global_id arg from _add_conn() and _add_conns()
Ilya Dryomov [Tue, 30 Mar 2021 13:19:41 +0000 (15:19 +0200)]
mon/MonClient: drop global_id arg from _add_conn() and _add_conns()

Passing anything but MonClient instance's global_id doesn't make
sense.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit a71f6e90d43cca5a79db92ca6a640598796ae7ee)

4 years agomon/MonClient: reset auth state in shutdown()
Ilya Dryomov [Thu, 1 Apr 2021 08:55:36 +0000 (10:55 +0200)]
mon/MonClient: reset auth state in shutdown()

Destroying AuthClientHandler and not resetting global_id is another
way to get MonClient to send CEPHX_GET_AUTH_SESSION_KEY requests with
CephXAuthenticate::old_ticket not populated.  This is particularly
pertinent to get_monmap_and_config() which shuts down the bootstrap
MonClient between retry attempts.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit c9b022e07392979e7f9ea6c11484a7dd872cc235)

4 years agomon/MonClient: preserve auth state on reconnects
Ilya Dryomov [Mon, 8 Mar 2021 14:37:02 +0000 (15:37 +0100)]
mon/MonClient: preserve auth state on reconnects

Commit a2eb6ae3fb57 ("mon/monclient: hunt for multiple monitor in
parallel") introduced a regression where auth state (global_id and
AuthClientHandler) was no longer preserved on reconnects.  The ensuing
breakage was quickly noticed and prompted a follow-on fix 8bb6193c8f53
("mon/MonClient: persist global_id across re-connecting").

However, as evident from the subject, the follow-on fix only took
care of the global_id part.  AuthClientHandler is still destroyed
and all cephx tickets are discarded.  A new from-scratch instance
is created for each MonConnection and CEPHX_GET_AUTH_SESSION_KEY
requests end up with CephXAuthenticate::old_ticket not populated.
The bug is in MonClient, so both msgr1 and msgr2 are affected.

This should have resulted in a similar sort of breakage but didn't
because of a much larger bug.  The monitor should have denied the
attempt to reclaim global_id with no valid ticket proving previous
possession of that global_id presented.  Alas, it appears that this
aspect of the cephx protocol has never been enforced.  This is dealt
with in the next patch.

To fix the issue at hand, clone AuthClientHandler into each
MonConnection so that each respective CEPHX_GET_AUTH_SESSION_KEY
request gets a copy of the current auth ticket.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 236b536b28482ec9d8b872de03da7d702ce4787b)

4 years agomon/MonClient: claim active_con's auth explicitly
Ilya Dryomov [Sat, 6 Mar 2021 10:15:40 +0000 (11:15 +0100)]
mon/MonClient: claim active_con's auth explicitly

Eliminate confusion by moving auth from active_con into MonClient
instead of swapping them.

The existing MonClient::auth can be destroyed right away -- I don't
see why active_con would need it or a reason to delay its destruction
(which is what stashing in active_con effectively does).

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit eec24e4d119c57c7eb5119dc0083616a61b33b89)

4 years agomon/MonClient: resurrect "waiting for monmap|config" timeouts
Ilya Dryomov [Thu, 1 Apr 2021 08:07:00 +0000 (10:07 +0200)]
mon/MonClient: resurrect "waiting for monmap|config" timeouts

This fixes a regression introduced in commit 85157d5aae3d ("mon:
s/Mutex/ceph::mutex/").  Waiting for monmap and config indefinitely
is not just bad UX, it actually masks other more serious bugs.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6faa18e0a8e8efba6bd2978942eb9909b6568d5c)

4 years agoqa/tasks/ceph.conf: shorten cephx TTL for testing
Sage Weil [Mon, 5 Apr 2021 18:08:30 +0000 (13:08 -0500)]
qa/tasks/ceph.conf: shorten cephx TTL for testing

Rotate tickets frequently to exercise those code paths during testing.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 94df76244798cdc0bafd74c9e5197adb5aa990c0)

4 years agoMerge pull request #40805 from tchaikov/pacific-pr-40738
Kefu Chai [Mon, 12 Apr 2021 13:42:07 +0000 (21:42 +0800)]
Merge pull request #40805 from tchaikov/pacific-pr-40738

pacific: include/librados: fix doxygen syntax for docs build

Reviewed-by: Josh Durgin <jdurgin@redhat.com>
4 years agoMerge pull request #40648 from rhcs-dashboard/wip-50203-pacific
Ernesto Puerta [Mon, 12 Apr 2021 09:36:37 +0000 (11:36 +0200)]
Merge pull request #40648 from rhcs-dashboard/wip-50203-pacific

pacific: mgr/dashboard: Revoke read-only user's access to Manager modules

Reviewed-by: Waadkh7 <walkhour@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
4 years agoinclude/librados: fix doxygen syntax for docs build 40805/head
Josh Durgin [Fri, 9 Apr 2021 22:01:32 +0000 (18:01 -0400)]
include/librados: fix doxygen syntax for docs build

The docs build is now warning about these like:

WARNING: Unparseable C cross-reference: '[in]'
Invalid C declaration: Expected identifier in nested name.

Signed-off-by: Josh Durgin <jdurgin@redhat.com>
(cherry picked from commit 70b8f16a2c9fe2375457bf66bf46e4296a86e31d)

4 years agoMerge PR #40663 into pacific
Sage Weil [Fri, 9 Apr 2021 23:04:33 +0000 (18:04 -0500)]
Merge PR #40663 into pacific

* refs/pull/40663/head:
qa/tasks/ceph.conf: shorten cephx TTL for testing

Reviewed-by: Sage Weil <sage@redhat.com>
4 years agoMerge pull request #40645 from batrick/i50015
Yuri Weinstein [Fri, 9 Apr 2021 15:41:42 +0000 (08:41 -0700)]
Merge pull request #40645 from batrick/i50015

pacific: qa: "AttributeError: 'NoneType' object has no attribute 'mon_manager'"

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
4 years agodoc/cephfs/nfs: add user id, fs name and key to FSAL block 40687/head
Varsha Rao [Tue, 6 Apr 2021 10:06:45 +0000 (15:36 +0530)]
doc/cephfs/nfs: add user id, fs name and key to FSAL block

Fixes: https://tracker.ceph.com/issues/50161
Signed-off-by: Varsha Rao <varao@redhat.com>
(cherry picked from commit 08f1d906c2696d64ed89160980768865beacdc08)

4 years agoMerge pull request #40706 from cbodley/wip-50247
Ilya Dryomov [Fri, 9 Apr 2021 04:42:25 +0000 (06:42 +0200)]
Merge pull request #40706 from cbodley/wip-50247

pacific: cmake: define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT globally

Reviewed-by: Neha Ojha <nojha@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Kefu Chai <kchai@redhat.com>
4 years agoMerge pull request #40629 from batrick/i50025
Yuri Weinstein [Thu, 8 Apr 2021 22:22:11 +0000 (15:22 -0700)]
Merge pull request #40629 from batrick/i50025

pacific: client: items pinned in cache preventing unmount

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
4 years agoMerge pull request #40628 from batrick/i49936
Yuri Weinstein [Thu, 8 Apr 2021 22:21:30 +0000 (15:21 -0700)]
Merge pull request #40628 from batrick/i49936

pacific: ceph-fuse: src/include/buffer.h: 1187: FAILED ceph_assert(_num <= 1024)

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
4 years agoMerge pull request #40528 from batrick/i50030
Yuri Weinstein [Thu, 8 Apr 2021 22:20:54 +0000 (15:20 -0700)]
Merge pull request #40528 from batrick/i50030

pacific: qa: fs:cephadm mount does not wait for mds to be created

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
4 years agocmake: define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT globaly 40706/head
Kefu Chai [Sun, 21 Mar 2021 15:06:00 +0000 (23:06 +0800)]
cmake: define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT globaly

turns out we also need it for compiling librados tests with libboost
1.75, so just define it globally

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 7ce3ee6f346889d4d87d6424c6a1ad18badd139b)

4 years agocmake: use list(APPEND..) when appropriate
Kefu Chai [Sun, 21 Mar 2021 15:06:43 +0000 (23:06 +0800)]
cmake: use list(APPEND..) when appropriate

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 22ca579cf6c38d0592016c4648be4afea929de74)

4 years agocmake: define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT for rgw tests
Kefu Chai [Fri, 19 Mar 2021 04:46:17 +0000 (12:46 +0800)]
cmake: define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT for rgw tests

otherwise unittest_rgw_iam_policy does not compile with boost v1.75

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 36d2f006c6cf309d60857ce85325489865e8374c)

4 years agoMerge pull request #40588 from rhcs-dashboard/wip-50068-pacific
Ernesto Puerta [Thu, 8 Apr 2021 10:46:27 +0000 (12:46 +0200)]
Merge pull request #40588 from rhcs-dashboard/wip-50068-pacific

pacific: mgr/dashboard: Fix for alert notification message being undefined

Reviewed-by: Waadkh7 <walkhour@redhat.com>
Reviewed-by: pereman2 <pdiazbou@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
4 years agopackaging: require ceph-common for immutable object cache daemon 40665/head
Ilya Dryomov [Wed, 7 Apr 2021 09:36:53 +0000 (11:36 +0200)]
packaging: require ceph-common for immutable object cache daemon

This daemon has a systemd service which starts it with --setuser ceph
--setgroup ceph.  "ceph" user and group are created by ceph-common and
won't be there unless ceph-common is installed.

Fixes: https://tracker.ceph.com/issues/50207
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit dc55f0bb43226259068545c6e13c2921d225ddbe)

4 years agoqa/tasks/ceph.conf: shorten cephx TTL for testing 40663/head
Sage Weil [Mon, 5 Apr 2021 18:08:30 +0000 (13:08 -0500)]
qa/tasks/ceph.conf: shorten cephx TTL for testing

Rotate tickets frequently to exercise those code paths during testing.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 94df76244798cdc0bafd74c9e5197adb5aa990c0)

4 years agomgr/dashboard: Revoke read-only user's access to Manager modules 40648/head
Nizamudeen A [Tue, 6 Apr 2021 15:54:51 +0000 (21:24 +0530)]
mgr/dashboard: Revoke read-only user's access to Manager modules

This will disable read only user to read/open Manager Modules page in
Ceph Dashboard where some of the security related informations are
shown.

Fixes: https://tracker.ceph.com/issues/50174
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit fb607f1561371340d2c9d4e16c4eaceb365fd926)

4 years agoqa/cephfs: move is_blocklisted() to filesystem.CephCluster 40645/head
Rishabh Dave [Wed, 3 Mar 2021 11:44:22 +0000 (17:14 +0530)]
qa/cephfs: move is_blocklisted() to filesystem.CephCluster

Using self.fs.mon_manager in mount.py can lead to a crash since self.fs
can be None. Move is_blocklisted() to tasks.filesystem.CephCluster where
it can get access to mon_manager without depending on objects
representing Ceph FSs.

Fixes: https://tracker.ceph.com/issues/49511
Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 4d0f56fcc524cfe328d89d0b3706ca22a68a268f)

4 years agoMerge pull request #40398 from rhcs-dashboard/wip-49945-pacific
Ernesto Puerta [Wed, 7 Apr 2021 09:10:00 +0000 (11:10 +0200)]
Merge pull request #40398 from rhcs-dashboard/wip-49945-pacific

pacific: mgr/dashboard: Fix for broken User management role cloning

Reviewed-by: Alfonso Martínez <almartin@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Laura Paduano <lpaduano@suse.com>
4 years agoMerge pull request #40586 from rhcs-dashboard/wip-50067-pacific
Ernesto Puerta [Wed, 7 Apr 2021 09:06:25 +0000 (11:06 +0200)]
Merge pull request #40586 from rhcs-dashboard/wip-50067-pacific

pacific: mgr/dashboard: Unable to login to ceph dashboard until clearing cookies manually

Reviewed-by: Alfonso Martínez <almartin@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
4 years agoclient: fire the finish_cap_snap() after buffer being flushed 40629/head
Xiubo Li [Wed, 30 Dec 2020 01:41:01 +0000 (09:41 +0800)]
client: fire the finish_cap_snap() after buffer being flushed

When the inode has Fb cap and the used reference is none zero, the
cap snap flushing will be delayed, so we need to make sure it will
be invoked after the dirty buffer is flushed to osd.

Fixes: https://tracker.ceph.com/issues/48679
Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit a34d0c242a73d7c29956b6894a430d9979225632)

4 years agoclient: simplify the iterating code
Xiubo Li [Wed, 30 Dec 2020 09:17:56 +0000 (17:17 +0800)]
client: simplify the iterating code

Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit 1bea6e5135148169baaf656563bb1acbe6a593b6)

4 years agoclient: remove unused _flushed_cap_snap
Xiubo Li [Wed, 30 Dec 2020 08:40:23 +0000 (16:40 +0800)]
client: remove unused _flushed_cap_snap

Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit f60329bf1c5f9ad051387dbee10a210822620254)

4 years agoclient: clean up the code
Xiubo Li [Wed, 30 Dec 2020 01:14:25 +0000 (09:14 +0800)]
client: clean up the code

Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit 820d39da39e65e99c1d58d56afc415186c1ae933)

4 years agoclient: rebuild bl to avoid too many vector(> IOV_MAX) 40628/head
Yanhu Cao [Tue, 23 Mar 2021 03:29:33 +0000 (11:29 +0800)]
client: rebuild bl to avoid too many vector(> IOV_MAX)

Fixes: https://tracker.ceph.com/issues/49936
Signed-off-by: Yanhu Cao <gmayyyha@gmail.com>
(cherry picked from commit 463dda7251aec1528f5796ea47956fba6e80fae1)

4 years agoMerge pull request #40559 from adamemerson/wip-50104-pacific
Adam C. Emerson [Tue, 6 Apr 2021 16:26:07 +0000 (12:26 -0400)]
Merge pull request #40559 from adamemerson/wip-50104-pacific

rgw: Backport of datalog improvements to Pacific

Reviewed-By: Casey Bodley <cbodley@redhat.com>
4 years agoMerge pull request #40494 from aaSharma14/wip-50053-pacific
Yuri Weinstein [Mon, 5 Apr 2021 21:19:55 +0000 (14:19 -0700)]
Merge pull request #40494 from aaSharma14/wip-50053-pacific

pacific: mgr/dashboard: Device health status is not getting listed under hosts section

Reviewed-by: Alfonso Martínez <almartin@redhat.com>
Reviewed-by: Laura Paduano <lpaduano@suse.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
4 years agoMerge pull request #40474 from rhcs-dashboard/wip-50038-pacific
Yuri Weinstein [Mon, 5 Apr 2021 21:18:49 +0000 (14:18 -0700)]
Merge pull request #40474 from rhcs-dashboard/wip-50038-pacific

pacific: mgr/dashboard: fix broken feature toggles

Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Laura Paduano <lpaduano@suse.com>
Reviewed-by: Aashish Sharma <aasharma@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
4 years agoMerge pull request #40461 from sseshasa/wip-50018-pacific
Yuri Weinstein [Mon, 5 Apr 2021 21:14:14 +0000 (14:14 -0700)]
Merge pull request #40461 from sseshasa/wip-50018-pacific

pacific: qa/tasks: Add wait_for_clean() check prior to initiating scrubbing.

Reviewed-by: Neha Ojha <nojha@redhat.com>
4 years agoMerge PR #40554 into pacific
Sage Weil [Mon, 5 Apr 2021 19:39:37 +0000 (14:39 -0500)]
Merge PR #40554 into pacific

* refs/pull/40554/head:
cephadm: specify addr on bootstrap's host add

Reviewed-by: Michael Fritch <mfritch@suse.com>
4 years agoMerge pull request #40448 from alimaredia/wip-rgw-log-req-latency-pacific
Casey Bodley [Mon, 5 Apr 2021 18:11:53 +0000 (14:11 -0400)]
Merge pull request #40448 from alimaredia/wip-rgw-log-req-latency-pacific

pacific: rgw: add latency to the request summary of an op

Reviewed-by: Casey Bodley <cbodley@redhat.com>
4 years agorgw/multisite: handle case when empty marker is provided 40559/head
Yuval Lifshitz [Sun, 4 Apr 2021 14:19:03 +0000 (17:19 +0300)]
rgw/multisite: handle case when empty marker is provided

marker is potional, however, it may also be provided empty

Fixes: https://tracker.ceph.com/issues/50135
Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
(cherry picked from commit fccf75eee3750a3654d2a2b1e3aa379edcfd8c8d)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Fix probe failure on OSDs not suporting FIFO.
Adam C. Emerson [Mon, 8 Mar 2021 20:17:53 +0000 (15:17 -0500)]
rgw: Fix probe failure on OSDs not suporting FIFO.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 4e9ec426b15fe60c5b0154980f808076e166dd02)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Make empty datalog fifo markers empty strings
Adam C. Emerson [Thu, 11 Feb 2021 23:27:33 +0000 (18:27 -0500)]
rgw: Make empty datalog fifo markers empty strings

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 4e3a7d5476fa2dd4b9825f4d546c42819f93c7cc)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Try to prune empties even if no empties found
Adam C. Emerson [Wed, 10 Feb 2021 22:09:02 +0000 (17:09 -0500)]
rgw: Try to prune empties even if no empties found

Since we won't actually delete empties until much later.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 9bd9b7659fdb7a1a01d5e1523f0d461dbf5eaafe)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Wait until a generation has been empty for an hour to delete
Adam C. Emerson [Wed, 10 Feb 2021 21:18:09 +0000 (16:18 -0500)]
rgw: Wait until a generation has been empty for an hour to delete

This fixes a problem where, while the backing handle remains allocated
while a call completes, the objects it depends on may be deleted
behind it.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 7018c25d47edf7e12b581f7f28c2549fe73bde15)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Leave the zero'th shard of the zero'th generation for cls_lock
Adam C. Emerson [Tue, 9 Feb 2021 23:10:50 +0000 (18:10 -0500)]
rgw: Leave the zero'th shard of the zero'th generation for cls_lock

Since data sync locks that object, instead of deleting it, truncate
the object and clear the omap.

(cls_lock uses xattrs.)

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 0d4e0abb8a699417ea75a6cd390786189ab964eb)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Don't swallow errors in datalog async trim
Adam C. Emerson [Thu, 4 Feb 2021 20:48:56 +0000 (15:48 -0500)]
rgw: Don't swallow errors in datalog async trim

Typo and misleading indentation.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit e97de55f46bbe67b523abfb4c30c50f1547f2601)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Fix cursor handling in DataLogBackends::list
Adam C. Emerson [Tue, 2 Feb 2021 19:09:52 +0000 (14:09 -0500)]
rgw: Fix cursor handling in DataLogBackends::list

Don't assume that the lowest generation not greater than the requested
generation actually is the requested generation.

(Also don't hold the lock after we get a backend.)

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit d7739178e994ce84886d297a29f2250e4bd78daa)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Prune datalog generations in the renew loop
Adam C. Emerson [Wed, 27 Jan 2021 01:30:58 +0000 (20:30 -0500)]
rgw: Prune datalog generations in the renew loop

Every 150 times through, which is a bit less than an hour between runs
by default.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 8f4291291b0dea4b4701894da0775149266a1373)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Conflicts:
src/rgw/rgw_datalog.cc

4 years agorgw: Use LazyFIFO in data changes log
Adam C. Emerson [Sun, 22 Nov 2020 04:06:38 +0000 (23:06 -0500)]
rgw: Use LazyFIFO in data changes log

That way we don't start sending ops to open a FIFO until we need it.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 12939a258f8c627d1b7b23c0b9d7c22e98e69d89)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Add LazyFIFO to keep from blasting an op-per-shard on startup
Adam C. Emerson [Sun, 22 Nov 2020 00:34:07 +0000 (19:34 -0500)]
rgw: Add LazyFIFO to keep from blasting an op-per-shard on startup

LazyFIFO opens the FIFO on first access.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 1cc4a0a4e274700b4ae044db125a8cb3a64253a2)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agocls/fifo: Don't error in the log if we're being probed for existence
Adam C. Emerson [Tue, 26 Jan 2021 17:24:41 +0000 (12:24 -0500)]
cls/fifo: Don't error in the log if we're being probed for existence

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 4a2575783a050f27b22b7bfe4364520bf29fc6a5)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Add and trim datalog generations
Adam C. Emerson [Sat, 23 Jan 2021 01:48:39 +0000 (20:48 -0500)]
rgw: Add and trim datalog generations

This lets us actually change type in mid-stream.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 32b100d797cdf88648530e0162fd103cf279df31)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Actually pull logbacking_generations into datalog
Adam C. Emerson [Wed, 27 Jan 2021 01:07:45 +0000 (20:07 -0500)]
rgw: Actually pull logbacking_generations into datalog

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit eb0f8ffcc785146a1fb249f4531620787be216ba)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Clamp FIFO trim to head
Adam C. Emerson [Tue, 26 Jan 2021 06:27:24 +0000 (01:27 -0500)]
rgw: Clamp FIFO trim to head

Don't try to trim a bunch of parts that don't exist.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 60b729e32602b7401e15957cef976386281c4ccb)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Lay groundwork for multigenerational datalog
Adam C. Emerson [Wed, 6 Jan 2021 08:40:50 +0000 (03:40 -0500)]
rgw: Lay groundwork for multigenerational datalog

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 27ca609755a2c0e8fd501be46bc20026aa33b93c)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Add rgw_complete_aio_completion()
Adam C. Emerson [Mon, 23 Nov 2020 20:29:35 +0000 (15:29 -0500)]
rgw: Add rgw_complete_aio_completion()

To manually complete an asynchronous librados call.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 97c3f2b4e6d0a8d0c2366d6dca4570e063af7953)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Generational support for logback switching
Adam C. Emerson [Wed, 6 Jan 2021 01:00:07 +0000 (20:00 -0500)]
rgw: Generational support for logback switching

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 6b50f6d6def59e3c4b2db2d5311a887127b4804b)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Logback generation data structures
Adam C. Emerson [Mon, 4 Jan 2021 00:08:09 +0000 (19:08 -0500)]
rgw: Logback generation data structures

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit b97b207928c60b48fe405ab38be15ba55f927d5c)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw/datalog: make get_oid take generation
Adam C. Emerson [Sun, 3 Jan 2021 23:32:50 +0000 (18:32 -0500)]
rgw/datalog: make get_oid take generation

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit f7b850f7aa84d9cf24b4eaebbe51c7ee221bbd44)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Move get_oid back to RGWDataChangesLog
Adam C. Emerson [Sat, 21 Nov 2020 23:20:57 +0000 (18:20 -0500)]
rgw: Move get_oid back to RGWDataChangesLog

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit bdd3528e54e399135f602e1f7e94d070d89b8c99)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw/datalog: Pass IoCtx in, don't have each backend make its own
Adam C. Emerson [Sat, 21 Nov 2020 22:05:04 +0000 (17:05 -0500)]
rgw/datalog: Pass IoCtx in, don't have each backend make its own

Also don't use svc_cls.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 7f097cf8db433bb4c82a9bafc44e43b84f79bca4)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Use refactored log backing tools
Adam C. Emerson [Sat, 21 Nov 2020 20:45:12 +0000 (15:45 -0500)]
rgw: Use refactored log backing tools

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit da6223d281e33e43fa74c50f4d0eedb5ac25ace4)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Factor out tool to deal with different log backing
Adam C. Emerson [Sat, 21 Nov 2020 06:44:36 +0000 (01:44 -0500)]
rgw: Factor out tool to deal with different log backing

Read through the shards of a log and find out what kind it is.

Also remove a log.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit ed15d03f068c6f6e959f04d9d8f99eac82ebbd29)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agorgw: Add AioCompletion* versions for the rest of the FIFO methods
Adam C. Emerson [Tue, 3 Nov 2020 21:02:26 +0000 (16:02 -0500)]
rgw: Add AioCompletion* versions for the rest of the FIFO methods

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 665573ab8905bfa2e1ede6fc3be9bc80a625cb49)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agocls/log: Take const references of things you won't modify
Adam C. Emerson [Sat, 21 Nov 2020 22:04:12 +0000 (17:04 -0500)]
cls/log: Take const references of things you won't modify

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 73ea8cec06addc6af2ba354321f1099f657f13c5)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
4 years agomgr/dashboard: Fix for alert notification message being undefined 40588/head
Nizamudeen A [Tue, 23 Mar 2021 07:10:46 +0000 (12:40 +0530)]
mgr/dashboard: Fix for alert notification message being undefined

Prometheus alert notification message in the dashboard always comes up
as undefined. Its because we were showing the alert.summary instead of
alert.description for displaying the message. I couldn't find the
summary field in the ceph_default_alerts.yml file. So removed all the
Summary fields from the dashboard code.

Fixes: https://tracker.ceph.com/issues/49342
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 2921b2e9a939e1ad52b07327fdf84885568384b9)

4 years agomgr/dashboard: Unable to login to ceph dashboard until clearing cookies 40586/head
Avan Thakkar [Fri, 19 Mar 2021 12:59:22 +0000 (18:29 +0530)]
mgr/dashboard: Unable to login to ceph dashboard until clearing cookies

Fixes: https://tracker.ceph.com/issues/49897
Signed-off-by: Avan Thakkar <athakkar@redhat.com>
Clears the cookie for token after logout.

(cherry picked from commit 7eb59c0250d69ea05d87276f47299f91e4069b30)

4 years agoMerge PR #39488 into pacific
Sage Weil [Sat, 3 Apr 2021 13:58:33 +0000 (08:58 -0500)]
Merge PR #39488 into pacific

* refs/pull/39488/head:
rpm: re-disable SUSE lttng build on z390x
ceph.spec.in: bump gperftools requirement for ppc64le
ceph.spec.in: enable tcmalloc and lttng on s390x

Reviewed-by: Nathan Cutler <ncutler@suse.com>
Reviewed-by: Ken Dreyer <kdreyer@redhat.com>
4 years agoMerge PR #40489 into pacific
Sage Weil [Sat, 3 Apr 2021 13:58:02 +0000 (08:58 -0500)]
Merge PR #40489 into pacific

* refs/pull/40489/head:
mgr/dashboard: Remove username, password fileds from -Cluster/Manager Modules/dashboard

Reviewed-by: Alfonso Martínez <almartin@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
4 years agoMerge PR #40545 into pacific
Sage Weil [Sat, 3 Apr 2021 13:56:52 +0000 (08:56 -0500)]
Merge PR #40545 into pacific

* refs/pull/40545/head:
mgr/dashboard: Improve descriptions in some parts of the dashboard

Reviewed-by: Waad Alkhoury <walkhour@redhat.com>
Reviewed-by: Pere Diaz Bou <pere-altea@hotmail.com>
4 years agoMerge pull request #40568 from tchaikov/pacific-49229
Kefu Chai [Sat, 3 Apr 2021 01:55:29 +0000 (09:55 +0800)]
Merge pull request #40568 from tchaikov/pacific-49229

pacific: cmake: use --smp 1 --memory 256M to crimson tests

Reviewed-by: Sage Weil <sage@redhat.com>
4 years agocmake: use --smp 1 --memory 256M to crimson tests 40568/head
Jenkins Build Slave User [Fri, 19 Mar 2021 08:32:59 +0000 (08:32 +0000)]
cmake: use --smp 1 --memory 256M to crimson tests

to reduce the resource usage when running tests

there is an exception though, as we want to test test_config.cc with
multiple reactors.

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit afdafee74c5d7af89353f903cfd551f6f5defa2b)

Conflicts:
src/test/crimson/CMakeLists.txt
src/test/crimson/seastore/CMakeLists.txt
src/test/crimson/seastore/onode_tree/CMakeLists.txt

4 years agoMerge PR #40512 into pacific
Sage Weil [Fri, 2 Apr 2021 14:59:23 +0000 (09:59 -0500)]
Merge PR #40512 into pacific

* refs/pull/40512/head:
qa/suites/rados/cephadm: stop testing on broken focal kubic podman

Reviewed-by: Kefu Chai <kchai@redhat.com>
4 years agoMerge PR #40544 into pacific
Sage Weil [Fri, 2 Apr 2021 14:58:51 +0000 (09:58 -0500)]
Merge PR #40544 into pacific

* refs/pull/40544/head:
mgr/orchestrator: move PORTS column in 'orch ps' output
cephadm: fix failure when using --apply-spec and --shh-user
cephadm: specify addr on bootstrap's host add
mgr/cephadm: don't have upgrade fail if "." in patch section of version

Reviewed-by: Michael Fritch <mfritch@suse.com>
4 years agocephadm: specify addr on bootstrap's host add 40554/head
Joao Eduardo Luis [Mon, 29 Mar 2021 06:27:06 +0000 (06:27 +0000)]
cephadm: specify addr on bootstrap's host add

Signed-off-by: Joao Eduardo Luis <joao@suse.com>
(cherry picked from commit df13888255e47ad2c66fa8da11f0e9e4ef624071)

4 years agomgr/orchestrator: move PORTS column in 'orch ps' output 40544/head
Sage Weil [Mon, 22 Mar 2021 19:22:21 +0000 (15:22 -0400)]
mgr/orchestrator: move PORTS column in 'orch ps' output

Put it next to HOST.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 7ab7d08c5bc8420f2f3c70f5aab93c35b9ff4742)

4 years agomgr/dashboard: Improve descriptions in some parts of the dashboard 40545/head
Nizamudeen A [Thu, 25 Mar 2021 08:07:34 +0000 (13:37 +0530)]
mgr/dashboard: Improve descriptions in some parts of the dashboard

Improves the description in some parts of the dashboard code.

Fixes: https://tracker.ceph.com/issues/49829
Fixes: https://tracker.ceph.com/issues/49969
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 82235fd7567f974890e884f873f8de0fb226ada1)

4 years agocephadm: fix failure when using --apply-spec and --shh-user
Daniel Pivonka [Mon, 29 Mar 2021 17:47:11 +0000 (13:47 -0400)]
cephadm: fix failure when using --apply-spec and --shh-user

ssh-copy-id was being run as the root user because cephadm requires sudo
so it was trying to use the root users ssh keys to copy the cephadm ssh key to the hosts in the spec
this would fail if the root user did not has passwordless ssh to the host being added
solution run ssh-copy-id as the user ssh-user

additionally fix the check to not copy the cephadm ssh key to the bootstrap host

Signed-off-by: Daniel Pivonka <dpivonka@redhat.com>
(cherry picked from commit 33c843f8a275d6f01d824c6fa066fbd771b6e9fc)

4 years agocephadm: specify addr on bootstrap's host add
Joao Eduardo Luis [Mon, 29 Mar 2021 06:27:06 +0000 (06:27 +0000)]
cephadm: specify addr on bootstrap's host add

Signed-off-by: Joao Eduardo Luis <joao@suse.com>
(cherry picked from commit df13888255e47ad2c66fa8da11f0e9e4ef624071)

4 years agomgr/cephadm: don't have upgrade fail if "." in patch section of version
Adam King [Mon, 29 Mar 2021 19:01:23 +0000 (15:01 -0400)]
mgr/cephadm: don't have upgrade fail if "." in patch section of version

Fixes: https://tracker.ceph.com/issues/50043
Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit e03f0fff5032314eb08059403c44bac3a5037f57)