crimson/mon/MonClient: refacor Client::handle_monmap

Use coroutines, should help with future changes.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit cbadee607f9c53459b962df99e2c19b646313505)

crimson/mon/MonClient: introduce handle_auth_failure

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 166cb98567619edbee1ddac9c4961fff4703920a)

crimson/mon/MonClient: add asock TODO comment

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit bfe2294cc838f9a875c2f7ea534196d4c5bf1b80)

crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())

Similar to MonClient::_wipe_secrets_and_tickets())

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 74d1ea4ed05a601c35bfb4af3d6ab14eb866427a)

crimson/mon/MonClient: imitate Classic's _check_auth_tickets

Imitating this interface from Classicals MonClient::_check_auth_tickets()
should make it easier to understand Crimson's counterpart.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 51fd62a5d6f40fb9f02530d1ee3304085d9942c0)

crimson/mon/MonClient: cleanup redundant private

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 493aa16dc21671633f8c4ddf00134d1cba68584a)

mon/MonClient: wipe secrets and invalidate tickets on auth epoch change

* This causes service daemons to drop all known service tickets and request new
  ones from the auth server.

* This causes the clients (and service daemons) to request new tickets from the
  auth server which will include tickets signed with the new service keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit bca0d66c5e7ac98006b3658b53a9e83faca7c70f)

mon/AuthMonitor: bump auth epoch when wiping service keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 77293673ccd2266967e519857d3d9c8d83ca94dc)

mon/MonmapMonitor: wire up interface to bump auth epoch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b6a8822f9e50cbf0713a8b747a65d75e12d86b2e)

mon/MonMap: add auth epoch

This will be used to indicate to clients / service daemons that the auth
service keys have been rotated. Clients and service daemons are expected to
invalidate their tickets and reauth. Service daemons should wipe their service
keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b8e422127b95748860c7b7a670c6c8f12ce14618)

mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f7b15b982a96a25a98e7b47755d4317723c4aa8d)

mon/AuthMonitor: add key-type switch

So it's possible to test with various key-types.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit e8ce247d9267d2a453865c4b3d9692852d979b2a)

common/cmdparse: add another template cmd_getval_or helper

To mimic the conventional signature where you pass the lvalue you want to set.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ba57b3b5479dc238b4d041a6f82eaf2c38a97ea1)

mon/Monitor: perfect forward universal ref of lambda

This method doesn't currently work for std::move of a lambda.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ff90e0e41784a99579dd12385db7fc0ccf5545a2)

mon/Monitor: add debugging for monmap handling

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 098e028b8762a6b18173f69224cbbfe3eef8798d)

mon: notify_new_monmap via MonmapMonitor::init

Otherwise, configurations are not updated during startup.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 51a2bab8ed48b2dc698ac4eeede48d94175b1851)

doc/man: document new --key-type option for ceph-authtool

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit a9f33559d69cff2d33d3d4c8ac4014fb77b5d665)

tools/ceph_authtool: add help message for key-type switch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 47dfe121cfdf557b7a0eaa7d7d9478d5da3719e6)

common/buffer: accept "-" as stdin

These methods are used for reading files from tools like "authtool". Read from
stdin if the conventional "-" filename is passed.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 37441c753da3925c874a94ee3ff862bb725babb8)

auth/cephx: make some parameters const

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 755d5245566be43ce020daf8fb80ba3ec774dff5)

auth: cleanup error message formatting

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5df283a98114024d852422b43624810bcf5fe8cb)

auth,mon: lookup ticket ttl at runtime

and improve debugging.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 338acf28ece964a859cf2f44bc29a84f36cd9510)

auth: add API to invalidate all tickets

This will prompt the client to request new ones from the auth server.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 9b3e4ee1fe7e3d1e6ea2c00376986bbfc17f73f4)

auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ecbb1c7d5878cc61156f0f79398437f1de3ca84)

auth/cephx: enforce sorted config keys

Makes future additions avoid conflicts.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ca5288570a8e6f4edb7b4f7ca0c47b9c4f0d212)

auth/cephx: update get_tracked_keys signature

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b90b0c3c51f2ed16952509cac41b16eff27009a5)

auth: fix return type

key type is an unsigned.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 3665599fe6a8003be8b88116f7c484bef6aba83b)

common: break print template into separate header

To avoid pulling in all the debug includes for some primitive headers.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit d702f8e19f2ce72dc1fc8a7b029f792ec9d23075)

common: remove dead option

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit af409f19c9104301feb7e4620138f9de46434cc8)

test: fix compiler error

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4dc7b06e4eb2071afa2847e8930d0e30ab532da6)

auth,*: remove conflicting fwd declarations

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
(cherry picked from commit c2d8e7127efd4391f64e19cd76e0f1b701289412)

Conflicts:
src/auth/Auth.h: header include movement
src/common/ceph_context.h: header include movement

include/common_fwd: Include Crypto classes

CryptoManager::cct is now used in CephContext ctor. To provide this
defintion
any ceph_context.cc target must also include Crypto.cc.

crimson-alien-common library which only had ceph_context.cc must now
also include Crypto.cc.
However, the fact that crimson-common also includes Crypto.cc would
cause multiple defintions
to any Crypto classes methods.

To resolve this, let's wrap all Crypto classes with TOPNSPC::common that
would be forwarded using common_fwd logic.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
(cherry picked from commit 0e3e34565f5730f8baefecde9be592587129ba9d)

cephx: sign messages using hmac_sha256

if key type is newer than the original AES, calculate message
hash by using HMAC-SHA256.
We cannot use plain aes256k like we do with the aes key because
of the confounder. The other option would be to inject a
confounder, but that would weaken the cipher.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit ba6bb55c7c977e9858e242e74d848273617c221b)

auth: create slice api for calculating hmac_sha256

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dfffd730268e35bd357277963a0dc98ceae947f5)

test/auth: more aes256krb5 tests

 - DecryptNoBl
 - multiple test vectos per each test

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit f8cfded7e2e3ec857ad18cbe492f5d81fa7eb4d0)

auth: test slice interface for aes256k

AES256KRB5 uses the default slice encryption implementation, testing that
it works correctly.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 96a5909ae5e4512c0f94661e207ce6289e05ec5f)

test/crypto: more aes256krb5 tests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dca778213b45d3bc912d4fdc0f94f55fa2740e7b)

auth: add usage param to crypto handler

Allow different usage for crypto handler users. Currently being used
in the crypto unitest to match the test vectors.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 1330335661604e50468c8a0adc8fc73a2ab79b49)

auth: aes256krb5: add confounder config for unitests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 1232144f933b015759cb39f218157b92f57b6a4b)

cephx: add configurable to set allowed ciphers

cephx allowed ciphers: a list of ciphers that  sets what type
of keys are allowed to be used to authenticate

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 0d4c67f2fd03aea9f65ade736e60f807d9da832e)

Conflicts:
src/auth/cephx/CephxServiceHandler.cc: header include movement

auth: remove unused code

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 334c6e66714a3e4f2e41790ee4d21f3a3ee92d5e)

auth: add a configurable to control rotating keys cipher type

auth_service_cipher: a mon configurable that determines what type of cipher
the rotating keys are using. The configurable can change at runtime. Note
that the change does not invalidate existing keys, these would expire
based on their ttl.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit c37d1f44b64e0079c5c71232b6472a7841768d40)

auth/cephx: session key type is set to client key type

This ensures that the client supports the specific key type.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 36345741b1dee9482e40aa9db847375dacc73107)

auth/cephx: switch default cipher to AES256KRB5

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 2af51362afdd1da9f1195f3394716d09383a0c88)

auth/cephx: modify client + server challenges hashing

This applies when using ciphers that are not the original
AES-128 one. Use the hmac-sha256 hash now. With AES256KRB5
the original method of encrypting the combined challenges
doesn't work as the confounder randomizes the result.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 31c07fbbf3b8c911a51b41791d6b6265923acda2)

ceph-authtool: support --key-type param

Also move the encryption handlers out of the ceph_context.
Handlers are now returned as a shared_ptr, to support the
creation of new handlers with different params (such as
the usage param).

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 3085da064b838b52c638a9121187d1341b591066)

auth/crypto: add support for aes256-hmac384-192

Using the encryption standard set in RFC 8009. This is the
encryption that is used in Kerberos 5, so naming this variation
as AES256KRB5.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit c259448c46b5235f0aa220cddb5d7e14f469b147)

auth: propagate ceph context to encrypt/decrypt

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit c73c75d34051cef09e9695dcf85a24a4d024faaf)

msg/Dispatcher: simplify and optimize the `marrival` tree

This replaces the two containers `marrival` and `marrival_map` which
needs lookups with one single `std::multiset` and eliminates all
lookups completely; only `add_arrival()` ever needs to walk the tree.

To do that, an iterator field is added to `class QueueItem` which is
later used to erase the `std::multiset` item.

This is not only simpler and faster, but also smaller: the resulting
binary is 2.5 kB smaller.

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 9276d24355d3484312af097209481e0163dbd2ff)

msg/async/AsyncConnection: move the writeCallback instead of copying it

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 425fc4d21d33a8f1e7b47e7698a8c5b97bba71b3)

msg/async/AsyncConnection: do not wrap writeCallback in `std::optional`

Since `std::function` is nullable and as an `operator bool()`, we can
easily eliminate the `std::optional` overhead.

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit c72dae9b6e4b37c508a3ebb1410172fb7c434e8a)

msg/async/frames_v2: use zero-initialization instead of memset()

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 10a9914f848163a8fd74cdaa130cfb4d082cd45d)

msg/async/Event: use zero-initialization instead of memset()

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 7fcb8a8afaf5a61e525e8cbc01efae5b14f6cc4e)

msg/Message: use zero-initialization instead of memset()

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 62ebf16f71fa60fc01fb438c4316990da2239679)

msg/async/ProtocolV2: eliminate redundant std::map lookups

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 6597d773611b6e74cacad5f2645ab6a8da99c634)

msg/async/ProtocolV[12]: reverse the std::map sort order

This allows eliminating one lookup in `_get_next_outgoing()` because
we can pass the iterator instead of the key to `erase()`.

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 342a25b9df13319ff6cd661eab1c546229ce0e14)

msg/async/ProtocolV[12]: use `auto`

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit 988705a49b58dfd78a8cc7c1a865343f925a8c53)

msg/async/ProtocolV[12]: use range-based `for`

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit a14384478648dcb712ad55c83e55a2be736b43b3)

msg/async/ProtocolV1: use zero-initialization instead of memset()

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
(cherry picked from commit cae1af38601df8fccd3d6b32714864bc4ada4334)

msg/async: Encode message once features are set

Modify send_message to check if features are set before trying to encode a
message.
If features are not set at this point, we will encode the message at a
later stage (in write_event) when the connection will be in ready state
which implies that the features will definitely be set.

Fixes: https://tracker.ceph.com/issues/52657
Signed-off-by: Aishwarya Mathuria <amathuri@redhat.com>
(cherry picked from commit 7268211161ba5d2c47464c19fb25555ae194841d)
(cherry picked from commit 542de25001d89a23d370fe99c2958b8bc38af436)

Merge pull request #62918 from rishabh-d-dave/wip-71018-squid

squid: mgr/vol: add command to get snapshot path

Merge pull request #63222 from rishabh-d-dave/wip-71276-squid

squid: mgr/vol: make "snapshot getpath" cmd work with v1 and legacy

Merge pull request #64205 from rishabh-d-dave/wip-71854-squid

squid: mgr/vol: include group name in subvolume's pool namespace name

Merge pull request #65838 from phlogistonjohn/jjm-rmc-backport-squid

squid: run-make-check.sh: handle sudo and command that may not run in container

Merge pull request #65444 from NitzanMordhai/wip-72919-squid

squid: suites/rados/cephadm: typo in ignore list for still running message

Merge pull request #65844 from phlogistonjohn/jjm-bwc-backports-s

squid: sync build-with-container patches from main

script/build-with-container: improve error handling for invalid distros

Instead of throwing a long obnoxious traceback at the user if the value
supplied to -d/--distro is invalid do something nicer. For example:
```
$ ./src/script/build-with-container.py -d trixy  -e build
usage: build-with-container.py [-h] [--help-build-steps]
build-with-container.py: error: argument --distro/-d: unknown distro: 'trixy' not in centos10, centos10stream, centos8, centos9, centos9stream, rocky9, rockylinux9, rocky10, rockylinux10, fedora41, fc41, fedora42, fc42, fedora43, fc43, ubuntu20.04, ubuntu-focal, focal, ubuntu22.04, ubuntu-jammy, jammy, ubuntu24.04, ubuntu-noble, noble, debian12, debian-bookworm, bookworm, debian13, debian-trixie, trixie

```

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 72f3ad9549e84bdba7bdfd97d2ede3c55e02f103)

script/build-with-container: add debian 13 (trixie)

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit a13fa091dd6bad35c44076cb7c46cb7bcc17a7ac)

script/build-with-container: add ubuntu 20.04 (focal)

Add ubuntu 20.04 (focal) to the available list of distro kinds.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 7c40f7bd07ac935d0657b9284118da8590a5cf0d)

script/build-with-container: add a pair of fedora distro versions

Add fedora 42 and the soon-to-be-released fedora 43.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 76fe5ad298ee5626eeb63591a702e8f8cc9be7d0)

script/build-with-container: lightly organize the distro kind aliases

Do a tiny reorg of the distro kind aliases and container images to keep
the EL distros together and comment out each "section".

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 4430a5ad6be6f26309d5f5bea0e448a4bbd432e1)

script/build-with-container: be consistent with naming in distro kinds

Update the DistroKind enum and related items so that the naming is
applied consistently. That is: the canonical (no pun indented) form
of the name is "<name><version>" and codenames, such as "jammy" or
"bookworm" are aliases. This matches the previously existing code.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit ac11a80a63ab1909fbdf682d830acde96856f502)

src/script: add bookworm to build-with-container.py

..and its friend buildcontainer-setup.sh

Signed-off-by: Dan Mick <dan.mick@redhat.com>
(cherry picked from commit 34b497c2f3652e7d30c7b7476b711fd9f1f4ecac)

build-with-container: ensure npm dir is set up before configure

When the npm cache path option is passed the npm cache dir is passed
to all container `run` commands, ensure the dir has been created
before the first container command (configure) is used.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 79166af192ea0b4b982b56ce521516d5a29e7a0d)

run-make-check.sh: handle sudo and command that may not run in container

Work around a known failure that sudo is not expected to be present in
container images. Prepare to handle a failure to set a sysctl param.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 9f44155dff195015186315968a0a1e8ce925ed5d)

install-deps: extract SUDO variable logic into a reusable function

While the function is pretty simple and could be copy-pasted I
prefer to extract things into functions to indicate that the
logic is used/repeated elsewhere to ward off making changes to
one copy vs the other.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit bbd7933598e11d84758a6f09fd176f47c744aaa2)

Merge pull request #65462 from pdvian/wip-72853-squid

squid: mgr/DaemonState: Minimise time we hold the DaemonStateIndex lock

Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

Merge pull request #65214 from ifed01/wip-ifed-discard-threads-better-lifecycle-squi

squid: blk/kernel: improve DiscardThread life cycle.

Reviewed-by: YiteGu <yitegu0@gmail.com>

Merge pull request #65006 from mchangir/wip-72564-squid

squid: mgr: avoid explicit dropping of ref

Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

Merge pull request #65335 from abitdrag/wip-72817-squid

squid: auth: msgr2 can return incorrect allowed_modes through AuthBadMethodFrame

Reviewed-by: Ilya Dryomov <idryomov@gmail.com>

Merge pull request #64739 from VinayBhaskar-V/wip-72319-squid

squid: rbd-mirror: prevent image deletion if remote image is not primary

Reviewed-by: Ilya Dryomov <idryomov@redhat.com>

Merge pull request #65665 from kchheda3/wip-73055-squid

squid: rgw/account: bucket acls are not completely migrated once the user is migrated to an account

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #65709 from aaSharma14/wip-73293-squid

squid: monitoring: fix MTU Mismatch alert rule and expr

Reviewed-by: Pedro Gonzalez Gomez <pegonzal@redhat.com>

Merge pull request #65706 from rhcs-dashboard/wip-73274-squid

squid: mgr/dashboard: Blank entry for Storage Capacity in dashboard under Cluster > Expand Cluster > Review

Reviewed-by: Pedro Gonzalez Gomez <pegonzal@ibm.com>

monitoring: fix MTU Mismatch alert rule and expr

Fixes: https://tracker.ceph.com/issues/73290
Signed-off-by: Aashish Sharma <aasharma@redhat.com>
(cherry picked from commit bee24dec441b9e6b263e4498c2ab333b0a60a52d)

Conflicts:
monitoring/ceph-mixin/prometheus_alerts.yml
monitoring/ceph-mixin/tests_alerts/test_alerts.yml
src/pybind/mgr/dashboard/frontend/src/app/ceph/cluster/prometheus/active-alert-list/active-alert-list.component.html
src/pybind/mgr/dashboard/frontend/src/app/ceph/cluster/prometheus/active-alert-list/active-alert-list.component.ts
src/pybind/mgr/dashboard/frontend/src/app/shared/datatable/table-key-value/table-key-value.component.scss

release note: add note for change in format of name of pool...

namespace of CephFS volumes.

Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit f350d9800024661eecdfd7da6d57fa0e0324d981)

mgr/dashboard: Blank entry for Storage Capacity in dashboard under Cluster > Expand Cluster > Review

https://tracker.ceph.com/issues/73220

Signed-off-by: Naman Munet <naman.munet@ibm.com>
(cherry picked from commit a01909e7588c7ff757079475e3ea6f1dc3054db7)

Merge pull request #64456 from cbodley/wip-72090-squid

squid: deb/mgr: remove deprecated distutils from ceph-mgr.requires

Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #65141 from mchangir/wip-70925-squid

squid: mds: fix heap-use-after-free in C_Flush_Journal

Merge pull request #65620 from aaSharma14/wip-73167-squid

squid: mgr/dashboard: fix zone update API forcing STANDARD storage class

Reviewed-by: Afreen Misbah <afreen@ibm.com>

Merge pull request #65671 from aaSharma14/wip-73231-squid

squid: monitoring: fix "In" OSDs in Cluster-Advanced grafana panel. Also change units from decbytes to bytes wherever used in the panel

Reviewed-by: Afreen Misbah <afreen@ibm.com>

release note: add a note for "snapshot getpath" command

Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit a59b1fa431e2b546877c160beb5f67f2970776f0)

doc/cephfs: add doc for "snapshot getpath" cmd

Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 9e40a5c8d7a5cd6e4c1929559c4c7e3411653de5)

qa/cephfs: add tests for "subvolume snapshot getpath" cmd

Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 870cbf62d288ae09ea06a5da112ea62156336924)

mgr/vol: add command to get snapshot path

Fixes: https://tracker.ceph.com/issues/70815
Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 50d28992d99fcd67390815aa42f9da8ffaa82575)

Conflicts:
src/pybind/mgr/volumes/fs/volume.py
- Line where the original patch makes the change is slightly different
  in main compared to Squid branch, leading to conflict.

monitoring/ceph_mixin: fix Cluster - Advanced OSD grafana panel

1. Fixes the promql expr used to calculate "In" OSDs in
   ceph-cluster-advanced.json.
2. Fixes the color coding for the single state panels used in the OSDs
   grafana panel like "In", "Out" etc

Fixes: https://tracker.ceph.com/issues/72810
Signed-off-by: Aashish Sharma <aasharma@redhat.com>
(cherry picked from commit 53a6856d603e0fe4ff31f76e19263a80359a9f1d)

Merge pull request #65659 from ceph/wip-squid-noble

squid: cmake: remove _FORTIFY_SOURCE define

Merge pull request #64605 from cbodley/wip-72190-squid

squid: deb/cephadm: add explicit --home for cephadm user

Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

rgw/account: bucket acls are not completely migrated once the user is migrated to an account

Signed-off-by: kchheda3 <kchheda3@bloomberg.net>
(cherry picked from commit 23dc3697cfd309b4d8736ec99490cd57db621cf7)

cmake: remove _FORTIFY_SOURCE define

according to `dpkg-buildflags`, ubuntu 24 raised this value to
`-D_FORTIFY_SOURCE=3` which causes `error: "_FORTIFY_SOURCE" redefined`
compilation failures because Ceph itself adds `-D_FORTIFY_SOURCE=2`

`_FORTIFY_SOURCE` is a hardening option. both our rpm and debian builds
already specify that via environment variables, so Ceph's cmake should
leave it alone

Fixes: https://tracker.ceph.com/issues/72361
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 66bec97b0dc90b91f5be586351f52082beb6374a)