Dan Mick [Fri, 1 Nov 2024 02:55:36 +0000 (19:55 -0700)]
container/make-manifest-list.py
- don't print command failure in worker; let the caller print them
if desired (allow silent failure)
- allow for empty tags list
- look for CEPH_SHA1. GIT_COMMIT was the sha1 of the ceph-container.git
commit
- change default paths to prerelease
- add --dry-run to avoid final push
- rename 'HOST' to 'CONTAINER_HOST'
- Use ARCH_SPECIFIC_HOST instead of CONTAINER_HOST (which is used by podman)
Zac Dover [Wed, 4 Dec 2024 02:13:05 +0000 (03:13 +0100)]
doc/rados: fix sentences in health-checks (3 of x)
Make sentences agree at the head of each section in
doc/rados/operations/health-checks.rst. The sentences were sometimes in
the imperative mood and sometimes in the declarative mood.
This commit edits the second third of
doc/rados/operations/health-checks.rst.
Note to (I hope soon) future Zac: There are a a couple of places near
the end of this file where the sentences are ungrammatical. Update these
in a separate PR (in isolation, so that the grammar and technical
accuracy of these sentences can be the primary focus of the reviewers).
Zac Dover [Tue, 3 Dec 2024 11:02:43 +0000 (12:02 +0100)]
doc/rados: fix sentences in health-checks (2 of x)
Make sentences agree at the head of each section in
doc/rados/operations/health-checks.rst. The sentences were sometimes in
the imperative mood and sometimes in the declarative mood.
This commit edits the second third of
doc/rados/operations/health-checks.rst.
Zac Dover [Tue, 3 Dec 2024 08:28:09 +0000 (09:28 +0100)]
doc/rados: make sentences agree in health-checks.rst
Make sentences agree at the head of each section in
doc/rados/operations/health-checks.rst. The sentences were sometimes in
the imperative mood and sometimes in the declarative mood.
This commit edits the first third of
doc/rados/operations/health-checks.rst.
Zac Dover [Sat, 30 Nov 2024 16:50:53 +0000 (17:50 +0100)]
doc/glossary.rst: add "Dashboard Plugin"
Add an entry below the (Mimic-era and therefore outdated but
nonetheless historically important) Dashboard Plugin key word in the
glosssary, which before now had never been added to the glossary.
Zac Dover [Fri, 29 Nov 2024 03:12:02 +0000 (13:12 +1000)]
doc/radosgw: update rgw_dns_name doc
Update doc/radosgw/s3/commons.rst with the changes made by Jiffin Tony
Thottan in https://github.com/ceph/ceph/pull/54524 and the suggestions
made in that same PR by Anthony D'Atri.
Explain how to set rgw_dns_name to a domain name in order to configure
access to virtual hosted buckets.
Zac Dover [Sat, 23 Nov 2024 12:32:13 +0000 (22:32 +1000)]
doc/cephadm: Clarify "Deploying a new Cluster"
Change the title of the section "Deploying a new Ceph cluster" to "Using
cephadm to Deploy a New Ceph Cluster". This is part of the initiative to
separate package-related documentation from container-based
documenation.
Zac Dover [Mon, 11 Nov 2024 23:31:28 +0000 (09:31 +1000)]
doc/rados: correct "full ratio" note
Correct a note that directed users not to add an OSD after the cluster
has reached its "full ratio". The note now says "Do not let your cluster
reach its full ratio before adding an OSD."
Hat tip: Oskar Berggren
Fixes: https://tracker.ceph.com/issues/68900 Co-authored-by: Oskar Berggren <oskar.berggren@gmail.com> Signed-off-by: Zac Dover <zac.dover@proton.me>
(cherry picked from commit f1a2637c79a15c26a769661dd72ca68d766b2f0d)
Nizamudeen A [Mon, 4 Nov 2024 05:42:32 +0000 (11:12 +0530)]
mgr/dashboard: remove cherrypy_backports.py
since its mostly used only for older cherrypy versions which we don't
support anymore in any of our recent upstream releases, we could remove
it completely
Zac Dover [Wed, 6 Nov 2024 12:22:14 +0000 (22:22 +1000)]
doc/cephadm: link to "host pattern" matching sect
Link to the "Placement by Pattern Matching" section in
doc/cephadm/services/index.rst from the "Advanced OSD Service
Specifications" section in doc/cephadm/services/osd.rst.
Nizamudeen A [Mon, 4 Nov 2024 05:42:32 +0000 (11:12 +0530)]
mgr/dashboard: remove cherrypy_backports.py
since its mostly used only for older cherrypy versions which we don't
support anymore in any of our recent upstream releases, we could remove
it completely
Xiubo Li [Wed, 6 Mar 2024 07:28:44 +0000 (15:28 +0800)]
qa/fsx: use the master branch to build the xfstest-dev
The upstream linux has removed ALLOCSP/FREESP ioctls, and also
the same with xfsprogs-devel package. So for the old xfstest-dev
the huild will fail, because it stil will depend on them.
Zac Dover [Fri, 1 Nov 2024 13:43:07 +0000 (23:43 +1000)]
doc: s/Whereas,/Although/
Change the subordinating conjunction "Whereas" followed by a comma to
the less grammatically-incorrect "Although". I've been meaning to do
this since 22 Mar 2023.
Xiubo Li [Wed, 6 Mar 2024 07:28:44 +0000 (15:28 +0800)]
qa/fsx: use the master branch to build the xfstest-dev
The upstream linux has removed ALLOCSP/FREESP ioctls, and also
the same with xfsprogs-devel package. So for the old xfstest-dev
the huild will fail, because it stil will depend on them.
Zac Dover [Sun, 27 Oct 2024 12:04:16 +0000 (22:04 +1000)]
doc/rados: add blaum_roth coding guidance
Direct Ceph administrators using blaum_roth coding for erasure-coded
pools to change the default value of w=7 to a different value in order
to ensure that w+1 is prime.
This information was provided to the Ceph upstream by Benjamin Mare in
September of 2024.
Zac Dover [Wed, 23 Oct 2024 08:34:25 +0000 (18:34 +1000)]
doc/rados: standardize markup of "clean"
Standardize the markup around the status "clean" in the documentation so
that readers don't mistakenly get the idea that inconsistent
presentation of the word "clean" implies a never-stated difference
between one instance and the other.
Adam King [Mon, 11 Dec 2023 20:44:30 +0000 (15:44 -0500)]
qa/cephadm: fix iscsi pids limit check for centos 9
Centos 9 uses cgroups v2 which has a slightly
different file location for the pids.max. This commit
updates the test to also check the new location
so the test can pass on centos 9
Tobias Urdin [Tue, 6 Feb 2024 07:50:55 +0000 (07:50 +0000)]
rgw/auth: ignoring signatures for HTTP OPTIONS calls
Before [1] we always sent all HTTP OPTIONS requests to
the S3AnonymousEngine and ignored any provided AWSv4
credentials sent in the request.
That PR changed so that if we got credentials in the
request we instead sent it through the authentication
code in order to solve HTTP OPTIONS requests on tenanted
users to start working (because we need to resolve the
tenant, also called bucket tenant in the code, and we can't
only rely on the bucket name since it will not be found).
We solved this by modifying the canonical HTTP method used
when calculating the AWSv4 signature by instead using the
access-control-request-method header which worked good.
This change did not take into account that when you generated
a presigned URL for a put_object request you can also pass in
extra parameters like a canned ACL [2] to the Params variable
in for example boto3's generated_presigned_url().
Doing that will cause the client to add the x-amz-acl header
to x-amz-signedheaders and also use that in their signature
calculation.
When doing a HTTP OPTIONS calls for CORS on that presigned URL
the browser will never send a x-amz-acl header with the correct
data since that is something that the actual PUT request should
include later, so that HTTP OPTIONS call should pass even though
the signature can never be calculated correctly server-side like
verified against AWS S3 in tracker [3].
This patch as a result skips the signature calculation when doing
EC2 auth using the LocalEngine but we still need to pass the request
there in order to lookup the user to support buckets in a tenant.
For the Keystone EC2 auth we're pretty out of luck in the sense that
Keystone's API itself requires us to send the AWSv4 signature in the
request with the access_key in order to obtain a token, and we cannot
leave the signature out, we also cannot spoof the signature from
rgw -> keystone since we don't have access to the secret_key if it's
not in our cache.
For that approach we simply pass on to get_access_token() that if it's
an HTTP OPTIONS and we find the access_key in the cache we pull that
and ignore verifying signature and pass it on for validation. This means
that the cache must be warm if using Keystone auth and adding extra
params to a presigned URL.
This partly makes some of the commits in [1] redundant for EC2
LocalEngine auth but we still need it for tenanted bucket support.
projects / ceph.git / log