Matan Breizman [Mon, 9 Jun 2025 12:07:49 +0000 (12:07 +0000)]
include/common_fwd: Include Crypto classes
CryptoManager::cct is now used in CephContext ctor. To provide this
defintion
any ceph_context.cc target must also include Crypto.cc.
crimson-alien-common library which only had ceph_context.cc must now
also include Crypto.cc.
However, the fact that crimson-common also includes Crypto.cc would
cause multiple defintions
to any Crypto classes methods.
To resolve this, let's wrap all Crypto classes with TOPNSPC::common that
would be forwarded using common_fwd logic.
Yehuda Sadeh [Wed, 28 May 2025 19:51:19 +0000 (15:51 -0400)]
cephx: sign messages using hmac_sha256
if key type is newer than the original AES, calculate message
hash by using HMAC-SHA256.
We cannot use plain aes256k like we do with the aes key because
of the confounder. The other option would be to inject a
confounder, but that would weaken the cipher.
Yehuda Sadeh [Fri, 7 Mar 2025 18:20:58 +0000 (13:20 -0500)]
auth: add a configurable to control rotating keys cipher type
auth_service_cipher: a mon configurable that determines what type of cipher
the rotating keys are using. The configurable can change at runtime. Note
that the change does not invalidate existing keys, these would expire
based on their ttl.
Yehuda Sadeh [Thu, 27 Feb 2025 21:14:06 +0000 (16:14 -0500)]
auth/cephx: modify client + server challenges hashing
This applies when using ciphers that are not the original
AES-128 one. Use the hmac-sha256 hash now. With AES256KRB5
the original method of encrypting the combined challenges
doesn't work as the confounder randomizes the result.
Yehuda Sadeh [Thu, 27 Feb 2025 16:55:37 +0000 (11:55 -0500)]
ceph-authtool: support --key-type param
Also move the encryption handlers out of the ceph_context.
Handlers are now returned as a shared_ptr, to support the
creation of new handlers with different params (such as
the usage param).
Max Kellermann [Wed, 16 Oct 2024 10:51:04 +0000 (12:51 +0200)]
msg/Dispatcher: simplify and optimize the `marrival` tree
This replaces the two containers `marrival` and `marrival_map` which
needs lookups with one single `std::multiset` and eliminates all
lookups completely; only `add_arrival()` ever needs to walk the tree.
To do that, an iterator field is added to `class QueueItem` which is
later used to erase the `std::multiset` item.
This is not only simpler and faster, but also smaller: the resulting
binary is 2.5 kB smaller.
Modify send_message to check if features are set before trying to encode a
message.
If features are not set at this point, we will encode the message at a
later stage (in write_event) when the connection will be in ready state
which implies that the features will definitely be set.
John Mulligan [Wed, 8 Oct 2025 20:41:36 +0000 (16:41 -0400)]
script/build-with-container: improve error handling for invalid distros
Instead of throwing a long obnoxious traceback at the user if the value
supplied to -d/--distro is invalid do something nicer. For example:
```
$ ./src/script/build-with-container.py -d trixy -e build
usage: build-with-container.py [-h] [--help-build-steps]
build-with-container.py: error: argument --distro/-d: unknown distro: 'trixy' not in centos10, centos10stream, centos8, centos9, centos9stream, rocky9, rockylinux9, rocky10, rockylinux10, fedora41, fc41, fedora42, fc42, fedora43, fc43, ubuntu20.04, ubuntu-focal, focal, ubuntu22.04, ubuntu-jammy, jammy, ubuntu24.04, ubuntu-noble, noble, debian12, debian-bookworm, bookworm, debian13, debian-trixie, trixie
John Mulligan [Wed, 8 Oct 2025 14:23:25 +0000 (10:23 -0400)]
script/build-with-container: be consistent with naming in distro kinds
Update the DistroKind enum and related items so that the naming is
applied consistently. That is: the canonical (no pun indented) form
of the name is "<name><version>" and codenames, such as "jammy" or
"bookworm" are aliases. This matches the previously existing code.
John Mulligan [Thu, 28 Aug 2025 23:39:06 +0000 (19:39 -0400)]
build-with-container: ensure npm dir is set up before configure
When the npm cache path option is passed the npm cache dir is passed
to all container `run` commands, ensure the dir has been created
before the first container command (configure) is used.
John Mulligan [Sat, 15 Mar 2025 16:44:00 +0000 (12:44 -0400)]
install-deps: extract SUDO variable logic into a reusable function
While the function is pretty simple and could be copy-pasted I
prefer to extract things into functions to indicate that the
logic is used/repeated elsewhere to ward off making changes to
one copy vs the other.
Rishabh Dave [Wed, 2 Apr 2025 15:25:32 +0000 (20:55 +0530)]
mgr/vol: add command to get snapshot path
Fixes: https://tracker.ceph.com/issues/70815 Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 50d28992d99fcd67390815aa42f9da8ffaa82575)
Conflicts:
src/pybind/mgr/volumes/fs/volume.py
- Line where the original patch makes the change is slightly different
in main compared to Squid branch, leading to conflict.
1. Fixes the promql expr used to calculate "In" OSDs in
ceph-cluster-advanced.json.
2. Fixes the color coding for the single state panels used in the OSDs
grafana panel like "In", "Out" etc
according to `dpkg-buildflags`, ubuntu 24 raised this value to
`-D_FORTIFY_SOURCE=3` which causes `error: "_FORTIFY_SOURCE" redefined`
compilation failures because Ceph itself adds `-D_FORTIFY_SOURCE=2`
`_FORTIFY_SOURCE` is a hardening option. both our rpm and debian builds
already specify that via environment variables, so Ceph's cmake should
leave it alone
Anoop C S [Mon, 23 Sep 2024 07:06:55 +0000 (12:36 +0530)]
client: Gracefully handle empty pathname for statxat()
man statx(2)[1] says the following:
. . .
AT_EMPTY_PATH
If pathname is an empty string, operate on the file referred to by
dirfd (which may have been obtained using the open(2) O_PATH flag).
In this case, dirfd can refer to any type of file, not just a
directory.
If dirfd is AT_FDCWD, the call operates on the current working
directory.
. . .
Look out for an empty pathname and use the relative fd's inode in the
presence of AT_EMPTY_PATH flag before calling internal _getattr().
Fixes: https://tracker.ceph.com/issues/68189
Review with: git show -w
Anoop C S [Thu, 17 Oct 2024 16:15:17 +0000 (21:45 +0530)]
libcephfs.h: Fix API documentation for ceph_statxat
flags parameter for ceph_statxat() API is supposed to accept only
AT_STATX_DONT_SYNC and AT_SYMLINK_NOFOLLOW. Modify the corresponding
documentation to reflect the acceptance of above two flags.
Anoop C S [Fri, 20 Sep 2024 08:49:01 +0000 (14:19 +0530)]
client: Gracefully handle empty pathname for chownat()
man fchownat(2)[1] says the following:
. . .
AT_EMPTY_PATH (since Linux 2.6.39)
If pathname is an empty string, operate on the file referred to by
dirfd (which may have been obtained using the open(2) O_PATH flag).
In this case, dirfd can refer to any type of file, not just a
directory. If dirfd is AT_FDCWD, the call operates on the current
working directory.
. . .
Look out for an empty pathname and use the relative fd's inode in the
presence of AT_EMPTY_PATH flag before calling internal _setattr().
Fixes: https://tracker.ceph.com/issues/68189
Review with: git show -w
test/rbd-mirror: eliminate a race in ResyncRequestedRemoteNotPrimary
Adjust the wait_for_notification call in TestMockImageReplayerSnapshotReplayer.ResyncRequestedRemoteNotPrimary
to expect 2 notifications instead of 1. This allows the test to correctly wait for both expected events
i.e for finish_sync() and handle_replay_complete(locker, -EREMOTEIO, "remote image demoted"), ensuring the
replayer transitions to STATE_COMPLETE and is_replaying() returns false as intended.
Fixes: https://tracker.ceph.com/issues/72325 Signed-off-by: VinayBhaskar-V <vvarada@redhat.com>
(cherry picked from commit b5a013f6170bb4445da8f5469243e4869b760a81)
VinayBhaskar-V [Tue, 13 May 2025 20:25:44 +0000 (01:55 +0530)]
rbd-mirror: prevent image deletion if remote image is not primary
A resync on a mirrored image may incorrectly results in the local
image being deleted even when the remote image is no longer primary.
This issue can occur under the following conditions:
* if resync is requested on the secondary before the remote image has
been fully demoted
* if the demotion of the primary image is not mirrored
due to the rbd-mirror daemon being offline.
This can be fixed by ensuring that image deletion during a resync is
only allowed when the remote image is confirmed to be primary.
This commit fixes the issue only for snapshot based mirroring mode
Fixes: https://tracker.ceph.com/issues/70948 Signed-off-by: VinayBhaskar-V <vvarada@redhat.com>
(cherry picked from commit e14afbc95a5fb8f5a33e7ea23a035992b966d671)
Adam King [Mon, 22 Sep 2025 21:05:07 +0000 (17:05 -0400)]
pybind/mgr: pin cheroot version in requirements-required.txt
With python 3.10 (didn't seem to happen with python 3.12) the
pybind/mgr/cephadm/tests/test_node_proxy.py test times out.
This appears to be related to a new release of the cheroot
package and a github issues describing the same problem
we're seeing has been opened by another user
https://github.com/cherrypy/cheroot/issues/769
It is worth noting that the workaround described in that
issue does also work for us. If you add
John Mulligan [Fri, 12 Sep 2025 17:52:25 +0000 (13:52 -0400)]
build-with-container: add argument groups to organize options
Use the argparse add_argument_group feature to organize the mass of
arguments into more sensible categories. Hopefully, someone reading
over the `--help` output can now more easily see options that
are useful rather than being overwhelmed by a wall of text.
mgr/dashboard: fix zone update API forcing STANDARD storage class
The zone update REST API (`edit_zone`) always attempted to configure a
placement target for the `STANDARD` storage class, even when the request
was intended for a different storage class name.
This caused failures in deployments where `STANDARD` is not defined.
Changes:
Club add placement target and add storage class methods into one single
add_placement_targets_storage_class_zone method which takes the storage
class as a param as well alongside the rest of the placement params.
Conflicts:
src/pybind/mgr/volumes/fs/async_cloner.py
src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
- commit 8c536f78907f was missing which led to conflict.
Adam C. Emerson [Mon, 8 Sep 2025 18:19:20 +0000 (14:19 -0400)]
rgw: Record the `service_unique_id`, if present, in the SrviceMap
For consistency and ease associating the two.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 3a94a7b2ed02d20b2bc839b283e60cf4778f69e4) Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Adam C. Emerson [Fri, 5 Sep 2025 15:31:40 +0000 (11:31 -0400)]
common: Allow PerfCounters to return a provided service ID
Dashboard has asked for a unique identifier that can be associated
with services. This commit provides a component of that
functionality. Enforcing uniqueness is beyond the scope of this PR and
is the responsibility of cluster setup and orchestration. The scope of
uniqueness is a matter of policy and up to the design of cluster setup
and orchestration software.
We provide the `--service_unique_id` argument that can be passed on
the command line when executing a Ceph service that uses
`global_init`. If non-empty, a `service_unique_id` section is added to
the PerfCounters dump for that service. This section has a single
entry whose name is set to the argument of `service_unique_id` and
whose value is arbitrary. If unspecified or empty, no
`service_unique_id` section is added.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 6dc322421f7a3758251fe29e3f35934231358011)
Conflicts:
src/common/options/global.yaml.in
- Preceding options not in Squid
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
projects / ceph-ci.git / log