myoungwon oh [Mon, 18 Mar 2024 06:48:07 +0000 (06:48 +0000)]
crimson/os/seastore: cache metadata during trimming to prevent from disk read
I encountered continous disk reads during trimming even though there are sufficient
cache available, in 4K random write test with RBM (RBD).
This is because metadata is note cached if its source is background transaction
within touch_extent(). So, seastore, including the trimming process, needs to
constantly retrieve metadata (e.g., BACKREF_LEAF).
Based on the previous commits making the remote executables auditable
and explicit, document the admin's ability to restrict password-less
sudo access to only the set of commands cephadm actually uses.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 14 Mar 2024 18:02:17 +0000 (14:02 -0400)]
mgr/cephadm: add a simple unit test for RemoteCommand class
Converting a remote command to something that other libs uses requires
converting the enum to a string. Python behavior in the area varies
across versions so add a unit test that verifies the conversion
behaves as intended.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Wed, 14 Feb 2024 16:35:57 +0000 (11:35 -0500)]
mgr/cephadm: make remote command execution auditable
Update ssh.py and other code using it to only allow commands wrapped
in particular python types as executables on the remote hosts.
By using a specific type for remote executables we make the code more
auditable, avoiding the possibility of executing arbitrary strings
as commands with sudo. This is all enforced by mypy's type checking.
The result is a list of commands that the cephadm mgr module may
execute on a remote host using sudo:
```
$ git ls-files -z | xargs -0 grep 'RemoteExecutable(' -d skip -h | grep
-v '(str)' | sed -e 's/.*RemoteExecutable(//' -e 's/)//' -e 's/,$//'
'which'
'/usr/bin/cephadm'
python
'chmod'
'ls'
'sysctl'
'chown'
'mkdir'
'mv'
'touch'
'rm'
'true'
```
Note that *python* is special as it is based on the output of which and
may vary from OS to OS. The quoted items are used exactly as named.
Only the binary at `/usr/bin/cephadm` _or_ the dynamically discovered
python3 binary will be used. This depends on a configuration option for
the cephadm module.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Adam King [Wed, 13 Mar 2024 19:30:25 +0000 (15:30 -0400)]
mgr/cephadm: refresh public_network for config checks before checking
The place it was being run before meant it would only grab the
public_network setting once at startup of the module. This meant
if a user changed the setting, which they are likely to do if they
get the warning, cephadm would ignore the change and continue
reporting that the hosts don't match up with the old setting
for the public_network. This moves the call to refresh the
setting to right before we actually run the checks. It does
mean we'll do the `ceph config dump --format json` call
each serve loop iteration, but I've found that only tends
to take a few milliseconds, which is nothing compared to
the time to refresh other things we check during the serve
loop.
I additionally modified the use of this option to use
the attribute on the mgr, rather than calling
`get_module_option`. This was just to get it more in
line with how we tend to handle other config options
Fixes: https://tracker.ceph.com/issues/64902 Signed-off-by: Adam King <adking@redhat.com>
Adam King [Tue, 12 Mar 2024 14:26:18 +0000 (10:26 -0400)]
cephadm: fix `cephadm shell --name <daemon-name>` for stopped/failed daemon
This previously would always try to use 'podman
inspect' on the running container of the daemon,
but this doesn't work if the daemon is stopped
or failed. Doing this for stopped/failed daemons
is a valid use case as we recommend cephadm shell
with --name for running debugging tools (often
for OSDs)
Fixes: https://tracker.ceph.com/issues/64879 Signed-off-by: Adam King <adking@redhat.com>
Adam King [Mon, 11 Mar 2024 18:44:17 +0000 (14:44 -0400)]
cephadm: allow list_daemons for only a specific daemon
At the moment, my thoughts are to use this internally
in the binary for when we need infor from list_daemons
but only for a specific daemon. I could also see wanting
this just on the command line to get info on a certain
daemon, so I've added it as a flag for `cephadm ls` as well
After some tests, it turns out that depending on the hardware,
the header 'Location' which is returned by the server after logged can be different.
I could notice the following:
kchheda3 [Tue, 27 Feb 2024 20:59:15 +0000 (15:59 -0500)]
rgw/notification: Fix the filter_rules to be array vs dict in json output.
FilterRules when processed as dict in json, emits samy key name for prefix, suffix causing failure while parsing the json notification output.
So change the type FilterRules from JsonDict to Array while dumping in json.
Patrick Donnelly [Thu, 14 Mar 2024 18:59:36 +0000 (14:59 -0400)]
qa/crontab: use historically normal priorities for nightlies
Stop using --force-priority except when necessary.
Squid still gets elevated priority due to the increased attention with the
imminent release.
I've differentiated the priorities some in that release branches should get
higher priority than the main branch and that older release branches should be
prioritized over newer ones. Finally, upgrade tests should be prioritized over
other nightlies.
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
Matt Benjamin [Mon, 23 Oct 2023 18:57:33 +0000 (14:57 -0400)]
rgwlc: implement NewerNoncurrentVersions
Per AWS doc, this value controls "how many noncurrent versions
Amazon S3 will retain." [1] We understand this to mean, retain
NewerNoncurrentVersions of any object, regardless of expiration.
Teoman ONAY [Wed, 13 Mar 2024 16:23:00 +0000 (17:23 +0100)]
cephadm: bootstrap fails if no container engine installed
When boostrapping a new cluster, if no container engine is present,
the process stops asking to install one. One of the bootstrap steps,
is to run command_prepare_host which takes care of installing the
missing dependencies but it didn't reach this step.
the endpoint passed down to util.query() is wrong:
is passes the full url (scheme://addr:port/path) where it should only
pass the path. The cause is that RedFishClient.login() basically stores
the value of the Location header in `self.location`.
The consequence of this is that it makes the client unable to properly logout.
Patrick Donnelly [Wed, 13 Mar 2024 13:04:40 +0000 (09:04 -0400)]
Merge PR #54485 into main
* refs/pull/54485/head:
mds/quiesce-db: keep the db thread alive until shutdown
mds/quiesce-db: incorporate review comments
mds/quiesce: declare QuiesceDbPeerListing and QuiesceDbPeerAck
mds/quiesce: resolve the quiesce cluster at the mds monitor
include/types: add an I/O helper for std::unordered_map
messages: avoid using mutable members in MMDSQuiesce*
mds/quiesce-db: incorporate review comments
doc/cephfs/fs-volumes: doc fixes and updates
pybind/mgr: correct type hints for `get_quiesce_leader_info`
mds/quiesce: only use ACTIVE daemons for the quiesce cluster
mds,messages: quiesce db inter-rank messaging
mds/quiesce: MDSRankQuiesce - integration of the quiesce db manager
doc/cephfs/fs-volumes: Add info about the quiesce command
doc: fixes for local dev builds
mgr/volumes: support for `fs subvolume quiesce`
mgr/volumes: use `volume_exception_to_retval` as a decorator
pybind/mgr: add a `one-shot` parameter to send_command
mds/quiesce: QuiesceAgent implementation and unit tests
mds/quiesce: QuiesceDb.h and QuiesceDbManager with tests
common/Timer.cc: improve debug messages from the timer_thread
mds: MDSRank.cc: return status from `send_message_mds`
encoding: add emplace variants for map dencoders
common/Cond: make C_SaferCond private members protected to facilitate inheritance
qa/tasks/cephfs: give the tests more time to run heavy fs workloads
Reviewed-by: Venky Shankar <vshankar@redhat.com> Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
projects / ceph.git / log