John Mulligan [Tue, 22 Jul 2025 23:22:15 +0000 (19:22 -0400)]
mgr/smb: add keybridge configuration to cluster resource
Add keybridge service configuration classes and parameters to the
resources module. This supports enabling the keybridge, setting up
scopes for the keybridge and it's access control.
A helper class is added that parses and helps validate the scope names.
John Mulligan [Wed, 16 Jul 2025 21:55:44 +0000 (17:55 -0400)]
mgr/smb: add enums that will be used for configuring keybridge
Add a pair of enum types that will be used for configuring the
keybridge. The scope type identifies what kind of scope is being
used. The peer policy can be used to allow a dev or other user
more access to the keybridge api for development purposes.
John Mulligan [Fri, 18 Jul 2025 14:23:31 +0000 (10:23 -0400)]
mgr/smb: fix a resource error unpacking str instead of list
Add special handling for the case where a string is passed instead of a
list. Without this fix a string will be converted into a list of single
letter items, something pretty much no one ever wants. Raise an
exception instead.
John Mulligan [Fri, 18 Jul 2025 16:20:17 +0000 (12:20 -0400)]
cephadm: add keybridge sidecar to smb daemon module
The keybridge uses the sambacc configuration but can also be passed
CLI options. Since cephadm writes the cert files, cephadm must also
pass the file names to use to the container args.
John Mulligan [Wed, 16 Jul 2025 21:08:49 +0000 (17:08 -0400)]
python-common/deployment: add keybridge feature to smb service spec
The keybridge sidecar is enabled by the keybridge feature flag.
This sidecar will be used to help fetch keys over various protocols
for the ceph module to use to set up fs encryption.
Kefu Chai [Sat, 22 Nov 2025 00:24:36 +0000 (08:24 +0800)]
qa/suites/rados/encoder: exclude ceph-osd-* when installing LTS releases
In a37b5b5, the ceph-osd-classic and ceph-osd-crimson packages were
added to qa/packages/packages.yaml. The "install" task uses this file as
the default package list for all branches, including LTS releases like
Reef.
However, a37b5b5 only exists in the main branch and won't be backported
to LTS branches. This causes installation failures in the rados/encoder
test suite, which verifies forward compatibility by installing LTS
releases and testing whether they can decode the latest corpus.
Exclude ceph-osd-classic and ceph-osd-crimson from LTS installations to
ensure the test suite can successfully install ceph-dencoder, which is
required for the interoperability tests.
projects / ceph-ci.git / log