John Mulligan [Wed, 2 Jul 2025 22:15:16 +0000 (18:15 -0400)]
mgr/smb: add a remote control configuration to cluster resource
Add the remote control component to a field of the cluster resource.
A remote control side car can be explicitly enabled or implicitly
enabled by specifying the tls creds.
John Mulligan [Wed, 2 Jul 2025 22:15:03 +0000 (18:15 -0400)]
mgr/smb: create a new resource component for remote control
Remote control is a new optional feature of the samba-container. It runs
a small "sidecar" service that provides a (g)RPC interface that bridges
certain runtime operations, like disconnecting a particular client,
from the cloudy-gRPC world to samba's existing tooling.
Add a new type that can be used to configure this sidecar service.
John Mulligan [Wed, 2 Jul 2025 21:45:42 +0000 (17:45 -0400)]
mgr/smb: add a new tls source component resource
Add a new resource component for referencing a tls credential resource.
This works pretty much like the join auth resource in that a cluster
refers to a tls credential resource by name - avoiding having to have
potentially sensitive info stored in the cluster resource.
John Mulligan [Wed, 2 Jul 2025 21:44:45 +0000 (17:44 -0400)]
mgr/smb: add a new tls credential resource type
Add a new TLS credential resource type that can currently store one
TLS certificate, TLS key, or TLS CA certificate. This is a new top-level
resource so that they can be use across clusters or managed
independently by different people and or private information can be kept
out a cluster resource stored in a file committed somewhere.
John Mulligan [Wed, 2 Jul 2025 21:41:26 +0000 (17:41 -0400)]
mgr/smb: add a new BigString helper type for serializing yaml
Add a new BigString type that serves to help serialize resources to
YAML, causing it to use the multi-line literal style. A BigString is
a string so it should be transparent to other serializations, but
note that it should only be used in "simplified" structures.
John Mulligan [Wed, 2 Jul 2025 21:42:40 +0000 (17:42 -0400)]
mgr/smb: use a private constant for hidden value indicator
When the password filter hides a value we replace it with a string
of asterisks - indicating that there was a value here. Move it
to a constant so it can be reused later.
John Mulligan [Wed, 2 Jul 2025 22:06:30 +0000 (18:06 -0400)]
mgr/smb: add a new generalized enum for source references
The join auth and users and groups sources typically specify a
source as a reference to a (local) resource. Right now this is
really the only supported value. Since they're all basically the same
add a new generic SourceReferenceType enum for future source
resource components.
Note that python doesn't allow subclassing enums that have values
assigned. This is the reason for the copy paste here.
John Mulligan [Wed, 2 Jul 2025 21:47:56 +0000 (17:47 -0400)]
mgr/smb: add a new TLSCredentialType enum
Add a new TLSCredentialType to enums.py. This will be used in the future
to support a new resource type that manages TLS/SSL credential objects (
certs, keys, etc).
John Mulligan [Mon, 30 Jun 2025 23:11:34 +0000 (19:11 -0400)]
mgr/cephadm: add a helper function for setting up smb config
Add a private helper function for copying values into the config_blobs
and similar dictionaries that are serialized and passed to cephadm for
configuration of smb. The helper automates the familiar pattern of
```
if value:
config_blobs[key] = value
```
John Mulligan [Mon, 9 Jun 2025 17:19:06 +0000 (13:19 -0400)]
python-common/deployment: add remote control sidecar config params
Add parameters to the smb service spec for configuring the remote
control sidecar. The feature always controls the deployment (or not) of
the sidecar and the ssl/tls config params will be used to set up (m)TLS
for the sidecar.
John Mulligan [Mon, 9 Jun 2025 17:18:49 +0000 (13:18 -0400)]
cephadm/smb: add support for remote control sidecar
Add support for the remote control sidecar. The remote control server
is provided by the sambacc project. It is a small grpc server that
allows remote systems to get live information about connected clients
and disconnect clients or shares from the servers. The gRPC server
requires being run in mTLS mode to make changes.
Adding sidecar required adding a bunch of support for TLS/SSL certificate
management. I copied some of what other ceph containers do, like map
in a dedicated dir having certs. I expect some more stuff in the smb
daemon will require TLS support so I tried to make it a little more
generic than would be strictly needed by just this sidecar.
John Mulligan [Wed, 16 Jul 2025 20:17:07 +0000 (16:17 -0400)]
cephadm: update type of populate_files first argument
The populate_files function's first argument was typed as `str` but
all places that str is used in that function can also use a
pathlib.Path. Update the type of that argument to match.
John Mulligan [Mon, 30 Jun 2025 21:46:10 +0000 (17:46 -0400)]
mgr/smb: improve error handling when _customize_resource is wrong
While working on other changes I noticed that if _customize_resource
does not return a resource object (something fairly easy to do like
accidentally delete a line) the error it produces is somewhat hard
to debug. Check the return from the function returns a non-false
object to provide better error reporting.
John Mulligan [Mon, 30 Jun 2025 21:18:36 +0000 (17:18 -0400)]
mgr/smb: add a wrapper_type attribute for resourcelib fields
Add a new wrapper_type attribute for resourcelib fields that will be
used for better YAML representations in a future change. The
wrapper_type attribute will be applied during the simplification
phase to prep the resulting object for serialization. It can be set
using the special _customize_resource function.
John Mulligan [Tue, 12 Aug 2025 18:26:36 +0000 (14:26 -0400)]
tentacle: python-common/cephadm: use ceph20- prefixed images
The samba-containers project is now producing images that are based on
samba + ceph tentacle packages (for libcephfs, etc). Use that as the
image used for the samba server.
Same for samba-metrics.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Nizamudeen A [Tue, 12 Aug 2025 04:15:54 +0000 (09:45 +0530)]
mgr/dashboard: close token status subscription properly
Since its not returning any subscription back to the `this.subs`
property, those subscriptions are not properly closed in the
workbench-layout when its destroyed. So ensuring proper return
Nizamudeen A [Fri, 8 Aug 2025 06:42:20 +0000 (12:12 +0530)]
mgr/dashboard: fix memory leak in prometheus service
Prometheus API calls in the Cluster Utilization call is subscribed in
the for loop multiple times but this is not properly unsubscribed. As we
stay in the dashboard page for longer time, it produces a significant
memory leak which eventually lags the UI. Attempting to fix it by
properly handling the subscription
Nizamudeen A [Mon, 28 Jul 2025 08:22:36 +0000 (13:52 +0530)]
mgr/dashboard: fix table dom re-rendering
each table refresh creates a new data or update the existing data. this
causes the existing data to be completely replaced with a newer one and
thereby loosing the trackBy functionality. So I am modifying the data
in-place so that the memory reference doesn't get changed
The arm64-only module uadk needs numa.h to build; nothing else
ensures it's available. Make it an unconditional ceph build
dependency on behalf of the arm64 build.
libcephfs_proxy: implement client side support for embedded perms
Implement the code to handle embedded perms or not depending on a
feature flag negotiated during connection.
If embedded permissions are enabled, ceph_userperm_new() will allocate a
local structure with the provided credentials instead of sending it to
the server. ceph_userperm_destroy() will just destroy the allocated
structure. If it's disabled, these function will work as any other
function, sending the request to the server.
libcephfs_proxy: extend the protocol to support embedded permissions
This patch adds the changes to the protocol definition to support
sending the user credentials along with the request that requires it.
Using protocol version 1, instead of sending a pointer to a previously
allocated UserPerm structure, the caller will embed the uid, gid and the
list of additional groups in the request itself.
This change doesn't modify the binary format of the protocol structures
so that they remain backward compatible, but it modifies how they are
declared to make it easier to extend them with future protocol
improvements.
this change is created in the same spirit of bb1fa818.
when building the tree with clang-21, following warning was raised:
```
/home/kefu/dev/ceph/src/libcephfs_proxy/proxy_async.c:43:9: warning: arithmetic on a pointer to void is a GNU extension [-Wgnu-pointer-arith]
43 | data += iov->iov_len;
| ~~~~ ^
1 warning generated.
```
this change should address this warning by casting a `void*` pointer to
`char*` pointer before performing arithmetic operation on it.
Zac Dover [Sat, 9 Aug 2025 05:53:59 +0000 (15:53 +1000)]
doc/cephfs: edit troubleshooting.rst
Edit the section "RADOS Health" in the file
doc/cephfs/troubleshooting.rst. Add a Sphinx directive to the
doc/rados/troubleshooting/index.rst file that directs to the index of
the RADOS troubleshooting documentation.
qa/suites/krbd: use a standard fixed-1 cluster in unmap subsuite
A custom "fixed-1, but with the client on a separate node" cluster was
needed only for pre-single-major.yaml kernel which is no longer around.
This can be a single-node job now -- see commits 311a450163cf
("krbd/unmap: put client.0 on a separate remote") and 39a579144cd8
("qa/suites/krbd: drop pre-single-major test").
Bill Scales [Fri, 1 Aug 2025 15:17:58 +0000 (16:17 +0100)]
doc: erasure coding enhancements for tentacle
* Document new pool flag allow_ec_optimizations
* Reference new conf setting osd_pool_default_flag_ec_optimizations
* Add section describing Erasure Code Optimizations
Zac Dover [Thu, 7 Aug 2025 05:03:22 +0000 (15:03 +1000)]
doc/cephfs: edit troubleshooting.rst
Follow up on comments made by Anthony D'Atri in
https://github.com/ceph/ceph/pull/64832 and make other small changes to
increase the ease of reading this text.
projects / ceph.git / log