Adam C. Emerson [Wed, 17 May 2017 20:06:23 +0000 (16:06 -0400)]
Merge branch 'wip-sts-authorization'
Merge pull request #14307 from adamemerson/wip-sts-authorization
common: Add make_unique
submodule: Tencent's RapidJSON library
common: Add ISO-8601 Date Support
rgw: Add is_identity to AuthApplier class
rgw: Move globbing flags to header
buffer: Make the use of static areas more convenient
rgw: Add basic support for IAM policies
rgw: Build bucket permission and environment in req_state
rgw: Verify policies as WELL as ACLs
rgw: RESTful bucket policy ops
rgw: Write documentation for bucket policies
Adam C. Emerson [Thu, 28 Jul 2016 17:35:08 +0000 (13:35 -0400)]
submodule: Tencent's RapidJSON library
This is a high performance, MIT licensed JSON parsing library. It
provides a SAX interface so that I can compile an S3 policy without
building up a JSONObject tree in the middle that gets thrown away.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
John Spray [Tue, 16 May 2017 12:28:48 +0000 (13:28 +0100)]
ceph-create-keys: update client.admin if it already exists
This means that anyone who de-privileges their client.admin
user will find that it gets resets with full privileges again.
This is necessary because we cannot distinguish between an old
key and a deliberately de-privileged key, and it's okay because
this is the admin key, it's meant to have access to everything.
Fixes: http://tracker.ceph.com/issues/19940 Signed-off-by: John Spray <john.spray@redhat.com>
rgw: Searching for error codes and dumping output based on protocol flags.
The previous commit uses dynamic allocation to search for s3/ swift specific
error codes and dump the results. In order to avoid dynamic allocation,
we are making use of protocol flags to achieve the above.
Marcus Watts [Tue, 3 Nov 2015 00:43:36 +0000 (19:43 -0500)]
polymorphic error codes.
make set_req_state_err a method of req_state
get rid of params.perr; it's never used
rgw - polymorphic error object.
polymorphic error object: this way sts, which has additional error fields,
and its own xml format for how errors should be produced, can overload
the base rgw_err class.
STL fixup: use real mappings for error mappings, not a linear search.
insubstantiate error mappings exactly once in src/rgw/rgw_common.cc, instead
of multiple copies from every source file that includes src/rgw/rgw_http_errors.h.
remove dump_errno(s, err) - it was never used, and the code looked bogus.
move rgw_http_error_to_errno from header to rgw_rest_client.cc,
the only place it's used.
move rgw_http_status_code and http_codes to rgw_rest.cc,
the only place it's used.
base class (rgw_err) implements s3 errors; swift & sts errors use
the base class and overlay their own additional error codes to
the ones recognized by the base class.
For a while, I was trying to just have a "generic" abort_early() that
used dump_more. Now, I have an op aware form that works the old way.
I would like the http routines to known less about "op" structures,
which is why I'm making this distinction.
Splitting up generic and s3 flavors of some things:
rgw_rest_init() - split into s3 and generic forms.
end_header: s3 vs generic forms: generic form uses dump_more.
abort_early: s3 vs generic forms: generic form uses dump_more, error_content.
And fixing some mistakes from the merge:
Fixup: should not have deleted dump_errno() local storage forms.
Fixup:RGWRESTFlusher - take a dump_more to make it generic.
Fixup: need RGWRESTOp::send_response()
Move swift_err up; use it in bulkdelete_respond
I Think I don't need s->prot_flags when using swift_err.
Matt Benjamin [Mon, 15 May 2017 21:30:29 +0000 (17:30 -0400)]
rgw_file: v3: fix write-timer action
For now, unify with v4 write-on-close path, by calling
RGWFileHandle::close() on write-timer expire, since it will
call write_finish() as a side-effect.
Fixes: http://tracker.ceph.com/issues/19932 Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
John Spray [Mon, 15 May 2017 21:23:42 +0000 (17:23 -0400)]
qa: simplify TestJournalRepair
This was sending lots of metadata ops to MDSs to persuade
them to migrate some subtrees, but that was flaky. Use
the shiny new rank pinning functionality instead.
Michael Sevilla [Wed, 3 May 2017 16:05:56 +0000 (09:05 -0700)]
mds: add perf counters for file system operations
Shows the types of operations that clients are doing by adding counters to the
spot where the MDS responds to clients. This avoids counting operations that
were restarted while waiting for locks or for metadata to load. Does not
support per-client activity. This is the first step towards comprehensive
performance tracking in the file system.
Signed-off-by: Michael Sevilla <mikesevilla3@gmail.com>
Sage Weil [Wed, 3 May 2017 02:11:35 +0000 (21:11 -0500)]
common/perf_counters: histograms are counters
The histogram is a histogram of counters (not guages), so set the COUNTER
bit. (This only matters because we expose and document the bits of the
type, for better for for worse.)
If global admin_socket parameter is set, for PoolReplayer admin
sockets generate and use unique paths in $run_dir. Provide the socket
paths in output of PoolReplayer's "rbd mirror status" admin socket
command.
A possible use case:
1) run "rbd mirror status $pool_replayer" command using global admin
socket (known from configuration) and obtain socket paths for the
PoolReplayer local and remote context sockets.
2) Use these paths to run commands provides by the contexts.
Loic Dachary [Mon, 8 May 2017 16:57:23 +0000 (18:57 +0200)]
crush: encode can override weights with weight set
Encode a "legacy" crushmap if (1) we're using weight sets, (2) the
client is lacking features for the weight set, but (3) the weight set
has a single position and no id remapping. Since these maps are only
used by clients (not humans), then there is no need to preserve the
original crush weights. We can just swap them for the real weights and
the legacy clients will behave as expected.
Sage Weil [Fri, 12 May 2017 13:31:56 +0000 (09:31 -0400)]
mon: fix mon_keyvaluedb application
In 42a6b0efe1a3269c8e6c10e89f92bc0f28923af2 I mistakenly thought that
create_or_open was the path taken for normal open (not during mkfs) and
made it assume a missing kv_type meant leveldb. In reality, this is the
only path where mon_keyvaluedb is ever used (during mkfs), and
create_or_open is only called during mkfs. The bug I was (probably?)
trying to fix was that regular open() did not write out a kv_type file
(with the assumption of leveldb) if it was missing. As a result, the
previous fix was forcing all mons to be leveldb.
Fix this by reverting the create_or_open hunk (so that we express
mon_keyvaluedb on mkfs), and fixing the normal open path to write kv_type
if it is missing. This effectively switches the mon back to rocksdb by
default (and allows teuthology to test both rocksdb and leveldb by setting
the option).
projects / ceph.git / log