rgw/kms/kmip - document configuration for a new feature: kmip kms

I've written up a brief description of using kmip
with ceph.  Major features:
* ceph configuration.
* making keys with a "paste-in" python script.
* pointers to PyKMIP and IBM SKLM.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - rgw / kmip test integration.

Actually add kmip to the kms crypt suite.

This also makes some ssl certs which is required for use of kmip.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - rgw / kmip test integration.

s3tests needs to know key names in order to run kms tests.
It seems desirable to have s3tests default to discovering
the names that were created by the pykmip task, and that
if there is more than one rgw connected to more than one
pykmip, that names belonging to the appropriate pykmip
instance should be used.

This logic does the following:
rgw task: save pykmip role name.
s3tests task: set kms_key (and kms_keyid2) to
these in order of priority
1 s3tests client task property ['kms_key'] (or ['kms_key2'])
2 first (second) secret created in the matching pykmip instance.
3 testkey-1 (testkey-2)

For case 2, names from the secrets have an initial "token-" stripped from them.
The assumption here is that rgw is being run with a setting such as
rgw crypt kmip kms key template: pykmip-$keyid
therefore "pykmip-" will be prefixed back onto the key before use.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - rgw / kmip test integration.

Pass endpoint configuration from pykmip to radosgw at runtime.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - correct documentation.

The pykmip task should be after ceph, and before rgw.

kmip needs ssl certs in order to function correctly.
Because the openssl_keys task has an indeterminate
order of execution, it is best to create the ca as
a separate task.  The ca can be shared with rgw, but
real life deployments of kmip are likely to have their
own CA.

In order to create kmip secrets, a client certificate
is necessary, so must be supplied to the pykmip task.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - pykmip.py needs to make keys too.

The logic to deploy pykmip in teuthology was not complete.
The necessary logic to add kmip keys was missing.

Existing logic for other key services providers could use rest based
protocols directly from the teuthology host.  For kmip, it is necessary
to use a special protocol, and it is more convenient to run this directly
on the pykmip server.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - pykmip.py should actually run pykmip.

The logic to deploy pykmip in teuthology was not complete.
While it deployed all the code and certs to run pykmip,
it didn't actually run it.  This commit fixes that.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - python3 changes for testing.

python3 requires different imports and there's a different
way to get at the first element in a view.
This is to match changes introduced in the rest of ceph in these
commits: 24e7acc261a4 d7258ea7fdcd

Signed-off-by: Marcus Watts <mwatts@redhat.com>

rgw/kms/kmip - string handling cleanup.

Use string::data and string_view to clean up some string handling,
as suggested by reviewers.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

teuthology/rgw: pykmip task

Configure and run a simple pykmip daemon,
similar in concept to barbican | vault.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

kmip: first pass at implementation logic.

This implements SSE-KMS for the radosgw using kmip.
This uses symmetric raw keys with a name attribute in kmip,
so providing the same functionality as the "kv" key store
in hashicorp vault.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

kmip: configuration options.

First pass at configuration configuration for kmip.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

Including cmake build logic inside of libkmip.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

cmake glue to build libkmip.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

Added libkmip as a submodule.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

Merge pull request #39765 from smithfarm/wip-ncpus-for-obs

rpm: set build parallelism from memory on SUSE

Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: David Galloway <dgallowa@redhat.com>

Merge PR #39682 into master

* refs/pull/39682/head:
vstart_runner: remove duplicate methods from LocalCephManager

Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>

Merge PR #39780 into master

* refs/pull/39780/head:
qa/vstart_runner: dont log "not Ceph bin" msg too often

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>

Merge PR #39681 into master

* refs/pull/39681/head:
vstart_runner: define path to ceph binary and use it

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>

Merge pull request #39382 from gauravsitlani/master

rgw: added missing documentation on "pubsub" in rgw_enable_apis

Reviewed-by: Yuval Lifshitz <ylifshit@redhat.com>
Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #39762 from smithfarm/wip-support-leap-15.3

rpm/luarocks: simplify conditional and support Leap 15.3

Reviewed-by: Yuval Lifshitz <ylifshit@redhat.com>
Reviewed-by: Kyr Shatskyy <kyrylo.shatskyy@suse.de>

Merge pull request #39789 from zdover23/wip-doc-cephadm-convert--bash-shells-2021-Mar-03

doc/cephadm: add prompts to adoption.rst

Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

Merge pull request #39794 from cbodley/wip-qa-rgw-valgrind-supp-librados-delete

valgrind: suppress operator delete[] for tcmalloc

Reviewed-by: Daniel Gryniewicz <dang@redhat.com>

Merge pull request #39558 from sebastian-philipp/doc-rados-rm-toctree-cephadm

doc/rados: avoid including cephadm into the toctree

Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Neha Ojha <nojha@redhat.com>
Reviewed-by: Zac Dover <zac.dover@gmail.com>

rpm: drop old SUSE-specific OOM fix

This fix was needed some years ago, but no longer.

Signed-off-by: Nathan Cutler <ncutler@suse.com>

rpm: limit build jobs by system memory on SUSE

43b441f9a3bc907c17d52385251001ffcd5d3ff9 removed a bunch of code which the SUSE
builds were relying on to avoid OOM. This commit brings back that code in
a much-streamlined form: the SUSE-specific %limit_build macro.

This also has the advantage of not breaking the build on older RPMs which only
know about %_smp_mflags, and not the newer %_smp_build_ncpus etc. macros.

Fixes: 43b441f9a3bc907c17d52385251001ffcd5d3ff9
Fixes: https://tracker.ceph.com/issues/49556
Signed-off-by: Nathan Cutler <ncutler@suse.com>

Merge pull request #39399 from dang/wip-dang-zipper-10

RGW - Zipper 10: The Great Zippening

Merge PR #38909 into master

* refs/pull/38909/head:
PendingReleaseNotes: document option osd_fast_shutdown_notify_mon
osd: add osd_fast_shutdown_notify_mon option (default false)

Reviewed-by: Neha Ojha <nojha@redhat.com>

Merge PR #39654 into master

* refs/pull/39654/head:
common/options: drop ms_async_max_op_threads
msg/async: drop Stack::num_workers
msg/async: s/num_workers/workers.size()/
msg/async: use range-based loop in NetworkStack
msg/async: do not pass worker id to Stack::spawn_worker()
async/Stack: pass Worker* to NetworkStack::add_thread()
async/rdma: do not reference worker id in RDMAStack::spawn_worker()
async/dpdk: do not use worker id when creating worker
async/PosixStack: do not reference worker id in ctor
async/rdma: initialize worker in RDMAStack::create_worker()
async/rdma: move RDMAStack::create_worker() to .cc

Reviewed-by: luo runbing <luo.runbing@zte.com.cn>
Reviewed-by: Haomai Wang <haomai@xsky.com>

Merge PR #39665 into master

* refs/pull/39665/head:
qa/rados/dashbord use "random" objectore

Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Laura Paduano <lpaduano@suse.com>
Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Neha Ojha <nojha@redhat.com>

Merge PR #39689 into master

* refs/pull/39689/head:
src/global/signal_handler.h: fix preprocessor logic for alpine

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge PR #39750 into master

* refs/pull/39750/head:
mgr: create client messenger using ms_public_type

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39770 from liewegas/bug-46745

cephadm: add docker.service dependency in systemd units

Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

Merge pull request #39795 from dillaman/wip-migration-import-docs

doc/rbd: clarify QCOW2 migration support

Reviewed-by: Mykola Golub <mgolub@suse.com>

Merge pull request #39555 from tchaikov/wip-drop-pre-nautilus

*: drop backward compatibility with pre-nautilus versions

Reviewed-by: Josh Durgin <jdurgin@redhat.com>

Merge pull request #39798 from tchaikov/wip-crimson-monc-copy-sent

crimson/mon: keep a copy of sent MMonCommand messages

Reviewed-by: Yingxin Cheng <yingxin.cheng@intel.com>

crimson/mon: keep a copy of sent MMonCommand messages

as per Yingxin Cheng,

> The send process can be asynchronous (there is a conn.out_q, or if the
> underlying socket lives in a different core in the m:n model to be
> ordered there). If user really wants to reuse a message, they must be
> careful not to modify it because it may result in modifing the pending
> messages.
>
> I think the best way is to copy the message if user want to resend it,
> and keep the ceph_assert(!msg->get_seq()). It may looks good to reuse a
> message under lossy policy, but the correctness is now up to user not to
> modify it inplace.

see also https://github.com/ceph/ceph/pull/39786

Signed-off-by: Kefu Chai <kchai@redhat.com>

doc/rbd: clarify QCOW2 migration support

Signed-off-by: Jason Dillaman <dillaman@redhat.com>

valgrind: suppress operator delete[] for tcmalloc

suppresses a mismatched operator delete[] from the librados client's
destructor:

<error>
  <unique>0xeef7eb</unique>
  <tid>1</tid>
  <kind>MismatchedFree</kind>
  <what>Mismatched free() / delete / delete []</what>
  <stack>
    <frame>
      <ip>0x4C32EA0</ip>
      <obj>/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so</obj>
      <fn>operator delete[](void*, unsigned long)</fn>
      <dir>/builddir/build/BUILD/valgrind-3.16.0/coregrind/m_replacemalloc</dir>
      <file>vg_replace_malloc.c</file>
      <line>660</line>
    </frame>
    <frame>
      <ip>0x5FBEB86</ip>
      <obj>/usr/lib64/librados.so.2.0.0</obj>
    </frame>
    <frame>
      <ip>0x5FBEF2C</ip>
      <obj>/usr/lib64/librados.so.2.0.0</obj>
    </frame>
    <frame>
      <ip>0x5F7F7C5</ip>
      <obj>/usr/lib64/librados.so.2.0.0</obj>
      <fn>librados::v14_2_0::Rados::shutdown()</fn>
    </frame>

Fixes: https://tracker.ceph.com/issues/49501
Signed-off-by: Casey Bodley <cbodley@redhat.com>

Merge PR #39730 into master

* refs/pull/39730/head:
cephadm: fix escaping/quoting of stderr-prefix arg for ceph daemons

Reviewed-by: Michael Fritch <mfritch@suse.com>
Reviewed-by: Sebastian Wagner <swagner@suse.com>

doc/cephadm: add prompts to adoption.rst

This PR formats the bash prompts. It also formats the
bash output so that it appears in the correct (easily
copy-and-pasteable) format. This PR will be followed by
a grammar-improving PR, but this PR is just a
formatting PR.

Signed-off-by: Zac Dover <zac.dover@gmail.com>

Merge pull request #39781 from idryomov/wip-krbd-xfstests-fixes

qa/suites/krbd: address recent issues caused by newer kernels

Reviewed-by: Jason Dillaman <dillaman@redhat.com>

Merge PR #39723 into master

* refs/pull/39723/head:
mon/ConfigMonitor: make config changes via KVMonitor's pending set

Reviewed-by: Neha Ojha <nojha@redhat.com>

cephadm: fix escaping/quoting of stderr-prefix arg for ceph daemons

On some versions of podman doing

   --default-log-stderr-prefix="debug "

seems to work okay, but on others it does not, producing lines like

   /usr/bin/ceph-mon: "debug "2021-02-26T15:30:36.266+0000 7f3d8a955700  4 rocksdb:                    Options.db_write_buffer_size: 0

Quote things properly for the unit.run bash script.

Signed-off-by: Sage Weil <sage@newdream.net>

Merge PR #39739 into master

* refs/pull/39739/head:
cephadm: set CEPH_USE_RANDOM_NONCE if using --init
msg/Messenger: use random nonce if CEPH_USE_RANDOM_NONCE or pid == 1
Revert "Merge PR #39482 into master"

Reviewed-by: Michael Fritch <mfritch@suse.com>
Reviewed-by: Sebastian Wagner <swagner@suse.com>

RGW - Fix mock User class in Lua test

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

cephadm: add docker.service dependency in systemd units

This ensures that (1) we start after the docker daemon is running, and
(2) a restart of docker will also restart the ceph services.

Fixes: https://tracker.ceph.com/issues/46745
Signed-off-by: Sage Weil <sage@newdream.net>

Merge PR #39679 into master

* refs/pull/39679/head:
Revert "mon/MDSMonitor: add missing frozen checks"

Reviewed-by: Rishabh Dave <ridave@redhat.com>
Reviewed-by: Jos Collin <jcollin@redhat.com>

Merge pull request #38995 from mgfritch/cephadm-check-host-errors

cephadm: remove redundant `ERROR` during check-host

Reviewed-by: Juan Miguel Olmo Martínez <jolmomar@redhat.com>
Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

Merge pull request #39722 from p-se/wip-pse-cephadm-SUSE-alertmanager

cephadm: `cephadm ls` broken for SUSE downstream alertmanager container

Reviewed-by: Michael Fritch <mfritch@suse.com>
Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

Merge pull request #38915 from Daniel-Pivonka/clientsoktostop

mgr/cephadm: add ok-to-stop functions for ceph client services

Reviewed-by: Juan Miguel Olmo Martínez <jolmomar@redhat.com>
Reviewed-by: Michael Fritch <mfritch@suse.com>
Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

Merge pull request #39352 from sebastian-philipp/orch-remove-promise

mgr/orch: Make orchestrator interface synchronous

Reviewed-by: Varsha Rao <varao@redhat.com>

Merge pull request #39612 from jmolmo/fix_rook_orch_ls

mgr/orchestrator: Fix ceph orch ls in Rook

Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>
Reviewed-by: Varsha Rao <varao@redhat.com>

Merge pull request #39784 from rzarzynski/wip-crimson-monc-close-active-conn-on-reset

crimson/monc: close() active_con before destructing it on resets.

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39783 from tchaikov/wip-crimson-clang

crimson/os: fix clang build and cleanups.

Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

crimson/monc: close() active_con before destructing it on resets.

`ProtocolV2` expects `AuthClient` implementations to withstand
calling `get_auth_request()` and `handle_auth_reply_more()` even
if `handle_auth_done()` had been already called. This is because
a network fault may happen on e.g. `AuthSignatureFrame` which is
put on the wire after the `AuthDone` handling.

`crimson::mon::Client` deals with that by returning `auth::error`
from both `get_auth_request()` and `handle_auth_reply_more()` as
the preceding invocation of `handle_auth_done()` had already
cleared `pending_conns` (and set `active_con`). This leads to
`abort_in_close()` and finally to dispatching `ms_handle_reset()`
on `mon::Client` which is fine in general but, when comes to the
current implementation, it destroys `active_con` without closing
it first.
One of the consequence is breaking the `mon::Connection::reply`
promise; another one is missed `mark_down()` call.

```
DEBUG 2021-03-01 18:10:50,489 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@56752 >> mon.? v2:172.21.15.110:3300/0] GOT AuthDoneFrame: gid=4121, con_mode=se
cure, payload_len=995
DEBUG 2021-03-01 18:10:50,489 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@56752 >> mon.? v2:172.21.15.110:3300/0] WRITE AuthSignatureFrame: signature=60ca
f49e5a6cf3cc39c4160cb9d09032db5f794e29655dc0124cf5f42b7546fb
DEBUG 2021-03-01 18:10:50,489 [shard 0] ms - authenticated_encrypt_update plaintext.length()=80 buffer.length()=80
DEBUG 2021-03-01 18:10:50,489 [shard 0] ms - authenticated_encrypt_final buffer.length()=96 final_len=0
INFO  2021-03-01 18:10:50,489 [shard 0] monc - found mon.noname-a
INFO  2021-03-01 18:10:50,489 [shard 0] monc - sending auth(proto 2 2 bytes epoch 0) v1
INFO  2021-03-01 18:10:50,489 [shard 0] monc - waiting
DEBUG 2021-03-01 18:10:50,489 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@56752 >> mon.? v2:172.21.15.110:3300/0] GOT AuthSignatureFrame: signature=ea04f1
318cf76808414a853ed37fd232ae886bef036cb4248079c6cba89d669a
DEBUG 2021-03-01 18:10:50,490 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@56752 >> mon.? v2:172.21.15.110:3300/0] WRITE ClientIdentFrame: addrs=v2:172.21.
15.110:6800/33954, target=v2:172.21.15.110:3300/0, gid=0, gs=1, features_supported=4540138303579357183, features_required=576460752303432193, flags=1, cookie=9231904580
14536120
...
INFO  2021-03-01 18:10:50,490 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@56752 >> mon.? v2:172.21.15.110:3300/0] execute_connecting(): fault at CONNECTIN
G, going to WAIT -- std::system_error (error crimson::net:4, read eof)
...
DEBUG 2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@0 >> mon.? v2:172.21.15.110:3300/0] GOT HelloFrame: my_type=mon peer_addr=v2:172.21.15.110:63960/0
INFO  2021-03-01 18:10:50,690 [shard 0] monc - get_auth_request(con=[osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0], auth_method=0)
ERROR 2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] get_initial_auth_request returned crimson::auth::error (unknown connection)
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] closing: reset yes, replace no
DEBUG 2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] TRIGGER CLOSING, was CONNECTING
...
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] write_event: dropped
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] execute_connecting(): protocol aborted at CLOSING -- std::system_error (error crimson::net:6, protocol aborted)
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] closing: reset yes, replace no
DEBUG 2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] TRIGGER CLOSING, was CONNECTING
WARN  2021-03-01 18:10:50,690 [shard 0] osd - ms_handle_reset
WARN  2021-03-01 18:10:50,690 [shard 0] monc - active conn reset v2:172.21.15.110:3300/0
INFO  2021-03-01 18:10:50,690 [shard 0] monc - reopen_session to mon.-1
WARN  2021-03-01 18:10:50,690 [shard 0] monc - mon.0 does not have an addr compatible with me
INFO  2021-03-01 18:10:50,690 [shard 0] monc - connecting to mon.1
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954 >> mon.? v2:172.21.15.110:3300/0] ProtocolV2::start_connect(): peer_addr=v2:172.21.15.110:3300/0, peer_name=mon.?, cc=14512795460730278364 policy(lossy=true, server=false, standby=false, resetcheck=false)
DEBUG 2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954 >> mon.? v2:172.21.15.110:3300/0] TRIGGER CONNECTING, was NONE
DEBUG 2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954 >> mon.? v2:172.21.15.110:3300/0] UPDATE: gs=3 for connect
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954 >> mon.? v2:172.21.15.110:3300/0] write_event: delay ...
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] write_event: dropped
INFO  2021-03-01 18:10:50,690 [shard 0] ms - [osd.0(client) v2:172.21.15.110:6800/33954@63960 >> mon.? v2:172.21.15.110:3300/0] execute_connecting(): protocol aborted at CLOSING -- std::system_error (error crimson::net:6, protocol aborted)
...
"
WARN  2021-03-01 18:10:50,690 [shard 0] seastar - Exceptional future ignored: seastar::broken_promise (broken promise), backtrace:    0x146f364
   0x146f6e1
   0x146fb01
   0x135c2fe
   0x135c481
   0x6ee079
   0x137db87
   0x137def2
   0x13ab085
   0x1347b27
   0x6619f5
   /lib64/libc.so.6+0x237b2
   0x6b217d
   --------
   N7seastar12continuationINS_8internal22promise_base_with_typeIvEENS_6futureIvE12finally_bodyIZNS_5asyncIZZ4mainENKUlvE_clEvEUlvE_JEEENS_8futurizeINSt9result_ofIFNSt5decayIT_E4typeEDpNSC_IT0_E4typeEEE4typeEE4typeENS_17thread_attributesEOSD_DpOSG_EUlvE1_Lb0EEEZNS5_17then_wrapped_nrvoIS5_SU_EENSA_ISD_E4typeEOT0_EUlOS3_RSU_ONS_12future_stateINS1_9monostateEEEE_vEE

```

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

RGW Zipper - get_ctl() no longer needed

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - user.empty()

Add an empty() method for user, and use it in admin code.

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - Wrap zoneutils

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - Add zone abstraction

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - random cleanups

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - Meta list API

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - zipify RGWUserAdminOpState

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW Zipper - Clean up get_user* APIs.

The main get_user() function doesn't query the cluster, but the rest of
them do.  Rename the functions to match, and add comments to clarify.

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

Zipper - zipperify the Auth code

This also removes the only user of s->sysobj_ctx, so that can be removed
as well.

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

Zipper - remove duplicate get_user()

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

RGW - Zipper 10: Pull The Thread

This commit changes the RGWStoreManager to return a RGWStore* rather
than a RGWRadosStore*.  This is the thread that unravels the rest of the
Zipper work, removing hard-coded uses of the RGWRados* classes.

Signed-off-by: Daniel Gryniewicz <dang@redhat.com>

Merge pull request #39779 from tchaikov/wip-crimson-monc-cleanup

crimson/mon: resend mon command when connected and cleanups

Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Reviewed-by: Xuehan Xu <xxhdx1985126@gmail.com>

crimson/os: return an errorator::future in an erroratorized chain

errorator does not convert a "void" continuation to a ready future at
the time of writing.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/os: capture structured binding labels with new variable

structured binding does not define variables. unlike GCC, Clang does
not allow this.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/os: mark unused variable with [[maybe_unused]]

`MAX_FLAT_BLOCK_SIZE` is only used in Debug builds.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/os: do not capture unused variables

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: do not use futurize_invoke

flatten the call in seastar::futurize_invoke().

Signed-off-by: Kefu Chai <kchai@redhat.com>

qa/vstart_runner: dont log "not Ceph bin" msg too often

The message is logged everytime a binary not from Ceph repo's build
directory is executed, which it too often.

Signed-off-by: Rishabh Dave <ridave@redhat.com>

Merge pull request #39744 from zdover23/wip-doc-cephadm-install-install-cephadm-rewrite-2021-Feb-28

doc/cephadm: rewrite "install cephadm"

Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

crimson/mon: let reopen_session() return future<bool>

this change is for improve the readability. to emphasis that the
next steps are performed only if a connection to monitor is
established.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: use a vector for mon_commands

for smaller memory foot print. as we don't have lots of mon_command in
flight, hence not likely to benefit from a O(log(n)) lookup.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: resend mon command when session established

this behavior matches that of `MonClient::_resend_mon_commands()`. so
far the only user which sends mon command in crimson is
`OSD::_add_me_to_crush()`, but there is still (rare) chance that the connected
monitor cannot be reached when we send the command to it, in that case,
we should retry when the connection is re-established.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: pass a string to Client::run_command()

as the reason why MMonCommand uses a vector is but for legacy reasons,
there is no need to expose this via the interface.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: move keyring and sub renewals into on_session_opened()

both of them fall into the category of jobs which we should do after
the connection to monitor is established.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: let on_session_opened() return a future

so we can expand its responsibility to perform some async calls.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: s/send_pendings/on_session_opened/

will use this method also for sending requests which are not acked

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: pending_messages should not be empty if active_conn

we always send all pending_messages, and clear it when establishing a
connection to mon, so there is no need to check for it when calling
`send_message()`.

Signed-off-by: Kefu Chai <kchai@redhat.com>

crimson/mon: check for active_con before calling send_pendings()

before this change, we guard the `send_pendings()` call only in
`Client::send_message()`, after this change, all of the
`send_pendings()` calls are guarded with this check.

more consistent this way.

Signed-off-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39760 from zdover23/wip-doc-cephadm-install-bootstrap-rewrite-2021-Mar-01

doc/cephadm: rewrite "b.strap a new cluster"

Reviewed-by: Sebastian Wagner <sebastian.wagner@suse.com>

Merge pull request #39685 from tchaikov/wip-mgr-dashboard-requests

pybind/mgr/dashboard: bump up requests to 2.25.1

Reviewed-by: Laura Paduano <lpaduano@suse.com>

Merge pull request #39673 from rzarzynski/wip-crimson-drop-protocol-v1

crimson: drop the support of ProtocolV1

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39768 from rzarzynski/wip-crimson-monc-renew-subs

crimson/monc: renew subscriptions when reopening a session.

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39718 from zdover23/wip-doc-dev-t8y-label-in-toc-2021-Feb-26

doc/dev: add t8y label to index.rst

Reviewed-by: Josh Durgin <jdurgin@redhat.com>

Merge pull request #39601 from badone/wip-ceph_test_rados_api_watch_notify-enoent-failure

tests: ceph_test_rados_api_watch_notify: Allow for reconnect

Reviewed-by: Neha Ojha <nojha@redhat.com>

crimson/monc: renew subscriptions when reopening a session.

Lack of this feature was the root cause of an issue in
teuthology testing in which a socket failure injection
happened exactly during `mon_subscribe`; after the OSD
reconnected, the message hasn't been resent and entire
boot process has frozen.

```
DEBUG 2021-02-25 11:42:53,757 [shard 0] ms - [osd.2(client) v2:172.21.15.204:6804/33459@57376 >> mon.0 v2:172.21.15.204:3300/0] --> #6 === mon_subscribe({osdmap=1}) v3
(15)
DEBUG 2021-02-25 11:42:53,757 [shard 0] ms - authenticated_encrypt_update plaintext.length()=80 buffer.length()=80
DEBUG 2021-02-25 11:42:53,757 [shard 0] ms - authenticated_encrypt_final buffer.length()=96 final_len=0
DEBUG 2021-02-25 11:42:53,757 [shard 0] ms - authenticated_encrypt_update plaintext.length()=48 buffer.length()=48
DEBUG 2021-02-25 11:42:53,757 [shard 0] ms - authenticated_encrypt_update plaintext.length()=16 buffer.length()=64
DEBUG 2021-02-25 11:42:53,757 [shard 0] ms - authenticated_encrypt_final buffer.length()=80 final_len=0
INFO  2021-02-25 11:42:53,758 [shard 0] ms - [osd.2(client) v2:172.21.15.204:6804/33459@57376 >> mon.0 v2:172.21.15.204:3300/0] execute_ready(): fault at READY on lossy
 channel, going to CLOSING -- std::system_error (error crimson::net:4, read eof)
```

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

rpm/luarocks: simplify conditional and support Leap 15.3

The luarocks conditional had gotten hard to read, and the openSUSE Leap 15.3
build needs lua53 as well.

Signed-off-by: Nathan Cutler <ncutler@suse.com>

Merge PR #39680 into master

* refs/pull/39680/head:
mds: allow `fs authorize` command to work

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Rishabh Dave <ridave@redhat.com>

Merge PR #39710 into master

* refs/pull/39710/head:
qa: run fs:verify on all distros

Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Yuri Weinstein <yweins@redhat.com>
Reviewed-by: Rishabh Dave <ridave@redhat.com>

Merge PR #39725 into master

* refs/pull/39725/head:
qa: delete all fs during tearDown

Reviewed-by: Ramana Raja <rraja@redhat.com>
Reviewed-by: Rishabh Dave <ridave@redhat.com>

doc/cephadm: rewrite "install cephadm"

This PR breaks the "Deploying a New Ceph Cluster"
section into several sub-sections, so that each sub-section
pertains to only one subject. I've also added some explanatory
text that puts the instructions into context more than they were
before.

Signed-off-by: Zac Dover <zac.dover@gmail.com>

Merge pull request #39732 from mychoxin/resolve_compile_error

test/librbd: resolve compile error on centos

Reviewed-by: Jason Dillaman <dillaman@redhat.com>

Merge pull request #39731 from mychoxin/use_unified_zero_func

rbd: use portable zero-ing memory function

Reviewed-by: Jason Dillaman <dillaman@redhat.com>

doc/cephadm: rewrite "b.strap a new cluster"

This PR rewrites the section "Bootstrap A New
Cluster" in the Cephadm Guide, in the Install
Chapter. I've broken this section up into what
seem to me to be the topics that the content
naturally divides into.

Signed-off-by: Zac Dover <zac.dover@gmail.com>

cephadm: set CEPH_USE_RANDOM_NONCE if using --init

This ensures that daemon messenger nonces don't collide by using PIDs that are
no longer unique for the IP address.

Signed-off-by: Sage Weil <sage@newdream.net>