sys_siglist is deprecated with glibc 2.32. A new thread-safe and
async-signal safe sigdescr_np() function is provided, so use it if
available.
Fixes: https://tracker.ceph.com/issues/47187 Signed-off-by: David Disseldorp <ddiss@suse.de>
(cherry picked from commit b9b6faf66ae67648626470cb4fc3f0850ac4d842)
Conflicts:
CMakeLists.txt
cmake/modules/CephChecks.cmake
- CephChecks.cmake file does not exist in nautilus; manually cherry-picked the
change in that file to top-level CMakeLists.txt
Ilya Dryomov [Thu, 3 Dec 2020 10:24:32 +0000 (11:24 +0100)]
qa: krbd_stable_pages_required.sh: move to stable_writes attribute
bdi/stable_pages_required attribute was deprecated in 5.10 and now
always returns 0. The replacement is queue/stable_writes. (It is
also writeable, so we can simplify these test cases somewhat in the
future.)
Alfonso Martínez [Tue, 15 Dec 2020 08:28:46 +0000 (09:28 +0100)]
mgr/dashboard: CLI commands: read passwords from file
Fixes: https://tracker.ceph.com/issues/48355 Signed-off-by: Alfonso Martínez <almartin@redhat.com> Signed-off-by: Juan Miguel Olmo Martínez <jolmomar@redhat.com>
(cherry picked from commit 5d7ee7c1f0ad971fd0079f917e2b44cdef1d6f9f)
- Remove cephadm files and related code (does not apply to nautilus).
- Remove code related to non-existing functionality in nautilus.
- Adapt code to be py2 compatible.
- Resolve conflicts related to code divergence.
Tim Serong [Fri, 22 Nov 2019 09:25:19 +0000 (20:25 +1100)]
mgr/PyModule: correctly remove config options
Previously, incorrect parameters were being passed to "config rm",
causing it to do nothing. This commit also ensures the correct
error message is shown for both the set and remove failure cases.
I've also moved the update of the in-memory config map to *after*
the value is persisted, to ensure the config map actually reflects
what's stored.
Conflicts:
- src/pybind/mgr/dashboard/module.py
Limiting TLS version seems to work only with CherryPy >= 8.9.1 (Ubuntu 18.04 or SUSE Leap 15.1) based on tests in Teuthology. It failed on Ubuntu 16.04 (CherryPy 3.5.0) and RHEL 7.9 (CherryPy 3.2.2).
- qa/tasks/mgr/test_dashboard.py
Tests must be removed because they will not work in Teuthology because of outdated cherrypy versions on most platforms. Only Ubuntu 18.04 (and downstream SUSE Leap 15.1) will work, but it's not possible to limit QA runs to that specific platforms.
Volker Theile [Tue, 15 Dec 2020 09:40:48 +0000 (10:40 +0100)]
mgr/dashboard: Drop invalid RGW client instances, improve logging
* Log RGW settings for easier problem tracking.
* Drop RGW client instances that do not exist anymore. This happens when a RGW service is removed via the orchestrator. The Dashboard tries to access the RGW client using the previous settings which leads to an error which might be confusing. Without dropping the error message 'RGW REST API failed request ...' is displayed instead of the correct one 'No RGW found'. Dropping the RGW client instance will produce correct error messages the next time the backend tries to establish a new connection.
Igor Fedotov [Mon, 5 Oct 2020 14:49:12 +0000 (17:49 +0300)]
os/bluestore: fix segfault on out-of-bound offset provided to claim_free_to_right() call
Hybrid allocator might provide such an offset when final extent is marked as free by HybridAllocator::_add_to_tree().
Hence provides start+size point out to the end of the controled space.
Fixes: https://tracker.ceph.com/issues/47751 Signed-off-by: Igor Fedotov <ifedotov@suse.com>
(cherry picked from commit 0792382f4c51ec612d596efb13bf63fea92f3a2d)
Kotresh HR [Tue, 1 Dec 2020 10:44:17 +0000 (16:14 +0530)]
tasks/cephfs/test_volume_client: Add tests for authorize/deauthorize
1. Add testcase for authorizing auth_id which is not added by
ceph_volume_client
2. Add testcase to test 'allow_existing_id' option
3. Add testcase for deauthorizing auth_id which has got it's caps
updated out of band
Optionally allow authorizing auth-ids not created by ceph_volume_client
via the option 'allow_existing_id'. This can help existing deployers
of manila to disallow/allow authorization of pre-created auth IDs
via a manila driver config that sets 'allow_existing_id' to False/True.
Kotresh HR [Thu, 26 Nov 2020 09:18:16 +0000 (14:48 +0530)]
pybind/ceph_volume_client: Preserve existing caps while authorize/deauthorize auth-id
Authorize/Deauthorize used to overwrite the caps of auth-id which would
end up deleting existing caps. This patch fixes the same by retaining
the existing caps by appending or deleting the new caps as needed.
This patch disallow the ceph_volume_client to authorize the auth_id
which is not created by ceph_volume_client. Those auth_ids could be
created by other means for other use cases which should not be modified
by ceph_volume_client.
Fixes: https://tracker.ceph.com/issues/48555 Signed-off-by: Ramana Raja <rraja@redhat.com> Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 3a85d2d04028a323952a31d18cdbefb710be2e2b)
Neha Ojha [Thu, 3 Dec 2020 19:18:04 +0000 (19:18 +0000)]
messages/MMonCommand, MMonCommandAck: don't log values for "config set" and "config-key set"
This acts like a big hammer to avoid adding sensitive information, like passwords
into mon/mgr/cluster logs when using "config set" and "config-key set" to set keys
whose values should be secure.
Roman Penyaev [Tue, 30 Apr 2019 15:43:01 +0000 (17:43 +0200)]
global/global_init: do first transport connection after setuid()
uverbs kernel module forbids access to a file descriptor after credentials
change, that leads to -EACCESS on each following ibv_*() call.
Why it matters? Infiniband transport stops working after the following
syscalls:
o setuid()
o fork()
Originally the problem was described here [1] and here [2].
This patch targets only setuid() syscall and moves the first transport
initialization after setuid() has been done.
fork() is used to daemonize ceph services (when systemd is not used
for any reason) and probably the easiest way is to rip the whole lagacy
daemonization code out, so this patch does not target this problem.
we always return right after calling `usage()`, there is no need to
`exit(1)` in usage. and more importantly, we should not `exit(1)` if use
asks for `help` by using `ceph-conf <path> help`.
but this change prevents us from moving the
`mc_bootstrap.get_monmap_and_config()` call from `global_pre_init()` to
`global_init()`, as the call utilizes the transport layer. see
https://tracker.ceph.com/issues/39238.
so it'd better to avoid accessing a previously opened fd after
credentials change.
in this change,
* a default "log_to_file"="false" setting is passed to
`global_init()` to disable the logging subsystem from creating a log
file.
* use a lambda for initializing `cct`, so no need to have a copy of the
original args
* remove `apply_changes()` and `complain_about_parse_error()` calls,
as they are already taken care of by `global_init()`.
Or Friedmann [Sun, 8 Mar 2020 13:34:48 +0000 (15:34 +0200)]
rgw: Disable prefetch of entire head object when GET request with range header
Disable prefetch of entire head object when GET request with range header.
The current behavior for the RGW is getting the whole object although the client asked only for a small bytes offset.
For example: If the client asked for bytes=0-1, The RGW will anyway fetch 0-4194304
Fixes: https://tracker.ceph.com/issues/44508 Signed-off-by: Or Friedmann <ofriedma@redhat.com>
(cherry picked from commit 2be5af0006169cb54547034aa98b7eacb8751d59)
Kamoltat [Mon, 16 Nov 2020 08:52:12 +0000 (08:52 +0000)]
qa/mgr/test_progress: fix bug 48217
Fixes a failing test case regarding osd coming back
after being marked out. The old test case wasn't accounting
for a specific event, therefore this resulted in the failure.
The fix basically accounts for a specific event of osd being
marked in/out.
Nizamudeen A [Tue, 8 Dec 2020 14:35:28 +0000 (20:05 +0530)]
mgr/dashboard: Adding the alert bad certificate error to the ssl providers error
upstream tracked in https://github.com/cherrypy/cheroot/pull/348 Fixes: https://tracker.ceph.com/issues/48490 Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 4cbe89f4db8ed13b2be46f2563c9d9618b0cf52b)
rgw: in ordered bucket listing skip namespaced entries when possible
When listing non-namespaced entries in the bucket index, the code
would march through the namespaced entries in blocks, requesting all
of them from the CLS layer. When there were many namespaced entries,
it would significantly affect the performance of ordered listing.
This commit adds code to advance the marker passed to lower layers to
skip past namespaced entries. This is challenging in that
non-namespaced entries can appear in the middle of the namespaced
entries. We'll ignore the issue instance tags in names to simplify the
following discussion. Non-namespaced entries are indexed by
"name". Namespaced entries are indexed by _namespace_name, using
underscores to surround the namespace. The challenge comes with
entries such as "_name", where the name begins with an underscore. In
that case we index them by "__name", quoting the underscore with
another.
Now the extra challenge comes due to the lexic ordering of the
following:
ASP
_BAT_cat
__DOG
_eel_FOX
goat
Note that the namespaced entries are in positions 2 and 4, and the
non-namespaced entries are in positions 1, 3, and 5. So when skipping
past the namespaced entries, we have to be careful not to skip past
the non-namespaced entries that begin with underscore.
Igor Fedotov [Tue, 29 Sep 2020 17:37:33 +0000 (20:37 +0300)]
osd: adjust osd_delete_sleep_ssd[_hybrid]
1) Do not differentiate all-flash and hybrid(ssd+hdd) deployments since
they both bound to SSD drive backing DB volume.
2) Drop osd_delete_sleep_hybrid from 2s to 1s
3) Raise osd_delete_sleep_ssd to 1s since 0 is a way too low - having
it that low tend to cause a significant negative imact on OSD's regular
operation.
Igor Fedotov [Thu, 3 Dec 2020 19:08:43 +0000 (22:08 +0300)]
os/bluestore: fix inappropriate ENOSPC from avl/hybrid allocator
Under high fragmentation circumstances (in best-fit mode) these allocators might fail to
return continuous(longer than a single alloc unit) extents. Occurs when
requested size is longer than the maximum available extents and these
extents are unaligned with alloc unit. The latter results in the actual lengths of these extens are shorter
than the requested length and they do not match to the lookup. Which
finally causes no allocation at all.
Fixes: https://tracker.ceph.com/issues/47883 Signed-off-by: Igor Fedotov <ifedotov@suse.com>
(cherry picked from commit f927549d2d54e7464151d234377aa82bb753bca9)
Conflicts:
src/test/objectstore/Allocator_test.cc
Legacy gtest macros name
Xiubo Li [Thu, 12 Nov 2020 01:13:45 +0000 (09:13 +0800)]
client: do not use g_conf().get_val<>() in libcephfs
The g_conf() will try to dereference the "g_ceph_context" to get
the "_conf", but the "g_ceph_context" won't be set in none fuse
use case in libcephfs, so it will crash in when doing
g_conf().get_val<>.
Ken Dreyer [Thu, 3 Dec 2020 17:48:06 +0000 (10:48 -0700)]
mgr/prometheus: don't store exception as e
Python's logging module's exception() method will log the full exception
and stack trace for us, so we do not need to store the exception in the
"e" variable here.
Jason Dillaman [Fri, 11 Sep 2020 19:20:45 +0000 (15:20 -0400)]
librbd: ensure that thread pool lock is held when processing throttled IOs
There previously was a potential race for throttled IOs to complete prior
to the main worker thread finishing the processing of the blocked IO.
Fixes: https://tracker.ceph.com/issues/47371 Signed-off-by: Jason Dillaman <dillaman@redhat.com>
(cherry picked from commit 2d86e0935aa6f0c392df428676d9ab0a338fccae)
Conflicts:
src/test/librbd/io/test_mock_ImageRequestWQ.cc
- in Octopus, commit 792d6c53fedc695199cc18916347c1b545fe42c2 did a global
replace of Mutex to ceph::mutex, so to fix this for Nautilus, we just need to
do that in test_mock_ImageRequestWQ.cc since the get_pool_lock() method is
returning a Mutex instead of a ceph::mutex
Kevin Meijer [Sat, 14 Nov 2020 18:44:07 +0000 (19:44 +0100)]
mgr/dashboard: Disable sso without python3-saml
Removed the requirement for the python3-saml package when wanting to disable SSO for the dashboard, this is currently relevant since the official container that runs Ceph mgr does not have this package installed.
So when upgrading from an older, non-containerized version, you would be stuck using a non-functional dashboard.
This pull requests changes that and allows the ceph dashboard sso disable command without the requirement of the library so that we SSO can always be disabled again.
Fixes: https://tracker.ceph.com/issues/48237 Signed-off-by: Kevin Meijer <admin@kevinmeijer.nl>
(cherry picked from commit 0c18437d2c786ef1ade8b89e42dbf4b0e163aafe)