Adds subvolume groups into the subvolume tabs in order to select the subvolumes from the appropiate group.
Also adds the capabilities to manage the subvolume groups of the subvolume in the different actions, create, edit, remove.
Fixes: https://tracker.ceph.com/issues/62675 Signed-off-by: Pedro Gonzalez Gomez <pegonzal@redhat.com>
(cherry picked from commit 041bc0c362bf4109416ecc12bc44aa7496ebb9d1)
Nizamudeen A [Wed, 30 Aug 2023 05:20:30 +0000 (10:50 +0530)]
mgr/dashboard: remove green tick on old password field
a green tick is showing to the field where we enter the old password in
login password change form. It starts showing green tick as soon as we
start typing on it. Removing that because its misleads the user.
Change the sentence structure of a sentence because the verb
"experience" looked like the abstract noun "experience" when I read it
with fresh eyes. I chose the perhaps TESOL-unfriendly verb "incur", but
I believe it is right.
doc/man: remove docs about support for unix domain sockets
doc/man: support for unix domain sockets is not implemented, hence we
removed documentation about it.
(Note: the changes in this commit were the work of Rok Jaklič in
https://github.com/ceph/ceph/pull/48537. This pull request has been
raised because that pull request was for some mysterious reason causing
merge conflicts that were never resolved.)
Co-authored-by: Rok Jaklič rjaklic@gmail.com Signed-off-by: Zac Dover <zac.dover@proton.me>
(cherry picked from commit fa40b7ef560fc60a107dad1604650e0bcf27e77e)
This makes ceph-volume report partitions in inventory.
A partition is a valid device for `ceph-volume lvm prepare`
so we should report them in inventory (when using `--list-all`
parameter).
This functions works for what it is supposed to do:
check if a device is busy.
That being said, this induces a race condition in `get_devices()`
Indeed, it does:
1/ `os.open()` with `(os.O_RDWR | os.O_EXCL)`
2/ `os.close()`
The second call has an effect: it triggers a udev event which causes
systemd-udevd to re-process the device. This seems to be a question of
millisecond but because of this, /sys (sysfs) isn't fully populated as
expected. Given that get_devices() collects a lot of details from sysfs
in a loop, some of these details can be missed.
ceph-volume overall doesn't make decisions based on `is_locked_raw_device()`
This detail is used only for reporting (inventory).
For this reason, dropping this function seems reasonnable.
As a compromise, we can check if the device has partitions and/or a FileSystem
on it.
This adds a new config option 'inventory_list_all' so one can make
the command `ceph orch device ls` report lvm devices too as they are
valid devices that can be used to be prepared as OSDs.
tgfree [Fri, 3 Mar 2023 03:17:59 +0000 (11:17 +0800)]
doc/radosgw: multisite - edit "migrating a single-site"
Add the import step of the section "Migrating a Single-Site Deployment to Multi-Site"
in doc/radosgw/multisite.rst. The field "name" and "api_name" should be matched.
John Mulligan [Wed, 24 May 2023 17:42:26 +0000 (13:42 -0400)]
doc: make instructions to get an updated cephadm common
As discussed in person and over the ceph orch weekly, we want all users
to use a recent supported version of cephadm. Previously, the
instructions only had those downloading cephadm with curl using the
"add-repo" and "install" commands to get a up-to-date cephadm build.
According to ADK we've seen cases of users get "old" distro packages
in the past. Change the instructions so that the "update cephadm" steps
are common after acquiring a "bootstrap copy" of cephadm.
Starting with reef, cephadm is a compiled (zipapp) python application.
The cephadm script has been renamed and thus the old curl-based
download instructions will no loner work. While cephadm still has
no dependencies outside the Python stdlib, this will be changed in
future versions so it is no longer appropriate to just download the
source file of cephadm and run it either.
This change updates the `Install cephadm` section of the doc to explain
how to acquire a "compiled" version of cephadm as well as:
* moving and tweaking the note that the two installation methods are
distinct
* adding a new note linking to instructions on building cephadm
* moving the distribution-specific installations before the curl-based
installation to subtly hint that we prefer you to get it using
packages if you can
* Noting cephadm's minimal required python verision and how to run it
with a particular python version.
Adam King [Tue, 1 Aug 2023 21:43:36 +0000 (17:43 -0400)]
mgr/cephadm: filter hosts that can't support VIP for ingress
Keepalive daemons need the host to have an interface
on which they can set up their VIP. If a host
does not have any interface that can work, we should
filter it out
Adam King [Tue, 1 Aug 2023 20:32:06 +0000 (16:32 -0400)]
mgr/cephadm: select IPs/interface based on VIP for keepalive conf
We need to make sure the keepalive conf sets
the unicast src and peer IPs to be the ones
in the same subnet as the VIP we're setting up,
as well as specify the correct interface. Otherwise,
the keepalive daemons don't speak to each other
properly and all end up going into MASTER state.
Luis Domingues [Tue, 20 Jun 2023 07:07:57 +0000 (09:07 +0200)]
cephadm: Add parameter to set keepalived's virtual router id
When deploying more than 1 ingress, two instances of keepalived
can be generated with the same virtual_router_id. This commit
adds posibility to change the virtual_router_id of keepalived
from the spec file.
Luis Domingues [Tue, 13 Jun 2023 07:59:35 +0000 (09:59 +0200)]
cephadm: Split multicast interface and unicast_ip in keepalived.conf
When deploying keepalived, cephadm set interface and unicast_src_ip
in keepalived.conf. However, having both options are set, but
if unicast_src_ip is not in the interface set by 'interface',
the instrances of keepalived will not properly commuicate.
This commit makes both options exclusive, and add an option to set
either one or the other. Default is set to 'interface', as it seems
multicast is the default way to deploy keepalived.
Adam King [Wed, 23 Aug 2023 21:24:13 +0000 (17:24 -0400)]
cephadm: fixups for unit tests
These fixes really should be part of the commits
that brought in/changed the tests, but it's
difficult to find the exact commits as part of
this batch backport so I'm doing these minor fixups
in their own commit
John Mulligan [Wed, 12 Jul 2023 14:18:49 +0000 (10:18 -0400)]
pybind/mgr/cephadm: extend haproxy protocol test case
Extend that haproxy protocol test case so that for host1 we exercise the
new logic for gathering known-good IPs for the host and add those to
the ganesha config.
John Mulligan [Tue, 11 Jul 2023 21:07:25 +0000 (17:07 -0400)]
pybind/mgr/cephadm: add all known good IPs for hosts to haproxy list
Fixes: https://tracker.ceph.com/issues/61852
It was discovered that when the primary IP address of hosts managed by
cephadm are not all on the same subnet, then there's a chance that
ganesha will reject haproxy protocol connections.
Expand the list to all valid addresses for the hosts under management
such that we will not reject proxy protocol messages from the hosts
under cephadm management. This method was chosen over more sophisticated
possible approaches because we do not want to complicate the workflow
for the people setting up haxproxy+ganesha and do not want to miss any
possible subtle edge cases by trying to come up with the "perfect" list
of addresses.
John Mulligan [Tue, 11 Jul 2023 20:29:44 +0000 (16:29 -0400)]
pybind/mgr/cephadm: move haproxy client addrs to func
Move the list comprehension that gets the list of IP addresses for the
haproxy_hosts list to a separate function. This is in preparation for
making the logic more complex in a later commit.
Adam King [Fri, 18 Aug 2023 16:32:38 +0000 (12:32 -0400)]
cephadm: have attempt_bind raise up OSErrors
Before it was always converting the OSError to
our self-defined "Error" class. This causes an issue
with the port_in_use function that has special handling
for OSError when the errno is EADDRNOTAVAIL or
EAFNOSUPPORT. Since the error being raised was no
longer an OSError it wasn't being caught and checked
properly in port_in_use.
This has the additional property of being necessary
to check port availability for haproxy on its VIP. If
we fail deployment when EADDRNOTAVAIL is raised, it becomes
difficult to deploy the ingress service. If we deploy
haproxy first it fails because the VIP isn't available
yet (since keepalive isn't up) and it fails saying the port
it wants to bind to is unavailable (specifically EADDRNOTAVAIL).
If we try to deploy keepalive first it fails because it
needs to know the location of the haproxy daemons in
order to build its config file. This has worked in the past
by just having the haproxy fail to bind at first and then
fix itself once the keepalive daemon is deployed. That
no longer works if the haproxy daemon fails to deploy
because cephadm is reporting the port it needs is
unavailable. Since EADDRNOTAVAIL when deploying
haproxy likely means the VIP is not up rather than
something else is taking up the port it needs, fixing
the handling of this allows ingress deployment to
work while also allowing multiple haproxy daemons
on the same host to use the same frontend port
bound to different VIPs.
Adam King [Fri, 11 Aug 2023 18:00:31 +0000 (14:00 -0400)]
mgr/cephadm: only check haproxy frontend_port conflicts on VIP
If we know what IP the frontend_port will be binding
to, we can pass that down through the port_ips mapping
so cephadm will only check if that port on that specific
VIP if in use. This allows multiple haproxy daemons
to be bound to the same port on different VIPs on the
same host.
Note that you still must use a different monitor port
for the two different ingress services as that port
is bound to on the actual IP of the host. Only the
frontend port can be the same for haproxies on the
same host as long as the VIP is different.
Adam King [Fri, 11 Aug 2023 17:35:10 +0000 (13:35 -0400)]
cephadm: support for specifying IP a port will be bound to on
This is mostly for checking for port conflicts.
Currently, we just check if the port is bound to
on any IP on the host. This mechanism should allow
certain daemon types to specify a port -> IP mapping
that will be passed to the cephadm binary. That
mapping will then be used by cephadm to only
check for the port being bound to on that specific
IP rather than any IP on the host. The end result
is we could have daemons bound to the same
port on different IPs on the same node.
It's expected that daemon types will set this
up as part of their prepare_create or generate_config
functions where they may have more info about the
specific IPs and ports they need.
John Mulligan [Tue, 21 Mar 2023 19:40:17 +0000 (15:40 -0400)]
mgr/cephadm: add test explicitly validating proxy protocol
Adds a test case that specifically ensures that the proper values
appear in the configuration files for both nfs and haproxy when
the proxy protocol is enabled.
John Mulligan [Tue, 21 Mar 2023 15:42:25 +0000 (11:42 -0400)]
mgr/cephadm: minor reorganizing of nfs service test
This change makes some formatting and organizational changes to one of
the nfs + ingress test cases. This is in preparation for a future change
that will parametrize this function allowing it to test haproxy config
when proxy protocol is enabled and when not.
John Mulligan [Tue, 21 Mar 2023 15:42:25 +0000 (11:42 -0400)]
mgr/nfs: add support for selecting between haproxy ingress modes
When the haproxy-standard mode is selected, the haproxy ingress will
behave as in previous versions of ceph. When the haproxy-protocol mode
is selected, we need to enable protocol support on the ingress service
and nfs service.
While were at it, make a few organization tweaks to improve readability.
Fixes: https://tracker.ceph.com/issues/58933 Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 322c109f6bd6fa9c4449b4f938d907e1bc75629d)
John Mulligan [Tue, 21 Mar 2023 15:42:25 +0000 (11:42 -0400)]
mgr/cephadm: add enable_haproxy_protocol to ingress and nfs service specs
Add a new boolean field, enable_haproxy_protocol, to both the ingress
service spec and the nfs service spec. The ingress service spec needs
the field to tell haproxy to enable proxy protocol (v2) support.
The nfs service spec needs the field to allow the nfs server to accept
proxy protocol messages.
John Mulligan [Tue, 21 Mar 2023 15:42:25 +0000 (11:42 -0400)]
mgr/cephadm: add optional HAProxy_Hosts field to ganesha conf template
When NFS-Ganesha is used behind a HAProxy with proxy protocol support
enabled ganesha requires that HAProxy_Hosts is set to a list of hosts
that are permitted to use the proxy protocol. This change adds support
for specifying HAProxy_Hosts in the ganesha configuration file template.
John Mulligan [Tue, 21 Mar 2023 15:42:25 +0000 (11:42 -0400)]
mgr/cephadm: add support for default server options to template
Add support for default server-options within the haproxy backend
section. This change will later be used to enable haproxy proxy protocol
(v2) support.
Adam King [Wed, 2 Aug 2023 19:53:10 +0000 (15:53 -0400)]
mgr/cephadm: rename "igw_id" to "nvmeof_gw_id"
"igw_id" was leftover from the nvmeof implementation
being taken heavily from the iscsi implementation. "igw"
means nothing in this context, so we can change the name.
Adam King [Fri, 28 Jul 2023 20:59:42 +0000 (16:59 -0400)]
mgr/cephadm: make nvme-of auth keyring more restricted
Rather than giving full admin privileges,
try to be a bit more strict by limiting it
to profile rbd mon caps and full OSD
privileges for rbd tagged pools. I also wanted
to include an OSD cap like
allow all pool="*" object_prefix "nvmeof.state"
but this caused a failure in the nvme-of daemon
RADOS permission error (Failed to operate write op for oid nvmeof.None.state)
Adam King [Fri, 28 Jul 2023 17:24:06 +0000 (13:24 -0400)]
mgr/cephadm: still remove daemons in error state if ok-to-stop fails
The ok-to-stop function works for certain daemons
by checking if there are at least a certain number
(typically 1) daemon(s) that are actually running
and saying it's not ok-to-stop if if that won't
be true after the removals. This case breaks down
when all the daemons are in error state, making
it so cephadm will refuse to remove a set of
daemons that aren't even working because they're
not "ok to stop". Since ok-to-stop works in a
yes or no fashion, something like this where we
want to be willing to remove a certain subset
(or potentially all currently deployed) daemons
it's easier to keep this logic as part of applying
the service
Adam King [Thu, 27 Jul 2023 19:47:51 +0000 (15:47 -0400)]
cephadm: mount keyring deployed for nvmeof daemon
Before, we were just using the client.admin keyring
as a temporary workaround while we figured out
how to get the keyring to work. We should swap
over to using the keyring we actually generated
for the nvmeof daemon.
Adam King [Thu, 27 Jul 2023 19:44:47 +0000 (15:44 -0400)]
mgr/cephadm: add rados_id to nvmeof conf
This is going to be used as the rados_id
to be set when connecting to the cluster using
the keyring we generate for the nvmeof daemon.
The python librados library defaults the name
to "client.admin" and so if we don't provide
a name or rados_id, we'll only be able to
use nvmeof with the "client.admin" keyring
John Mulligan [Mon, 26 Jun 2023 16:08:34 +0000 (12:08 -0400)]
docs/cephadm: document new extra_{container,entrypoint}_args behavior
Document the new behaviors of extra_container_args and
extra_entrypoint_args. Document that current (previous in code terms)
behavior of splitting strings on spaces and document the recently added
support for ArgumentSpec objects and how they are used.
John Mulligan [Mon, 29 May 2023 20:52:31 +0000 (16:52 -0400)]
mgr/cephadm: rework how _process_ls_output builds a DaemonDescription
Previously, the _process_ls_output function would create an
DaemonDescription and then assign values to attributes one-by-one. This
prevents the class from doing any data type/value conversions unless we
resort to more complex approaches like descriptors or `__setattr__` for
example. Update the _process_ls_output function to build a
DaemonDescription using keyword args so that we have the opportunity
later to convert data passed to it in `__init__`.
John Mulligan [Wed, 17 May 2023 17:50:19 +0000 (13:50 -0400)]
python-common: replace types for extra_*_args with ArgSpec based types
Use the ArgSpec, ArgumentList, and GeneralArgList types throughout
the deployment module to support extra_container_args and
extra_entrypoint_args. The GeneralArgList type supports all possible
input forms while ArgumentList reflects the internal representation
of the argument lists.
projects / ceph.git / log