mgr/dashboard: fall back to server_cert

if root_ca is not found

Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 0a393ca9bde714524da369caaef1c097472f791c)

mgr/cephadm: create OrchSecretNotFound exception type

This exception type is made to handle the formatting
of errors where we try to find a cert/key in the
cert/key store and can't

Signed-off-by: Adam King <adking@redhat.com>

mgr/dashboard: use secure_channel for grpc requests

Store the certificates to config-key stores and then later on used by
dashboard to set-up the secure_channel for grpc nvmeof requests

By storing the certificates we can ensure that the dashboard nvmeof apis
will be configurable even if the deployments are not cephadm based

Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 0a393ca9bde714524da369caaef1c097472f791c)

mgr/cephadm: fix nvmeof conf unit test

This needed changes to reflect changes made
to the conf to not have the certs stored at a
relative path and the addition of the root ca
cert

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 91883b9efc396779dfb61494e9aa140251f22b54)

mgr/cephadm: add get cert/key commands

In order to be able to grab certs/keys stored
in the new CertKeyStore class

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 2dd0ce91a53a898b8b3635f8943cc2d0e39b4ec1)

mgr/cephadm: integrate nvmeof spec certs/keys into cert/key store

Now that we're taking actual certs/keys in the spec, they
should go into the cert/key store with the others

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 3b1ec5851902c6b672db2ea81ae7eebcb1002101)

python-common/service_spec: add root_ca_cert to nvmeof spec

Also improves the error messaging around when spec/key
attributes are missing when enable_auth is set to true

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 9212914be65fe3adde2108f5a2cfd2587d17c0ff)

mgr/cephadm: allow passing client/server cert/key in nvmeof spec

Before this patch the client/server cert/key fields were
just filepaths that told the nvmeof gw daemon where to look
for the cert/key. There's not much reason why users would
care where in the nvmeof gw container the cert goes. It's more
useful to use these fields as a way to pass the certs/keys
to the daemon and then just hardcode where in the container
we'll place the certs/keys

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit e9fca39092348e6c08022341116875e831c175f0)

Merge pull request #58454 from spdfnet/docs

doc/cephfs: fix typo

Merge pull request #57353 from Svelar/asan_shec

crush/builder: free 'crush_rule' before return

Reviewed-by: Pere Diaz Bou <pdiazbou@redhat.com>
Reviewed-by: Kefu Chai <tchaikov@gmail.com>

Merge pull request #55917 from Aequitosh/fix-ceph-crash-permissions

debian: recursively adjust permissions of /var/lib/ceph/crash

Reviewed-by: Pere Diaz Bou <pdiazbou@redhat.com>
Reviewed-by: Kefu Chai <tchaikov@gmail.com>

Merge pull request #58423 from pereman2/scrapper-replayer-argparse

test/allocsim: ops scrapper arg parsing

Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>

doc/cephfs: fix typo

blanacer -> balancer

Signed-off-by: spdfnet <32593931+spdfnet@users.noreply.github.com>

Merge pull request #58114 from rhcs-dashboard/add-configuration-page-rgw

mgr/dashboard: add a new configuration page in side nav bar  Object > Configuration

Reviewed-by: Ankush Behl <cloudbehl@gmail.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #57864 from afreen23/wip-nvmeof-gateways

mgr/dashboard: Introduce NVMe/TCP navigation

Reviewed-by: Ankush Behl <cloudbehl@gmail.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

mgr/dashboard: add a new configuration page in side nav bar  Object >
Configuration

Fixes: https://tracker.ceph.com/issues/66543
Signed-off-by: Aashish Sharma <aasharma@redhat.com>

Merge pull request #57828 from xxhdx1985126/wip-seastore-btree-better-ut-asserts

crimson/os/seastore/btree: improve lba pointer related UT checks

Reviewed-by: Yingxin Cheng <yingxin.cheng@intel.com>

Merge pull request #58356 from xxhdx1985126/wip-seastore-onode-name

crimson/os/seastore/onode: add hobject_t into Onode

Reviewed-by: Yingxin Cheng <yingxin.cheng@intel.com>

Merge pull request #58179 from cbodley/wip-rgw-assert-async

rgw: test that no asio threads are blocked on null_yield

Reviewed-by: Adam Emerson <aemerson@redhat.com>

Merge pull request #58288 from cbodley/wip-66705

rgw: fix multipart get part when count==1

Reviewed-by: Matt Benjamin <mbenjamin@redhat.com>
Reviewed-by: Daniel Gryniewicz <dang@redhat.com>

Merge pull request #56834 from galsalomon66/fix_error_message_flow

rgw/s3select : fix for error flow. add an option to disable s3select-request.

Reviewed-by: J. Eric Ivancich <ivancich@redhat.com>

Merge pull request #58199 from tchaikov/wip-python3.9

mgr: use un-deprecated APIs to initialize Python interpretor

Reviewed-by: Adam King <adking@redhat.com>

test/allocsim: ops scrapper arg parsing

```
fedora :: pere/scrapper-replayer/build 130 » ./bin/replayer -h
All options:

Options:
  -h [ --help ]                 produce help message
  -i arg (=input.txt)           Input file (output of op_scraper.py)
  --ceph-conf arg (=ceph.conf)  Path to ceph conf
  --io-depth arg (=64)          I/O depth
  --parser-threads arg (=16)    Number of parser threads
  --worker-threads arg (=16)    Number of I/O worker threads
  --pool arg (=test_pool)       Pool to use for I/O
```

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

mgr/dashboard: fix service form count bugs

Fixes https://tracker.ceph.com/issues/66608

- for services which do not have a count set default count to be null, otherwise the previous selected service's count is used which is wrong
- make count null when label is selected for placement

Signed-off-by: Afreen Misbah <afreen23.git@gmail.com>

mgr/dashboard: Introduce NVMe/TCP navigation

Fixes https://tracker.ceph.com/issues/66346

- adds NVMe/TCP tab under Block nav
- adds overview page for NVMe/TCP nav
- overview page lists gateways
- add default error page when no nvmeof service running
- added unit tests
- fixes service page e2e test

Signed-off-by: Afreen <afreen23.git@gmail.com>

Merge pull request #58427 from Matan-B/wip-matanb-seastar-string

seastar: fix makecheck error: missing 'typename'

Merge pull request #58414 from cbodley/wip-cmake-object-library-legacy-headers

cmake: more object libraries depend on legacy-option-headers

Reviewed-by: Kefu Chai <tchaikov@gmail.com>

Merge pull request #58428 from cbodley/wip-rm-boost-redis-again

submodule: remove the boost_redis submodule again

Reviewed-by: Adam Emerson <aemerson@redhat.com>

Merge pull request #58434 from cbodley/wip-42888

doc/rgw: update s3 authentication

Reviewed-by: Zac Dover <zac.dover@proton.me>

doc/rgw: update s3 authentication

authentication.rst described the steps to generate a v2 signature,
without reference to aws docs. replace that with sections that reference
aws docs for v2 and v4 signatures. list which values of the request
header x-amz-content-sha256 are supported for v4

Fixes: https://tracker.ceph.com/issues/42888
Signed-off-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #58429 from cbodley/wip-rgw-xxhash-debug

cmake: work around xxhash 'inlining failed' errors in debug builds

Reviewed-by: Matt Benjamin <mbenjamin@redhat.com>

Merge pull request #58368 from zdover23/wip-doc-2024-07-01-rados-config-mon-lookup-dns

doc/rados: document manually passing search domain

Reviewed-by: Lander Duncan <landerduncan@nyu.edu>
Reviewed-by: Cole Mitchell <cole.mitchell.ceph@gmail.com>

cmake: work around xxhash 'inlining failed' errors in debug builds

rgw enables the XXH_INLINE_ALL define, but this causes debug builds to
fail with errors like "inlining failed in call to ‘always_inline’"

for build types Debug and RelWithDebInfo, add extra define
XXH_NO_INLINE_HINTS to remove the always_inline hints causing this error

Signed-off-by: Casey Bodley <cbodley@redhat.com>

submodule: remove the boost_redis submodule again

b6d585645ca7d469fd9fe453ff37ca6bdb914d98 accidentally added back the
boost_redis submodule that was removed in 862246cdefc12acfbd2711c7677a252c59634c9d

Signed-off-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #58387 from rhcs-dashboard/rgw-sync-policy-crud-ops

mgr/dashboard: RGW sync policy crud operations

Reviewed-by: Ankush Behl <cloudbehl@gmail.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

seastar: fix makecheck error: missing 'typename'

update seastar submodule to wip-matanb-seastar-july4
Reverting https://github.com/scylladb/seastar/commit/8a3dc425dd9bff7a00ffa3345768e01b1a24825f

This revert is pushed to not block all other PRs that are failing make
check due to this.

Fixes: https://tracker.ceph.com/issues/66834
Signed-off-by: Matan Breizman <mbreizma@redhat.com>

Merge pull request #58408 from AliMasarweh/wip-alimasa-http-to-kafka

RGW|BN : change endpoint for http failing tests

Reviewed-by: yuvalif<ylifshit@redhat.com>

Merge pull request #57716 from rhcs-dashboard/add-rgw-multisite-wizard-api

mgr/dashboard: add api for rgw multisite replication wizard

Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #58395 from pereman2/scrapper-replayer

test/allocsim: osd op scraper replayer

Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>

mgr/dashboard: RGW sync policy crud operations

sync group crud ops added

Fixes: https://tracker.ceph.com/issues/66798
Signed-off-by: Naman Munet <nmunet@redhat.com>

RGW|BN : change endpoint for http failing tests

Signed-off-by: Ali Masarwa <amasarwa@redhat.com>

Merge pull request #58344 from guits/fix-log-errors

qa: fix log errors for cephadm tests

Merge pull request #55076 from linuxbox2/wip-rgw-cksum

rgw: implement S3 additional checksum support

cmake: use BLAKE3's cmake

Added EXCLUDE_FROM_ALL to prevent gristing files in
the subdir.

Signed-off-by: Casey Bodley <cbodley@redhat.com>
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: introduce attribute caching in RadosMultipartUpload

Allow MultipartUpload::complete() to have previously called
Upload::get_info() without an additional round-trip to fetch
attributes.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: address review comments

* remove rgw_cksum_pipe state enum, not needed [Casey review]
* remove a format that just took a single string substitution
  and passed it to an iostream [Casey review]
* use boost::to_upper* [Casey review]
* remove unused RGW_ATTR_CKSUM_ALGORITHM decl [Casey review]
* negate error code values in two places [Casey review]
* split cksum digests from base type decls
* resolve comment when checksum requested but not available
* remove redundant memset
* remove junk from rgw_blake3_digest.h
* s/ldpp_dout + fmt::format/ldpp_dout_fmt/g;
* fix conditional return of parts_count
      from RGWRados::Object::prepare().  A value for parts_count should
      be returned iff a *multipart* object manifest exists.
* remove /tmp output test
* finish moving ceph_crypto headers out of rgw_cksum.h
* consume the optional in multipart_parts_count
* target_attrs can be a reference (but not const)

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: implement POST upload checksums

* properly transform pseudo headers in PostObj
* enable cksum verify in PostObj
* match checksum headers in match_policy_vars
* fixup add POST headers to environment

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: fix ReadOp comment

parts_count now returns a value for parts_count whenever the
target object is a multipart upload.  this has no additional
overhead, since this can be read off the manifest

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

return parts_count from read_op::prepare whenever applicable

* fix to deal with parts_count == 1 asymmetry

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: upload->get_info() fails when !cksum (why?)

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: multipart upload checksums

includes commits:

* fixes init-multipart header return
* introduce checksum to SAL MultipartPart interface
* thread optional checksum through DataProcessor
* code complete multipart checksum verify
* fix formatter
* fix ckecksum format for multipart objects in GET/HEAD ops
* always return parts_count from ReadOp::prepare() if applicable
      This behavior is used when returning the checksum of a multipart
      upload object.
* tweak conditional multipart_parts_count
* add checksum output to ListMultipart
* fix nil-return from GetHeaderCksumResult
* re-arm truncated if re-entering list-parts
* complete-multipart w/list-parts
* validate supplied checksum in CompleteMultipart
* verify checksum type against initial checksum algorithm
* rgw_op: suppress more x-amz headers
* final fixes and cleanups
* remove unused t0

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw_cksum: test round-trip constructor (armored)

I.e., prove cksum == Cksum(cksum.to_armor().c_str())

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

* forward pipe continuation in RGWPutObj_Cksum::process()

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

rgw: add checksum and digest machinery

Adds new Blake3 digest format (native), a concrete type to
represent digests, and static_visitor machinery to unify varying
checksum computations.

This framework, together with new trailing checksum header support,
is used to implement S3 additional checksum verification.  Parts of
the AWS content checksum API work build on a prior contribution from
imtzw <tongzhiwei_yewu@cmss.chinamobile.com>.
Thank you!

Fixes: https://tracker.ceph.com/issues/42080
Fixes: https://tracker.ceph.com/issues/63951
squashed commits:
* rgw_cksum: add trival test vectors for sha-format digests
      Computed digests match those produced by sha1sum, sha256sum,
      and sha512sum utilities.
* rgw_cksum: add test vectors for blake3
      Tests the same input strings with digests validated by
      b3sum (https://crates.io/crates/b3sum).
* rgw_ckum: switch to accel crc32c
      The internal Ceph convention appears to be to omit a final
      xor where ceph_crc32c is used, but it's required for compatibility
      with AWS implementations.
* rgw_cksum: add XXH3 digest
* rgw_cksum: write class encoder for rgw::digest::Cksum
* rgw_cksum: also reverse crc32c (REBASEME)
      Mark noticed that the crc32c output was being tested against a
      byteswapped value (crc32c also needs byteswap on LE).
* rgw_cksum: add digest::Cksum serde tests
* rgw_cksum: fix main(...) linkage
      (so we run our main unit and not the one in gmock
* rgw_cksum: convenience extensions for integration with RGW/S3
* introduce rgw_cksum unique_ptr factory
* rgw_cksum: mark string transform accessors const
* rgw_cksum: fixup unittest_rgw_chksum compilation--all existing tests pass
* rgw_cksum: hook up put-object checksum workflow
* tweaks to report on content checksum mismatch
* rgw_cksum: match SDK as well as general checksum header
* make it more efficient
* initialize RGWPutObj_Cksum::digest
* rgw_cksum:  write parse_cksum_type w/const char* arg
* initialize _type correctly; doing armored wrong
* fix expected checksum header name, clean up verify
* fix output on checksum verify fail, cleanup
* introduce Cksum::to_armor();  all AWS cases pass
* oops, extra 0-byte at end of to_armor() result
* use to_armor() with decoded checksums (i.e., for all S3 presentation)
* remove unnecessary finalize() in RGWPutObj_Cksum dtor
* RGWPutObj_Cksum::Factory fixes
* fixes test_object_checksum_sha256
* choose preferred checksum algorithm header if both are present
* log verified checksums in RGWPutObj::execute at 16
* checksum not needed in policy condition
* fix checksum trailing header format
* move Blake3 to rgw_digest_blake3.h

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

common/rgw: add BLAKE3 submodule

Fast, cryptographic hash functions suitable for block checksums.
BLAKE3 is the faster, more portable successor to Blake2(b,s),
now with 4x throughput.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

common: update xxHash submodule to v082

Among other things, provides XXH128 and XXH3.  Includes
compile fixes for gcc-13.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>

cmake/erasure-code/jerasure: jerasure_utils depends on legacy-option-headers

Signed-off-by: Casey Bodley <cbodley@redhat.com>

cmake/test/objectstore: remove ObjectStoreImitator object library

just compile it as a source file in ceph_test_fragmentation_sim

Signed-off-by: Casey Bodley <cbodley@redhat.com>

cmake/test/objectstore: store_test_fixture depends on legacy-option-headers

Signed-off-by: Casey Bodley <cbodley@redhat.com>

cmake/mgr: mgr_cap_obj depends on legacy-option-headers

Signed-off-by: Casey Bodley <cbodley@redhat.com>

cmake/compressor: QatAccel depends on legacy-option-headers

Signed-off-by: Casey Bodley <cbodley@redhat.com>

cmake/crush: crush_objs depends on legacy-option-headers

Signed-off-by: Casey Bodley <cbodley@redhat.com>

doc/rados: document manually passing search domain

Document how to manually pass the search domain to "mon_dns_srv_name" in
doc/rados/configuration/mon-lookup-dns.rst.

This commit is made in response to a request by Lander Duncan that was made on the [ceph-users] mailing list, and can be seen here: https://lists.ceph.io/hyperkitty/list/ceph-users@ceph.io/thread/F7V4CWLIYCAJ4JXI2JLNY6QPCFPR4SLA/

Co-authored-by: Anthony D'Atri <anthony.datri@gmail.com>
Signed-off-by: Zac Dover <zac.dover@proton.me>

Merge pull request #58407 from nbalacha/wip-nbalacha-rbd-qa-fixes

qa/workunits/rbd: minor rbd_mirror_helpers.sh fixes

Reviewed-by: Ilya Dryomov <idryomov@gmail.com>

Merge pull request #58403 from ivancich/wip-fix-bucket-sync-thread

rgw: fix bucket sync thread waiting inordinate amount of time

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #58378 from YaZasnyal/fix/discard_buffer_size

rgw: DoS when QuotaExceeded

Reviewed-by: Casey Bodley <cbodley@redhat.com>

qa: fix log errors for cephadm tests

This fixes a lot of errors induced by the log scrapper check.

Fixes: https://tracker.ceph.com/issues/66751
Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com>

Merge pull request #58119 from Suyashd999/fix-uam8

rgw_user: 'keys' is in undefined state after being moved.

Reviewed-by: Yuval Lifshitz <ylifshit@ibm.com>
Reviewed-by: Ronen Friedman <rfriedma@redhat.com>

Merge pull request #58339 from clwluvw/s3website-no-host

rgw: use s3website REST when higher priority and no host header

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #58399 from cbodley/wip-rgw-deshard-encoding

cls/rgw: bump cls_rgw_reshard_entry decode version to match encode

Reviewed-by: Adam Emerson <aemerson@redhat.com>

Merge pull request #57060 from awojno-bloomberg/wip-awojno-status-header

rgw: implement x-amz-replication-status for PENDING & COMPLETED

Reviewed-by: Shilpa Jagannath <smanjara@redhat.com>
Reviewed-by: Casey Bodley <cbodley@redhat.com>

test/allocsim: trim bufferlist before sending

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

test/allocsim: worker threads, op hashed by client

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

qa/workunits/rbd: minor fixes

Corrected paths and added missing spaces.

Signed-off-by: N Balachandran <nibalach@redhat.com>

test/allocsim: mmap threaded parser

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

test/allocsim: comment running op cout

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

test/allocsim: comment parssing cout

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

test/allocsim: truncate,zero,writefull replay operations

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

rgw: RGWCoroutinesManager warns about blocking

Signed-off-by: Casey Bodley <cbodley@redhat.com>

rgw/rados: RGWReshardWait warns about blocking

Signed-off-by: Casey Bodley <cbodley@redhat.com>

rgw: config option rgw_asio_assert_yielding

enable this to assert on blocking calls that should be asynchronous
instead of just logging a warning message

Signed-off-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #57985 from thotz/add-storage-adminops-api

rgw/adminops: add option to provide storageclass adminops user apis

Reviewed-by: Matt Benjamin <mbenjamin@redhat.com>

Merge pull request #57858 from adamemerson/wip-66340

rgw/multisite: Fix use-after-move in retry logic in logbacking

Reviewed-by: Yuval Lifshitz <ylifshit@ibm.com>
Reviewed-by: Suyash Dongre <suyashd999@gmail.com>

rgw: fix bucket sync thread waiting inordinate amount of time

A signed value was read in as an unsigned value, so -1 was interpreted
as a very large value. This made the thread wait period in the bucket
sync thread inordinately long, preventing bucket sync and dynamic
resharding (unless values appropriate for debugging were set).

Signed-off-by: J. Eric Ivancich <ivancich@redhat.com>

Merge pull request #58388 from sseshasa/wip-fix-perf-basic-failure

qa/tasks: Initialize 'monitoring_profiles' spec to an empty dict

Reviewed-by: Neha Ojha <nojha@redhat.com>

Merge PR #58375 into main

* refs/pull/58375/head:
qa/crontab: convert fs main run to monthly at higher priority

Reviewed-by: Venky Shankar <vshankar@redhat.com>

rgw/kms: RGWKMIPTransceiver warns about blocking

Signed-off-by: Casey Bodley <cbodley@redhat.com>

rgw/pubsub: Waiter warns about blocking

Signed-off-by: Casey Bodley <cbodley@redhat.com>

rgw: split is_asio_thread warnings into separate file/function

Signed-off-by: Casey Bodley <cbodley@redhat.com>

rgw: pass DoutPrefixProvider into RGWHTTPClient

Signed-off-by: Casey Bodley <cbodley@redhat.com>

cls/rgw: bump cls_rgw_reshard_entry decode version to match encode

9302fbb3f5416871c1978af5d45f3bf568c2c190 bumped the version in
ENCODE_START() but missed DECODE_START(). i don't think that would cause
any decode failures, unless we later raise ENCODE_START's compat_v above
2

Signed-off-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #58081 from sajibreadd/wip-65861

notifications: report an error when persistent queue deletion failed

Reviewed-by: Yuval Lifshitz <ylifshit@ibm.com>

Merge pull request #57537 from kchheda3/wip_fix_notification_caching

rgw/notification: Fix the caching issues of notification brokers, where the cache was not invalidated if topic attributes were changed

Reviewed-by: Yuval Lifshitz <ylifshit@ibm.com>

test/allocsim: osd op scraper replayer

For now this is a simple single threaded replayer with a 64 iodepth
where we load all ops from a file and try to push them in order as soon
as we can.

Signed-off-by: Pere Diaz Bou <pere-altea@hotmail.com>

qa/tasks: Initialize 'monitoring_profiles' spec to an empty dict

Initialize 'monitoring_profiles' to an empty python dictionary instead of
'None' to prevent the cbt task from failing due to the TypeError exception
when attempting to iterate a 'NoneType'.

The bug was introduced as part of https://github.com/ceph/ceph/pull/51438
and commit e174c6e2cf6c90bd130320eb1f251b62d4b4d6c2.

Signed-off-by: Sridhar Seshasayee <sseshasa@redhat.com>
Fixes: https://tracker.ceph.com/issues/66799

Merge pull request #55564 from adk3798/cephadm-cert-store

mgr/cephadm: Add Cert/Key Store

Reviewed-by: Redouane Kachach <rkachach@ibm.com>

Merge pull request #58092 from zdover23/wip-doc-2024-06-18-start-os-recs

doc/start: remove mention of Centos 8 support

Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: Dan Mick <dan.mick@redhat.com>
Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>
Reviewed-by: Ken Dreyer <kdreyer@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>

Merge pull request #58230 from rkachach/fix_secure_monitoring_check

mgr/cephadm: redeploy when some dependency daemon is add/removed

Reviewed-by: Adam King <adking@redhat.com>

Merge pull request #58154 from tengjie5/tmp3

mgr: excute cmd 'ceph orch apply osd' returned without error info

Reviewed-by: Adam King <adking@redhat.com>

Merge pull request #57975 from dvanders/dvanders_ipv4

cephadm: disable ms_bind_ipv4 if we will enable ms_bind_ipv6

Reviewed-by: Adam King <adking@redhat.com>