cephadm: use release/autobuild .asc instead of .gpg for repo_gpgkey
release.gpg no longer exists at download.ceph.com/keys/ (moved to
/keys/old/, last updated 2020-08-21). Only release.asc is current and
maintained. autobuild.gpg still resolves but is inconsistent with this
and could rot the same way.
repo_gpgkey() now returns the .asc URLs for both release and autobuild
keys. rpm --import and apt accept ASCII-armored keys directly, so no
other code changes are needed.
Fixes 404s seen in qa/workunits/cephadm/test_repos.sh and reported by
users running cephadm add-repo on current distros.
Patrick Donnelly [Sun, 12 Jul 2026 16:55:19 +0000 (12:55 -0400)]
releng-audit: clear state labels and set pending status on comment triggers
When /audit retest or /audit test-branch is invoked via an issue_comment event, GitHub Actions does not natively bind the execution to the PR's HEAD commit SHA. As a result, the check widget on the PR conversation tab remains in its previous state (often showing as failed), and any lingering releng-audit-fail or releng-audit-pass labels remain attached.
This introduces a triggerAuditRun helper function to the workflow router that:
- Removes any existing releng-audit-fail or releng-audit-pass labels from the pull request to reset the label state machine and prevent subsequent synchronize events from halting prematurely.
- Explicitly creates a pending commit status on the PR's HEAD SHA via the GitHub REST API, ensuring visual consistency and feedback inside the PR UI while manual or test-branch audits execute in the background.
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
Patrick Donnelly [Sat, 11 Jul 2026 19:19:16 +0000 (15:19 -0400)]
.github/workflows/releng-audit: support testing via alternate branch
Allow authorized maintainers and release managers to test audit workflow
changes on a pull request using an alternate repository branch.
When a user comments `/audit test-branch [branch-name]` on a PR:
* Verify user authorization and confirm the target branch exists via the
GitHub API (defaulting to `testing/releng-audit` if unspecified).
* If valid, activate audit execution and set the `checkout_ref` output
to dynamically override the repository checkout target.
* If the branch does not exist or the user lacks permissions, fail the
job cleanly and leave an explanatory comment.
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
David Galloway [Fri, 10 Jul 2026 20:12:01 +0000 (16:12 -0400)]
script/buildcontainer-setup: fix package install on debian trixie
Debian removed software-properties-common from the archive in trixie,
so the flat apt-get install list fails there. The package was only
needed to provide add-apt-repository for llvm.sh, which installs
clang-19 from apt.llvm.org. Trixie ships clang-19 natively, so install
it from the distro instead; run-make.sh's prepare() then finds clang-19
and skips llvm.sh entirely. Ubuntu and older Debian releases still have
software-properties-common and keep the previous behavior.
Fixes: https://tracker.ceph.com/issues/78111 Signed-off-by: David Galloway <david.galloway@ibm.com>
Nizamudeen A [Thu, 9 Jul 2026 07:52:58 +0000 (13:22 +0530)]
mgr/dashboard: fix html lint errors according to new rules
mostly accessibility issues like
- A label component must be associated with a form element
Fixed by adding `for` to labels and sometimes replacing label with
legend
- Elements with interaction handlers must be focusable
- click must be accompanied by either keyup, keydown or keypress event for accessibility
- <button> should have content
Fixes: https://tracker.ceph.com/issues/77112 Signed-off-by: Nizamudeen A <nia@redhat.com>
Translate sqlite3.DatabaseError into a generic StoreUnavailable in
sqlite_store.py and handle it in cli.py and module.py instead of
letting it surface as an unhandled exception
mgr/cephadm: suppress CEPHADM_FAILED_DAEMON for services being removed
When a service is deleted, a daemon belonging to it may transiently
enter a failed state before orphan cleanup removes it. This happens
when there is a race between dependency-changed REDEPLOY and a
service removal going on paralelly.
Skip daemons in update_failed_daemon_health_check whose service is
already in spec_deleted.
Nizamudeen A [Fri, 10 Jul 2026 05:42:58 +0000 (11:12 +0530)]
.github: fix check-license permission issue
RCA done by copilot inside the github actions
Root cause: the workflow is passing the default token to a third‑party action that calls PR/diff APIs, and in this run that token doesn’t have the required permission scope for that request.
From the failing job log:
There seems to be an error in an API request
This is usually due to using a GitHub token without the adequate scope
From the job definition (.github/workflows/check-license.yml):
It uses JJ/github-pr-contains-action
Token passed is ${{ github.token }}
Fix
Grant explicit read permissions needed for pull request metadata/content in this workflow (or job), so the token has consistent scope when the action fetches diff data.
Why this solves it
The action needs to read PR diff data. Explicitly setting pull-requests: read (and contents: read) prevents under-scoped default token behavior that triggers the API failure.
John Mulligan [Thu, 9 Jul 2026 20:12:11 +0000 (16:12 -0400)]
pybind/mgr: disable type checking in diskprediction_local
Disable type checking in the __preprocess function of
diskprediction_local. This function is already collecting a lot of
`type: ignore` comments and adding more is getting difficult due to
the structure of this function. This time we were hitting errors
like:
diskprediction_local/predictor.py:160: error: Value of type "NDArray?[Any]" is not indexable [index]
diskprediction_local/predictor.py:161: error: "NDArray?[Any]" has no attribute "shape" [attr-defined]
on python 3.12.
Fixes: https://tracker.ceph.com/issues/78117 Signed-off-by: John Mulligan <jmulligan@redhat.com>
mgr/cephadm/smb: Add feature-based REDEPLOY logic for SMB services
Implement intelligent action selection for SMB daemon updates by tracking
feature changes as dependencies. When SMB service features change (e.g.,
adding cephfs-proxy, remote-control, keybridge), the system now triggers
a REDEPLOY instead of RECONFIG, as these changes require container
structure modifications.
John Mulligan [Thu, 9 Jul 2026 14:28:13 +0000 (10:28 -0400)]
qa/workunits/smb: work around test failures by pinning smbprotocol version
Work around new tests failures (in the TestHostsAccessToggle1 tests)
where the error/exception handling has apparently changed by just
pinning the version (by excluding the new v1.17.0 and newer versions).
Signed-off-by: John Mulligan <jmulligan@redhat.com>
qa/crimson: ignore PG_NOT_DEEP_SCRUBBED in all crimson tests
As we do not yet scrub scheduling in Crimson, the
OSDs do not perform deep scrubs. last_deep_scrub_stamp thus
stays at epoch 0 for all PGs. The monitor flags these as overdue
immediately, causing spurious test failures — particularly in tests
that restart OSDs (e.g. crimson_fio_restart), where PGs reaching
active+clean state trigger the health check.
Super User [Wed, 8 Jul 2026 12:05:16 +0000 (17:35 +0530)]
doc/rbd: clarify mirror resync snapshot behavior
Add documentation explaining that rbd mirror resync only copies
image state and data up to the last mirror-snapshot for
snapshot-based mirroring. Document the requirement to create
a new mirror-snapshot on current primary so that new changes
(including resize operation) gets reflected on secondary after
resync.
crimson/osd: guard recovery clone overlap with try_lock_for_read
Crimson recovery could use a neighbor clone as a clone_subset source
during osd_recover_clone_overlap without checking whether that clone
was safe to read. Classic OSD takes a read lock on the neighbor clone
via try_lock_for_read() before using it.
Under snap trim + recovery stress, recovery could clone_range from a
clone that snap trim was modifying, producing wrong object content
(ceph_test_rados: incorrect buffer at pos 1462272).
calc_clone_subsets() and calc_head_subsets() now return clone overlap
candidates in preference order only. ReplicatedRecoveryBackend locks
the first usable neighbor clone from each list and holds those read
locks until push/pull recovery completes. RecoveryCloneLockManager
releases locks in its destructor so move-assign cannot leak a held
lock and block snap trim.
rgw/beast: dispatch connection close on strand during pause
AsioFrontend::pause() (and stop()) call ConnectionList::close() from
the realm reloader thread. That invokes socket.close() on every live
connection from a thread that isn't the connection's asio strand, so
the reactor deregisters each socket's descriptor_state racing against
the coroutine that handles the connection. If a keep-alive connection
is starting its next async_read_some() on its strand at the same time,
epoll_reactor::start_op() dereferences the descriptor_state that close
has already freed and radosgw segfaults in an io_context_pool thread.
This matches the race pattern fixed for timeout_timer in 86ad0b891b0:
any caller that touches socket state from outside the strand needs to
be serialized with the coroutine.
Store the coroutine's strand executor on Connection and dispatch the
close onto that strand in ConnectionList::close(). The lambda captures
an intrusive_ptr to Connection so the object lives until the close
actually runs, since connections.clear() unlinks the list entry right
after dispatch.
Tracker: https://tracker.ceph.com/issues/76094 Signed-off-by: Lumir Sliva <61183145+lumir-sliva@users.noreply.github.com>
Update `unittest_rgw_asio_frontend` to run the `io_context` and
execute in a coroutine to match the environment in RGW.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Adam C. Emerson [Thu, 30 Apr 2026 00:57:35 +0000 (20:57 -0400)]
common/async: `io_context_pool` no longer moves from init function
Previously if we received an rvalue function object we would call a
moved-from object on all but the first thread. In practice this didn't
cause an issue, but only because of the functions we were passing.
Fixes: https://tracker.ceph.com/issues/76094 Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Adam C. Emerson [Wed, 1 Apr 2026 18:30:18 +0000 (14:30 -0400)]
rgw: Check `going_down` in other-than-`interval_set` loop
Without this we can end up in an infinite loop where we just fill the
log with -ECANCELED from `get_next()`. Duplicates a check in the
`blocked_operations` loop.
Fixes: https://tracker.ceph.com/issues/76094 Signed-off-by: Adam C. Emerson <aemerson@redhat.com>