Kefu Chai [Mon, 11 May 2026 05:07:25 +0000 (13:07 +0800)]
crimson: use uint32_t when calling ioctl(BLKGETNRZONES)
before this change, we pass a pointer to a `size_t` to
ioctl(BLKGETNRZONES), but in the Linux kernel,
include/uapi/linux/blkzoned.h:
```c
#define BLKGETNRZONES _IOR(0x12, 133, __u32)
```
this API reads 32 bits of data into the pointer. on 64-bit
architectures, size_t is 64 bits. fortunately, we initialize
nr_zones with 0, so the upper 32 bits remain zero. this works
on little-endian systems, but not on big-endian systems. it is
also semantically wrong. we should pass a pointer to a 32-bit
value when calling ioctl(BLKGETNRZONES).
in this change, we change the type of nr_zones from size_t to
uint32_t to match what the Linux kernel expects.
```
[1/3] Building CXX object src/crimson/os/seastore/CMakeFiles/crimson-seastore.dir/segment_manager.cc.o
/home/kefu/dev/ceph/src/crimson/os/seastore/segment_manager.cc:45:15: warning: lambda capture 'FNAME' is not used [-Wunused-lambda-capture]
45 | ).then([FNAME,
| ^
```
but we went further by coroutinize the whole method. because the return
value of ioctl() is not checked before this change, and clang correctly
flagged this with a warning, we marker it with `[[maybe_unused]]`, we
will fix it in a separate change.
Added the following test cases:
- Test success when explicitly supplied tiebreaker
- Test success when auto-selecting tiebreaker monitor
- Test success with minimal valid configuration (1 monitor per zone)
- Test success with auto-selection and minimal config (1 monitor per zone)
- Test success when strategy is automatically changed to CONNECTIVITY
- Test failure when auto-selecting and tiebreaker is in a data zone
- Test failure when explicitly specifying tiebreaker in a data zone
- Test failure when multiple potential tiebreakers exist
- Test failure when one data zone has 0 monitors
- Test failure when tiebreaker monitor doesn't exist
1. enable_stretch_mode no longer require to supply tiebreaker mon
2. enable_stretch_mode will automatically set monitor election strategy
to Connectivity if not already set.
3. Move away from "sites" and use "zones" instead throughout the doc
Ceph will try to select a tiebreaker mon that resides in
the crush <dividing_bucket> type but doesn't belong
to any of the data sites which the OSDs resides in.
Also created a helper function
`MonmapMonitor::validate_and_enable_stretch_mode`
inside `MonmapMonitor::try_enable_stretch_mode`
making the logic unittestable
Moreover, ceph mon enable_stretch_mode will
automatically set monitor election strategy to Connectivity.
We now also enforce that at least 1 monitor exists for each data zone.
Ronen Friedman [Sun, 3 May 2026 07:10:34 +0000 (07:10 +0000)]
crimson/osd: add crimson_memory config option
Add a crimson_memory configuration option that maps to seastar's
--memory flag, allowing control over the per-OSD seastar memory
allocation. Default is 0, meaning seastar uses its default behavior.
This reduces core dump sizes in test environments (from ~117GB to
~32GB with crimson_memory=32G) by limiting the pre-allocated seastar
memory pool.
doc: document the releng-audit workflow and update release examples
Updates SubmittingPatches-backports.rst and development-workflow.rst to
capture the new automated backport auditing system.
Changes include:
- Documenting the CI checks for commit parity, conflict simulation, and
Redmine linkage.
- Explaining how PR authors can trigger a retest (`/audit retest`) and
how leads can bypass the audit (`/audit override`).
- Replacing outdated `master` branch references with `main`.
- Updating the release cycle timeline to reflect current releases
(Quincy, Reef, Squid, Tentacle).
- Removing obsolete instructions for manual PR labeling.
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
script/ptl-tool, actions: introduce event-driven CI backport auditing
This commit entirely restructures the `ptl-tool.py` script and introduces a new GitHub Actions workflow to enable event-driven, asynchronous execution of backport audits.
New GitHub Actions Workflow (`releng-audit.yaml`):
* Implements a state-machine workflow using the `pull_request_target` event for secure execution.
* Introduces an "anti-spam" push shield that halts automated checks and blocks merging if the PR already has a `releng-audit-fail` label.
* Allows developers to easily re-trigger audits by removing the failure label or commenting `/audit retest`.
* Provides an `/audit override` mechanism exclusively for the `ceph-release-manager` team to bypass checks on valid conflict resolutions.
Key Architectural Changes to `ptl-tool.py`:
* Strategy Pattern Refactor: Decoupled the monolithic `verify_pr_readiness` block into modular, extensible classes (`MergeConflictCheck`, `CommitParityCheck`, `ConflictSimulationCheck`, `RedmineLinkageCheck`) conforming to `BaseAuditCheck`.
* AuditContext & Shared State: Replaced the cumbersome 9-argument function signatures with a unified `AuditContext` dataclass.
* Consolidated Error Reporting: Introduced `AuditReport` to collect failures across all checks. In `--ci-mode`, it bundles these failures into a single, consolidated GitHub `REQUEST_CHANGES` review to prevent shadowing and PR comment spam.
* Automated Label Management: Added `--audit-label` parsing to dynamically swap queue/pass/fail labels via the GitHub API during CI runs.
Miscellaneous workflow enhancements:
* Added `--integration` switch for the "Daily Driver" workflow. It auto-detects the target base branch, sets standard release flags, skips conflict simulation, and enforces `--always-fetch`.
* Updated QA Tracker creation/update logic to set Redmine Custom Field IDs directly rather than relying solely on description text.
* Replaced `--release-merge` with `--final-merge` for clarity.
* Introduced `--dry-run` to safely preview GitHub API calls, Redmine updates, and Git operations without altering remote state.
* Added `--examples` flag detailing advanced CLI usage.
* Implemented a local HTML tab-launcher to bypass Firefox race conditions when opening multiple browser tabs via the command line.
Assisted-by: Gemini Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
Patrick Donnelly [Thu, 30 Apr 2026 18:36:30 +0000 (11:36 -0700)]
script/ptl-tool: introduce interactive backport parity and conflict verification
This patch significantly expands `ptl-tool.py` to automate and improve the
backport review process. It adds robust interactive checks to verify that all
commits from an original PR are correctly represented in a backport PR.
Key additions:
* Commit Parity Verification: Analyzes the local Git DAG to ensure all
cherry-picked commits map properly to the original main PRs, generating a
visual map of the commits.
* Conflict Simulation: Creates temporary, detached worktrees to dry-run the
cherry-pick sequence, verifying conflict resolutions dynamically.
* Automated GitHub Reviews: Enables maintainers to open an editor, preview
markdown drafts, and post `REQUEST_CHANGES` reviews detailing missing commits
or backport deviations directly to the pull request.
* Interactive Diffing: Provides file-specific 3-pane patch comparisons
(range-diffs, original patch, backport patch) within the terminal editor during
conflict investigations.
* New CLI Flags: Introduces `--audit`, `--always-fetch`,
`--skip-conflict-check`, and `--release-merge` for greater control over the
script's behavior.
Assisted-by: Gemini Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
Patrick Donnelly [Thu, 30 Apr 2026 18:35:25 +0000 (11:35 -0700)]
script/ptl-tool: use Authorization header
Replaces basic authentication with the Authorization: Bearer <token>
header, obviating the need for the PTL_TOOL_GITHUB_USER environment
variable and adhering to modern GitHub API authentication standards.
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
Ronen Friedman [Thu, 7 May 2026 10:06:28 +0000 (10:06 +0000)]
crimson/osd/snap-mapper: flush pending writes on pg interval change
When a PG interval changes, the snap-mapper's MapCacher backend is
reset to clear any stale state. This change adds a flush-and-reset
method that first flushes any pending writes in the MapCacher into the
objectstore, then resets the backend.
Nitzan Mordechai [Sun, 10 May 2026 06:51:08 +0000 (06:51 +0000)]
qa: ignore evicted client warnings for singletone bluestore
After adding mds client into singletone bluestore and increas debug
levels and bluestore_allocator=stupid client is slow enough that MDS
evicts it after ~302 seconds
Kefu Chai [Sat, 9 May 2026 06:39:17 +0000 (14:39 +0800)]
rgw/d4n: fix deprecated async_run overload in RedisPool
The async_run overload taking a logger argument is deprecated since
Boost 1.89. Use the 2-arg async_run(config, token) overload when
building with Boost >= 1.89, and fall back to the 3-arg overload
for Boost 1.87-1.88.
See https://www.boost.org/doc/libs/1_89_0/libs/redis/doc/html/redis/reference/boost/redis/basic_connection/async_run-04.html
Adam Kupczyk [Thu, 7 May 2026 10:38:07 +0000 (10:38 +0000)]
os/bluestore: Cleanup around bluestore_blob_t::get_ondisk_length()
Split get_ondisk_length() into
- get_ondisk_capacity()
- get_ondisk_length()
The change is done to amplify the difference between disk space used,
and potential capacity for disk space use.
Kefu Chai [Thu, 7 May 2026 02:59:11 +0000 (10:59 +0800)]
cmake,debian: enable ceph-mon-client-nvmeof on Debian derivatives
5843c6b04ba gated the build on /etc/redhat-release because gRPC devel
libs weren't packaged on Debian yet. They are now (libgrpc++-dev,
protobuf-compiler-grpc), so we can finally bring Debian derivatives on
par with Fedora/RHEL and ship the NVMe-oF gateway monitor client there
too.
This change:
- drops the /etc/redhat-release sniff and unconditionally enables
WITH_NVMEOF_GATEWAY_MONITOR_CLIENT.
- adds libgrpc++-dev and protobuf-compiler-grpc to debian/control's
Build-Depends, plus a ceph-mon-client-nvmeof / -dbg pair so the
binary actually gets packaged.
- adds a pkg-config fallback for gRPC discovery. Jammy's libgrpc++-dev
(1.30.2) ships no cmake config files [1], so find_package(gRPC CONFIG
REQUIRED) fails at configure time. Noble's libgrpc++-dev (1.51.1)
does ship them [2], as do RHEL/Rocky packages. We now try cmake config
first (QUIET) and fall back to pkg_check_modules(IMPORTED_TARGET
grpc++) when it isn't found.
- patches PkgConfig::GRPCPP to carry protobuf::libprotobuf as an
interface dependency. grpc++.pc omits protobuf from its Requires, so
gateway.pb.cc (which calls GOOGLE_PROTOBUF_VERIFY_VERSION) would fail
to link on the pkg-config path. The cmake-config gRPC::grpc++ declares
this dependency properly; we match that behaviour with
target_link_libraries(PkgConfig::GRPCPP INTERFACE protobuf::libprotobuf).
- applies HAVE_ABSEIL only on the cmake-config path (Noble, RHEL/Rocky),
where gRPC links system absl. Without it, opentelemetry-cpp's private
absl (inline namespace otel_v1) collides with system absl (inline
namespace debian7) in any TU that includes both tracer.h and
grpcpp/grpcpp.h, giving "reference to base_internal is ambiguous".
On the pkg-config path (Jammy's gRPC 1.30.2) libabsl-dev is not
installed, so HAVE_ABSEIL must be skipped there.
Kefu Chai [Fri, 8 May 2026 08:20:34 +0000 (16:20 +0800)]
common/admin_socket: use POSIX timer for delayed signal delivery
AdminSocketRaise.AsyncReschedule was flaking on arm64:
[ RUN ] AdminSocketRaise.AsyncReschedule
/ceph/src/test/admin_socket.cc:497: Failure
Expected equality of these values:
0
sig2.count.load()
Which is: 1
[ FAILED ] AdminSocketRaise.AsyncReschedule (1045 ms)
The old approach forked a child that polled the clock and called
kill() at the deadline. The problem is: the deadline was computed
before fork(), so any fork latency ate directly into the timing
budget. On a busy arm64 host that 50 ms margin just wasn't enough.
The fix is to let the kernel own the timer via timer_create(). No
child process, no polling, no fork overhead, and SIGCONT still works.
A PGAdvanceMap queued by broadcast_map_to_pgs can sit behind in-flight
DeleteSome events on the peering pipeline holding a Ref<PG>. When it
finally runs, the collection has already been removed in seastore and
PGAdvanceMap drives handle_advance_map / check_for_splits on a stale
PG thereby issuing ops on a collection that no longer exists, crashing the OSD.
Following Classic OSD, set peering_state.set_delete_complete() in PG::do_delete_work's
final batch and bail out of PGAdvanceMap::start when pg->is_deleted() is true.
mgr/dashboard: Allow quick bootstrap script to use custom images
- if no image provided default image will be used
- the -i flag was added but its not working. so this commit fixes that.
- exporting the CEPHADM_IMAGE in cpeh_cluster.yaml so that bootstrap script can utilize that
- passing image in cephadm shell
Kefu Chai [Fri, 8 May 2026 00:55:03 +0000 (08:55 +0800)]
include/cpp-btree: fix false -Warray-bounds in child accessors
After inlining, GCC's VRP sees mutable_child() reaching a leaf-root
node whose static type only bounds values[], not children[], and fires
even though the if(!leaf()) guard prevents it at runtime:
btree.h:522: warning: array subscript [33, 287] is outside array
bounds of 'struct M[32]' [-Warray-bounds]
Decay children[] to a raw pointer in child()/mutable_child() so GCC
has no array bounds to check.
Kefu Chai [Fri, 8 May 2026 05:46:26 +0000 (13:46 +0800)]
doc/rados: add kernel client notes to require_min_compat_client
Add a "Min kernel" column to the "Features gated by the flag" table:
pg-upmap requires kernel 4.13, pg-upmap-primary and CRUSH MSR are not
yet implemented in the kernel client.
Add a warning noting the distinct failure modes (pg-upmap-primary causes
I/O hangs from silently dropped misdirected ops; CRUSH MSR rules cause
I/O errors because crush_find_rule fails) and that CRUSH MSR rules are
added via osd setcrushmap without require_min_compat_client gating but
immediately raise the features-in-use floor to squid.
Kefu Chai [Thu, 7 May 2026 12:43:28 +0000 (20:43 +0800)]
debian: package manpage for cephfs-top
the build already produces usr/share/man/man8/cephfs-top.8, and the
fedora spec ships it via the cephfs-top package. on debian,
debian/cephfs-top.install was missing it, so the file was sitting in
debian/tmp unclaimed and dh_missing complained:
dh_missing: warning: usr/share/man/man8/cephfs-top.8 exists in
debian/tmp but is not installed to anywhere
claim the manpage in debian/cephfs-top.install so it lands in the
cephfs-top deb. silences the warning and gives debian users the same
`man cephfs-top` fedora users already have.
Jon Bailey [Thu, 7 May 2026 12:28:01 +0000 (13:28 +0100)]
doc: Clarification of text in ec stretch cluster design
Information regarding min_size in the EC Cluster Design doc was unclear in regards to the intention of what we want to develop. This commit is to clarify this so it is clear to readers.
Signed-off-by: Jon Bailey <jonathan.bailey1@ibm.com>
Kefu Chai [Sun, 29 Mar 2026 05:47:47 +0000 (13:47 +0800)]
crimson/osd: acquire throttle when scanning replica/primary for backfill
The backfill state machine called budget_available() before deciding to
scan, but request_primary_scan() and request_replica_scan() never
actually acquired the throttle slot. This meant scans could proceed
without any resource reservation, defeating the QoS intent of the
throttler introduced in 791772f1c0.
In this change, we fix this by acquiring the throttle before initiating
each scan.
John Mulligan [Mon, 20 Apr 2026 20:07:19 +0000 (16:07 -0400)]
mgr/smb: add --wildcard and --recursive to smb cluster rm
Add new --wildcard and --recursive flags to the smb cluster rm
subcommands. These allow deleting clusters in bulk. The --wildcard
option works like the same option for share rm in that it allows the use
of globbing for the cluster IDs, this includes '*' to delete all
clusters. The --recursive option tells the command to also delete all
child resources (shares) when deleting a cluster.
This was previously doable by streaming the output of `ceph smb show
...` through (sed or) jq and flipping the intent to removed and piping
that to `ceph smb apply` - but this is clearly not obvious nor easy to
document versus these new options.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Mon, 20 Apr 2026 19:14:56 +0000 (15:14 -0400)]
mgr/smb: add glob style wildcard support to matcher object
Add glob/wildcard support to the matcher type in the handler.py file.
This will be used in future changes to make matching shares and/or
clusters easier by supporting glob style wildcards on some commands.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
projects / ceph.git / log