git.apps.os.sepia.ceph.com Git

14.2.20

auth/cephx: make KeyServer::build_session_auth_info() less confusing

The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication.  The monitor passes in
service_secret (mon secret) and secret_id (-1).  The TTL is irrelevant
because there is no rotation.

However the signature doesn't make it obvious.  Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6f12cd3688b753633c8ff29fb3bd64758f960b2b)

auth/cephx: cap ticket validity by expiration of "next" key

If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c258 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity.  The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL.  As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once.  When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.

Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 370c9b13970d47a55b1b20ef983c6f01236c9565)

Conflicts:
src/auth/cephx/CephxKeyServer.cc [ commit ef3c42cd6481 ("auth:
  EACCES, not EPERM") not in nautilus ]

auth/cephx: drop redundant KeyServerData::get_service_secret() overload

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 3078af716505ae754723864786a41a6d6af0534c)

qa/standalone: default to disable insecure global id reclaim

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 72c4fc75ad301980baebc7789ed6391444057e5b)

qa/tasks/ceph[adm].conf[.template]: disable insecure global_id reclaim health alerts

Turn these off everywhere for our tests so they don't interfere with our health checks.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 9f6fd4fe563c9cd4cf65316921d511b677c972e4)

Conflicts:
qa/tasks/cephadm.conf [ no cephadm in nautilus ]

mon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]

Two new alerts:

- AUTH_INSECURE_GLOBAL_ID_RENEWAL_ALLOWED if we are allowing clients to reclaim
global_ids in an insecure manner (for backwards compatibility until
clients are upgraded)

- AUTH_INSECURE_GLBOAL_ID_RENEWAL if there are currently clients connected that
do not know how to securely renew their global_id, as exposed by
auth_expose_insecure_global_id_reclaim=true.  The client auth names and IPs
are listed the alert details (up to a limit, at least).

The docs recommend operators mute these alerts instead of silencing, but
we still include option that allow the alerts to be disabled entirely.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 18b343b06e5dd904af425dc99e2c848e12f3b552)

Conflicts:
doc/rados/operations/health-checks.rst [ MON_DISK_* alerts
  present but not documented in nautilus; "ceph health mute"
  not in nautilus -- silencing temporarily is not possible ]
src/mon/HealthMonitor.cc [ commits e4bf716bfa07 ("mon: store
  a reference as member variable") and d0eb22f3ba55
  ("mon/health_checks: associate a count with health_alert_t")
  not in nautilus ]

auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys

When handling CEPHX_GET_AUTH_SESSION_KEY requests from nautilus+
clients, ignore CEPH_ENTITY_TYPE_AUTH in CephXAuthenticate::other_keys.
Similarly, when handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests,
ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys.
These fields are intended for requesting service tickets, the auth
ticket (which is really a ticket granting ticket) must not be shared
this way.

Otherwise we end up sharing an auth ticket that a) isn't encrypted
with the old session key even if needed (should_enc_ticket == true)
and b) has the wrong validity, namely auth_service_ticket_ttl instead
of auth_mon_ticket_ttl. In the CEPHX_GET_AUTH_SESSION_KEY case, this
undue ticket immediately supersedes the actual auth ticket already
encoded in the same reply (the reply frame ends up containing two auth
tickets).

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 05772ab6127bdd9ed2f63fceef840f197ecd9ea8)

auth/cephx: rotate auth tickets less often

If unauthorized global_id (re)use is disallowed, a client that has
been disconnected from the network long enough for keys to rotate
and its auth ticket to expire (i.e. become invalid/unverifiable)
would not be able to reconnect.

The default TTL is 12 hours, resulting in a 12-24 hour reconnect
window (the previous key is kept around, so the actual window can be
up to double the TTL). The setting has stayed the same since 2009,
but it also hasn't been enforced. Bump it to get a 72 hour reconnect
window to cover for something breaking on Friday and not getting fixed
until Monday.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 522a52e6c258932274f0753feb623ce008519216)

mon: fail fast when unauthorized global_id (re)use is disallowed

When unauthorized global_id (re)use is disallowed, we don't want to
let unpatched clients in because they wouldn't be able to reestablish
their monitor session later, resulting in subtle hangs and disrupted
user workloads.

Denying the initial connect for all legacy (CephXAuthenticate < v3)
clients is not feasible because a large subset of them never stopped
presenting their ticket on reconnects and are therefore compatible with
enforcing mode: most notably all kernel clients but also pre-luminous
userspace clients.  They don't need to be patched and excluding them
would significantly hamper the adoption of enforcing mode.

Instead, force clients that we are not sure about to reconnect shortly
after they go through authentication and obtain global_id.  This is
done in Monitor::dispatch_op() to capture both msgr1 and msgr2, most
likely instead of dispatching mon_subscribe.

We need to let mon_getmap through for "ceph ping" and "ceph tell" to
work.  This does mean that we share the monmap, which lets the client
return from MonClient::authenticate() considering authentication to be
finished and causing the potential reconnect error to not propagate to
the user -- the client would hang waiting for remaining cluster maps.
For msgr1, this is unavoidable because the monmap is sent immediately
after the final MAuthReply.  But for msgr2 this is rare: most of the
time we get to their mon_subscribe and cut the connection before they
process the monmap!

Regardless, the user doesn't get a chance to start a workload since
there is no proper higher-level session at that point.

To help with identifying clients that need patching, add global_id and
global_id_status to "sessions" output.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 08766a17edebb7450cd9b17cc2dc01efc068bb94)

Conflicts:
src/mon/Monitor.cc [ commit e1163b445bbf ("mon: print
  entity_name along with caps to debug log") not in nautilus ]

auth/cephx: option to disallow unauthorized global_id (re)use

global_id is a cluster-wide unique id that must remain stable for the
lifetime of the client instance.  The cephx protocol has a facility to
allow clients to preserve their global_id across reconnects:

(1) the client should provide its global_id in the initial handshake
    message/frame and later include its auth ticket proving previous
    possession of that global_id in CEPHX_GET_AUTH_SESSION_KEY request

(2) the monitor should verify that the included auth ticket is valid
    and has the same global_id and, if so, allow the reclaim

(3) if the reclaim is allowed, the new auth ticket should be
    encrypted with the session key of the included auth ticket to
    ensure authenticity of the client performing reclaim.  (The
    included auth ticket could have been snooped when the monitor
    originally shared it with the client or any time the client
    provided it back to the monitor as part of requesting service
    tickets, but only the genuine client would have its session key
    and be able to decrypt.)

Unfortunately, all (1), (2) and (3) have been broken for a while:

- (1) was broken in 2016 by commit a2eb6ae3fb57 ("mon/monclient:
  hunt for multiple monitor in parallel") and is addressed in patch
  "mon/MonClient: preserve auth state on reconnects"

- it turns out that (2) has never been enforced.  When cephx was
  being designed and implemented in 2009, two changes to the protocol
  raced with each other pulling it in different directions: commits
  0669ca21f4f7 ("auth: reuse global_id when requesting tickets")
  and fec31964a12b ("auth: when renewing session, encrypt ticket")
  added the reclaim mechanism based strictly on auth tickets, while
  commit 5eeb711b6b2b ("auth: change server side negotiation a bit")
  allowed the client to provide global_id in the initial handshake.
  These changes didn't get reconciled and as a result a malicious
  client can assign itself any global_id of its choosing by simply
  passing something other than 0 in MAuth message or AUTH_REQUEST
  frame and not even bother supplying any ticket.  This includes
  getting a global_id that is being used by another client.

- (3) was broken in 2019 with addition of support for msgr2, where
  the new auth ticket ends up being shared unencrypted.  However the
  root cause is deeper and a malicious client can coerce msgr1 into
  the same.  This also goes back to 2009 and is addressed in patch
  "auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys".

Because (2) has never been enforced, no one noticed when (1) got
broken and we began to rely on this flaw for normal operation in
the face of reconnects due to network hiccups or otherwise.  As of
today, only pre-luminous userspace clients and kernel clients are
not exercising it on a daily basis.

Bump CephXAuthenticate version and use a dummy v3 to distinguish
between legacy clients that don't (may not) include their auth ticket
and new clients.  For new clients, unconditionally disallow claiming
global_id without a corresponding auth ticket.  For legacy clients,
introduce a choice between permissive (current behavior, default for
the foreseeable future) and enforcing mode.

If the reclaim is disallowed, return EACCES.  While MonClient does
have some provision for global_id changes and we could conceivably
implement enforcement by handing out a fresh global_id instead of
the provided one, those code paths have never been tested and there
are too many ways a sudden global_id change could go wrong.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit abebd643cc60fa8a7cb82dc29a9d5041fb3c3d36)

Conflicts:
src/auth/AuthServiceHandler.h [ bufferlist vs
  ceph::buffer::list ]
src/auth/cephx/CephxProtocol.h [ ditto ]
src/auth/cephx/CephxServiceHandler.h [ ditto ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]

auth/cephx: make cephx_decode_ticket() take a const ticket_blob

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6b860684c6e59b11c727206819805f89f0518575)

auth/AuthServiceHandler: keep track of global_id and whether it is new

AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.

Lift the setting of entity_name into AuthServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit b50b6abd60e730176a7ef602bdd25d789a3c467d)

Conflicts:
src/auth/AuthServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/cephx/CephxServiceHandler.cc [ ditto ]
src/auth/cephx/CephxServiceHandler.h [ ditto ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]

auth/AuthServiceHandler: build_cephx_response_header() is cephx-specific

Make the one in CephxServiceHandler private and drop the stub in
AuthNoneServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 49cba02a750d4c1ab68399401f0c04f9c9be5b9e)

Conflicts:
src/auth/cephx/CephxServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]

auth/AuthServiceHandler: drop unused start_session() args

session_key, connection_secret and connection_secret_required_length
aren't material for start_session() across all three implementations.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit c151c9659bdb71f30b520bbd62f91cc009ec51cd)

Conflicts:
src/auth/AuthServiceHandler.h [ bufferlist vs
ceph::buffer::list ]
src/auth/cephx/CephxServiceHandler.h [ ditto ]
src/auth/none/AuthNoneServiceHandler.h [ ditto ]

mon/MonClient: drop global_id arg from _add_conn() and _add_conns()

Passing anything but MonClient instance's global_id doesn't make
sense.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit a71f6e90d43cca5a79db92ca6a640598796ae7ee)

Conflicts:
src/mon/MonClient.cc [ commit 1e9b18008c5e ("mon: set
MonClient::_add_conn return type to void") not in nautilus ]
src/mon/MonClient.h [ ditto ]

mon/MonClient: reset auth state in shutdown()

Destroying AuthClientHandler and not resetting global_id is another
way to get MonClient to send CEPHX_GET_AUTH_SESSION_KEY requests with
CephXAuthenticate::old_ticket not populated. This is particularly
pertinent to get_monmap_and_config() which shuts down the bootstrap
MonClient between retry attempts.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit c9b022e07392979e7f9ea6c11484a7dd872cc235)

mon/MonClient: preserve auth state on reconnects

Commit a2eb6ae3fb57 ("mon/monclient: hunt for multiple monitor in
parallel") introduced a regression where auth state (global_id and
AuthClientHandler) was no longer preserved on reconnects.  The ensuing
breakage was quickly noticed and prompted a follow-on fix 8bb6193c8f53
("mon/MonClient: persist global_id across re-connecting").

However, as evident from the subject, the follow-on fix only took
care of the global_id part.  AuthClientHandler is still destroyed
and all cephx tickets are discarded.  A new from-scratch instance
is created for each MonConnection and CEPHX_GET_AUTH_SESSION_KEY
requests end up with CephXAuthenticate::old_ticket not populated.
The bug is in MonClient, so both msgr1 and msgr2 are affected.

This should have resulted in a similar sort of breakage but didn't
because of a much larger bug.  The monitor should have denied the
attempt to reclaim global_id with no valid ticket proving previous
possession of that global_id presented.  Alas, it appears that this
aspect of the cephx protocol has never been enforced.  This is dealt
with in the next patch.

To fix the issue at hand, clone AuthClientHandler into each
MonConnection so that each respective CEPHX_GET_AUTH_SESSION_KEY
request gets a copy of the current auth ticket.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 236b536b28482ec9d8b872de03da7d702ce4787b)

Conflicts:
src/mon/MonClient.cc [ commit 1e9b18008c5e ("mon: set
  MonClient::_add_conn return type to void") not in nautilus ]

mon/MonClient: claim active_con's auth explicitly

Eliminate confusion by moving auth from active_con into MonClient
instead of swapping them.

The existing MonClient::auth can be destroyed right away -- I don't
see why active_con would need it or a reason to delay its destruction
(which is what stashing in active_con effectively does).

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit eec24e4d119c57c7eb5119dc0083616a61b33b89)

mon: dump json from 'sessions' asok/tell command

Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 71a0d8a568bd0034cc1e6329cd20269f11635697)

Conflicts:
src/mon/Monitor.cc [ commit adf1486e46cb ("common/admin_socket:
pass Formatter from generic infrastructure") not in nautilus ]

qa/tasks/ceph.conf: shorten cephx TTL for testing

Rotate tickets frequently to exercise those code paths during testing.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 94df76244798cdc0bafd74c9e5197adb5aa990c0)

Conflicts:
qa/tasks/cephadm.conf [ no cephadm in nautilus ]

14.2.19

common/ipaddr: also skip just `lo`

Skip iface's with name like 'lo' or of the form 'lo:0', 'lo:1'. This
brings back the original behavior from b6d0fc9e0e515e50894c08217d688a8c94db7570

Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
Fixes: https://tracker.ceph.com/issues/49938
(cherry picked from commit 6147c0917157efd2d35610e759685656a4989abb)
(cherry picked from commit bed79d5bea3183b153ffb223d049074912947516)

14.2.18

Merge pull request #40116 from votdev/issue_49802

nautilus: mgr/dashboard: Python2 Cookie module import fails on Python3

Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Tatjana Dehler <tdehler@suse.com>
Reviewed-by: Aashish Sharma <aasharma@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Nathan Cutler <ncutler@suse.com>
Reviewed-by: Laura Paduano <lpaduano@suse.com>

Merge pull request #40095 from jdurgin/wip-typing-nautilus

nautilus: mgr/volumes: don't require typing

Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>

mgr/dashboard: Python2 Cookie module import fails on Python3

This fix only affects Nautilus because all successor versions are based on Python3 only.

Fixes: https://tracker.ceph.com/issues/49802
Signed-off-by: Volker Theile <vtheile@suse.com>

mgr/volumes: don't require typing

This isn't available for python2 on centos 7. This is only needed
for nautilus because that's the last release using python 2 and centos 7.

Fixes: https://tracker.ceph.com/issues/49762
Signed-off-by: Josh Durgin <jdurgin@redhat.com>

Merge pull request #40064 from idryomov/wip-krbd-xfstests-fixes-nautilus

nautilus: qa/suites/krbd: address recent issues caused by newer kernels

Reviewed-by: Jason Dillaman <dillaman@redhat.com>

Merge pull request #39926 from tchaikov/nautilus-pr-triage

nautilus: .github: add workflow for adding labels and milestone

Reviewed-by: Ernesto Puerta <epuertat@redhat.com>

14.2.17

qa/suites/krbd: bump scratch image size to 15G

Allow generic/038 and generic/048 to run.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 37d56e13544fa06b88196b1a4d6edd1b3425325e)

qa/suites/krbd: exclude ext4/002

ext4/002 exercises obsolete EXT4_EOFBLOCKS_FL feature that was removed
in kernel 5.7 and therefore always fails.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit d2bdf0ac43a35f755ea70103f497625d882a4592)

qa/tasks/rbd: fix xfstests_branch/url example

- don't mention xfstests_branch together with xfstests_url as
xfstests_branch gets superseded by xfstests_url
- make xfstests_url example more clear

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit ec36d501ed5f875d26d1362ec097187697170a4d)

Merge pull request #39960 from neha-ojha/wip-49672-nautilus

nautilus: qa/tasks/ceph_manager.py: don't use log-early in raw_cluster_cmd

Reviewed-by: Yuri Weinstein <yweinste@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>

qa/tasks/ceph_manager.py: don't use log-early in raw_cluster_cmd

This option is not present in older versions due to which upgrade tests
using the nautilus version of the task will fail.

Caused by https://github.com/ceph/ceph/pull/37906

Fixes: https://tracker.ceph.com/issues/49672
Signed-off-by: Neha Ojha <nojha@redhat.com>

.github/workflows: use a released sha1

otherwise the action cannot be found

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit ae8ea10f415ec170be4a7be48567dbac83221dc0)

.github/workflows: rename labeler.yml to pr-triage.yml

to reflect the change in the actions in it.

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 453cd5fd602c54809dc091f0c3a498f903366c8f)

.github/workflows: use @{sha1} for actions

more secure this way. see also https://julienrenaux.fr/2019/12/20/github-actions-security-risk/

point the sha1 to

* labeler@v3
* milestone@main HEAD

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 79e8038046092053b0c0b120e0d7ca07a33a1c00)

.github/workflows: move milestone.yml into labeler.yml

no need to have two actions triggered by the same event.

we could backport this labeler.yml to LTS branches.

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 98b90189791d3f4d2524fd829edb616d0ffd94f7)

.github: correct the regex in mileston workflow

also use pull_request_target event so the action is run in the
context of the base of the pull request. this helps us to overcome
the "Resource not accessible by integration" issue where the action
is run in the context of the pull request.

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit c5f6d15e36fdd019196a1520525382f73f276f14)

.github: add workflow for adding milestone

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 1657a44750442ff2582d601fb028aa89e3a95999)

github/labeler: disable sync-labels

Yaml syntax cleaned too.

Fixes: https://github.com/ceph/ceph/pull/38107#issuecomment-729300615
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
(cherry picked from commit 59702b6198c59b84f1695e37256ae351b331b604)

github: autolabel PRs

... starting with dashboard ones.

Requires https://github.com/marketplace/actions/labeler

Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
(cherry picked from commit 298bc67f7b8d1c64520b543f4749b29f7be67379)

Conflicts:
.github/CODEOWNERS: drop change in .github/CODEOWNERS
as we don't have this file in nautilus.

Merge pull request #39837 from rhcs-dashboard/wip-49596-nautilus

nautilus: mgr/dashboard: fix issues related with PyJWT versions >=2.0.0

Reviewed-by: Yuri Weinstein <yweinste@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>

mgr/dashboard: fix issues related with PyJWT versions >=2.0.0

Fixes: https://tracker.ceph.com/issues/49574
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
(cherry picked from commit 4b96bb51e8f133badd7bc651bcb4dcd755b43d75)

Conflicts:
       src/pybind/mgr/dashboard/controllers/auth.py
         - Resolved branch divergence conflicts.
       src/pybind/mgr/dashboard/services/auth.py
         - Resolved branch divergence  conflicts.
       src/pybind/mgr/dashboard/requirements.txt
         - Removed specific version (already done in master branch).

Merge pull request #39720 from ifed01/wip-ifed-fix-no-cache-trim-nau

nautilus: os/bluestore: go beyond pinned onodes while trimming the cache.

Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>

Merge pull request #39747 from pcuzner/wip-49540-nautilus

nautilus: mgr/prometheus: Add SLOW_OPS healthcheck as a metric

Reviewed-by: Neha Ojha <nojha@redhat.com>

Merge pull request #39756 from ifed01/wip-ifed-zero-read-retry-nau

nautilus: os/bluestore: Add option to check BlueFS reads

Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>

Merge pull request #39646 from rhcs-dashboard/wip-49389-nautilus

nautilus: mgr/dashboard: fix tooltip for Provisioned/Total Provisioned fields

Reviewed-by: Aashish Sharma <aasharma@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #39526 from rhcs-dashboard/wip-49327-nautilus

nautilus: mgr/dashboard: avoid using document.write()

Reviewed-by: Laura Paduano <lpaduano@suse.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #39342 from smithfarm/wip-49202-nautilus

nautilus: common: skip interfaces starting with "lo" in find_ipv{4,6}_in_subnet()

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39340 from smithfarm/wip-48897-nautilus

nautilus: mgr: fix deadlock in ActivePyModules::get_osdmap()

Reviewed-by: Kefu Chai <kchai@redhat.com>

Merge pull request #39339 from smithfarm/wip-48558-nautilus

nautilus: mgr/restful: fix TypeError occurring in _gather_osds()

Reviewed-by: Boris Ranto <branto@redhat.com>

Merge pull request #39338 from smithfarm/wip-48575-nautilus

nautilus: mgr/crash: Serialize command handling

Reviewed-by: Brad Hubbard <bhubbard@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>

Merge pull request #39255 from ifed01/wip-ifed-fsck-spanning-nau

nautilus: os/bluestore: detect and fix "zombie" spanning blobs using fsck.

Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>
Reviewed-by: Neha Ojha <nojha@redhat.com>

Merge pull request #39126 from smithfarm/wip-48987-nautilus

nautilus: core: osd: An empty bucket or OSD is not an error

Reviewed-by: Brad Hubbard <bhubbard@redhat.com>

Merge pull request #39543 from aaSharma14/wip-48588-nautilus

nautilus: mgr/dashboard: RGW User Form is validating disabled fields

Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #39470 from jan--f/wip-49290-nautilus

nautilus: ceph-volume: Update batch.py

os/bluestore: go beyond pinned onodes while trimming the cache.

One might face lack of cache trimming when there is a bunch of pinned entries on the top of Onode's cache LRU list. If these pinned entries stay in the state for a long time cache might start using too much memory causing OSD to go out of osd-memory-target limit. Pinned state tend to happen to osdmap onodes.
The proposed patch preserves last trim position in the LRU list (if it pointed to a pinned entry) and proceeds trimming from that position if it wasn't invalidated. LRU nature of the list enables to do that safely since no new entries appear above the previously present entry while it's not touched.

Fixes: https://tracker.ceph.com/issues/48729
Signed-off-by: Igor Fedotov <ifedotov@suse.com>

Merge pull request #39706 from batrick/i48286

nautilus: rados/upgrade/nautilus-x-singleton fails due to cluster [WRN] evicting unresponsive client

Reviewed-by: Yuri Weinstein <yweinste@redhat.com>

Merge pull request #39276 from smithfarm/wip-49130-nautilus

nautilus: rgw: fix trailing null in object names of multipart reuploads

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #39661 from pponnuvel/wip-49440-nautilus

nautilus: rgw: radosgw-admin: clarify error when email address already in use

Reviewed-by: Casey Bodley <cbodley@redhat.com>

Merge pull request #39651 from smithfarm/wip-49055-nautilus

nautilus: common/mempool: Improve mempool shard selection

Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>

Merge pull request #39698 from ifed01/wip-ifed-fix-huge-bluefs-nau

nautilus: os/bluestore: fix huge read/writes in BlueFS

Reviewed-by: Jianpeng Ma <jianpeng.ma@intel.com>
Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>

Merge pull request #39650 from smithfarm/wip-49182-nautilus

nautilus: test/rbd-mirror: fix broken ceph_test_rbd_mirror_random_write

Reviewed-by: Mykola Golub <mgolub@mirantis.com>

Merge pull request #39324 from rzarzynski/wip-librados-nul-objname-nautilus

nautilus: librados, tests: allow to list objects with the NUL character in names

Reviewed-by: J. Eric Ivancich <ivancich@redhat.com>

Merge pull request #39708 from smithfarm/wip-48282-nautilus

nautilus: osd: fix bluestore bitmap allocator calculate wrong last_pos with hint

Reviewed-by: Igor Fedotov <ifedotov@suse.com>
Reviewed-by: Neha Ojha <nojha@redhat.com>

Merge pull request #39509 from k0ste/wip-49314-nautilus

nautilus: mgr/dashboard: prometheus alerting: add some leeway for package drops and errors

Reviewed-by: Patrick Seidensal <pnawracay@suse.com>

Merge pull request #39329 from rzarzynski/wip-tool-nul-in-rados-nautilus

nautilus: tools/rados: add support for binary object names in the rados CLI

Reviewed-by: J. Eric Ivancich <ivancich@redhat.com>

os/bluestore: Add option to check BlueFS reads

Add option "bluefs_check_for_zeros" to check if there are any zero-filled page.
If so, reread data. It is known that sometimes BlueStore gets such pages.
See "bluestore_retry_disk_reads".

Signed-off-by: Adam Kupczyk <akupczyk@redhat.com>
(cherry picked from commit 7e495c57fe0ec8d8bdb1dbff90b177e656a22cbe)

Conflicts:
(lack of fresh stuff in bufferlist) src/os/bluestore/BlueFS.cc

mgr: add doc to describe relationship to prometheus

The healthcheck for slow_ops is used by the mgr/prometheus
module so it's important the alert generated matches the
format expected in mgr/prometheus.

Signed-off-by: Paul Cuzner <pcuzner@redhat.com>
(cherry picked from commit fc1905b4a74aedc6bdbc928b6d6e514183bbf090)

Conflicts:
src/mgr/DaemonHealthMetricCollector.cc

- docstring added to describe the link to mgr/prometheus conflicted with the
const fmt definition for the message. resolved by adding doc under the const
definition.

mgr/prometheus: Add healthcheck metric for SLOW_OPS

SLOW_OPS is triggered by op tracker, and generates a health
alert but healthchecks do not create metrics for prometheus to
use as alert triggers. This change adds SLOW_OPS metric, and
provides a simple means to extend to other relevant health
checks in the future

If the extract of the value from the health check message fails
we log an error and remove the metric from the metric set. In
addition the metric description has changed to better reflect
the scenarios where SLOW_OPS can be triggered.

Signed-off-by: Paul Cuzner <pcuzner@redhat.com>
(cherry picked from commit 2010432b5045c8f1dd0c052def497e590a1bf2fe)

Conflicts:
src/pybind/mgr/prometheus/module.py
- Nautilus doesn't have the profile_method decorator, so needed to be removed

Merge pull request #39441 from rhcs-dashboard/49278-py2-unicode-password

nautilus: mgr/dashboard: python 2: error when setting non-ASCII password

Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>

Merge pull request #39129 from smithfarm/wip-48376-nautilus

nautilus: cephfs: client: check rdonly file handle on truncate

Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>

Merge pull request #37906 from ideepika/backport-a7f18e4

nautilus: qa/tasks/{ceph,ceph_manager}: drop py2 support

Reviewed-by: Ramana Raja <rraja@redhat.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Reviewed-by: Yuri Weinstein <yweinste@redhat.com>

osd: fix bluestore bitmap allocator calculated wrong last_pos with hint

Fixes: https://tracker.ceph.com/issues/48214
Signed-off-by: Xue Yantao <jhonxue@tencent.com>
(cherry picked from commit ad3c7cdf6fabbb4a8b542b793d632cae87ee3640)

common/mempool: include standard thread library

Attempt to address FTBFS:

/home/jenkins-build/build/workspace/ceph-pull-requests/src/test/test_mempool.cc:399:11: error: request for member 'clear' in 'workers', which is of non-class type 'int'
399 | workers.clear();
| ^~~~~

seen in nautilus.

Signed-off-by: Nathan Cutler <ncutler@suse.com>

qa: ignore evicted client warnings for nautilus upgrades

Nautilus monitors do not note the client sessions in the mgrmap. So when
we upgrade the warnings are unavoidable.

Fixes: https://tracker.ceph.com/issues/47689
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 2163c60916bb1e5249dcff3e33822ddb1ead4653)

Conflicts:
      qa/suites/upgrade/mimic-x/parallel/1-ceph-install/mimic.yaml
      qa/suites/upgrade/nautilus-x-singleton/1-install/nautilus.yaml
      qa/suites/upgrade/nautilus-x/stress-split/1-ceph-install/nautilus.yaml

mgr: log reason for respawn

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit b835b07bc3c2936169dc3e6a212a2e29885246f7)

Merge pull request #39001 from Vicente-Cheng/wip-48520-nautilus

nautilus: client: add ceph.{cluster_fsid/client_id} vxattrs suppport

Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>

common/mempool: Add test for mempool in btree_map

Signed-off-by: Adam Kupczyk <akupczyk@redhat.com>
(cherry picked from commit b426e52d0425f3ececf48c7936d3d6d0eeb69ebf)

Conflicts:
src/test/test_mempool.cc
- tests went into nautilus in a different order

Merge pull request #39544 from aaSharma14/wip-48733-nautilus

nautilus: mgr/dashboard: minimize console log traces of Ceph backend API tests

Reviewed-by: Avan Thakkar <athakkar@redhat.com>

Merge pull request #39518 from aaSharma14/wip-49323-nautilus

nautilus: mgr/dashboard: fix MTU Mismatch alert

Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>

Merge pull request #38885 from yanghonggang/wip-48857-nautilus

nautilus: rgw: multisite: Verify if the synced object is identical to source

Reviewed-by: Casey Bodley <cbodley@redhat.com>

common/mempool: copies bufferlist assignment to mempool through rebuild

Fixes: https://tracker.ceph.com/issues/46027
Signed-off-by: Adam Kupczyk <akupczyk@redhat.com>
(cherry picked from commit b3a6d18ea64e0f70e0d3371cbfcd21280677000e)

Conflicts:
src/test/test_mempool.cc
- nautilus version of this file has less tests than master

nautilus: mgr/dashboard: python 2: error when setting user's non-ASCII password

Fixes: https://tracker.ceph.com/issues/49278
Signed-off-by: Alfonso Martínez <almartin@redhat.com>

Merge pull request #39658 from kotreshhr/ceph-vol-client-update-fix-volumes-key-nautilus

nautilus: pybind/ceph_volume_client: Update the 'volumes' key to 'subvolumes' in auth-metadata file

Reviewed-by: Ramana Raja <rraja@redhat.com>

os/bluestore: fix huge (>4GB) bluefs reads

Signed-off-by: Igor Fedotov <ifedotov@suse.com>
(cherry picked from commit fe558c4dd12b25b2d523987f22fde5b5898cfb83)

Conflicts:
(still present buf param in BlueFS::read, lack of )https://github.com/ceph/ceph/pull/34421)
src/os/bluestore/BlueFS.cc
src/os/bluestore/BlueFS.h
src/os/bluestore/BlueRocksEnv.cc
src/test/objectstore/test_bluefs.cc

os/bluestore: fix huge(>4GB) writes from RocksDB to BlueFS.

Fixes: https://tracker.ceph.com/issues/49168
Signed-off-by: Igor Fedotov <ifedotov@suse.com>
(cherry picked from commit 5f94883ec8d64c02b2bb499caad8eaf91dd715f7)

Conflicts:
(lack of bufferlist refactor from https://github.com/ceph/ceph/pull/36754)
(lack of single allocator support from https://github.com/ceph/ceph/pull/30838)
src/os/bluestore/BlueFS.h
src/test/objectstore/test_bluefs.cc

test/unittest_bluefs: always remove temp bdev file

we leave files in build directory if the test fails. better off
removing them.

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit a38122fdf77378d67eb97a5a2c55805181d921c2)

os/bluestore/BlueRocksEnv: Avoid flushing too much data at once.

Although, in _flush func we already check length. If length of dirty
is less then bluefs_min_flush_size, we will skip this flush.
But in fact, we found rocksdb can call many times Append() and then
call Flush(). This make flush_data is much larger than
bluefs_min_flush_size.

From my test, w/o this patch, it can reduce 99.99% latency(from
145.753ms to 20.474ms) for 4k randwrite with bluefs_buffered_io=true.

Because Bluefs::flush acquire lock. So we add new api try_flush
to avoid lock contention.

Signed-off-by: Jianpeng Ma <jianpeng.ma@intel.com>
(cherry picked from commit 3a1d4ff6dcdcd897d31a85ef82c726599624b66d)

mgr/volumes: Bump up AuthMetadataManager's version

With ceph_volume_client and mgr-volumes co-existing
for sometime, the version of both needs to be same.
The ceph_volume_client version <=5 can't decode
'subvolumes' key in auth-metadata file. Hence to
handle version in-compatibility, the version of
ceph_volume_client is bumped up to 6 and the same
needs to be done in mgr-volume's AuthMetadataManager

Fixes: https://tracker.ceph.com/issues/49374
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 818c7781ff0467c6521bf2b3002b094fb8a71257)

pybind/ceph_volume_client: Bump up the version and compat_version to 6

With 'volumes' key updated to 'subvolumes', the version of
ceph_volume_client <= 5 can't decode auth-metadata file. Hence
bumping up ceph_volume_client version and compat_version to 6.

Fixes: https://tracker.ceph.com/issues/49294
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit ce55a0bcdc5db139fc8f39665c372f1b7cc274a7)

pybind/ceph_volume_client: Fix auth-metadata file recovery

Fixes: https://tracker.ceph.com/issues/49294
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 99cdfdad59175a19bc06859e69301ca0478a2db4)

pybind/ceph_volume_client: Update the 'volumes' key to 'subvolumes' in auth metadata file

The older auth metadata files before nautilus release stores
the authorized subvolumes using the 'volumes' key. As the
notion of 'subvolumes' brought in by mgr/volumes, it makes
sense to use 'subvolumes' key. This patch would be tranparently
update 'volumes' key to 'subvolumes' and newer auth metadata
files would store them with 'subvolumes' key.

Also fails the deauthorize if the auth-id doesn't exist.

Fixes: https://tracker.ceph.com/issues/49294
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit dee03c8d5c0b86cf51865090bec203419a3008a9)

pybind/ceph_volume_client: logger.warn() -> logger.warning()

logger.warn() is the same as logger.warning(), but was removed in py3.3

Signed-off-by: Michael Fritch <mfritch@suse.com>
(cherry picked from commit fe4c7fd7471bf724c4a1f027580d9bae3ddc24eb)

tools/rados: assign to optional<> without deref'ing it

this change addresses a regression introduced by
d333b35aa10bf03a8bc047994d5cf3fed019b49a

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 41d68594ae6df343782a1c382ac0bddc8cb7cb69)

rgw/radosgw-admin clarify error when email address already in use

The error message if you try and create an S3 user with an email
address that is already associated with another S3 account is very
confusing; this patch makes it much clearer

To reproduce:

radosgw-admin user create --uid=foo --display-name="Foo test" --email=bar@domain.invalid
radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid
could not create user: unable to parse parameters, user id mismatch, operation id: foo does not match: test

With this patch:

radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid
could not create user: unable to create user test because user id foo already exists with email bar@domain.invalid

Fixes: https://tracker.ceph.com/issues/49137
Fixes: https://tracker.ceph.com/issues/19411
Signed-off-by: Matthew Vernon <mv3@sanger.ac.uk>
(cherry picked from commit 05318d6f71e45a42a46518a0ef17047dfab83990)

common: move gen_rand_alphanumeric() helpers into common

and adds overloads that return std::string directly

the motivation is to remove cls_otp's dependency on rgw_common.h

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit bfa76731aa338ca2c8a9e6dc52a19ae71aeb0bbf)

Conflicts:
src/common/CMakeLists.txt
- no rabin.cc in nautilus