Fixes https://tracker.ceph.com/issues/70366
- adds support for ISV
- using jmespath expression for fetching roles from payload
- added roles_path parameter in sso enable command as optional argument
- modified roles mapper for sso login
Signed-off-by: Afreen Misbah <afreen@ibm.com>
* refs/pull/58376/head:
Temporarily change the libcephfs dependencies
proxy: Add the design document
proxy: Add the proxy to the deb builds
proxy: Add the proxy to the rpm builds
Initial version of the libcephfs proxy
Reviewed-by: Sachin Prabhu <sp@spui.uk>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
One can attach lua scripts as sort of hooks to implement dynamic
checks or transformations of RGW requests since Ceph Pacific. Thus, a
lua library is now required for base support and optionally one can
use the luarocks deployment and management system for Lua modules to
use more advanced scripts/modules.
With commit 46500cace6 ("rgw/test/lua: add lua integration tests
suite") the dependency relations got cleaned up, as the respective
entries were missing completely from debian/control.
But that commit is pulling in much more than required due to adding
the devel package `liblua5.3-dev` instead of the library-only
`liblua5.3-0` one, and having `luarocks` as hard dependency compared
to an optional Suggests. Fixing that avoids pulling in a whole
build/compiler/autotools/... stack with 65 new packages just when one
wants to use librgw2 or python3-rgw for simple RGW requests, or just
needs the ceph-common package, which pulls in librgw2 transitively.
This was reported by prolific community member Neobin on the Proxmox
forum [0], and then discussed on the original PR, adding the
dependencies [1].
[0]: https://forum.proxmox.com/threads/156433/post-715148
[1]: https://github.com/ceph/ceph/pull/52931#issuecomment-2441253989
Fixes: https://tracker.ceph.com/issues/68873
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This (already deprecated) module is removed as a side-effect of the
deprecation and removal of the `restful` module.
Fixes: https://tracker.ceph.com/issues/47066
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
in 0985e201, "packaging" was introduced as a runtime dependency of
ceph-volume, and `ceph.spec.in` was updated accordingly to note
this new dependency. but the debian packaging was not updated.
in 80edcd40, the missing dependency was added to debian/control as
one of ceph-volume's runtime dependency.
but dh_python3 is able to figure out the dependencies by reading
the egg's metadata of the ceph-volume python module. and as a
python project, ceph-volume is using its `setup.py` for
tracking its dependencies.
so in order to be more consistent, and keep all of its dependencies
in one place, let's move this dependency to setup.py . as the
packagings in both distros are able to figure the dependencies
from egg-info.
see also
- https://manpages.debian.org/testing/dh-python/dh_python3.1.en.html#dependencies
- https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_201x/#_automatically_generated_dependencies
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
Since commit 0985e20134 ("ceph-volume: use 'no workqueue' options
with dmcrypt") the python "packaging" module is used to parse the
cryptsetup version output, but the debian packaging was not updated to
record that new dependency.
So simply record this in the d/control file, adding a <pkg>.requires
file seemed to not really winning us anything here.
Fixes: https://tracker.ceph.com/issues/67290
Fixes: 0985e20134
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
When running test-dedup-tool.sh on Ubuntu, the binary for ceph-dedup-daemon
is not installed, resulting in the failure of test_sample_dedup due to its
exclusion from ceph-test debian package.
To fix this issue, this commit includes the ceph-dedup-daemon in ceph-test debian
package.
Fixes: https://tracker.ceph.com/issues/66368
Signed-off-by: Sungmin Lee <sung_min.lee@samsung.com>
in 844b66de, we stopped using pkg_resources for import packaging.
and the exact reason why we introduced pkg_resources was for using
the packaging python module, see cf608920.
so, let's partially revert cf608920.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
in 110db72e, we added the rgw mgr module to ceph-mgr-modules-core
rpm package. but we didn't add this module to the corresponding
debian package.
rgw mgr module provides a simple interface to deploy RGW multisite
setup. so it would be nice to have it in ceph's debian packages as
well.
despite that rgw is not part of the core features, since this module
is already in ceph-mgr-modules-core rpm package, and it is relatively
small and does not pulling extra dependencies, let's added to the
debian packge with the same name. we can revisit this decision and
extract it out in a following up change if it is necessary in future.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
instead of relying on the internal implementation of pkg_resources,
let's import packaging directly.
in this change, we also add the dependency to the packaging module
in the packaging recipes.
See also https://github.com/pypa/setuptools/issues/4385
Fixes https://tracker.ceph.com/issues/66201
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
A rather recent PR made ceph-crash run as "ceph" user instead of
root [0]. However, because /var/lib/ceph/crash/posted belongs to root,
ceph-crash cannot actually post any crash logs now.
This commit fixes this by recursively updating the permissions of
'/var/lib/ceph/crash', which ensures that all files and directories
used by 'ceph-crash.service' are actually owned by the user configured
for Ceph. This also accounts for existing installations.
Additionally, quote interpolated variables and use curly braces [1].
[0]: #48713
[1]: https://www.shellcheck.net/wiki/SC2086
Fixes: https://tracker.ceph.com/issues/64548
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
For this, the grafana dashboards are installed directly to the
containers and later, cephadm picks it up to mount the dashboards to the
grafana container
Signed-off-by: Nizamudeen A <nia@redhat.com>
debian/*.postinst: add adduser as a dependency and specify --home when adduser
Reviewed-by: Laura Flores <lflores@redhat.com>
Reviewed-by: Adam King adking@redhat.com
It is hard for Debian/Ubuntu users to use ceph-exporter
because it is not included in any deb packages.
This commit adds a new deb package for ceph-exporter.
Fixes: https://tracker.ceph.com/issues/64095
Signed-off-by: Shinya Hayashi <shinya-hayashi@cybozu.co.jp>
--gecos option of adduser is deprecated in debian/bookworm, and
will be removed in debian/trixie,
see https://manpages.debian.org/bookworm/adduser/adduser.8.en.html.
so to be future-proof, let's switch to `usermod --comment`. please
note, since we still need to support ubuntu/jammy which is used in
our CI, and `adduser` shipped by ubuntu/jammy does not support
`--comment` yet, so we cannot use this option.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
for better readability, and to be more consistent with the rest
of this file, and other .postinst scripts of this project.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
quote from adduser/NEWS.Debian.gz:
> System user home defaults to /nonexistent if --home is not specified.
> Packages that call adduser to create system accounts should explicitly
> specify a location for /home (see Lintian check
> maintainer-script-lacks-home-in-adduser).
so let's follow this change in adduser. otherwise "cephadm"
would have a $HOME at `/nonexistent`.
Fixes: https://tracker.ceph.com/issues/64069
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
now that adduser allows us to set its home directory, we can do
this using adduser instead of using usermod. this change also
silences the warning from lintian
"maintainer-script-lacks-home-in-adduser". lintian complains if
`adduser --system` is called without passing `--home` option.
also, take this opportunity to s/-c/--comment/ in the command line
of `usermod`, for better readability.
Fixes: https://tracker.ceph.com/issues/64069
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
in `debian/ceph-common.postinst` and `debian/cephadm.postinst`, we
use `adduser --system` to create the system user when configuring
the corresponding package.
before this change, the dependency is not listed in the runtime
`Depends` section of ceph-common and cephadm.
in this change, the dependency is added. this is also suggested
by Securing Debian Manual, see
https://www.debian.org/doc/manuals/securing-debian-manual/bpp-lower-privs.en.html
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
Move the JWT requirement to the test requirements file. Also remove JWT from ceph specification and debian build.
Signed-off-by: Daniel Persson <mailto.woden@gmail.com>
The `ceph-mgr` package lost its dependency on `python3-bcrypt` when
the dependencies got moved from d/control to a dh_python3 compatible
requires file. Add it again as the bcrypt module is still used there.
Otherwise one gets errors when, e.g., calling `ceph -s` after a fresh
installation:
> 13 mgr modules have failed dependencies
> Module 'balancer' has failed dependency: No module named 'bcrypt'
> Module 'crash' has failed dependency: No module named 'bcrypt'
> Module 'devicehealth' has failed dependency: No module named 'bcrypt'
> Module 'iostat' has failed dependency: No module named 'bcrypt'
> Module 'nfs' has failed dependency: No module named 'bcrypt'
> Module 'orchestrator' has failed dependency: No module named 'bcrypt'
> Module 'pg_autoscaler' has failed dependency: No module named 'bcrypt'
> Module 'progress' has failed dependency: No module named 'bcrypt'
> Module 'rbd_support' has failed dependency: No module named 'bcrypt'
> Module 'restful' has failed dependency: No module named 'bcrypt'
> Module 'status' has failed dependency: No module named 'bcrypt'
> Module 'telemetry' has failed dependency: No module named 'bcrypt'
> Module 'volumes' has failed dependency: No module named 'bcrypt'
Fixes: https://tracker.ceph.com/issues/63637
Fixes: ef19547e83 ("debian: add .requires for specifying python3 deps")
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
In the cases of ceph-base, ceph-common, and ceph-fuse, this picks up
that these packages contain python scripts and adds a necessary
python3 dependency. In the case of ceph-volume it additionally parses
the requirements.txt file.
Signed-off-by: Matthew Vernon <mvernon@wikimedia.org>
Installation of init scripts properly belongs with dh_installinit, so
move the installation there.
That means we no longer need the override of dh_auto_build, which
simplifies the rules file.
Signed-off-by: Matthew Vernon <mvernon@wikimedia.org>
cephadm is a compressed zipapp, and dh3_python3 doesn't understand
this sort of binary file, so fails to produce the required python3
dependency. So specify this explicitly in debian/control
Signed-off-by: Matthew Vernon <mvernon@wikimedia.org>
debian/ceph-base.docs only referred to a README that doesn't exist, so
remove it. Because dpkg-source doesn't reflect deletions from debian/
cf the orig.tar.gz, also remove the file in dh_auto_clean.
Then do away with the removal of the empty override of dh_installdocs;
the main benefit of which here is that debian/copyright gets installed
in all of the built packages, which otherwise lack a copyright
file.
Signed-off-by: Matthew Vernon <mvernon@wikimedia.org>
This means that debian/control matches changelog entries, and that the
Maintainer address is up to date.
Signed-off-by: Matthew Vernon <mvernon@wikimedia.org>
Bring the dh compat level to 12, the most recent supported by the
oldest supported Ubuntu LTS release, 20.04. This necessitates changes
to how initscripts & systemd packaging are done.
Signed-off-by: Matthew Vernon <mvernon@wikimedia.org>
