When RGW fails to get a lock on a reshard log, we log it in such a way
that it looks like an error. Instead we'll make sure that the log
message is informational.
Signed-off-by: J. Eric Ivancich <ivancich@redhat.com>
* CVE-2021-20288:
qa/standalone: default to disable insecure global id reclaim
qa/suites/upgrade/octopus-x: disable insecure global_id reclaim health warnings
qa/tasks/ceph[adm].conf[.template]: disable insecure global_id reclaim health alerts
cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap
mon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]
auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys
auth/cephx: rotate auth tickets less often
mon: fail fast when unauthorized global_id (re)use is disallowed
auth/cephx: option to disallow unauthorized global_id (re)use
auth/cephx: make cephx_decode_ticket() take a const ticket_blob
auth/AuthServiceHandler: keep track of global_id and whether it is new
auth/AuthServiceHandler: build_cephx_response_header() is cephx-specific
auth/AuthServiceHandler: drop unused start_session() args
mon/MonClient: drop global_id arg from _add_conn() and _add_conns()
mon/MonClient: reset auth state in shutdown()
mon/MonClient: preserve auth state on reconnects
mon/MonClient: claim active_con's auth explicitly
mon/MonClient: resurrect "waiting for monmap|config" timeouts
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
make-dist: refuse to run if script path contains a colon
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
mon: MMonProbe: direct MMonJoin messages to the leader, instead of the first mon
Reviewed-by: Sam Just <sjust@redhat.com>
Reviewed-by: Kefu Chai <kchai@redhat.com>
* refs/pull/40735/head:
mgr/orchestractor: rgw realm and zone flags must both be provided
Reviewed-by: Juan Miguel Olmo <jolmomar@redhat.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Reviewed-by: Adam King <adking@redhat.com>
* refs/pull/40734/head:
mgr/cephadm: make prometheus scrape ingress haproxy
doc/cephadm: remove big warning about stability
doc/cepham/compatibility: rgw-ha -> ingress; note possibility of breaking changes
mgr/cephadm: ingress: add optional virtual_interface_networks
doc/cephadm/rgw: clean up example spec
mgr/cephadm/services/ingress: less verbose about prepare_create
doc/cephadm/rgw: add note about which ethernet interface is used
cephadm: make keepalived unit fiddle sysctl settings
mgr/orchestrator: report external endpoints from 'orch ls'
mgr/orchestrator: drop - when no ports
doc/cephadm/rgw: update docs for ingress service
mgr/cephadm: use per_host_daemon feature in scheduler
mgr/cephadm/schedule: add per_host_daemon_type support
mgr/cephadm: HA_RGW -> Ingress
mgr/cephadm: include daemon_type in DaemonPlacement
mgr/cephadm: update list-networks to report interface names too
mgr/orchestrator: streamline 'orch ps' PORTS formatting
mgr/cephadm/schedule: handle multiple ports per daemon
mgr/cephadm/utils: resolve_ip(): prefer IPv4
Reviewed-by: Sebastian Wagner <swagner@suse.com>
to silence warning from GCC when performing release build, like:
../src/tools/osdmaptool.cc: In function ‘int main(int, const char**)’:
../src/tools/osdmaptool.cc:472:9: warning: variable ‘r’ set but not used [-Wunused-but-set-variable]
472 | int r = clock_gettime(CLOCK_MONOTONIC, &round_start);
| ^
Signed-off-by: Kefu Chai <kchai@redhat.com>
in the latest document generated from RtD, the spacing after `ul li p`
elements is set to 24px as the plain `p` elements. but this the lists
more sparse and difficult to read.
in this change, the spacing is restored to 0 as it was in old theme.css
in sphinx_rtd_theme.
Signed-off-by: Kefu Chai <kchai@redhat.com>
When monitors are joining a cluster, they may send an MMonJoin message to place
themselves correctly in the map in either handle_probe_reply() or
finish_election(). These messages must be sent to the leader -- monitors do not
forward each other's messages.
Unfortunately, this scenario was missed when converting the monitors to support
connectivity-based elections, and they're sending these messages to
quorum.begin(). Fix this by including an explicit leader in MMonProbe (that the
new monitor may reference in handle_probe_reply) and using the leader
value in both locations.
Fixes: https://tracker.ceph.com/issues/50345
Signed-off-by: Greg Farnum <gfarnum@redhat.com>
It may be that the virtual IP we want to use is not in the same network
as any existing IPs on the host. In that case, allow the spec to specify
a list of networks to match against existing IPs so that a match will
identify an ethernet interface to use.
Signed-off-by: Sage Weil <sage@newdream.net>
This will be used to schedule a per-host keepalived alongside other
services.
Implement this as a final stage for place() that puts one per host and
also takes existing/stray daemons into consideration.
Signed-off-by: Sage Weil <sage@newdream.net>
Sync up with master up to commit 3d8e73b266 ("Merge pull request
#40731 from tchaikov/wip-yamlize-options"). Specifically, bring in
src/common/options.cc yamlization and move new auth-related options
into src/common/options/global.yaml.in.
Conflicts:
src/common/options.cc
src/common/options/global.yaml.in
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
1) make reference to python3 indepedant of explicit path
2) add required py-yaml module to install list
fixes: #40731
Signed-off-by: Willem Jan Withagen <wjw@digiware.nl>
