Based on the previous commits making the remote executables auditable
and explicit, document the admin's ability to restrict password-less
sudo access to only the set of commands cephadm actually uses.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Converting a remote command to something that other libs uses requires
converting the enum to a string. Python behavior in the area varies
across versions so add a unit test that verifies the conversion
behaves as intended.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Update ssh.py and other code using it to only allow commands wrapped
in particular python types as executables on the remote hosts.
By using a specific type for remote executables we make the code more
auditable, avoiding the possibility of executing arbitrary strings
as commands with sudo. This is all enforced by mypy's type checking.
The result is a list of commands that the cephadm mgr module may
execute on a remote host using sudo:
```
$ git ls-files -z | xargs -0 grep 'RemoteExecutable(' -d skip -h | grep
-v '(str)' | sed -e 's/.*RemoteExecutable(//' -e 's/)//' -e 's/,$//'
'which'
'/usr/bin/cephadm'
python
'chmod'
'ls'
'sysctl'
'chown'
'mkdir'
'mv'
'touch'
'rm'
'true'
```
Note that *python* is special as it is based on the output of which and
may vary from OS to OS. The quoted items are used exactly as named.
Only the binary at `/usr/bin/cephadm` _or_ the dynamically discovered
python3 binary will be used. This depends on a configuration option for
the cephadm module.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
rgw/notification: Fix the notification FilterRule to emit unique key name in json & Log successful delivery of notification event.
Reviewed-by: Yuval Lifshitz <ylifshit@redhat.com>
FilterRules when processed as dict in json, emits samy key name for prefix, suffix causing failure while parsing the json notification output.
So change the type FilterRules from JsonDict to Array while dumping in json.
Signed-off-by: kchheda3 <kchheda3@bloomberg.net>
Add a command that explains how to map a formatted clone when the parent
image and the formatted clone have different encryption types.
Signed-off-by: Zac Dover <zac.dover@proton.me>
Stop using --force-priority except when necessary.
Squid still gets elevated priority due to the increased attention with the
imminent release.
I've differentiated the priorities some in that release branches should get
higher priority than the main branch and that older release branches should be
prioritized over newer ones. Finally, upgrade tests should be prioritized over
other nightlies.
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
i.e., this implements ObjectSizeGreaterThan and ObjectSizeLessThan
for supported expiration and transition actions.
Fixes: https://tracker.ceph.com/issues/63304
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Per AWS doc, this value controls "how many noncurrent versions
Amazon S3 will retain." [1] We understand this to mean, retain
NewerNoncurrentVersions of any object, regardless of expiration.
Removed unused RGWLifecycleConfiguration::has_same_action() (cleanup)
[1] https://docs.aws.amazon.com/AmazonS3/latest/API/API_NoncurrentVersionExpiration.html.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
* refs/pull/55813/head:
qa: Add test for first damage of lost+found
tools/cephfs: Fix first-damage to include missing dirs
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
librbd: account for discards that truncate in ObjectListSnapsRequest
Reviewed-by: Mykola Golub <mgolub@suse.com>
Reviewed-by: Ramana Raja <rraja@redhat.com>
Add information on the arguments required when mapping the
formatted clone of an encrypted parent image.
Co-authored-by: Zac Dover <zac.dover@proton.me>
Signed-off-by: N Balachandran <nibalach@redhat.com>
the endpoint passed down to util.query() is wrong:
is passes the full url (scheme://addr:port/path) where it should only
pass the path. The cause is that RedFishClient.login() basically stores
the value of the Location header in `self.location`.
The consequence of this is that it makes the client unable to properly logout.
Fixes: https://tracker.ceph.com/issues/64894
Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com>
* refs/pull/54485/head:
mds/quiesce-db: keep the db thread alive until shutdown
mds/quiesce-db: incorporate review comments
mds/quiesce: declare QuiesceDbPeerListing and QuiesceDbPeerAck
mds/quiesce: resolve the quiesce cluster at the mds monitor
include/types: add an I/O helper for std::unordered_map
messages: avoid using mutable members in MMDSQuiesce*
mds/quiesce-db: incorporate review comments
doc/cephfs/fs-volumes: doc fixes and updates
pybind/mgr: correct type hints for `get_quiesce_leader_info`
mds/quiesce: only use ACTIVE daemons for the quiesce cluster
mds,messages: quiesce db inter-rank messaging
mds/quiesce: MDSRankQuiesce - integration of the quiesce db manager
doc/cephfs/fs-volumes: Add info about the quiesce command
doc: fixes for local dev builds
mgr/volumes: support for `fs subvolume quiesce`
mgr/volumes: use `volume_exception_to_retval` as a decorator
pybind/mgr: add a `one-shot` parameter to send_command
mds/quiesce: QuiesceAgent implementation and unit tests
mds/quiesce: QuiesceDb.h and QuiesceDbManager with tests
common/Timer.cc: improve debug messages from the timer_thread
mds: MDSRank.cc: return status from `send_message_mds`
encoding: add emplace variants for map dencoders
common/Cond: make C_SaferCond private members protected to facilitate inheritance
qa/tasks/cephfs: give the tests more time to run heavy fs workloads
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
