mds: optionally forbid to use standby for another fs as last resort
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Rishabh Dave <ridave@redhat.com>
When "fs authorize" subcommand is executed for the second time with
different caps, the subcommand exits with error. Modify the behaviour so
that the caps passed every subsequent time is incorporated in to the caps
that are already present in the entity's keyring.
Behaviour before this commit -
$ ./bin/ceph fs authorize a client.x1 / rw
[client.x1]
key = AQBirqxg5KHeFxAAgOm6lHMYych6OTI+y1HJKw==
$ ./bin/ceph fs authorize b client.x1 / rw
Error EINVAL: client.x1 already has fs capabilities that differ from those supplied. To generate a new auth key for client.x1, first remove client.x1 from configuration files, execute 'ceph auth rm client.x1', then execute this command again.
$ ./bin/ceph auth get client.x1
[client.x1]
key = AQBirqxg5KHeFxAAgOm6lHMYych6OTI+y1HJKw==
caps mds = "allow rw fsname=a"
caps mon = "allow r fsname=a"
caps osd = "allow rw tag cephfs data=a"
exported keyring for client.x1
After this commit -
$ ./bin/ceph fs authorize a client.x1 / rw
[client.x1]
key = AQDvrqxgU3I3FBAAJWwF6ZtcOVeHH8TA8CwWmQ==
$ ./bin/ceph fs authorize b client.x1 / rw
updated caps for client.x1
$ ./bin/ceph auth get client.x1
[client.x1]
key = AQDvrqxgU3I3FBAAJWwF6ZtcOVeHH8TA8CwWmQ==
caps mds = "allow rw fsname=a, allow rw fsname=b"
caps mon = "allow r fsname=a, allow r fsname=b"
caps osd = "allow rw tag cephfs data=a, allow rw tag cephfs data=b"
exported keyring for client.x1
Fixes: https://tracker.ceph.com/issues/47264
Signed-off-by: Rishabh Dave <ridave@redhat.com>
MDSAuthCaps: bug fixes
Signed-off-by: Rishabh Dave <ridave@redhat.com>
* refs/pull/51278/head:
mgr/snap_schedule: rephrase log message when pruning
doc: add note about snap-schedule snapshot retention
qa: test user defined number of snaps retention spec
mgr/snap_schedule: adapt test to new argument list
doc/cephfs: Add note how mds_max_snaps_per_dir affects snapshot retention
mgr/snap_schedule: Use mds_max_snaps_per_dir as snapshot count limit
Reviewed-by: Dhairya Parmar <dparmar@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
pybind/rados: keep byte representation if decode fails
Reviewed-by: Samuel Just <sjust@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Dhairya Parmar <dparmar@redhat.com>
This topic has been discussed many times; recently at the Dev
Summit of Cephalocon 2023.
This commit is the minial version of the work, contained entirely
within the `doc`. However, likely it will be expanded as there
were ideas like e.g. adding cache tiering back experimental feature
list (Sam) to warn users when deploying a new cluster.
Signed-off-by: Radosław Zarzyński <rzarzyns@redhat.com>
This was missed in commit 1a1477b9fd ("rbd-mirror: add and rename
perf counters for journal and snapshot mirroring").
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
The "append to the passed list" behavior is confusing and not what the
corresponding C API (rbd_watchers_list) or other similar C++ APIs (e.g.
list_lockers) do.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
* refs/pull/48720/head:
qa: fix api failure issue caused during a dashboard test
PendingReleaseNotes: noted new MDSMap field refuse_client_session
qa: added two testcases
client: do not initiate session if flag refuse_client_session is set
mds: do not reconnect when refuse_client_session is set
mds: add new feature to block clients from establishing sessions
Reviewed-by: Rishabh Dave <ridave@redhat.com>
Reviewed-by: Kotresh Hiremath Ravishankar <khiremat@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Reviewed-by: Ramana Raja <rraja@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
The MgrMap stores a list of RADOS clients' addresses registered by the
mgr modules. During failover of ceph-mgr, the list is used to blocklist
clients belonging to the failed ceph-mgr.
Store the names of the mgr modules that registered the RADOS clients
along with the clients' addresses in the MgrMap. During debugging, this
allows easy identification of the mgr module that registered a
particular RADOS client by just dumping the MgrMap (`ceph mgr dump`).
Following is the MgrMap output with a module's client name displayed
along with its client addrvec,
$ ceph mgr dump | jq '.active_clients[0]'
{
"name": "devicehealth",
"addrvec": [
{
"type": "v2",
"addr": "10.0.0.148:0",
"nonce": 612376578
}
]
}
Fixes: https://tracker.ceph.com/issues/58691
Signed-off-by: Ramana Raja <rraja@redhat.com>
Currently last_failure_osd_epoch and active_clients are dumped in the
always_on_modules dictionary in "ceph mgr dump" output. This goes back
to when these fields were added in commits f2986a4400 ("mon/MgrMonitor:
blacklist previous instance") and df507cde8d ("mgr: forward RADOS
client instances for potential blacklist") but is wrong as these fields
have nothing to do with always-on modules.
Fixes: https://tracker.ceph.com/issues/58647
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Add the ability to dump labeled perf counters
for a daemon. Labeled perf counters are stored
in a CephContext's PerfCountersCollection.
Labeled and unlabeled perf counters are dumped
to the admin socket via `counters dump` command.
The schema for labeled and unlabeled perf
counters are dumped to the admin socket via
`counters schema` command.
This commit includes docs and additional unit tests
Signed-off-by: Ali Maredia <amaredia@redhat.com>
mds_max_retries_on_remount_failure option is used by Client.cc only.
Fixes: https://tracker.ceph.com/issues/56532
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reject policies with invalid principals by default and provide more
useful error messages while doing so.
(Log them but do *not* reject the policy if it's set to false.)
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
One of the stated goals is compatibility with standard LUKS tools,
in particular being able to load encryption on images formatted with
cryptsetup. cryptsetup doesn't do this and this really interferes
with randomly generated (binary) passphrases.
While at it, open passphrase files as binary -- it communicates the
intent if nothing else on POSIX.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
pybind/mgr/cephadm/upgrade: allow upgrades without reducing max_mds
Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: Anthony D'Atri <anthonyeleven@users.noreply.github.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
This was introduce by commit e2a67f2a65,
for the third part applications they may still use the old macro.
Add it back and marked it as deprecated.
Fixes: https://tracker.ceph.com/issues/56638
Signed-off-by: Xiubo Li <xiubli@redhat.com>