* refs/pull/40870/head:
auth/cephx: make KeyServer::build_session_auth_info() less confusing
auth/cephx: cap ticket validity by expiration of "next" key
auth/cephx: drop redundant KeyServerData::get_service_secret() overload
Reviewed-by: Sage Weil <sage@redhat.com>
* refs/pull/40711/head:
mgr/cephadm: fix nfs-rgw stray daemon
Reviewed-by: Guillaume Abrioux <gabrioux@redhat.com>
Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: Juan Miguel Olmo <jolmomar@redhat.com>
Reviewed-by: Michael Fritch <mfritch@suse.com>
in 5505fc0051, during rebasing against
master it was set to 12_hr by accident.
this setting was changed to 72_hr in
522a52e6c2
Signed-off-by: Kefu Chai <kchai@redhat.com>
mgr/cephadm: report exception during upgrade in upgrade status
Reviewed-by: Michael Fritch <mfritch@suse.com>
Reviewed-by: Juan Miguel Olmo <jolmomar@redhat.com>
* refs/pull/40828/head:
mds: set fscrypt flag on create if xattr buffer has an encryption context
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
* refs/pull/40539/head:
cephfs-top: set the cursor to be invisible
cephfs-top: self-adapt the display according the window size
cephfs-top: use the default window object from curses.wrapper()
cephfs-top: improve the output
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
* refs/pull/40412/head:
vstart_runner: reuse code in LocalRemoteProcess
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
* refs/pull/39660/head:
qa: Update the mdsmap schema in mgr/dashboard/test_health.py
doc: add lsflags command to Administrative Commands document
qa: test fs lsflags command
mon: add command to print fs flags
mds: print each flag value
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
nfs-rgw registers under a gid cephadm needs covert that to its known name during the stray daemon check
Signed-off-by: Daniel Pivonka <dpivonka@redhat.com>
otherwise the "home-icon" and the right most "Edit on GitHub" are displayed
right next to the left and right borders of the top-bar.
Signed-off-by: Kefu Chai <kchai@redhat.com>
The test is often run on heavily loaded machines which will effect the
precision of the test.
Fixes: https://tracker.ceph.com/issues/50378
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication. The monitor passes in
service_secret (mon secret) and secret_id (-1). The TTL is irrelevant
because there is no rotation.
However the signature doesn't make it obvious. Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
to silence the health warning of "mons are allowing insecure global_id
reclaim", which prevents the cluster from being active+clean. couple
tests are expecting a warning free cluster before they starts.
as this option is enabled by default for appeasing the old clients, but when it
comes to most of upstream testing, we can just disable it.
Fixes: https://tracker.ceph.com/issues/50374
Signed-off-by: Kefu Chai <kchai@redhat.com>
If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c2 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity. The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL. As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once. When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.
Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This will allow change the window size when the cephfs-top tool is
running and will adapt the display according to the real time window
size.
Fixes: https://tracker.ceph.com/issues/50091
Signed-off-by: Xiubo Li <xiubli@redhat.com>
When adding more metrics the top line will be too long and maybe
wrapped with serval lines, which will make it hard to read.
Signed-off-by: Xiubo Li <xiubli@redhat.com>
as the left-hand operator is promoted to off_t which is a signed
integer, while rgw_max_chunk_size will be an unsigned after the
yaml-to-cxx migration. so let's cast it to `off_t` before comparing
them.
the same applies to rgw_copy_obj_progress_every_bytes.
Signed-off-by: Kefu Chai <kchai@redhat.com>
to avoid warnings like:
../src/osd/PrimaryLogPG.cc:2123:27: warning: comparison of integer expressions of different signedness: ‘off_t’ {aka ‘long int’} and ‘uint64_t’ {aka ‘long unsigned int’} [-Wsign-compare]
2123 | m->get_data_len() > cct->_conf->osd_max_write_size << 20) {
| ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
after change the size options' type to unsigned or uint64_t.
Signed-off-by: Kefu Chai <kchai@redhat.com>
* add a setting named "with_legacy" to .yaml.in files, so
each option with a true "with_legacy" will have an entry
in legacy_config_opts.h.
* preserve the comments from legacy_config_opts.h to .yaml.in,
some of them are solely for developers, but some of them are
good reading for users as well. we can use them for "desc"
field in a follow-up change.
* move common/legacy_config_opts.h to common/options/legacy_config_opts.h
as legacy_config_opts.h is "closer" to the options directory
than other sources files under src/common.
* update y2c.py to generate separate .h files which are in turn
included by legacy_config_opts.h
* add a target named "legacy-option-headers", and let
some targets depend on it so that these headers generated by
y2c.py can be generated before the .cc files including them
are compiled.
Signed-off-by: Kefu Chai <kchai@redhat.com>
as its parameters' types might not be identical. to be specific,
the 2nd parameter's type will be an unsigned one after the c++ => yaml
migration.
Signed-off-by: Kefu Chai <kchai@redhat.com>
in d2737fd41a, we started to use multiset
for tracking the references of hobject for snapshot support. as the same
hobject maps to multiple snapshots. and we don't want to consider
different snapshots as the same entry tracked by cls_cas.
but cls_cas.dup_get() still tries to verify that the `get` operation
is able to dedup the same referenced "source". but this does not apply
to "by_object" trunk ref type anymore.
since we cannot check/choose the chunk ref type used by OSD from the
client of the cls_cas, in this change, cls_cas.dup_get() is updated
to adapt the change solely for "by_object". otherwise we could skip
this test for "by_object" type and/or define another test for other
chunk ref types.
Fixes: https://tracker.ceph.com/issues/50339
Signed-off-by: Kefu Chai <kchai@redhat.com>
