The class needs to understand the semantics of possible actions in enough
detail to apply the capabilities it describes, so it makes sense to pass
all of that information into a check method here. That is preferable to
exposing the internal structure of the capability itself to an external
function to apply the same logic.
Specifically, this fixes the problem where we return the first matching
OSDCapSpec, not a union of all matching specs, and thus fixes a problem
where applying a cap like 'allow r, allow pool foo rwx' to a write
operation in pool foo.
Signed-off-by: Sage Weil <sage@inktank.com>
The intent was to do a cap like 'allow pools-that-i-own ...', but in
practice you just do 'allow pool <myuid> ...'.. the actual auid you
authenticate as is redundant, since the cap itself is authenticated.
Signed-off-by: Sage Weil <sage@inktank.com>
The old OSDCaps had a few undesireable features:
- deny
- weird 'default permissions' semantics when auid matches and no other
cap is specified
- difficult to understand, maintain parser
This version is renamed and has a few nice features:
- spirit grammar for parsing
- simple internal grant structure with simple semantics
- support for object prefix maches
- partial support for per-class (not yet implmeented by the OSD)
Signed-off-by: Sage Weil <sage@inktank.com>
See bug #2462.
The following sequence could cause a log assuming a non-empty pg
to an empty replica:
1. primary sends query to stray
2. stray sends notify to primary
3. primary sends purge to stray removing stray from peer_info
4. stray recieves query and sends a notify
5. stray recieves purge and purges its pg
6. primary recieves notify from stray and adds it to peer_info
note: peer_info[stray] is now wrong
7. acting set changes, primary is still primary, stray is replica
8. primary sends log to replica based on incorrect info from 6.
This patch adds a purged_peer set which is populated during purge_strays
and cleared during start_peering_interval. The primary will ignore
notifies from the peer once the peer is in this set.
Signed-off-by: Samuel Just <sam.just@inktank.com>
Check the authenticated peer name directly; don't store a copy in the
OSDCaps struct. Also set the entity_name member of the session!
Signed-off-by: Sage Weil <sage@inktank.com>
We depend on leveldb, which only builds on
amd64 armel armhf i386 ia64 mipsel
Reported-by: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Signed-off-by: Sage Weil <sage@inktank.com>
This introduces two new config variables, osd_crush_location
and osd_crush_weight. Not currently included in config_opts.h,
as these are not used in the C++ code.
Signed-off-by: Tommi Virtanen <tv@inktank.com>
If we encounter a 'key=' with no value, clear any previous value for that
key, so that
'a=foo b=bar a='
is equivalent to
'b=bar'
Fixes: #2540
Signed-off-by: Sage Weil <sage@inktank.com>
* "user gen" is gone and is now "user create"
* --uid option is mandatory for "user create"
Mailing list thread: http://www.spinics.net/lists/ceph-devel/msg06744.html
Signed-off-by: Florian Haas <florian@hastexo.com>
- radosgw-admin usage show
- radosgw-admin usage trim
Both commands can get --start-date, --end-date, --uid
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
New config options for usage logging:
- rgw_enable_usage_log: enable usage logging
- rgw_usage_log_flush_threshold - limit on number of pending updates
before synchronously flushing update
- rgw_usage_log_tick_interval - asynchronous flush interval
- rgw_usage_max_shards - split info across that many objects
- rgw_usage_max_user_shards - split single user info across that many
objects
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
The new methods are:
- user_usage_log_add: add new usage information
- user_usage_log_read: get usage information
- user_usage_log_trim: remove usage information
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
This is useful for reporting which features an osd supports, and for
testing rados_exec. Update the rados api tests to use this method
instead of test_exec, which was removed.
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
PGMap->num_pg_by_state is a PG state to number of PG in the state
mapping. PGMonitor::update_logger wrongly interprets the mapping.
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
Signed-off-by: Sage Weil <sage@inktank.com>
