RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-03 17:42:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
126,294 Commits 212 Branches 394 Tags 1.6 GiB
73032e05e5
Commit Graph

126294 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pritha Srivastava
73032e05e5 rgw/sts: documentation related to tag, list tags 
and untag REST APIs for a role.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:54 +05:30
Pritha Srivastava
4ad626f3af rgw/sts: adding documentation for session tags, 
all kinds of tag keys and related examples.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:54 +05:30
Pritha Srivastava
192d208147 rgw/sts: documentation related to supporting all claims 
in the JWT in the condition of the trust policy.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:54 +05:30
Pritha Srivastava
b682db4f6c rgw/sts: code changes to store multi-valued tags 
for objects and buckets (to be used as s3:ResourceTags
in Identity and Resource policies).

Test code changes as suggested by Yuval Lifshitz.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:54 +05:30
Pritha Srivastava
58f1bb65be rgw/sts: code to add role tags as aws:PrincipalTags and 
iam:ResourceTags.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:54 +05:30
Pritha Srivastava
bd066abd41 rgw/sts: added code to tag, untag and list role tags. 
The role tags can be used as iam:ResourceTags in AssumeRoleWithWebIdentity
or as aws:PrincipalTags in a session using temporary credentials.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:54 +05:30
Pritha Srivastava
fd0da48c3f rgw/sts: code to add s3:ResourceTag to IAM environment 
for objects and buckets, that will be used in evaluation of
Condition element in the IAM policies.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 17:09:42 +05:30
Pritha Srivastava
5d85c65ff1 rgw/sts: code for runtime evaluation of Condition 
element of an IAM policy.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 15:56:17 +05:30
Pritha Srivastava
ba19b3a03b rgw/sts: code for aws:TagKeys to be used as Condition 
element of a role's trust and permission policy.

This also includes implementation of ForAnyValue and
ForAllValues to be used in conjunction with
StringLike, StringEquals and StringEqualsIgnoreCase
which are used alongwith aws:TagKeys.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 15:56:17 +05:30
Pritha Srivastava
6b2d3da84c rgw/sts: code to use session tags in AssumeRoleWithWebIdentity call, 
as aws:PrincipalTags in an IAM policy's Condition element.

The incoming session tags in AssumeRoleWithWebIdentity call
are passed along with the session credentials (temporary creds)
as aws:PrincipalTags, and those can be used as Condition element
of an IAM Policy.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 15:56:17 +05:30
Pritha Srivastava
f05184bd73 rgw/sts: adding code for aws:RequestTags as part 
of session tags implementation.

Session Tags can be passed in the web token in
AssumeRoleWithWebIdentity call by configuring
them in the IDP. These tags can be used as Conditions
in the trust policy of a role as aws:RequestTag, based
on which a federated user is allowed to assume a role.
The trust policy should have a statement for 'sts:TagSession'
alongwith 'sts:AssumeRoleWithWebIdentity' in case principal
tags are passed in the web token.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 15:56:17 +05:30
Pritha Srivastava
78f13d6de1 rgw/sts: adding code to enable usage of all 
token claims as 'Condition' of a role's
trust policy.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
 2021-09-01 15:56:17 +05:30
Ernesto Puerta
d2ae7153ea
Merge pull request #42995 from rhcs-dashboard/fix-kcli-dashboard-e2e-doc 
doc/dashboard: Fix kcli pool and network requirements documentation

Reviewed-by: Waad Alkhoury <walkhour@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Nizamudeen A <nia@redhat.com>
Reviewed-by: Pere Diaz Bou <pdiazbou@redhat.com>
 2021-09-01 11:26:46 +02:00
Samuel Just
db226b99e7
Merge pull request #43004 from gregsfortytwo/wip-nodaemon 
vstart: make "--crimson" imply "--nodaemon"

Reviewed-by: Samuel Just <sjust@redhat.com>
Reviewed-by: Chunmei Liu <chunmei.liu@intel.com>
Reviewed-by: Kefu Chai <tchaikov@gmail.com>
 2021-08-31 20:59:53 -07:00
Samuel Just
f8652171f0
Merge pull request #43003 from gregsfortytwo/wip-error-code-value 
crimson: osd: do not capture std::error_code by reference

Reviewed-by: Xuehan Xu <xuxuehan@360.cn>
Reviewed-by: Chunmei Liu <chunmei.liu@intel.com>
Reviewed-by: Samuel Just <sjust@redhat.com>
 2021-08-31 19:12:26 -07:00
Greg Farnum
98634e545b vstart: make "--crimson" imply "--nodaemon" 
If you want to run multiple crimson-osd instances, you need nodaemon. Default
to nodaemon when using crimson.

Add a new "--crimson-foreground" which preserves the old behavior, in case
it's needed.

Signed-off-by: Greg Farnum <gfarnum@redhat.com>
 2021-09-01 01:31:06 +00:00
Greg Farnum
52f2f9e55d crimson: osd: do not capture std::error_code by reference 
I can't find any reason to assume it has a longer lifetime than
the future we're creating has.

Signed-off-by: Greg Farnum <gfarnum@redhat.com>
 2021-09-01 00:10:17 +00:00
Yuri Weinstein
6891022ecb
Merge pull request #42831 from ifed01/wip-ifed-fix-52311 
os/bluestore: fix using incomplete bluefs log when dumping it.

Reviewed-by: Adam Kupczyk <akupczyk@redhat.com>
 2021-08-31 16:46:30 -07:00
Neha Ojha
de8a68b768
Merge pull request #41912 from trociny/wip-crushdiff 
tools/crushdiff: new tool to test crushmap change

Reviewed-by: Neha Ojha <nojha@redhat.com>
 2021-08-31 14:18:37 -07:00
Samuel Just
e675ea216a
Merge pull request #42985 from cyx1231st/wip-seastore-lba-metrics 
crimson/os/seastore: misc improvements to metrics

Reviewed-by: Samuel Just <sjust@redhat.com>
 2021-08-31 07:56:27 -07:00
Pere Diaz Bou
05b92513c8 doc/dashboard: Fix kcli pool and network requirements documentation 
Signed-off-by: Pere Diaz Bou <pdiazbou@redhat.com>
 2021-08-31 16:25:56 +02:00
Daniel Gryniewicz
95affd7a4b
Merge pull request #42874 from cbodley/wip-51491 
rgw: use existing s->bucket in s3 website retarget()

Reviewed-by: Daniel Gryniewicz <dang@redhat.com>
 2021-08-31 09:29:56 -04:00
Yingxin Cheng
49449adcc1 crimson/os/seastore: drop Transaction::src_t::INIT category from metrics 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-31 13:28:58 +08:00
Yingxin Cheng
b838be471d crimson/os/seastore/lba_manager: measure insert/erase operations 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-31 12:54:08 +08:00
Yingxin Cheng
e57c1eeb4b crimson/os/seastore/lba_manager: fix logs 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-31 12:39:45 +08:00
Josh Durgin
980cf670ed
Merge pull request #42973 from liewegas/doc-foundation-osnexus 
doc/foundation: add osnexus

Reviewed-by: Josh Durgin <jdurgin@redhat.com>
 2021-08-30 14:51:09 -07:00
Samuel Just
a79a995f6b
Merge pull request #42966 from cyx1231st/wip-seastore-lba-cleanup 
crimson/os/seastore/lba_manager: misc cleanup

Reviewed-by: Samuel Just <sjust@redhat.com>
 2021-08-30 13:44:35 -07:00
Sebastian Wagner
a2827edf48
Merge pull request #42970 from sebastian-philipp/monitoring-custom-webhook 
doc/cephadm: monitoring: Add "Adding Alertmanager webhooks" 

Reviewed-by: Patrick Seidensal <pseidensal@suse.com>
 2021-08-30 16:34:45 +02:00
Sage Weil
70c42bc503 doc/foundation: add osnexus 
Signed-off-by: Sage Weil <sage@newdream.net>
 2021-08-30 08:11:37 -05:00
Sebastian Wagner
dc1180c485
doc/cephadm: monitoring: Further Reading 
Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
 2021-08-30 13:14:44 +02:00
Sebastian Wagner
5624a62024
.github/labeler: Add monitoring 
Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
 2021-08-30 13:14:44 +02:00
Sebastian Wagner
90f4cc017a
doc/cephadm: monitoring: Add "Adding Alertmanager webhooks" 
Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
 2021-08-30 13:14:44 +02:00
Sebastian Wagner
d176130866
doc/cephadm: monitoring: Add "Setting up Grafana" 
Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
 2021-08-30 12:26:23 +02:00
Sebastian Wagner
5aa5fea8ee
doc/cephadm: monitoring: move "deploying w/o" up 
Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
 2021-08-30 12:23:13 +02:00
Sebastian Wagner
efd79a4adc
doc/cephadm: monitoring: default placements 
Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
 2021-08-30 12:20:53 +02:00
Ronen Friedman
f938712b7c
Merge pull request #42848 from ronen-fr/wip-ronenf-argv2vec-users 
common: modify 'main()s' to use new argv_to_vec() signature 

Reviewed-by: Kefu Chai <kchai@redhat.com>
Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>
 2021-08-30 12:44:40 +03:00
Ilya Dryomov
42a250fe2d
Merge pull request #42959 from idryomov/wip-krbd-escape-match-sysattr 
krbd: escape udev_enumerate_add_match_sysattr values

Reviewed-by: Mykola Golub <mgolub@suse.com>
 2021-08-30 11:25:31 +02:00
Deepika Upadhyay
879f2056cb
Merge pull request #42913 from yaarith/update-sudoers-smartctl 
rpm, debian: move smartmontools and nvme-cli to ceph-base

Reviewed-by: Ken Dreyer <kdreyer@redhat.com>
Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>
 2021-08-30 14:26:03 +05:30
Deepika Upadhyay
69a5ae539f
Merge pull request #42770 from ktdreyer/no-lsb-release 
Remove dependency on lsb_release

Reviewed-by: Deepika Upadhyay <dupadhya@redhat.com>
 2021-08-30 14:13:02 +05:30
Yingxin Cheng
7170afd085 crimson/os/seastore/lba_manager: drop the unecessary lookup in leaf 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
1f09a184b4 crimson/os/seastore/lba_manager: drop the impossible case that the insert key exists after handle_split 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
390d44e517 crimson/os/seastore/lba_manager: end iterator should be pointing to the leaf-node size already 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
aea50387f2 crimson/os/seastore/lba_manager: misc improvements on debugging 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
d12e197957 crimson/os/seastore/lba_manager: check depth when load lba node 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
f19a3a8b1f crimson/os/seastore/lba_manager: mark iterator(depth_t) private 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
2d0c00f8c1 crimson/os/seastore/lba_manager: cleanup LBABtree::iterate_repeat() 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Yingxin Cheng
6b8d9e0801 crimson/os/seastore/lba_manager: drop unused code 
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
 2021-08-30 16:06:25 +08:00
Kefu Chai
0917e204e9
Merge pull request #42961 from tchaikov/wip-docker-test 
test/docker-test.sh: add support for fedora 34 and debian stretch

Reviewed-by: Brad Hubbard <bhubbard@redhat.com>
 2021-08-30 07:42:53 +08:00
Kefu Chai
005cd1063d test/docker-test.sh: add support for fedora 34 and debian strech 
and drop fedora-31, fedora32, debian-jessie and ubuntu-16.04 since
they are not maintained anymore. see

- https://fedoraproject.org/wiki/End_of_life
- https://wiki.debian.org/LTS
- https://wiki.ubuntu.com/Releases

Signed-off-by: Kefu Chai <tchaikov@gmail.com>
 2021-08-29 21:52:01 +08:00
Ilya Dryomov
8841029b0a krbd: escape udev_enumerate_add_match_sysattr values 
libudev uses fnmatch(3) for matching attributes, meaning that shell
glob pattern matching is employed instead of literal string matching.
Escape glob metacharacters to suppress pattern matching.

Fixes: https://tracker.ceph.com/issues/52425
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
 2021-08-28 11:05:28 +02:00