Add a command that explains how to map a formatted clone when the parent
image and the formatted clone have different encryption types.
Signed-off-by: Zac Dover <zac.dover@proton.me>
Add information on the arguments required when mapping the
formatted clone of an encrypted parent image.
Co-authored-by: Zac Dover <zac.dover@proton.me>
Signed-off-by: N Balachandran <nibalach@redhat.com>
Fix the numbering in an ordered list. The numbering was thrown off
because a ".. prompt" directive was improperly indented (it wasn't
indented at all).
See https://github.com/ceph/ceph/pull/55540#discussion_r1500051264
Signed-off-by: Zac Dover <zac.dover@proton.me>
doc: drop mention of rbd_mirror_journal_max_fetch_bytes option
Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>
Reviewed-by: Mykola Golub <mgolub@suse.com>
A lot of people aren't aware of automatic lock transitions and
wrongfully assume that exclusive lock means that the image remains
locked for as long as the client is running. Redo the explanation
and add a warning.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
The Windows SAN policy determines which disks will be mounted
automatically. We're going to document this as well as some
Windows limitations.
Signed-off-by: Lucian Petrut <lpetrut@cloudbasesolutions.com>
Refine and add unselectable prompts to "Removing a Block Device Image"
in doc/rbd/rados-rbd-cmds.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
Refine and add unselectable prompts to "Restoring a Block Device Image"
in doc/rbd/rados-rbd-cmds.rst.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
Refine and add unselectable prompts to "Resizing a Block Device Image"
in doc/rbd/rados/rbd-cmds.rst.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
Refine the text and prompts in "Retrieving Image Information" in
doc/rbd/rados-rbd-cmds.rst.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
Refine the text and prompts in "Listing Block Device Images" in
doc/rbd/rados-rbd-cmds.rst.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
Refine the English and prompts in "Creating a Block Device Image" in
doc/rbd/rados-rbd-cmds.rst.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
Refine the "Create a Block Device Pool" section of
doc/rbd/rados-rbd-cmds.rst.
https://tracker.ceph.com/issues/57001
Signed-off-by: Zac Dover <zac.dover@gmail.com>
If no --encryption-format specified at all, default to "luks" for each
specified --encryption-passphrase-file.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
One of the stated goals is compatibility with standard LUKS tools,
in particular being able to load encryption on images formatted with
cryptsetup. cryptsetup doesn't do this and this really interferes
with randomly generated (binary) passphrases.
While at it, open passphrase files as binary -- it communicates the
intent if nothing else on POSIX.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit adds the encryption format support for cloned images via the RBD cli,
making the child image be encrypted with a key different from it parent,
while keeping the child thinly-provisioned.
Additionally, other APIs are extended to support flattening of such images.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
This commits extends rbd API's to allow the user to load encryption
using either LUKS1 or LUKS2 formats, without explicitly specifying which.
Prior, the user had to specify explicitly LUKS1 or LUKS2.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
CreatePrimaryRequest::unlink_peer() invoked via "rbd mirror image
snapshot" command or via rbd_support mgr module when creating a new
scheduled mirror snapshot at rbd_mirroring_max_mirroring_snapshots
capacity on the primary cluster can race with Replayer::unlink_peer()
invoked by rbd-mirror when finishing syncing an older snapshot on the
secondary cluster. Consider the following:
[ primary: primary-snap1, primary-snap2, primary-snap3
secondary: non-primary-snap1 (complete), non-primary-snap2 (syncing) ]
0. rbd-mirror is syncing snap1..snap2 delta
1. rbd_support creates primary-snap4
2. due to rbd_mirroring_max_mirroring_snapshots == 3, rbd_support picks
primary-snap3 for unlinking
3. rbd-mirror finishes syncing snap1..snap2 delta and marks
non-primary-snap2 complete
[ snap1 (the old base) is no longer needed on either cluster ]
4. rbd-mirror unlinks and removes primary-snap1
5. rbd-mirror removes non-primary-snap1
6. rbd-mirror picks snap2 as the new base
7. rbd-mirror creates non-primary-snap3 and starts syncing snap2..snap3
delta
[ primary: primary-snap2, primary-snap3, primary-snap4
secondary: non-primary-snap2 (complete), non-primary-snap3 (syncing) ]
8. rbd_support unlinks and removes primary-snap3 which is in-use by
rbd-mirror
If snap trimming on the primary cluster kicks in soon enough, the
secondary image becomes corrupted: rbd-mirror would eventually finish
"syncing" non-primary-snap3 and mark it complete in spite of bogus data
in the HEAD -- the primary cluster OSDs would start returning ENOENT
for snap trimmed objects. Luckily, rbd-mirror's attempt to pick snap3
as the new base would wedge the replayer with "split-brain detected:
failed to find matching non-primary snapshot in remote image" error.
Before commit a888bff8d0 ("librbd/mirror: tweak which snapshot is
unlinked when at capacity") this could happen pretty much all the time
as it was the second oldest snapshot that was unlinked. This commit
changed it to be the third oldest snapshot, turning this into a more
narrow but still very much possible to hit race.
Unfortunately this race condition appears to be inherent to the way
snapshot-based mirroring is currently implemented:
a. when mirror snapshots are created on the producer side of the
snapshot queue, they are already linked
b. mirror snapshots can be concurrently unlinked/removed on both
sides of the snapshot queue by non-cooperating clients (local
rbd_mirror_image_create_snapshot() vs remote rbd-mirror)
c. with mirror peer links off the list due to (a), there is no
existing way for rbd-mirror to persistently mark a snapshot as
in-use
As a workaround, bump rbd_mirroring_max_mirroring_snapshots to 5 and
always unlink the newest snapshot (i.e. slot 4) instead of the third
oldest snapshot (i.e. slot 2). Hopefully this gives enough leeway,
as rbd-mirror would need to sync two snapshots (i.e. transition from
syncing 0-1 to 1-2 and then to 2-3) before potentially colliding with
rbd_mirror_image_create_snapshot() on slot 4.
Fixes: https://tracker.ceph.com/issues/55803
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>