Assume these options can only drop privileges; normal users can't setuid
root (and even if they could we wouldn't want to).
This makes ceph-disk behave when it sees the ceph user as 'root' and
invokes things with --setuser root but runs as a non-root user.
Signed-off-by: Sage Weil <sage@redhat.com>
Allow all daemons drop privilege themselves, instead of letting
systemd do it.
Among other things, this means that admins can conditionally not
drop prives by setting
setuser match path = /var/lib/ceph/$type/$cluster-$id
in their ceph.conf to ease the pain of upgrade.
Signed-off-by: Sage Weil <sage@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>
Allow the --setuser and --setgroup to be conditional on the
specified user/group matching the ownership of a given path.
This allows the ceph daemons to switch to user ceph for newly
deployed instances or stay as root depending on the ownership of
the data directory.
Signed-off-by: Sage Weil <sage@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>
The package ceph-common uses ceph user and group but they are both created in
ceph package %pre phase. We need to move the script to ceph-common %pre phase.
Signed-off-by: Boris Ranto <branto@redhat.com>
We need to set the variables in the %pre phase, otherwise they are not properly
evaluated. Also use /sbin/nolongin instead of /bin/false and set the default
uid/gid pair for fedora and rhel (these were already allocated). We can also
use them for older fedora releases as they are guaranteed to be free.
Signed-off-by: Boris Ranto <branto@redhat.com>
limits.d expect the file to end with *.conf. Add the
installed file to package list of the ceph package.
Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Specify the nofile ulimit in one standard place, where everyone expects it
to be. Drop it from the ceph-osd unit file.
Leave upstart and sysvinit untouched for the time being to avoid compat
issues.
Signed-off-by: Sage Weil <sage@redhat.com>
These are done after reading config files/environment and before log files
are opened. Allow a name or id to be specified. In the case of --setuser,
also switch to that user's gid, unless --setgroup is also specified.
Signed-off-by: Sage Weil <sage@redhat.com>
The number of log files is generally bounded; safe to chown these.
Allow ceph group members to write to this dir.
Signed-off-by: Sage Weil <sage@redhat.com>
Fixes: #12208
The watch error path might try to schedule a finisher work, delete finisher
only after watch destruction.
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
introduce class PageSet as an alternative to bufferlist for storing
object data
PageSet uses an avl set to manage its buffers, enabling lookups in
logarithmic time. this approach also allows for sparse objects
the main PageSet operations are get_range(), alloc_range(), and
free_pages_after(). get_range() returns a vector containing all allocated
pages that intersect the given range. alloc_range() does the same, but
allocates pages for any holes in the range. free_pages_after() is for
the truncate operation, and frees all allocated pages after the page
containing the given offset
PageSet uses a spinlock to provide mutual exclusion on the avl set
itself, but not for i/o operations on its pages; that's why the
interface returns pages in a vector, rather than as iterators into its
internal avl set. the pages themselves are reference counted to avoid
races between get/alloc_range() and free_pages_after()
Signed-off-by: Casey Bodley <cbodley@redhat.com>
only hold the collection lock while accessing the hash/object maps,
don't use it to serialize entire operations
Signed-off-by: Casey Bodley <cbodley@redhat.com>
usage: ceph_objectstore_bench [flags]
--size
total size in bytes
--block-size
block size in bytes for each write
--repeats
number of times to repeat the write cycle
--threads
number of threads to carry out this workload
--multi-object
have each thread write to a separate object
Signed-off-by: Casey Bodley <cbodley@redhat.com>
Fixes: #11455
When dealing with old manifest that has explicit objs, we also
need to set the head size and head object correctly so that
code that relies on this info doesn't break.
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
buffer: put inlined memcpy into a header; x86_64 only
Reviewed-by: Piotr Dałek <piotr.dalek@ts.fujitsu.com>
Reviewed-by: Steve Capper <steve.capper@linaro.org>
Reviewed-by: Yehuda Sadeh <yehuda@redhat.com>
