| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
since legacy-option-headers is now an interface library, we are now
able to link against it instead of depending on it. this allows us
to populate the dependency from the target linked against
legacy-option-headers to the option headers files better.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
|
| |\
| |
| |
| |
| |
| |
| |
| | |
ceph/wip-nitzan-ceph-dencoder-extend-common-types-available
ceph-dencoder: COMMON - Add missing types
Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
encode-decode comparison
Currently, ceph-dencoder lacks certain common types, preventing us from accurately checking the ceph corpus for encode-decode mismatches.
This pull request aims to address this issue by adding the missing types to ceph-dencoder.
To successfully incorporate these types into ceph-dencoder, we need to introduce the necessary dump and generate_test_instances functions that was missing in some types.
These functions are essential for proper encode and decode of the added types.
This PR will enhance the functionality of ceph-dencoder by including the missing types, enabling a comprehensive analysis of encode-decode consistency.
With the addition of these types, we can ensure the robustness and correctness of the ceph corpus.
This update will significantly contribute to improving the overall reliability and accuracy of ceph-dencoder.
It allows for a more comprehensive assessment of the encode-decode behavior,
leading to enhanced data integrity and stability within the ceph ecosystem.
Fixes: https://tracker.ceph.com/issues/61788
Signed-off-by: Nitzan Mordechai <nmordech@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
rectify src/auth/cephx/CephxProtocol.cc 1 warning
with the variable 'ch' Used before initialized
auth/cephx/CephxProtocol.cc:595:57: warning: '*((void*)& ch +8)' may be used uninitialized in this function [-Wmaybe-uninitialized]
msg.server_challenge_plus_one = ch.server_challenge + 1;
~~~~~~~~~~~~~~~~~~~~^~~
Signed-off-by: cuiming <cuiming_yewu@cmss.chinamobile.com>
|
| |
|
|
|
|
| |
Eliminating compiler warnings.
Signed-off-by: Ronen Friedman <rfriedma@redhat.com>
|
| |
|
|
| |
Signed-off-by: Rishabh Dave <ridave@redhat.com>
|
| |
|
|
| |
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sage Weil <sage@newdream.net>
|
| |
|
|
|
|
| |
Add commands to create, clear, or commit pending_key.
Signed-off-by: Sage Weil <sage@newdream.net>
|
| |
|
|
| |
Signed-off-by: Sage Weil <sage@newdream.net>
|
| |
|
|
| |
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sage Weil <sage@newdream.net>
|
| |
|
|
| |
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OpenSSL developers suggest that anyone wishing to continue using
low-level functions may either live with the warnings, silence them,
or switch to high level functions.
As high level functions do their own memory allocation, switching to
them may lead to performance regressions.
We do not wish to have deprecation warnings filling up our compiler
outputs when searching for other messages.
So silencing the warnings, at least for now, seems the least bad option.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
|
| |
|
|
|
|
|
| |
In 2d530938753313a776258ff9fa8208db637c9d96 its last user has
been removed.
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
|
| |\
| |
| |
| |
| | |
mon,auth: fix proposal (and mon db rebuild) of rotating secrets
Reviewed-by: Neha Ojha <nojha@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of updating the live CephxKeyServer's rotating_keys and also
including them in a paxos proposal, propose new keys only in the proposal,
and only make them live once they are committed. This keeps mons fully in
sync and avoids any inconsistency between the live behavior and committed
state (e.g., stale or divergent keys being applied and passed out to
daemons).
Signed-off-by: Sage Weil <sage@newdream.net>
|
| | |
| |
| |
| |
| |
| | |
Hunting https://tracker.ceph.com/issues/51815
Signed-off-by: Sage Weil <sage@newdream.net>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This error is logged even if --key or --keyring are specified and
confuses users because the command actually does its job and exits
with success. This primarily affects "rbd mirror pool peer bootstrap
import" command and rbd-mirror and cephfs-mirror daemons which connect
to the remote cluster with just mon_host and key:
$ rbd mirror pool peer bootstrap import mypool tokenfile
... -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
Local cluster commands are affected too:
$ rados --no-config-file --mon-host $MON_HOST --key $KEY lspools
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
device_health_metrics
rbd
This was introduced in commit 98a2e5c59daa ("rados: translate errno to
str in CLI").
Fixes: https://tracker.ceph.com/issues/51628
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* add "std::" prefix in headers
* add "using" declarations in .cc files.
so we don't rely on "using namespace std" in one or more included
headers.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |
|
|
|
|
| |
as the former is just an alias of the latter.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
i checked all the code paths calling into KeyRing::decode(), none of
them relies on the behavior that the bl is not mutated after the
iterator is decoded.
actually, it is more intuitive to always move the iterator forward when
decoding the encoded keyring in the bufferlist.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for three reasons:
* we don't encode binary KeyRing since v0.48: the binary encoder for
KeyRing was dropped in eaea7aa9b28849be612b22ce84971db671319806,
which was included since v0.48 (argonaut). and we don't encode
KeyRing in binary manually elsewhere since then.
* we should not use exception in the normal code path. in C++,
exception is not designed to be efficient or semantically a
language facility to be part of the normal code path. so, from
the readability perspective, we should not use exception here.
as all encoded KeyRings are in plaintext.
* simpler this way.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/pull/40870/head:
auth/cephx: make KeyServer::build_session_auth_info() less confusing
auth/cephx: cap ticket validity by expiration of "next" key
auth/cephx: drop redundant KeyServerData::get_service_secret() overload
Reviewed-by: Sage Weil <sage@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication. The monitor passes in
service_secret (mon secret) and secret_id (-1). The TTL is irrelevant
because there is no rotation.
However the signature doesn't make it obvious. Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c258 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity. The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL. As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once. When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.
Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add a setting named "with_legacy" to .yaml.in files, so
each option with a true "with_legacy" will have an entry
in legacy_config_opts.h.
* preserve the comments from legacy_config_opts.h to .yaml.in,
some of them are solely for developers, but some of them are
good reading for users as well. we can use them for "desc"
field in a follow-up change.
* move common/legacy_config_opts.h to common/options/legacy_config_opts.h
as legacy_config_opts.h is "closer" to the options directory
than other sources files under src/common.
* update y2c.py to generate separate .h files which are in turn
included by legacy_config_opts.h
* add a target named "legacy-option-headers", and let
some targets depend on it so that these headers generated by
y2c.py can be generated before the .cc files including them
are compiled.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When handling CEPHX_GET_AUTH_SESSION_KEY requests from nautilus+
clients, ignore CEPH_ENTITY_TYPE_AUTH in CephXAuthenticate::other_keys.
Similarly, when handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests,
ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys.
These fields are intended for requesting service tickets, the auth
ticket (which is really a ticket granting ticket) must not be shared
this way.
Otherwise we end up sharing an auth ticket that a) isn't encrypted
with the old session key even if needed (should_enc_ticket == true)
and b) has the wrong validity, namely auth_service_ticket_ttl instead
of auth_mon_ticket_ttl. In the CEPHX_GET_AUTH_SESSION_KEY case, this
undue ticket immediately supersedes the actual auth ticket already
encoded in the same reply (the reply frame ends up containing two auth
tickets).
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When unauthorized global_id (re)use is disallowed, we don't want to
let unpatched clients in because they wouldn't be able to reestablish
their monitor session later, resulting in subtle hangs and disrupted
user workloads.
Denying the initial connect for all legacy (CephXAuthenticate < v3)
clients is not feasible because a large subset of them never stopped
presenting their ticket on reconnects and are therefore compatible with
enforcing mode: most notably all kernel clients but also pre-luminous
userspace clients. They don't need to be patched and excluding them
would significantly hamper the adoption of enforcing mode.
Instead, force clients that we are not sure about to reconnect shortly
after they go through authentication and obtain global_id. This is
done in Monitor::dispatch_op() to capture both msgr1 and msgr2, most
likely instead of dispatching mon_subscribe.
We need to let mon_getmap through for "ceph ping" and "ceph tell" to
work. This does mean that we share the monmap, which lets the client
return from MonClient::authenticate() considering authentication to be
finished and causing the potential reconnect error to not propagate to
the user -- the client would hang waiting for remaining cluster maps.
For msgr1, this is unavoidable because the monmap is sent immediately
after the final MAuthReply. But for msgr2 this is rare: most of the
time we get to their mon_subscribe and cut the connection before they
process the monmap!
Regardless, the user doesn't get a chance to start a workload since
there is no proper higher-level session at that point.
To help with identifying clients that need patching, add global_id and
global_id_status to "sessions" output.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
global_id is a cluster-wide unique id that must remain stable for the
lifetime of the client instance. The cephx protocol has a facility to
allow clients to preserve their global_id across reconnects:
(1) the client should provide its global_id in the initial handshake
message/frame and later include its auth ticket proving previous
possession of that global_id in CEPHX_GET_AUTH_SESSION_KEY request
(2) the monitor should verify that the included auth ticket is valid
and has the same global_id and, if so, allow the reclaim
(3) if the reclaim is allowed, the new auth ticket should be
encrypted with the session key of the included auth ticket to
ensure authenticity of the client performing reclaim. (The
included auth ticket could have been snooped when the monitor
originally shared it with the client or any time the client
provided it back to the monitor as part of requesting service
tickets, but only the genuine client would have its session key
and be able to decrypt.)
Unfortunately, all (1), (2) and (3) have been broken for a while:
- (1) was broken in 2016 by commit a2eb6ae3fb57 ("mon/monclient:
hunt for multiple monitor in parallel") and is addressed in patch
"mon/MonClient: preserve auth state on reconnects"
- it turns out that (2) has never been enforced. When cephx was
being designed and implemented in 2009, two changes to the protocol
raced with each other pulling it in different directions: commits
0669ca21f4f7 ("auth: reuse global_id when requesting tickets")
and fec31964a12b ("auth: when renewing session, encrypt ticket")
added the reclaim mechanism based strictly on auth tickets, while
commit 5eeb711b6b2b ("auth: change server side negotiation a bit")
allowed the client to provide global_id in the initial handshake.
These changes didn't get reconciled and as a result a malicious
client can assign itself any global_id of its choosing by simply
passing something other than 0 in MAuth message or AUTH_REQUEST
frame and not even bother supplying any ticket. This includes
getting a global_id that is being used by another client.
- (3) was broken in 2019 with addition of support for msgr2, where
the new auth ticket ends up being shared unencrypted. However the
root cause is deeper and a malicious client can coerce msgr1 into
the same. This also goes back to 2009 and is addressed in patch
"auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys".
Because (2) has never been enforced, no one noticed when (1) got
broken and we began to rely on this flaw for normal operation in
the face of reconnects due to network hiccups or otherwise. As of
today, only pre-luminous userspace clients and kernel clients are
not exercising it on a daily basis.
Bump CephXAuthenticate version and use a dummy v3 to distinguish
between legacy clients that don't (may not) include their auth ticket
and new clients. For new clients, unconditionally disallow claiming
global_id without a corresponding auth ticket. For legacy clients,
introduce a choice between permissive (current behavior, default for
the foreseeable future) and enforcing mode.
If the reclaim is disallowed, return EACCES. While MonClient does
have some provision for global_id changes and we could conceivably
implement enforcement by handing out a fresh global_id instead of
the provided one, those code paths have never been tested and there
are too many ways a sudden global_id change could go wrong.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.
Lift the setting of entity_name into AuthServiceHandler.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
| |
Make the one in CephxServiceHandler private and drop the stub in
AuthNoneServiceHandler.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
| |
session_key, connection_secret and connection_secret_required_length
aren't material for start_session() across all three implementations.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit a2eb6ae3fb57 ("mon/monclient: hunt for multiple monitor in
parallel") introduced a regression where auth state (global_id and
AuthClientHandler) was no longer preserved on reconnects. The ensuing
breakage was quickly noticed and prompted a follow-on fix 8bb6193c8f53
("mon/MonClient: persist global_id across re-connecting").
However, as evident from the subject, the follow-on fix only took
care of the global_id part. AuthClientHandler is still destroyed
and all cephx tickets are discarded. A new from-scratch instance
is created for each MonConnection and CEPHX_GET_AUTH_SESSION_KEY
requests end up with CephXAuthenticate::old_ticket not populated.
The bug is in MonClient, so both msgr1 and msgr2 are affected.
This should have resulted in a similar sort of breakage but didn't
because of a much larger bug. The monitor should have denied the
attempt to reclaim global_id with no valid ticket proving previous
possession of that global_id presented. Alas, it appears that this
aspect of the cephx protocol has never been enforced. This is dealt
with in the next patch.
To fix the issue at hand, clone AuthClientHandler into each
MonConnection so that each respective CEPHX_GET_AUTH_SESSION_KEY
request gets a copy of the current auth ticket.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since nautilus, CEPHX_GET_AUTH_SESSION_KEY shares both the auth ticket
and the service tickets, sparing an extra round-trip to get the service
tickets via CEPHX_GET_PRINCIPAL_SESSION_KEY. This applies to msgr1 as
well, but we don't take advantage of it on the client side.
However, fixing CephxClientHandler to do the right thing breaks msgr1.
Since msgr1 is on its way out, rather than also fixing MonClient just
document the bug and the current behaviour.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
| |
for better readability.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |
|
|
| |
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit c58c5754dfd2 ("msg/async/ProtocolV1: use AuthServer and
AuthClient") introduced a backwards compatibility issue into msgr1.
To fix it, commit 321548010578 ("mon/MonClient: skip CEPHX_V2
challenge if client doesn't support it") set out to skip authorizer
challenges for peers that don't support CEPHX_V2. However, it
made it so that authorizer challenges are skipped for all peers in
both msgr1 and msgr2 cases, effectively disabling the protection
against replay attacks that was put in place in commit f80b848d3f83
("auth/cephx: add authorizer challenge", CVE-2018-1128).
This is because con->get_features() always returns 0 at that
point. In msgr1 case, the peer shares its features along with the
authorizer, but while they are available in connect_msg.features they
aren't assigned to con until ProtocolV1::open(). In msgr2 case, the
peer doesn't share its features until much later (in CLIENT_IDENT
frame, i.e. after the authentication phase). The result is that
!CEPHX_V2 branch is taken in all cases and replay attack protection
is lost.
Only clusters with cephx_service_require_version set to 2 on the
service daemons would not be silently downgraded. But, since the
default is 1 and there are no reports of looping on BADAUTHORIZER
faults, I'm pretty sure that no one has ever done that. Note that
cephx_require_version set to 2 would have no effect even though it
is supposed to be stronger than cephx_service_require_version
because MonClient::handle_auth_request() didn't check it.
To fix:
- for msgr1, check connect_msg.features (as was done before commit
c58c5754dfd2) and challenge if CEPHX_V2 is supported. Together
with two preceding patches that resurrect proper cephx_* option
handling in msgr1, this covers both "I want old clients to work"
and "I wish to require better authentication" use cases.
- for msgr2, don't check anything and always challenge. CEPHX_V2
predates msgr2, anyone speaking msgr2 must support it.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
|
| |
|
|
|
|
|
| |
instead of using CryptoRandom use the C++ standard library for
generating secret.
Signed-off-by: Kefu Chai <kchai@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some functions are unavailable on Windows. We'll add some platform
checks, using either portable functions, either the Windows specific
ones:
* utimes -> utime
* strerror_r -> strerror_s
* poll -> WSAPoll
* sendmsg -> WSASend
* switch to portable time format specifiers
* fcntl -> ioctlsocket, when setting up non-blocking sockets
* /dev/urandom -> BCryptGenRandom
* sysconf(_SC_PAGESIZE) -> GetSystemInfo()
* define compat_mkdir, handling the fact that mkdir doesn't accept
the mode argument on Windows
Signed-off-by: Lucian Petrut <lpetrut@cloudbasesolutions.com>
|
| |
|
|
|
|
|
| |
This is part of a series of commits to clean up using namespace at top
level in headers.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
|
| |\
| |
| |
| |
| | |
Build the target 'common' without relying on using namespace in headers
Reviewed-by: Kefu Chai <kchai@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Part of a changeset to allow building all of 'common' without relying
on 'using namespace std' or 'using namespace ceph' at toplevel in
headers.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
|
| |\
| |
| |
| |
| |
| | |
crimson:: add alien blue store
Reviewed-by: Samuel Just <sjust@redhat.com>
Reviewed-by: Kefu Chai <kchai@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
some code coexist in crimson seastar environment and posix environment,
so add namespace to avoid same function conflict, for example add namespace
for CephContext, since the new namespace for classic ceph-osd,
need modify all files declare use CephContext by including "common_fwd.h"
which defined the namespace for each environment.
Signed-off-by: Chunmei Liu <chunmei.liu@intel.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| | |
* refs/pull/33226/head:
unittest_auth: update for new ms_*_mode semantics
auth: treat mgr the same as mon when selecting auth mode
Reviewed-by: Sage Weil <sage@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Also use mon_cluster_modes (and not cluster_modes) when peer is mon/mgr.
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
|
