| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Alexander Indenbaum <aindenba@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| |
| | |
mgr/dashboard: use secure_channel for grpc requests
Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: baum <NOT@FOUND>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Redouane Kachach <rkachach@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Also improves the error messaging around when spec/key
attributes are missing when enable_auth is set to true
Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 9212914be65fe3adde2108f5a2cfd2587d17c0ff)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before this patch the client/server cert/key fields were
just filepaths that told the nvmeof gw daemon where to look
for the cert/key. There's not much reason why users would
care where in the nvmeof gw container the cert goes. It's more
useful to use these fields as a way to pass the certs/keys
to the daemon and then just hardcode where in the container
we'll place the certs/keys
Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit e9fca39092348e6c08022341116875e831c175f0)
|
| |\ \
| | |
| | |
| | |
| | | |
cephadm: make cephadm compatible with jinja2 2.11.3
Reviewed-by: Adam King <adking@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| | |
That version is what's currently being shipped in
RPMs on rhel9
Signed-off-by: Adam King <adking@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Redouane Kachach <rkachach@ibm.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
adding mgmt-gateway, a new cephadm service based on nginx, to act as
the front-end and single entry point to the cluster. This gateway
offers unified access to all Ceph applications, including the
Ceph dashboard and monitoring tools (Prometheus, Grafana, ..),
while enhancing security and simplifying access management
through nginx.
Fixes: https://tracker.ceph.com/issues/66095
Signed-off-by: Redouane Kachach <rkachach@ibm.com>
|
| |\
| |
| |
| |
| | |
cephadm: disable ms_bind_ipv4 if we will enable ms_bind_ipv6
Reviewed-by: Adam King <adking@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While bootstrapping an ipv6 cluster with an ipv6 initial mon, cephadm correctly enables ms_bind_ipv6=true.
However it leaves ms_bind_ipv4 as it's default (true).
As a result, daemons (osd, mds, ...) will attempt to bind to both ipv6 and ipv4.
Usually this results in an osdmap and fsmap like the following:
```
osd.2 up in weight 1 up_from 26 up_thru 909 down_at 0 last_clean_interval [0,0) [v2:[xxxx:4f8:d0:4401:3::29]:6800/3680761436,v1:[xxxx:4f8:d0:4401:3::29]:6801/3680761436,v2:0.0.0.0:6802/3680761436,v1:0.0.0.0:6803/3680761436] [v2:[xxxx:4f8:d0:4401:3::29]:6804/3680761436,v1:[xxxx:4f8:d0:4401:3::29]:6805/3680761436,v2:0.0.0.0:6806/3680761436,v1:0.0.0.0:6807/3680761436] exists,up 0978a571-cd00-4eba-b00b-f863603a9a70
```
```
[mds.cephfs.ceph-test-3.isityv{-1:793154} state up:standby seq 1 join_fscid=1 addr [v2:[xxxx:4f8:d0:4401:3::29]:6832/2213688825,v1:[xxxx:4f8:d0:4401:3::29]:6833/2213688825,v2:0.0.0.0:6834/2213688825,v1:0.0.0.0:6835/2213688825] compat {c=[1],r=[1],i=[7ff]}]
```
Dual stack is not support by kernels (https://tracker.ceph.com/issues/49581) which leads to hard to debug issues for the end users. (corrupt map messages in dmesg).
Fix by disabling ms_bind_ipv4 in the case ipv6 is desired.
Fixes: https://tracker.ceph.com/issues/66436
Signed-off-by: Dan van der Ster <dan.vanderster@clyso.com>
Signed-off-by: Joshua Blanch <joshua.blanch@clyso.com>
|
| |\ \
| | |
| | |
| | |
| | | |
cephadm: fix apparmor profiles with spaces in the names
Reviewed-by: Adam King <adking@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There was a whole file dedicated to the enclosure class from host_facts,
but no other tests for host facts. Rename the enclosure test file to
cover all of host_facts module (for the future).
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
A bunch of stray whitespace in this file called out to be cleaned up.
Black did that job and fixed up some other formatting stuff.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://tracker.ceph.com/issues/66389
Update the host_facts class kernel_security method to correctly read
apparmor profile names that have spaces in them. Update the test to
verify this functionality.
Original-version-by: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Add a test case that covers the HostFacts functionality regarding
the apparmor kernel security (lsm) feature.
Put it in the test_enclosure.py file for now because enclosure is
part of host_facts module.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: rkhudov <rhudov@gmail.com>
|
| |\ \
| |/
|/|
| |
| | |
cephadm: _extract_host_info_from_*() refactor
Reviewed-by: John Mulligan <jmulligan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current implementation doesn't take into account the format is Yaml
This can lead to issue when oob details are passed to host service spec.
For instance, with the following host spec:
```
---
service_type: host
addr: 1.2.3.4
hostname: node1
oob:
username: root
password: passw0rd
addr: 127.0.0.1
```
it is converted to a list like the following:
```
['service_type: host', 'addr: 1.2.3.4', 'hostname: node1',
'oob:', 'username: root', 'password: passw0rd', 'addr: 127.0.0.1']
```
It was (probably) assumed that the pattern `addr:` would be present only
once. With the introduction of node-proxy, this isn't true anymore.
Now that the cephadm binary can embed some external libraries we can leverage pyyaml.
The idea is to use proper yaml format instead so it is easier to process the data.
Fixes: https://tracker.ceph.com/issues/66165
Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com>
|
| |\ \
| | |
| | |
| | |
| | | |
cephadm: the user config is preferred during the bootstrap
Reviewed-by: Adam King <adking@redhat.com>
|
| | |/
| |
| |
| | |
Signed-off-by: gukaifeng <gukaifeng@xiaomi.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
cephadm: use importlib.metadata for querying ceph_iscsi's version
Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
use importlib.metadata for querying ceph_iscsi's version and fallback to
pkg_resources. as the former is only available in Python 3.8, while
the latter is deprecated.
Refs https://tracker.ceph.com/issues/66201
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
to prepare for a change to use importlib, then fallback to
pkg_resources. as the former is only available in Python 3.8, while
the latter is deprecated.
Refs https://tracker.ceph.com/issues/66201
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
|
| |\ \
| |/
|/|
| |
| | |
cephadm: CephExporter doesn't bind to IPv6 in dual stack
Reviewed-by: Adam King <adking@redhat.com>
|
| | |
| |
| |
| |
| | |
In a dual stack configuration ceph-exporter binds to ipv4 only and the metrics fail in ipv6
Signed-off-by: Mouratidis Theofilos <mtheofilos@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit changes the default images for both loki and promtail
containers.
Also, to allow this update we need to update the configuration of loki
in order to add a new storage schema configuration:
```
- from: 2024-05-03
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
```
This is because 3.0.0 uses new structured metadata.
See [1][2].
[1] https://grafana.com/docs/loki/latest/operations/storage/schema/
[2] https://grafana.com/docs/loki/latest/get-started/labels/structured-metadata/#when-to-use-structured-metadata
Fixes: https://tracker.ceph.com/issues/65784
Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com>
|
| |/
|
|
|
|
| |
daemons
Signed-off-by: Gilad Sid <sid.gilad@gmail.com>
|
| |\
| |
| |
| |
| | |
cephadm: have agent check for errors before json loading mgr response
Reviewed-by: <mfritch@suse.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, since it tries to json.loads the response
payload before checking the return code, if there was
an error it fails with
Failed to send metadata to mgr: the JSON object must be str, bytes or bytearray, not ConnectionRefusedError
which is masking the actual failure.
Also adds more context to the RuntimeError raised
Fixes: https://tracker.ceph.com/issues/65553
Signed-off-by: Adam King <adking@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
mgr: add a new smb cluster & share module
Reviewed-by: Adam King <adking@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a smb daemon is being configured it may have user_sources - a
field containing uris that are supplemental configurations expected
to define users and/or groups for a non-AD member server. Ensure these
uris get passed to the env var for the config uris to get processed.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
cephadm: check if file exists when passing `--apply_spec`
Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
cephadm deploys the cluster, fails and does a rollback.
If the passed file doesn't exist we can make the CLI fail early instead.
```
... omitted output ...
Applying ../host-spec.yaml to cluster
FileNotFoundError: [Errno 2] No such file or directory: '../host-spec.yaml'
***************
Cephadm hit an issue during cluster installation. Current cluster files will be deleted automatically.
To disable this behaviour you can pass the --no-cleanup-on-failure flag. In case of any previous
broken installation, users must use the following command to completely delete the broken cluster:
> cephadm rm-cluster --force --zap-osds --fsid <fsid>
for more information please refer to https://docs.ceph.com/en/latest/cephadm/operations/#purging-a-cluster
***************
Deleting cluster with fsid: 6e6a2dbe-f73a-11ee-8262-98be948800fd
Traceback (most recent call last):
File "/usr/lib64/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/tmpive4g9gs.cephadm.build/app/__main__.py", line 5615, in <module>
File "/tmp/tmpive4g9gs.cephadm.build/app/__main__.py", line 5603, in main
File "/tmp/tmpive4g9gs.cephadm.build/app/__main__.py", line 2693, in _rollback
File "/tmp/tmpive4g9gs.cephadm.build/app/__main__.py", line 445, in _default_image
File "/tmp/tmpive4g9gs.cephadm.build/app/__main__.py", line 2958, in command_bootstrap
FileNotFoundError: [Errno 2] No such file or directory: '../host-spec.yaml'
```
Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
cephadm: allow passing custom prometheus alerts to bootstrap
Reviewed-by: John Mulligan <jmulligan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This can't be done with the --config flag as the thing
that needs to be changed is in the config-key store rather
than being a config option. I don't think we have any
option other than a new flag here. Makes use of the
`ceph orch prometheus set-custom-alerts` command being
added in another commit
Signed-off-by: Adam King <adking@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
test/cephadm: extend timeout again
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When run make check(arm64) on omani series servers,
Shows:
python: timeout after 60 seconds
INFO root:call_wrappers.py:284 Non-zero exit code 124 from /home/jenkins-build/build/workspace/ceph-pull-requests-arm64/src/cephadm/.tox/py3/bin/python -c for i in range(1000000): print(i, flush=True)
Seems like 60s is not enough, extend to 300s would be fine.
Signed-off-by: Rongqi Sun <sunrongqi@huawei.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
python: remove some vestigial tox basepython directives
Reviewed-by: Adam King <adking@redhat.com>
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove what I think are vestigial configuration parameters setting
`basepython` in tox.ini. These may have been useful during the change
from python 2 to 3, but I don't see them serving any useful purpose
at this current time. In fact they now interfere with the ability to
globally override the basepython version of all testenv's at once.
So let's just remove them. We can always add it back if we find
an issue in the future (and document it!).
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| |\ \ \ \
| | |/ /
| |/| | |
test/cephadm: fix timeout issue
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When run make check(arm64) on omani series servers, eg.
https://jenkins.ceph.com/job/ceph-pull-requests-arm64/54751/.
Shows:
python: timeout after 30 seconds
INFO root:call_wrappers.py:284 Non-zero exit code 124 from /home/jenkins-build/build/workspace/ceph-pull-requests-arm64/src/cephadm/.tox/py3/bin/python -c for i in range(1000000): print(i, flush=True)
Fixes: https://tracker.ceph.com/issues/65355
Signed-off-by: Rongqi Sun <sunrongqi@huawei.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
cephadm: fix host-maintenance command always exiting with a failure
Reviewed-by: Adam King <adking@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The host-maintenance command would always fail because
command_maintenance always returns a string. This string is passed to
sys.exit and thus always gets printed and causes a non-zero exit code.
Fix the command line behavior by renaming the original function and
adding a new command_maintenance that prints the string and returns an
int like other command_* functions do.
Fixes: https://tracker.ceph.com/issues/65122
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
cephadm: add idmap.conf to nfs sample file
Reviewed-by: John Mulligan <jmulligan@redhat.com>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Otherwise deployment using this sample will fail with
"ERROR: required file missing from config-json: idmap.conf"
Fixes: https://tracker.ceph.com/issues/65155
Signed-off-by: Adam King <adking@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
mgr/dashboard: update NVMeoF gRPC: "listener add" changes
Reviewed-by: gbregman <NOT@FOUND>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
To include latest changes to the listener add call.
Fixes: https://tracker.ceph.com/issues/65268
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
5.4.0 seems to have caused a number of permission issues
in the test. In order to unblock make check, let's pin it
to 5.3.5 for now.
Signed-off-by: Adam King <adking@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
python: allow unit tests to use tox default envs
Reviewed-by: Adam King <adking@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a comment to tox.ini for people who might not know about the
relatively new `check-black` and `format-black` envs. While check-black
is part of the default envlist (as it is read-only) someone may not
know about the read-write version `format-black`.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
|
