New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jewel: fs: essential backports for OpenStack Manila #10453
Conversation
Allow clients to be restricted to read-only mount of the volume by restricting their ceph auth ID's MDS and OSD caps to read-only. Fixes: http://tracker.ceph.com/issues/15614 Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 011ea5e)
tested by ceph/ceph-qa-suite#1100 |
Test failed on missing fsync http://qa-proxy.ceph.com/teuthology/jspray-2016-07-29_05:06:54-fs:recovery-wip-manila-backports-jewel-distro-basic-mira/339326/teuthology.log Cherry picked 4356b8f to the instance of wip-manila-backports-jewel built for testing and will retest. @ajarr can you cherry-pick that commit to this PR too please? |
Passing with the extra 4356b8f commit here: http://pulpito.ceph.com/jspray-2016-08-01_19:41:23-fs:recovery-wip-manila-backports-jewel-distro-basic-mira/ |
The 'rw+' style flags are handy and convenient, but they don't capture all possibilities. Change to optionally accept an integer here for advance users who want to specify arbitrary combinations of flags. Signed-off-by: John Spray <john.spray@redhat.com> (cherry picked from commit 5678584)
Store a two-way mapping between auth IDs and volumes. Enables us to record some metadata on auth ids (which openstack tenant created it) so that we can avoid exposing keys to other tenants who try to use the same ceph auth id. Enables us to expose the list of which auth ids have access to a volume, so that Manila's update_access() can be implemented efficiently. DNM: see TODOs inline. Fixes: http://tracker.ceph.com/issues/15615 Signed-off-by: John Spray <john.spray@redhat.com> (cherry picked from commit d2e9eb5)
Notable changes to data layout in auth meta and volume meta files: In the auth meta files, add a 'dirty' flag to track the status of auth updates to a single volume. In the volume meta file, make the 'dirty' flag track the status of auth updates for a single ID. Optimize the recovery of partial auth update changes to auth meta, volume meta, and the Ceph backend, facilitated by changes in the data layout in the meta files. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 7c8a28a)
Check dirty flag after locking something and call recover() if we are opening something dirty (racing with another instance of the driver restarting after failure) -- only required if someone running multiple manila-share instances with Ceph loaded. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 647a244)
So we don't necessary to syncfs when want to persistent some file. Signed-off-by: Xiaoxi Chen <xiaoxchen@ebay.com> (cherry picked from commit 1c952fb)
Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 27eb51b)
Prevent craftily-named volume groups from colliding with meta files. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 7f7d2a7)
Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit f58403f)
File locks are applied on meta files before updating the meta file contents. These meta files would need to be cleaned up sometime, which could lead to locks being held on unlinked meta files. Prevent this by checking whether the file had been deleted after lock was acquired on it. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit f7c0372)
Create and delete volume meta files during creation and deletion of volumes. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 37fbfc7)
Log the path of the volume during creation and deletion of volumes. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 7731287)
Remove auth meta files on last rule for an auth ID deletion Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit ec2e6e3)
Restrict an auth ID to a single OpenStack tenant to enforce strong tenant isolation of shares. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 82445a2)
Add class attributes to CephFSVolumeClient to version its capabilities. 'version' attribute stores the current version number of CephFSVolumeClient. 'compat_version' attribute stores the earliest version number of CephFSVolumeClient that the current version is compatible with. Fixes: http://tracker.ceph.com/issues/15406 Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 46876fb)
Version on-disk metadata with two attributes, 'compat version', the minimum CephFSVolume Client version that can decode the metadata, and 'version', the version that encoded the metadata. Signed-off-by: Ramana Raja <rraja@redhat.com> (cherry picked from commit 1c1d65a)
fa2e94d
to
e1eb8af
Compare
ceph_volume_client: allow read-only authorization for volumes
Fixes: http://tracker.ceph.com/issues/15999
pybind: ceph_volume_client authentication metadata
Fixes: http://tracker.ceph.com/issues/16830
ceph_volume_client: add versioning
Fixes: http://tracker.ceph.com/issues/16831