Suggested Ceph package improvements #147801
Assignees
Comments
|
For reference, this is my current derivation I'm comparing to, building { stdenv, lib, fetchurl, fetchpatch, cmake, pkgconfig, makeWrapper
, python3
, python3Packages
, cunit
, lz4
, oathToolkit
, libuuid
, udev, libaio, utillinux, keyutils, fuse, libxfs
, leveldb, snappy, curl
, nss
, ncurses
, expat, boost, gperftools, gperf, yasm, rdma-core, kmod, cryptsetup, lvm2, coreutils, bzip2
}:
let
version = "13.2.2";
ceph-unwrapped = stdenv.mkDerivation {
name = "ceph-unwrapped-${version}";
src = fetchurl {
url = "https://download.ceph.com/tarballs/ceph_${version}.orig.tar.gz";
sha256 = "0h483n9iy0fkbqrhf7k0dzspwdpcaswkjwmc5n5c600fr6s1v9pk";
};
buildInputs = [
udev
libaio
utillinux
keyutils
libuuid
lz4
leveldb
snappy
curl
nss
ncurses
expat
boost
gperftools
gperf
fuse
libxfs
rdma-core
oathToolkit
bzip2
];
nativeBuildInputs = [
cmake
cunit
python3Packages.sphinx
python3Packages.cython
python3Packages.virtualenv
python3Packages.pip
yasm
pkgconfig
makeWrapper
];
patches = [
# TODO: remove when https://github.com/ceph/ceph/pull/21289 is merged
./ceph-volume-allow-loop.patch
# TODO: remove when https://github.com/ceph/ceph/pull/20938 is merged
./dont-hardcode-bin-paths.patch
(fetchpatch {
name = "ceph-remove-subinterpreter-check.patch";
url = "https://github.com/ceph/ceph/compare/v13.2.2...feb258244bacca0ffdcc7b6f562b2929d2e432b6.patch";
sha256 = "0d9v3sqxr3zwlvqv1n3nllq3sdsq1xqrwlr9aai4f80zvllh3p6k";
})
# TODO: remove when over > 15.1.0
./fix-missing-include.patch
(fetchpatch {
name = "ceph-fix-python-const-char.patch";
url = "https://github.com/ceph/ceph/commit/b29c65623f508082ded87af6f8d068ce8882f936.patch";
sha256 = "sha256:0qggdqjivy9kbs7my38bjxifc2i8n34gh1hxi2nya18294si7cqk";
})
./fix-include-assert.patch
# Backport of fix for log spam every time `ceph` is invoked, with this warning:
# DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.10 it will stop working
(fetchpatch {
name = "ceph-Fix-python-import-deprecation-warnings.patch";
# Commit-pinned equivalent of: https://github.com/nh2/ceph/compare/ceph:v13.2.2...13.2.2-python-warnings.patch
url = "https://github.com/nh2/ceph/compare/ceph:v13.2.2...9be54a0bc3c340d87e51540b4f6d38df9e2c1f13.patch";
sha256 = "1pfby711nhla64crhrpa0ayq795hi4y1qghswb20l7w12z3nxsrr";
})
];
preConfigure = ''
pushd systemd
# Checking systemd units are unchanged:
echo "Actual systemd file hashes:"
sha256sum *.target *.service *.service.in | tee actual-systemd-hashes
echo "Diff of actual systemd file hashes with expected ones:"
diff -u ${./expected-systemd-hashes} actual-systemd-hashes
if [ $? != 0 ]; then
echo "Ceph's systemd files have changed. Please ensure that the corresponding units in ceph.nix of the ceph NixOS service are up to date, and bump ./expected-systemd-hashes."
exit 1
fi
popd
patchShebangs .
'';
# Flags from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ceph-git#n142
cmakeFlags = [
"-DCMAKE_BUILD_TYPE=RelWithDebInfo"
"-DWITH_SYSTEM_BOOST=ON"
"-DWITH_PYTHON3=ON"
"-DWITH_SYSTEMD=OFF" # We need to make custom Nix units anyway
"-DWITH_EMBEDDED=OFF"
"-DWITH_OPENLDAP=OFF"
"-DWITH_LTTNG=OFF"
"-DWITH_BABELTRACE=OFF"
"-DWITH_TESTS=OFF"
# Can't build this for now because we get a build error from it:
# Traceback (most recent call last):
# File "/tmp/nix-build-ceph-unwrapped-13.2.0.drv-7/ceph-13.2.0/build/src/pybind/mgr/dashboard/node-env/bin/pip", line 7, in <module>
# from pip._internal import main
# ModuleNotFoundError: No module named 'pip._internal'
"-DWITH_MGR_DASHBOARD_FRONTEND=OFF"
# Can't build this for now because the vendored `spdk` build complains:
# /tmp/nix-build-ceph-unwrapped-13.2.0.drv-1/ceph-13.2.0/src/spdk/include/spdk_internal/lvolstore.h:41:10: fatal error: uuid/uuid.h: No such file or directory
# We haven't figured out yet what's the problem here.
"-DWITH_SPDK=OFF"
"-DXFS_INCLUDE_DIR=${libxfs}/include"
# This is needed otherwise Ceph will try to use sys_siglist which is now deprecated.
"-DWITH_REENTRANT_STRSIGNAL=ON"
];
# Set the LD_LIBRARY_PATH, otherwise Cython can't find the ceph libraries during compilation
# We also need to include our install dir in PYTHONPATH otherwise pip will refuse to install ceph-disk.
preBuild = ''
export LD_LIBRARY_PATH=$PWD/lib:$LD_LIBRARY_PATH
export PYTHONPATH=$(toPythonPath $out):$PYTHONPATH
'';
enableParallelBuilding = true;
};
# do the binary wrapping in a separate derivation so that we don't need to rebuild ceph if only this changes
in
let
# See https://github.com/ceph/ceph/blob/v13.2.2/src/pybind/mgr/dashboard/requirements.txt and perhaps others.
# Update the URL to newer versions on upgrades.
pythonEnv = python3.withPackages (pkgs: with pkgs; [
python
flask
prettytable
requests
(cherrypy.overrideDerivation (old: { doInstallCheck = false; }))
jinja2
pecan
pyopenssl
setuptools
werkzeug
Mako
bcrypt
]);
in
stdenv.mkDerivation {
name = "ceph-${version}";
buildInputs = [ ceph-unwrapped ];
nativeBuildInputs = [ makeWrapper python3Packages.python ];
buildCommand = let
extraPythonPaths = with python3Packages;
map
(path: "$(toPythonPath ${path})")
[ "$out"
# Python dependencies from: https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/ceph#n142
];
in ''
set -eo pipefail
cp -rvs ${ceph-unwrapped} --no-preserve=mode $out
# Some executables in `bin` call out to Python; wrap them all with PYTHONPATH so that this works.
for script in $out/bin/*; do
echo "Adding Python paths to $script"
wrapProgram $script --suffix-each PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pythonEnv})" \
--suffix PATH : "$out/bin"
done
wrapProgram $out/bin/mount.ceph --suffix PATH : ${kmod}/bin
wrapProgram $out/bin/ceph-volume --suffix PATH : "${lvm2}/bin:${utillinux}/bin:${coreutils}/bin:${cryptsetup}/bin"
'';
}/ |
|
btw when leveldb is updated to 1.23 we will need this patch https://src.fedoraproject.org/rpms/leveldb/blob/rawhide/f/0006-revert-no-rtti.patch |
|
We definitly should build a proper python-rados package instead of shipping the python libs with the ceph package |
lukegb
added a commit
that referenced
this issue
Dec 27, 2021
LevelDB 1.23 forces -fno-rtti in their CMakeLists.txt, which breaks downstream projects (e.g. Ceph). See #147801 (comment) for some discussion about this. OpenSUSE, Fedora, and Arch have all re-enabled RTTI in their packaging of LevelDB as a result.
|
I found another problem, added to issue description:
Example issue: When that happens, |
|
And another one:
Edit: I found the solution. In my own ceph service declaration, I'm using: let
# Utilities called by Ceph device health scraping, see:
# https://docs.ceph.com/en/latest/rados/operations/devices/#enabling-monitoring
# As per https://github.com/ceph/ceph-container/pull/1490/commits/c49e821599965ae92a88b2c78077ee03c4405895,
# both the OSDs and the `mon` need this.
# Ceph calls these utilities with `sudo`. That requires sudoers entries.
# Sudoers entries require absolute path; that exact (nix store) path needs to
# be used by Ceph, so it needs to be given to the systemd unit via `path`.
# This is why we pair each `sudoersExtraRule` with the `package` to put onto
# that `path`.
#
# Entries are based on:
# https://github.com/ceph/ceph/blob/a2f5a3c1dbfa4dce41e25da4f029a8fdb8c8d864/sudoers.d/ceph-smartctl
cephMonitoringSudoersCommandsAndPackages = [
{
package = pkgs.smartmontools;
sudoersExtraRule = { # entry for `security.sudo.extraRules`
users = [ config.users.users.ceph.name ];
commands = [{
command = "${lib.getBin pkgs.smartmontools}/bin/smartctl -x --json=o /dev/*";
options = [ "NOPASSWD" ];
}];
};
}
{
package = pkgs.nvme-cli;
sudoersExtraRule = { # entry for `security.sudo.extraRules`
users = [ config.users.users.ceph.name ];
commands = [{
command = "${lib.getBin pkgs.nvme-cli}/bin/nvme * smart-log-add --json /dev/*";
options = [ "NOPASSWD" ];
}];
};
}
];
cephDeviceHealthMonitoringPathsOrPackages = with pkgs; [
# Contains `sudo`. Ceph wraps this around the other health check programs.
# Cannot use `pkgs.sudo` because that one is not SUID, see:
# https://discourse.nixos.org/t/sudo-uid-issues/9133
"/run/wrappers" # `systemd.services.<name>.path` adds the `bin/` subdir of this
] ++ map ({ package, ... }: package) cephMonitoringSudoersCommandsAndPackages;
in {
# ...
# Allow ceph daemons (which run as user ceph) to collect device health metrics.
security.sudo.extraRules =
map ({ sudoersExtraRule, ... }: sudoersExtraRule) cephMonitoringSudoersCommandsAndPackages;
# ... in the declaration of the Ceph OSD services.systemd... unit:
path = cephDeviceHealthMonitoringPathsOrPackages;
# ... in the declaration of the Ceph MON services.systemd... unit:
path = cephDeviceHealthMonitoringPathsOrPackages;
} |
nh2
pushed a commit
to nh2/nixpkgs
that referenced
this issue
Jan 2, 2022
LevelDB 1.23 forces -fno-rtti in their CMakeLists.txt, which breaks downstream projects (e.g. Ceph). See NixOS#147801 (comment) for some discussion about this. OpenSUSE, Fedora, and Arch have all re-enabled RTTI in their packaging of LevelDB as a result. (cherry picked from commit 5d2fefe) Cherry-Picked-By: Niklas Hambuechen <mail@nh2.me>
stale
bot
added
the
2.status: stale
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/while-mounting-ceph-filesystem-got-a-modprobe-not-found/23465/1 |
stale
bot
removed
the
2.status: stale
|
Can't use ceph-fuse. Here is example of output #46529 (comment) :( |
|
@nh2 There currently isn't any active maintainer for the package since srhb dropped maintainership. I'm somewhat willing to review bits and pieces, so feel free to get started with all your ideas. If we considered to use ceph as a long-term solution, it would likely need to be in a better shape than today. |
|
I'm pretty new to nix but I can help since I have working ceph and cephfs Mounting with
|
|
Similarly to Casul51, I can also help (but I still don't have bandwidth for full-blown maintainership, sorry) |
In (at least privileged) containers throws error but mounts anyway |
|
By the way I've managed get working ceph on privileged container
Gonna try on unprivileged later. I guess I tried that but it didn't work so why I started using privileged |
|
@nh2 Are you still planning to tackle a few of these issues? |
Generally yes, but currently I am very short on time. We use Ceph in production though so I'll have an interest in making it work. |
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As known from #42830 (comment), my company is using our own Ceph derivation instead of the nixpkgs one. After some of my contributions from that link were kindly incorporated by @krav, I'd like to spend some time to further improve the current nixpkgs Ceph package, so that I can switch to using that.
Before I start putting time into it, I'd like to share with other
cephpackage maintainers/contributors the current list of items I'd like to address.Please let me know if you find anything problematic, or if you can answer some of these easily:
List:
mount -t ceph(kernel mounter) has a problem where it loses itspkgs.kmod(it needsmodprobeonPATH)cephpackage overrides the hardcode of/sbin/modprobeto justmounthere.mount -t cephis invoked with properPATH, it invokesmount.cephwithout any environment variables, thus losingPATH(that happens here, callingsystem()here). I suspect this is becausemountis a SUID program and clears itsPATHfor security, but I couldn't find a reference for that fact. We may need to explain that somewhere, and perhaps makemodprobeavailable in general if we wantmount -t cephto work, or undo the overriding to callmodprobefrom PATH and put in a full path to"${pkgs.kmod}/bin/modprobe"(which will imply more frequentcephpackage rebuilds).ceph-fuseneeds to be wrapped withpkgs.utillinuxbecause it needsmountonPATHceph-fuseneeds to be wrapped withpkgs.fusebecause it needsfusermountonPATHsphinxshould not be a runtime dependency (it currently is due to being bunched up inceph-python-env)ncursestobuildInputs,see e.g. https://github.com/ceph/ceph/blob/785edd08a00c359397e69e808350874886c3908c/doc/cephfs/cephfs-top.rst#L8
cmakeFlagscunitnot innativeBuildInputs? I suspect it should.# ceph 14for?(ensureNewerSourcesHook { year = "1980"; })needs commentsubstituteInPlace src/common/module.cshould semantically better be inpostPatchinstead ofpreConfiguresubstituteInPlace src/common/module.cshould link to Don't hardcode executable paths in module.c ceph/ceph#20938"-DWITH_SYSTEMD=OFF"needs comment"-DWITH_TESTS=OFF"needs commentexport PYTHONPATHis needed technically in addition topythonPath =.Seee ceph: Bring back ceph-volume #78243 (comment)
maintainers, I think she was accidentally removed in 0dea5df because she was in only 1 of the 2 lists that were refactored into a variable.ceph-unwrapped), and a symlinked derivation on top of it that has all the Python wrapping.This is so that one can very quickly iterate on Python wrapping, e.g. changing Python dependencies, without a multi-hour-rebuild.
Check what @krav meant in Upgrade to Ceph 13 #42830 (comment):
sudo: exit status: 1:Suggested Ceph package improvements #147801 (comment)
Further issuess I found while testing Ceph 16 from
nixos-21.11:ceph-volume lvm zaperrors due to lack oflsblk(fromutil-linux). It needs to be added to the wrapping.lvs(fromlvm2)The text was updated successfully, but these errors were encountered: