Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: Added caching for S3 credentials retrieved from keystone #26095

Merged
merged 2 commits into from Mar 18, 2019

Conversation

@jamesba
Copy link
Contributor

jamesba commented Jan 23, 2019

When providing an S3 compatible interface previous behaviour has been to cache the
access token but request verification of the signature for every request from keystone.
This causes keystone to be quite a performance bottleneck especially for instalations
with high levels of S3 traffic.

In this commit a change is made to perform the verification of S3 request signatures
inside the radosgw process, thereby seriously reducing the number of requests that need
to be made to keystone. To do this a shared S3 secret key is obtained from keystone and
kept in a local cache.

Signed-off-by: James Weaver james.barrett@bbc.co.uk

@jamesba

This comment has been minimized.

Copy link
Contributor Author

jamesba commented Jan 23, 2019

As an example our 700 30MB requests per second fully maxed out 12 CPU cores on keystone and generated around 30Mb/s of authentication traffic. Post this change the authentication traffic to and from keystone is now negligible (and the keystone cpu load is similarly negligible), and the latency of each of our S3 requests has dropped by about 40%.

The benefit might well be even larger with smaller objects.

@jrosser

This comment has been minimized.

Copy link

jrosser commented Jan 23, 2019

This code is inspired by the Swift keystone-middleware s3 python code which provides a layer of token caching using memcached. In this patch a similar approach is applied within radosgw using C++ constructs.

Copy link
Contributor

mattbenjamin left a comment

this seems like a valid complement to the STS integration with keystone, which avoids the need for a cache, but has different trade-offs--for an environment where keystone has ec2 credentials for an account, using sts::lite should be an option; did you folks look at that?

src/rgw/rgw_auth_keystone.cc Outdated Show resolved Hide resolved
src/rgw/rgw_auth_keystone.h Outdated Show resolved Hide resolved
src/rgw/rgw_auth_keystone.h Show resolved Hide resolved
@jrosser

This comment has been minimized.

Copy link

jrosser commented Jan 23, 2019

this seems like a valid complement to the STS integration with keystone, which avoids the need for a cache, but has different trade-offs--for an environment where keystone has ec2 credentials for an account, using sts::lite should be an option; did you folks look at that?

@jamesba See http://docs.ceph.com/docs/master/radosgw/STSLite/

@mattbenjamin In this situation we are not always in control of the client implementation so needing to patch boto would be unfortunate. The STS stuff is however interesting.

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Jan 23, 2019

@jamesba hacking boto3 was/is--I think, @pritha-srivastava?--attempts to make boto do the full STS round trip, but iiuc, the only thing it doesn't do unpatched is the GetSessionToken, so iiuc again, that step, which is done once/infrequently, could be done with something outboard?

@pritha-srivastava

This comment has been minimized.

Copy link
Contributor

pritha-srivastava commented Jan 23, 2019

@jamesba hacking boto3 was/is--I think, @pritha-srivastava?--attempts to make boto do the full STS round trip, but iiuc, the only thing it doesn't do unpatched is the GetSessionToken, so iiuc again, that step, which is done once/infrequently, could be done with something outboard?

You are right Matt, only GetSessionToken requires boto to be patched, once the temporary creds are obtained, patching boto is not needed.

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Jan 30, 2019

@jamesba do you folks have a timeline for pushing some updates here? We'd like to incorporate this, when ready.

@jrosser

This comment has been minimized.

Copy link

jrosser commented Feb 1, 2019

@jamesba do you folks have a timeline for pushing some updates here? We'd like to incorporate this, when ready.

@mattbenjamin we are also keen to get this merged as it is working very well for us, I would hope that we can get an update pushed early next week. We are suffering slightly from parallel builds failing for mimic which makes the turn-round time to test things very slow.

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Feb 1, 2019

@jamesba woot, thanks for the update

jamesba added 2 commits Jan 14, 2019
…tials

When providing an S3 compatible interface previous behaviour has been to cache the
access token but request verification of the signature for every request from keystone.
This causes keystone to be quite a performance bottleneck especially for instalations
with high levels of S3 traffic.

In this commit a change is made to perform the verification of S3 request signatures
inside the radosgw process, thereby seriously reducing the number of requests that need
to be made to keystone. To do this a shared S3 secret key is obtained from keystone and
kept in a local cache.

Signed-off-by: James Weaver <james.barrett@bbc.co.uk>
Now makes use of existing method for generating a signature for an S3 request.

Signed-off-by: James Weaver <james.barrett@bbc.co.uk>
@jamesba jamesba force-pushed the bbc:s3secretcache branch from 3c9e406 to 2e25485 Feb 4, 2019
@jamesba

This comment has been minimized.

Copy link
Contributor Author

jamesba commented Feb 4, 2019

@mattbenjamin Have made the requested changes. Now makes use of the existing signing mechanisms.

Copy link
Contributor

mattbenjamin left a comment

this looks good to me, with ack from pritha and marcus; marcus has a parallel change that touches the keystone token cache, and I want him to elucidate how they interact

max(cct->_conf->rgw_keystone_token_cache_size),
s3_token_expiry_length(300) {
s3_token_expiry_length(300, 0) {

This comment has been minimized.

Copy link
@mattbenjamin

mattbenjamin Feb 14, 2019

Contributor

missed this in the first path; this should probably be configurable? I don't think that's a problem for now

This comment has been minimized.

Copy link
@jrosser

jrosser Feb 14, 2019

@mattbenjamin we did try to make this configurable during testing but that only led to segfaults, the proper way to add new config options is a bit opaque. Is there a good guide or example for that?

This comment has been minimized.

Copy link
@jamesba

jamesba Mar 12, 2019

Author Contributor

Any progress on this?

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Feb 14, 2019

@mdw-at-linuxbox can I get you to do your review of this?

@mdw-at-linuxbox

This comment has been minimized.

Copy link
Contributor

mdw-at-linuxbox commented Mar 18, 2019

The main reservation I have about this is I think there will be sites that don't want to export all their user tokens to rgw this way - is there a way to maintain the ability for the "old" functionality as well?

Token revocation may be an issue as well - doesn't appear to be any datapath for this. I don't think most sites will care about this - something to think about for the future.

This change doesn't directly interact with anything I do. It duplicates the token cache to make a new "secret cache" - parallel logic to token_cache. It could benefit from the same set of changes I did for token_cache - and could also benefit from using a shared type instead of duplicating logic.

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Mar 18, 2019

@mdw-at-linuxbox @cbodley I think this is pass. There is, in addition to the mon and osd ones, a radosgw leak in a request pipeline; it doesn't seem to have any relationship to the PR:
http://qa-proxy.ceph.com/teuthology/mbenjamin-2019-03-18_01:51:09-rgw-wip-bbc-s3secretcache-distro-basic-smithi/3742900/remote/smithi148/log/valgrind/c1.client.0.log.gz

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Mar 18, 2019

@mdw-at-linuxbox those suggestions make sense; I think we should merge now and improve rather than delaying further, however

@jrosser

This comment has been minimized.

Copy link

jrosser commented Mar 18, 2019

We are open to adding config options to enable/disable this function, and maybe tune the cache lifetime. We are however unable to add config options without the code segfaulting - see @jamesba requesting help with this in previous comments. Happy to add that to this PR or a subsequent one as required if we can get some guidance.

@mattbenjamin

This comment has been minimized.

Copy link
Contributor

mattbenjamin commented Mar 18, 2019

@jrosser you're welcome to help; I'd like to take this now, @mdw-at-linuxbox may be able to help coordinate on adjustments, or work through the issues; great work here, sorry it took a long time to merge!

@mattbenjamin mattbenjamin merged commit affb7d3 into ceph:master Mar 18, 2019
5 checks passed
5 checks passed
Docs: build check OK - docs built
Details
Signed-off-by all commits in this PR are signed
Details
Unmodified Submodules submodules for project are unmodified
Details
make check make check succeeded
Details
make check (arm64) make check succeeded
Details
liewegas added a commit that referenced this pull request Mar 24, 2019
* refs/pull/27147/head:
	qa/workunits/mon/config.sh: s|bin/ceph|ceph|
	Merge pull request #25545 from zhouyuan/wip-ceph-immutable-obj-cache-daemon
	Merge pull request #26675 from trociny/wip-rbd-io-simple-scheduler
	Merge pull request #27098 from ming416/master
	Merge PR #27070 into master
	Merge PR #27020 into master
	Merge PR #27021 into master
	Merge PR #27101 into master
	mgr/dashboard: auth ttl expired error
	Merge pull request #26940 from xiexingguo/wip-monc-add-con
	Merge pull request #26955 from liewegas/wip-slow-add
	Merge pull request #26950 from xiexingguo/wip-mgr-fixes
	Merge pull request #27068 from hjwsm1989/upmap-filter-out-underfull-buckets
	Merge pull request #27067 from SUSE/wip-fix-38788
	Merge pull request #26923 from majianpeng/msg-optimize-check-loopback-con
	Merge pull request #27076 from MariusSchiffer/ceph-mgr-python3-fix
	Merge pull request #27106 from dalgaaf/dalgaaf-wip-fix-lrc-doc
	Merge pull request #27071 from tchaikov/wip-crimson-osd-peering
	crimson/osd: add minimal PG recovery FSM
	crimson/osd: advance pg in consume_map()
	crimson/osd/pg: update info.stats
	crimson/osd: add more peering facilities
	crimson/osd: add operator<< for PG
	crimson/osd/pg: add peer_activated
	crimson/osd: add facilities for sending notify
	crimson/osd: maintain PG::want_acting
	crimson/osd: add PG::is_{acting,up}()
	crimson/osd: wait osdmap before processing peering evt
	crimson/osd: add OSD::_send_active()
	crimson/osd: handle MOSDPGLog in OSD
	crimson/osd: handle MOSDPGQuery in OSD
	crimson/osd: handle MOSDPGInfo in OSD
	crimson/osd: handle MOSDPGNotify in OSD
	crimson/osd: keep track of last_peering_reset
	doc: fix LRC documentation
	common/blkdev: handle devices with ID_MODEL as "LVM PV ..." but valid ID_MODEL_ENC
	Merge PR #27044 into master
	osd/OSDMap: add 'zone' to default crush map
	mon/MgrStatMonitor: ensure only one copy of initial service map
	Merge PR #27048 into master
	test/librbd: sequential write aio test
	tools: move options parsing into ObjectCacheStore for immutable obj cache daemon
	building: adding missing ceph-immtable-object-cache-dbg rule
	tools: fix SimplyPolicy memory leak
	tools: cleanup code style and delete useless data
	tools: new cache sub-dir rule for immutable obj cache daemon
	tools: cleanup RO
	tools: eliminate session_map race between CacheSession
	tools: make cache file dir number configurable
	tools: make cache watermark configurable
	tools: make dedicated thread configurable for RO
	tools: adjust code style of RO
	tools: clean up data structure of immutable obj cache daemon
	tools: refactor ObjectCacheRequest of RO
	tools: return real cache status on lookup in immutable obj cache
	tools: fix librados compatibility
	tools: clean up cache dir for immutable obj cache
	tools: maintain cache size counter for immutable obj cache daemon
	tools: templatize create_rados_callback
	tools: use specific message for different ops in immutable obj cache daemon
	tools: cleanup IPC message for immutable obj cache daemon
	tools: set namespace & snap_id before promote from RADOS in immutable obj cache
	tools: format code and clean up
	tools: adding signal handling for immutable obj cache daemon
	tests: reduce testing resources occupied for immutable obj cache
	tools: follow current codes to modify UT
	tools: release dedicated thread resource
	tools: add connect fails to fault
	tools: clean up object cache request struture
	common/buffer: assign error message to caller on short read in pread_file
	tools: add m_cache_path
	tools: clean up dead code in immutable obj cache
	tools: kill ObjectCacheFile in immutable obj cache
	tools: clean up immutable obj cache
	common/options: move immutable obj cache options out of rbd section
	common/buffer: return 0 on short read in pread_file
	tools: some modification at RO
	tool: break down receive_message implements
	common/buffer: fix pread_file to generate local bufferlist
	tools: clean up types for immutable obj cache daemon
	tools: refuse to start if obj cache daemon fail to initialize cache dir
	test: enable asio tests for immutable obj cache controller
	tools: immutable_object_cache code format cleanup
	common/buffer: adding pread_file method
	tools: refactor asio domain socket of RO
	tools: fix redudent updates on cache metdata
	build/ops: adding build spec for immutable object cache daemon
	test: add object cache message unite test
	tools: add new object cache message
	tools: use bufferlist to implement ObjectCacheFile
	test: add ObjectCacheStore unit test
	test: add multi-session unit testing
	test: move WaitEvent class to test_common.h file
	tools: fix immutable obj cache max size
	tools: remove RBD specific logic in immutable obj cache
	tools: remove background eviction
	tools: format headers for object cache daemon
	tools: create local utils for object cache daemon
	tools: clean up immutable object cache
	tools: adding ceph level immutable obj cache daemon
	Merge pull request #27099 from tchaikov/wip-crimson-misc-logging
	Merge pull request #27089 from tchaikov/wip-cmake-with-ninja
	Merge pull request #27100 from ddiss/trivial_rgw_auth_keystone_gcc_warning
	Merge pull request #27094 from tchaikov/wip-cmake-cmake-ubsan
	Merge pull request #27088 from tchaikov/wip-update-seastar
	Merge pull request #26731 from wjwithagen/wjw-fix-cmake-os-release
	Merge pull request #26607 from tchaikov/wip-cython-language_level
	rgw: fix minor compiler warning in keystone auth
	Merge pull request #27093 from tchaikov/wip-crimson-test-alien-echo
	crimson/osd: more verbose logging
	crimson/{mon,osd}: don't log ms_dispatch messages
	crimson/net: log tx/rx messages
	Merge PR #27092 into master
	Merge pull request #26404 from sebastian-philipp/orchestrator-error-handling
	cmake: workaround of false alarm from ubsan
	test/crimson: update to accomodate Dispatcher changes
	mailmap: sort entries
	mailmap: sort organizationmap
	mailmap: updates for nautilus
	cmake: disable -Werror when building seastar
	seastar: pickup the latest seastar
	cmake: link against libfmt
	crimson: include headers if necessary
	cmake: do not assume ${CMAKE_GENERATOR} == make
	cmake: build fmt submodule if libfmt is not found
	fmt: add fmt submodule back
	msg: remove XioMessenger
	Merge pull request #27057 from yuriw/wip-yuriw-crontab
	qa/tests: reduced frequency for luminous and mimic runs
	librbd: simple scheduler plugin for object dispatcher layer
	Merge pull request #26786 from aclamk/fix-rocksdb-compaction-ranges
	Merge pull request #27046 from smithfarm/wip-38812
	mgr/balancer: Python 3 compatibility fix
	Merge pull request #27054 from cbodley/wip-37770
	Merge pull request #27035 from cbodley/wip-test-rgw-reshard-wait-clock
	Merge pull request #26853 from nathan-weinberg/more-cluster-tests
	Merge pull request #27052 from rzarzynski/wip-rgw-drop_rgw_decode_pki_token
	Merge pull request #27025 from yangdongsheng/poll_timeout
	qa/suites/rados/thrash-old-clients: add nautilus
	qa/suites/rados/thrash-old-clients: add mimic v1 variant
	qa/suites/rados/thrash-old-clients: add mimic
	qa/suites/rados/thrash-old-clients: collapse msgr and client choice
	doc/rgw: update civetweb rgw_frontends config example
	Merge pull request #27050 from theanalyst/build-doc-warns
	Merge pull request #26534 from majianpeng/skip-calc-crc-header-for-async-msg
	Merge PR #27009 into master
	Merge pull request #26514 from dillaman/wip-38381
	Merge pull request #26985 from rhcs-dashboard/38768-fix-sparkline-component
	Merge pull request #27034 from jan--f/mgr-prometheus-remove-scrape-duration
	Merge pull request #26701 from adamemerson/wip-trip-the-light-clangtastic
	Merge pull request #26836 from p-na/wip-pna-fix-osd
	Merge pull request #26717 from ifed01/wip-ifed-objectstore-tool-fix
	Merge pull request #26926 from rouming/epoll-lost-epollet
	rbd: krbd: return -ETIMEDOUT in polling
	qa: remove simplemessenger tests
	Merge pull request #26934 from sebastian-philipp/doc-rados-mon_command
	Merge pull request #26562 from familyuu/log
	crush/CrushWrapper: make update_choose_args less chatty
	qa/standalone/crush/crush-choose-args: add weight-set tests
	qa/standalone/crush/crush-choose-args: fix test
	mon/OSDMonitor: apply osd_crush_update_weight_set for reweight, create-or-move
	crush/CrushWrapper: move_item: do not clobber weight-set weights
	crush/CrushWrapper: create_or_move: make weight-set update optional
	crush/CrushWrapper: use adjust_item_weight_in_bucket for subtree reweight
	crush/CrushWrapper: fix detach_bucket, remove_item[_under] vs weight-sets
	crush/CrushWrapper: insert_item: make weight-set update optional (for leaves only)
	crush/CrushWrapper: add update_weight_sets arg to adjust_item_weight_*
	Merge pull request #27065 from tchaikov/wip-crimson-mgr-client
	crimson/osd: connect OSD to mgr
	crimson/osd: include MonClient.h in .cc
	crimson/osd: add facilities for reporting pg stats
	crimson/mgr: add mgr client
	crimson/osd/pg: accessors for pg stats/state
	crimson/osd: create msgrs in main.cc
	Merge pull request #27045 from smithfarm/wip-38810
	crush: add root_bucket to identify underfull buckets
	Merge pull request #27066 from tchaikov/wip-crimson-sharded-stop
	crimson/os: use transparent comparator in xattr
	cmake: remove cython 0.29's subinterpreter check during install
	crimson/osd: cancel timers before restart
	crimson/net: call do_shutdown() in SocketMessenger::stop()
	crimson/osd: create msgrs in main.cc
	Merge pull request #27064 from tchaikov/wip-crimson-pg-init
	crimson/osd: init primary state in PG::read_state()
	crimson/osd: add PG::read_state()
	crimson/osd: skip fast_info if it is not around
	crimson/osd: pass pgid, osdmap and msgr to PG's ctor
	Merge pull request #27062 from tchaikov/wip-crimson-ceph-opts-in-argv
	Merge pull request #27003 from tchaikov/wip-crimson-for-classic
	Merge pull request #27026 from tchaikov/wip-remove-MPGStats/had_map_for
	Merge pull request #27059 from tchaikov/wip-crimson-heartbeat
	crimson/osd: pass unknown args to ConfigProxy::parse_args()
	crimson/osd: do not pass ceph options to seastar
	crimson/common: add ConfigProxy::parse_argv()
	Merge pull request #27061 from tchaikov/wip-crimson-mkfs
	ceph_release: the next release will be octopus
	Merge PR #26987 into master
	Merge PR #26672 into master
	mon/MonClient: log mon name instead of rank
	doc/mon-lookup-dns: update "mon weight" related changes
	mon/MonClient: implement weight-based mon selection
	common: implement and test weighted-shuffle
	crimson/osd: init OSD::store in its ctor
	crimson/osd: unmount store in OSD::stop()
	crimson/osd: print message after done with mkfs
	crimson/osd: call engine().exit(0) after mkfs
	Merge PR #26652 into master
	Merge PR #26604 into master
	Merge PR #27010 into master
	Merge PR #26812 into master
	crimson/osd: correct the osd_ping's message type
	crimson/osd: implement Heartbeat::ms_handle_reset()
	crimson: add AuthService
	crimson/mon: implement Dispatcher::ms_get_authorizer()
	crimson/{net,osd}: make ms_get_authorizer() sync
	mon: add set-weight command
	mon/MonMap: dump weight
	mon/MonMap: add weight to mon_info_t
	Merge pull request #27006 from tchaikov/wip-crimson-os
	Merge pull request #26996 from neha-ojha/wip-2-36739
	Merge PR #26056 into master
	Merge PR #26662 into master
	Merge PR #26817 into master
	Merge PR #26895 into master
	Merge pull request #26931 from trociny/wip-38706
	Merge pull request #27049 from trociny/wip-rbd-deep-copy-cleanup
	crimson/os: do not fail if fsid file exists when mkfs
	crimson/os: implement CyanStore::get_attr()
	Merge PR #27042 into master
	tools: admin/build-doc: keep-going when finding warnings
	doc: add changelog for nautilus
	common: add bool log_to_file option
	Merge pull request #27004 from tchaikov/wip-crimson-osdmap
	librbd: fix typo in deep_copy::ObjectCopyRequest::compute_read_ops
	rgw: drop unused rgw_decode_pki_token().
	rpm: refrain from building ceph-resource-agents on SLE
	Merge pull request #26973 from smithfarm/wip-nautilus-backports
	rpm: fix "rhel <= 7" conditional
	EventEpoll: refactor del_event() a bit
	EventEpoll: set EPOLLET flag on del_event()
	qa: add krbd_discard_granularity.t test
	Merge PR #27019 into master
	mgr/dashboard: Add date range and log search functionality
	Merge pull request #26772 from sebastian-philipp/orchestrator-rm-stateful-rule
	msg/async/AsyncConnection: optimize check loopback connection.
	Merge tag 'v14.2.0'
	mgr/Mgr: kill redundant sub_unwant call
	messages,osd: remove MPGStats::had_map_for
	Merge pull request #26977 from p-na/wip-pna-fix-tox-env-vars
	Merge pull request #26095 from bbc/s3secretcache
	Merge pull request #26564 from theanalyst/wip-reshard-lc-fixes
	Merge pull request #27001 from linuxbox2/wip-rgw-delimchar
	test/rgw: RGWReshardWait uses std::chrono::steady_clock
	qa: update and rename krbd_discard_1b.t
	Merge remote-tracking branch 'gh/nautilus'
	Merge pull request #26457 from mogeb/osd-stop-steady-clock
	mgr/dashboard: Fix env vars of `run-tox.sh`
	mgr/dashboard: "1 osds exist in the crush map but not in the osdmap" breaks OSD page
	pybind/mgr/prometheus: remove scrape_duration metric
	mgr/dashboard: Clean up of Osd::list()
	doc/rados/api/python: Add documentation for mon_command
	doc/releases/nautilus: add reference to msgr2 config update section
	doc/cephfs/nfs: update ceph.conf example
	common/dns_resolve: add 'weight' to record
	Merge pull request #27013 from badone/wip-nautilus-CA-change
	Merge PR #27017 into master
	ceph_test_msgr: remove simple
	msg: remove SimpleMessenger
	doc/releases/nautilus: final upgrade note updates
	osd: transpose two wait lists in comment
	Merge PR #26822 into master
	mon/OSDMonitor: allow 'osd pool set pgp_num_actual'
	Merge pull request #26975 from xiexingguo/wip-mon-pri-lost
	Merge pull request #26903 from xiexingguo/wip-ds-auth
	crimson/osd: do not load fullmap.0
	crimson/osd: reuse load_map() in store_maps()
	crimson/osd: add OSD::load_map()
	crimson/osd: use boost::make_counting_iterator()
	crimson/osd: advance thru maps sequentially
	osd/osd_types: remove copy ctor of osd_reqid_t
	messages/MOSDPGLog: pass param by const reference
	osd/PG: s/!is_erasure()/is_replicated()/
	osd/PG: add a dot after "osd" in logging msg
	messages/MOSDPGQuery: add a ctor for moving pg_list
	messages/MOSDPGNotify: add a ctor for moving pg_list
	messages/MOSDPGInfo: add a ctor for moving pg_list
	qa/ceph-ansible: Move to Nautilus
	osd/PG: !transaction_applied is true for async_recovery_targets as well
	rgw: fix signed char truncation in delimiter check
	mds: convert unnecessary list usage to vector
	mds: convert get_*dirfrags to use vector
	rgw: Avoid signedness weirdness
	msg: Add optimizing move
	tools/rbd: Remove unused variable
	test/rbd_mirror: Remove unused lambda capture
	test/common: Add optimizing move
	test/bufferlist: Suppress self-assignment warning
	mgr: Remove braces around scalar initializer
	mgr: Remove unused lambda capture
	pybind: Fix Clang compilation under Fedora again
	rgw: Remove pessimizing moves
	rgw: Remove unused lambda capture
	rgw: Remove unused variables
	rbd: Remove unused lambda capture
	msg: Remove pessimizing move
	mds: convert iterator loop to generic loop
	mds: list to std::list
	mds: constantize dump_loads
	osd/PG: change error to dout in _scan_rollback_obs()
	osd/PG: skip rollforward when !transaction_applied during append_log()
	Merge PR #26937 into master
	msg/msg_types: use inet_ntop(3) to render IP addresses
	librbd: when requeueing QOS throttled request queue it back
	common: add "requeue_back" WorkQueue method
	Merge pull request #26981 from linuxbox2/wip-nfs-sysobj
	Merge pull request #26863 from linuxbox2/wip-rgw-delimiter
	Merge pull request #26954 from linuxbox2/wip-nfs-null-path
	mgr/dashboard: fix sparkline component
	rgw: nfs: svc-enable RGWLib
	Merge pull request #26957 from ceph/wip-bz1666822
	crush/CrushWrapper: refactor adjust_weight_* into per-bucket helper
	script: enable nautilus in ceph-release-notes
	doc: mailmap updates for mimic
	mailmap fixes for 12.2.0
	Merge pull request #26733 from votdev/use_boolean_text
	script: enable nautilus in ceph-backport.sh
	script: enable nautilus in backport-create-issue
	mon/MonMap: dump priority
	Merge pull request #26913 from theanalyst/doc/releases/13.2.5
	mon/MonMap: kill dead msgr type checking
	mon/MonMap: fix mon priority
	Merge pull request #26581 from tchaikov/wip-async/rdma
	doc: add package for Golang
	Merge remote-tracking branch 'gh/nautilus'
	cls_rgw: fix issue with gc code using the wrong name
	ceph-volume: look for rotational data in lsblk
	librbd: make flush be queued by QOS throttler
	common: allow "0" cost items to be queued by TokenBucketThrottle
	rgw: nfs: skip empty (non-POSIX) path segments
	Merge pull request #26569 from theanalyst/bucket-permission-fixes
	Merge pull request #26908 from theanalyst/mdlog-bump-level
	Merge pull request #26911 from linuxbox2/wip-ldap-f
	Merge pull request #26835 from ricardoasmarques/validate-ceph-iscsi-config-version
	mgr/dashboard: Validate `ceph-iscsi` config version
	doc: add release notes for 13.2.5 mimic
	crush/CrushWrapper: pass cct down into more places
	rgw: prefix-delimiter listing: support >1 character delimiter
	rgw: ldap: fix LDAPAuthEngine::init() when uri !empty()
	rgw_sync: drop ENOENT error logs from mdlog
	osd: respect **allow_all**
	mon/Monitor: respect **allow_all**
	mgr/MgrStandby: do not track 'osd_objectstore_fuse' config
	mgr/DaemonServer: handle caps more carefully
	doc: add troubleshooting notes on reshard admin clis
	rgw: lc fix: protect list_keys and formatter with a scope_guard
	rgw admin: use the new AdminOp to fix lc shards
	rgw: add a fix_lc_shards AdminOp that can fix lc shards for all the buckets
	rgw admin: implement a lc fix option
	mgr/dashboard: Added breadcrumb tests to Manager modules and Alerts menu
	mds: check earlier if directories are already exported
	mds: dont print auth trees if they are too many
	mds: dont print subtrees if they are too many/big
	mgr/orchestrator: Add error handling to interface
	mds: avoid revoking Fsx from loner during directory fragmentation
	msg/async V2: optimize check state by replace.
	common/kv/rocksdb: Fixed merging regions for async compations that could cut compation range.
	cls rgw: implement a method to get a single LC entry
	mgr/orchestrator: remove `(add|test|remove)_stateful_service_rule`
	cls_rgw: alias the LC entries as  rgw_lc_entry_t
	cls_rgw: implement a read_omap_entry method
	rgw lc: use marker for the shard id
	rgw: drop entries only if the markers do not match.
	build: FreeBSD does not have /etc/os-release
	mgr/dashboard: Use booleanText pipe
	tools: no-mon-config switch for ceph-objectstore-tool.
	osd: use steady clock in prepare_to_stop()
	osd: clear osd op reply output only when writes success
	msg/async V1: No need calc header crc for ProtocolV1.
	qa/workunits/rest: Better detection of rest url
	osd: correct a local variable type
	qa: update kclient testing to RHEL 7.6
	pybind: encode flattened dict
	pybind: extract flatten_dict() out
	pybind: set language_level for cythonize explicitly
	pybind/rados: fixed Python3 string conversion issue on get_fsid
	msg/async/rdma: set/get silence warning
	rgw: return ERR_NO_SUCH_BUCKET early while evaluating bucket policy
	rgw: Removed duplicate signing method from S3 credentials caching
	rgw: Added caching for tokens retrieved from keystone using S3 credentials

Reviewed-by: Sage Weil <sage@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.