From: Max Carrara <m.carrara@proxmox.com>
To: Friedrich Weber <f.weber@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH v3 ceph master, ceph quincy-stable 8, pve-storage, pve-manager 00/13] Fix #4759: Configure Permissions for ceph-crash.service
Date: Mon, 26 Feb 2024 10:51:20 +0100 [thread overview]
Message-ID: <c99f7913-04f8-457d-9611-b65a86207cef@proxmox.com> (raw)
In-Reply-To: <cb9c8452-8331-42cb-a833-31d30257a668@proxmox.com>
On 2/23/24 17:19, Friedrich Weber wrote:
> On 21/02/2024 14:15, Max Carrara wrote:
>> On 2/21/24 12:55, Friedrich Weber wrote:
>>> [...]
>>>
>>> - the `ceph-crash` service does not restart after installing the patched
>>> ceph-base package, so the reordering done by patches 02+04 does not take
>>> effect immediately: ceph-crash posts crash logs just fine, but logs to
>>> the journal that it can't find a keyring. After a restart of ceph-crash,
>>> the patch takes effect, so only a tiny inconvenience, but still: Not
>>> sure if restarting the service is something we'd want to do in a
>>> postinst -- is this an acceptable thing to do in a postinst?
>>
>> Initially the service was being restarted, but that's omitted in the new
>> hook, as Fabian and I had noticed that `ceph-crash` just checks for its
>> expected keys after its waiting period again anyways. I had unfortunately
>> forgotten to put that into the changelog of the postinst hook stuff -
>> mea culpa>
>> I think restarting the service would be necessary then in order to apply
>> the new sequence which keys are checked in, as that's hard-coded in
>> `ceph-crash`.
>>
>> It certainly should be acceptable (as we already do it in some instances),
>> as long as we restart it only if the service is enabled. That was part
>> of the old BASH function anyway - I don't think there's any harm in adding
>> it back (either in BASH or Perl).
>
> If it's acceptable, I think it would be nice to restart ceph-crash (it
> doesn't seem to be restarted that often).
I agree!
>
>>> - Might there be issues in a mixed-version cluster scenario, so if some
>>> node A already has an updated pve-storage package (patches 05-10), but
>>> node B doesn't yet? One thing I noticed is that node A will add the
>>> [client.crash] section, but node B may remove it again when it needs to
>>> rewrite the Ceph config (e.g. when creating a monitor). I don't find
>>> this particular issue too concerning, as hopefully node B will be
>>> updated eventually as well and reinstate the [client.crash] section. But
>>> I wonder if there could be other more serious issues?
>>
>> The scenario you mentioned might indeed happen somehow, but once all
>> nodes are updated - even if the config has been changed inbetween updates -
>> the '[client.crash]' section should definitely exist.
>>
>> One issue that's been fixed by moving things to the Perl helper is that
>> simultaneous updates could potentially modify 'ceph.conf' at the same time
>> - the Perl helper now locks the file on pmxcfs, so that cannot happen anymore.
>
> Nice!
>
>> I cannot think of any other scenario at the moment.
>
> Yeah, me neither.
>
>> In any case, even if *somehow* 'ceph.conf' ends up not containing the section
>> or the keyring file ends up missing, the helper script will be available
>> after the update has been performed, so it's possible to just run it again
>> manually to adapt the config.
>>
>> That being said, this reminds me that the '[ceph.crash]' section, the location
>> of the keyring file, etc. should probably be in our docs as well, so I will
>> send in a follow-up series for that (unless this series ends up needing a v4,
>> then I'll include it there).
>>
>> Thanks again for the feedback and the tests you ran!
>
> Sure! I ran some more tests installing a fresh Reef cluster with the
> patched packages, and did not notice any major issues.
>
> One minor thing I noticed: If a user has manually worked around the
> issue by generating a client.crash keyring, and adding a [client.crash]
> section, as described in [1]:
>
> [client.crash]
> key = <yourbase64key>
>
> ... after the upgrade, this user will end up with the following
> [client.crash] section:
>
> [client.crash]
> key = <yourbase64key>
> keyring = /etc/pve/ceph/$cluster.$name.keyring
>
> and the same keyring <yourbase64key> in
> /etc/pve/ceph/ceph.client.crash.keyring.
>
> In my test this is not a problem, though (probably since both keys are
> the same).
>
> [1] https://bugzilla.proxmox.com/show_bug.cgi?id=4759#c7
Oh, good catch! I'll correct this in a v4, I think. We want to ensure we're
only setting the keyring, in our case.
Thanks again for all the tests, much appreciated!
prev parent reply other threads:[~2024-02-26 9:51 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-16 14:56 Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 master ceph 01/13] debian: add patch to fix ceph crash dir permissions in postinst hook Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 master ceph 02/13] patches: add patch that reorders clients used by ceph-crash Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 quincy-stable-8 ceph 03/13] debian: add patch to fix ceph crash dir permissions in postinst hook Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 quincy-stable-8 ceph 04/13] patches: add patch that reorders clients used by ceph-crash Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-storage 05/13] cephconfig: align our parser more with Ceph's parser Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-storage 06/13] cephconfig: support line-continuations in parser Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-storage 07/13] cephconfig: allow writing arbitrary sections Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-storage 08/13] cephconfig: change code style inside config writer Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-storage 09/13] cephconfig: change order of written sections Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-storage 10/13] cephconfig: remove leading whitespace on write to Ceph config Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-manager 11/13] ceph: introduce '/etc/pve/ceph' Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-manager 12/13] fix #4759: ceph: configure ceph-crash.service and its key Max Carrara
2024-02-16 14:56 ` [pve-devel] [PATCH v3 pve-manager 13/13] bin/make: gather helper scripts in separate variable Max Carrara
2024-02-21 11:55 ` [pve-devel] [PATCH v3 ceph master, ceph quincy-stable 8, pve-storage, pve-manager 00/13] Fix #4759: Configure Permissions for ceph-crash.service Friedrich Weber
2024-02-21 13:15 ` Max Carrara
2024-02-23 16:19 ` Friedrich Weber
2024-02-26 9:51 ` Max Carrara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c99f7913-04f8-457d-9611-b65a86207cef@proxmox.com \
--to=m.carrara@proxmox.com \
--cc=f.weber@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal