From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 6D43B919FD for ; Thu, 15 Feb 2024 18:04:18 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3E2F117C77 for ; Thu, 15 Feb 2024 18:03:48 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 15 Feb 2024 18:03:46 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 688374844C for ; Thu, 15 Feb 2024 18:03:46 +0100 (CET) Message-ID: <2a9ece29-15bd-4bbd-a6c6-75034afecbd0@proxmox.com> Date: Thu, 15 Feb 2024 18:03:45 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Thomas Lamprecht , Proxmox VE development discussion References: <20240126154440.657816-1-m.carrara@proxmox.com> <20240126154440.657816-2-m.carrara@proxmox.com> Content-Language: en-US From: Max Carrara In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.134 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [ceph.com, module.py] Subject: Re: [pve-devel] [PATCH v2 quincy-stable-8 ceph 1/2] patches: include patches regarding RocksDB and dashboard from master X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2024 17:04:18 -0000 On 2/15/24 14:09, Thomas Lamprecht wrote: > Am 26/01/2024 um 16:44 schrieb Max Carrara: >> This commit essentially contains all changes from the following >> commits (most recent last): >> * f35168f6713d5f3fa1aaa8c572d754b61c458d91 >> * 86a553d66e69176940959530d4fedcbcbbab54d9 >> * ab5c03b44d78c4e4b233ff5a310888592dbb9bb4 >> >> The series file and the patches' prefixed numbers have been updated >> correspondingly. >> >> A very minor adaptation has been made to the patch added by commit >> f35168f6713d5f3fa1aaa8c572d754b61c458d91 in order to get it to apply >> correctly. >> >> Signed-off-by: Max Carrara >> --- >> Changes v1 --> v2: >> * None >> > >> delete mode 100644 patches/0021-debian-rules-fix-buildtype.patch > > this deletion is not mentioned in the commit message though. > > While it actually is fine, as it was a extra patch for the rocksdb build that > is already fixed with rocksb-inherit-parent-cmake-cxx-flags.patch one, it's > still odd to just delete it here without any mentioning.. Mea culpa; should've mentioned this! I essentially just applied the changes listed above, which includes the deletion of that patch. Will include a more thorough summary next time. > >> diff --git a/patches/0021-debian-rules-fix-buildtype.patch b/patches/0021-debian-rules-fix-buildtype.patch >> deleted file mode 100644 >> index 8b6ef6b56..000000000 >> --- a/patches/0021-debian-rules-fix-buildtype.patch >> +++ /dev/null >> @@ -1,22 +0,0 @@ >> -From 1f4b106d49fc916994d97e273599f75caa904c3b Mon Sep 17 00:00:00 2001 >> -From: Mark Nelson >> -Date: Thu, 14 Dec 2023 05:19:46 +0000 >> -Subject: [PATCH] debian/rules: Fix build_type for massive performance gain >> - >> -Signed-off-by: Mark Nelson >> ---- >> - debian/rules | 1 + >> - 1 file changed, 1 insertion(+) >> - >> -diff --git a/debian/rules b/debian/rules >> -index ed7f4a255ed4b..b28abb7d62788 100755 >> ---- a/debian/rules >> -+++ b/debian/rules >> -@@ -29,6 +29,7 @@ extraopts += -DWITH_PYTHON3=3 >> - extraopts += -DWITH_CEPHFS_JAVA=ON >> - extraopts += -DWITH_CEPHFS_SHELL=ON >> - extraopts += -DWITH_SYSTEMD=ON -DCEPH_SYSTEMD_ENV_DIR=/etc/default >> -+extraopts += -DCMAKE_BUILD_TYPE=RelWithDebInfo >> - extraopts += -DWITH_GRAFANA=ON >> - ifeq ($(DEB_HOST_ARCH), amd64) >> - extraopts += -DWITH_RBD_RWL=ON >> diff --git a/patches/0022-mgr-dashboard-remove-ability-to-create-and-check-TLS.patch b/patches/0022-mgr-dashboard-remove-ability-to-create-and-check-TLS.patch >> new file mode 100644 >> index 000000000..59c5263da >> --- /dev/null >> +++ b/patches/0022-mgr-dashboard-remove-ability-to-create-and-check-TLS.patch >> @@ -0,0 +1,101 @@ >> +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 >> +From: Max Carrara >> +Date: Thu, 4 Jan 2024 17:37:50 +0100 >> +Subject: [PATCH] mgr/dashboard: remove ability to create and check TLS >> + key/cert pairs >> + >> +In order to avoid running into PyO3-related issues [0] with PyOpenSSL, >> +the ability to create self-signed certs is disabled - the command >> +`ceph dashboard create-self-signed-cert` is made to always return an >> +error. >> + >> +The command's error message contains the manual steps the user may >> +follow in order to set the certificate themselves, as well as a link >> +to the Ceph Dashboard documentation regarding TLS support. [1] >> + >> +Furthermore, the check on start-up, that verifies that the configured >> +key/cert pair actually match, is also removed. This means that users >> +need to ensure themselves that the correct pair is supplied - >> +otherwise their browser will complain. >> + >> +These changes allow the dashboard to launch with TLS enabled again. >> + >> +[0]: https://tracker.ceph.com/issues/63529 >> +[1]: https://docs.ceph.com/en/reef/mgr/dashboard/#ssl-tls-support >> + >> +Signed-off-by: Max Carrara >> +--- >> + src/pybind/mgr/dashboard/module.py | 41 ++++++++++++++++++++---------- >> + 1 file changed, 27 insertions(+), 14 deletions(-) >> + > >> diff --git a/patches/0022-rocksb-inherit-parent-cmake-cxx-flags.patch b/patches/0023-rocksb-inherit-parent-cmake-cxx-flags.patch >> similarity index 100% >> rename from patches/0022-rocksb-inherit-parent-cmake-cxx-flags.patch >> rename to patches/0023-rocksb-inherit-parent-cmake-cxx-flags.patch >> diff --git a/patches/series b/patches/series >> index 73f66396c..ee897a78a 100644 >> --- a/patches/series >> +++ b/patches/series >> @@ -13,5 +13,6 @@ >> 0016-d-rules-fix-no-restart-on-upgrade.patch >> 0017-python3.10-pep-620.patch >> 0020-fix-4759-run-ceph-crash-daemon-with-www-data-group-f.patch >> -0021-debian-rules-fix-buildtype.patch