Chapter 4. Bug fixes

The original_weight field is added as an attribute for the OSD removal queue

Previously, cephadm osd removal queue did not have a parameter for original_weight. As a result, the cephadm module would crash during OSD removal. With this fix, the original_weight field is added as an attribute for the osd removal queue and the cephadm no longer crashes during OSD removal.

Cephadm no longer randomly marks hosts offline during large deployments

Previously, in some cases, when Cephadm had a short command timeout on larger deployments, hosts would randomly be marked offline during the host checks.

Custom webhooks are now specified under the custom-receiver receiver.

Previously, custom Alertmanager webhooks were being specified within the default receiver in the Alertmanager configuration file. As a result, custom alerts were not being sent to the specified webhook unless the alerts did not match any other receiver.

cherrypy no longer gets stuck during network security scanning

Previously, due to a bug in the cheroot package, cherrypy would get stuck during some security scans that were scanning the network. As a result, the Ceph Dashboard became unresponsive and needed to restart the mgr module.

Zone storage class details now display the correct compression information

Previously, the wrong compression information was being set for zone details. As a result, the zone details under the storage classes section were showing incorrect compression information.

Zone storage class detail values are now set correctly

Previously, wrong data pool values were set for storage classes in zone details. As a result, data pool values were incorrect in the user interface when multiple storage classes were created.

_nogroup is now listed in the Subvolume Group list even if there are no subvolumes in _nogroup

Previously, while cloning subvolume, _nogroup subvolume group was not listed if there were no subvolumes in _nogroup. As a result, users were not able to select _nogroup as a subvolume group.

Correct UID containing $ in the name is displayed in the dashboard

Previously, when a user was created through the CLI, the wrong UID containing $ in the name was being displayed in the Ceph Dashboard.

NFS in File and Object now have separate routing

Previously, the same route was being used for both NFS in File and NFS in Object. This caused issues from a usability perspective, as both navigation links of NFS in File and Object got highlighted. The user was also required to select the storage backend for both views, File and Object.

Validation for pseudo path and CephFS path is now added during NFS export creation

Previously, during the creation of NFS export, the psuedo path had to be entered manually. As a result, CephFS path could not be validated.

Users are now prompted to enter a path when creating an export

Previously, creating an export was not prompting for a path and by default / was entered.

Snapshots containing "." and "/" in the name cannot be deleted

When a snapshot is created with "." as a name, it cannot be deleted.

A period update commit is now added after migrating to a multi-site

Previously, a period commit after completing the migration to multi-site form was not being done. As a result, a warning about the master zone not having an endpoint would display despite the endpoint being configured.

Performance statistics latency graph now displays the correct data

Previously, the latency graph in Object > Overview > Performance statistics was not displaying data because of the way the NaN values were handled in the code.

”Delete realm” dialog is now displayed when deleting a realm

Previously, when clicking “Delete realm”, the delete realm dialog was not being displayed as it was broken.

Configuration values, such as rgw_realm, rgw_zonegroup, and rgw_zone are now set before deploying the Ceph Object Gateway daemons

Previously, configuration values like rgw_realm, rgw_zonegroup, and rgw_zone were being set after deploying the Ceph Object Gateway daemons. This would cause the Ceph Object Gateway daemons to deploy in the default realm, zone group, and zone configurations rather than the specified configurations. This would require a restart to deploy them under the correct realm, zone group, and zone configuration.

Exceptions during cephfs-top are fixed

Previously, in some cases where there was insufficient space on the terminal, the cephfs-top command would not have enough space to run and would throw an exception.

The path restricted cephx credential no longer fails permission checks on a removed snapshot of a directory

Previously, path restriction checks were constructed on anonymous paths for unlinked directories accessed through a snapshot. As a result, a path restricted cephx credential would fail permission checks on a removed snapshot of a directory.

MDS no longer requests unnecessary authorization PINs

Previously, MDS would unnecessarily acquire remote authorization PINs for some workloads causing slower metadata operations.

The erroneous patch from the kernel driver is processed appropriately and MDS no longer enters an infinite loop

Previously, an erroneous patch to the kernel driver caused the MDS to enter an infinite loop processing an operation due to which MDS would become largely unavailable.

Mirror daemon can now restart when blocklisted or fails

Previously, the time difference taken would lead to negative seconds and never reach the threshold interval. As a result, the mirror daemon would not restart when blocklisted or failed.

JSON output of the ceph fs status command now correctly prints the rank field

Previously, due to a bug in the JSON output of the ceph fs status command, the rank field for standby-replay MDS daemons were incorrect. Instead of the format {rank}-s, where {rank} is the active MDS which the standby-replay is following, it displayed a random {rank}.

sync_duration is now calculated in seconds

Previously, the sync duration was calculated in milliseconds. This would cause usability issues, as all other calculations were in seconds.

A lock is now implemented to guard the access to the shared data structure

Previously, access to a shared data structure without a lock caused the applications using the CephFS client library to throw an error.

The snap-schedule manager module correctly enforces the global mds_max_snaps_per_dir configuration option

Previously, the configuration value was not being correctly retrieved from the MDS. As a result, snap-schedule manager module would not enforce the mds_max_snaps_per_dir setting and would enforce a default limit of 100.

CephFS FUSE clients can now correctly access the specified mds auth caps path

Previously, when parsing a path while validating mds auth caps FUSE clients were not able to access a specific path, even when the path was specified as rw for the mds auth caps.

SQL queries on a JSON statement no longer confuse key with array or object

Previously, in some cases, a result of an SQL statement on a JSON structure would confuse key with array or object. As a result, there was no venue.id, as defined, with id as the key value in the `venue object and it keeps traversing the whole JSON object.

Error code of local authentication engine is now returned correctly

Previously, incorrect error codes were returned when the local authentication engine was specified last in the authentication order and when the previous authentication engines were not applicable. As a result, incorrect error codes were returned.

Lifecycle transition now works for the rules containing "Date"

Previously, due to a bug in the lifecycle transition code, rules containing "Date" did not get processed causing the objects meeting the criteria to not get transitioned to other storage classes.

Notifications are now sent on lifecycle transition

Previously, logic to dispatch on transition (as distinct from expiration) was missed. Due to this, notifications were not seen on transition.

Batch object deleting is now allowed, with IAM policy permissions

Previously, during a batch delete process, also known as multi object delete, due to the incorrect evaluation of IAM policies returned AccessDenied output if no explicit or implicit deny were present. The AccessDenied occurred even if there were Allow privileges. As a result, batch deleting fails with the AccessDenied error.

Removing an S3 object now properly frees storage space

Previously, in some cases when removing the CopyObject and the size was larger than 4 MB, the object did not properly free all storage space that was used by that object. With this fix the source and destination handles are passed into various RGWRados call paths explicitly and the storage frees up, as expected.

Quota and rate limit settings for assume-roles are properly enforced for S3 requests with temporary credentials

Previously, information of a user using an assume-role was not loaded successfully from the backend store when temporary credentials were being used to serve an S3 request. As a result, the user quota or rate limit settings were not applied with the temporary credentials.

Pre-signed URLs are now accepted with Keystone EC2 authentication

Previously, a properly constructed pre-signed HTTP PUT URLs failed unexpectedly, with a 403/Access Denied error. This happened because of a change in processing of HTTP OPTIONS requests containing CORS changed the implied AWSv4 request signature calculation for some pre-signed URLs when authentication was through Keystone EC2 (Swift S3 emulation).

Malformed JSON of radosgw-admin notification output is now corrected

Previously, when bucket notifications were configured with metadata and tag filters, the output of radosgw-admin notification for the get/list output was malformed JSON. As a result, any JSON parser, such as jquery, reading the output would fail.

Clusters can now be configured with both QAT and non-QAT Ceph Object Gateway daemons

Previously, QAT could only be configured on new setups (Greenfield only). As a result, QAT Ceph Object Gateway daemons could not be configured in the same cluster as non-QAT (regular) Ceph Object Gateway daemons.

Ceph Object Gateway now tolerates minio SDK with checksums and other hypothetical traffic

Previously, some versions of the minio client SDK would be missing an appended part number for multipart objects. This would result in unexpected errors for multipart uploads.

Lifecycle transition no longer fails for non-current object with an empty instance

Previously, when bucket versioning was enabled, old plain object entries would get converted to versioned by updating its instance as "null" in its raw head/old object. Due to this, the lifecycle transition would fail for a non-current object with an instance empty.

The AST structure SQL statement no longer causes a crash

Previously, in some cases, due to an erroneous semantic combined with the Parquet flow, the AST creation that is produced by the SQL engine was wrong and a crash would occur.

Bucket policy authorizations now work as expected

Previously, only a bucket owner was able to set, get, and delete the configurations for bucket notifications from a bucket. This was the case even if the bucket policy authorized another user for running these operations.

Bucket policy evaluations now work as expected and allow cross tenant access for actions that are allowed by the policy

Previously, due to an incorrect value bucket tenant, during a bucket policy evaluation access was defined for S3 operations, even if they were explicitly allowed in the bucket policies. As a result, the bucket policy evaluation failed and S3 operations which were marked as allowed by the bucket policy were denied.

SSL sessions can now reuse connections for uploading multiple objects

Previously, during consecutive object uploads using SSL, the cipher negotiations occurred for each object. As a result, there would be a low performance of objects per second transfer rate.

Objects with null version IDs delete on the second site

Previously, objects with null version IDs were not deleted on the second site. In a multi-site environment, deleting an object with a null version ID on one of the sites did not delete the object on the second site.

Bucket creations in a secondary zone no longer fail

Previously, when a secondary zone forwarded a create_bucket request with a location constraint, the bucket would set the content_length to a non-zero value. However, the content_length was not parsed on the primary zone when forwarded from the secondary zone. As a result, when running a create_bucket operation and the content_length is 0 with an existing payload hash, the bucket failed to replicate.

CopyObject requests now replicate as expected

Previously, a copy_object would retain the source attributes by default. As a result, during a check for RGW_ATTR_OBJ_REPLICATION_TRACE, a NOT_MODIFIED error would emit if the destination zone was already present in the trace. This would cause a failure to replicate the copied object.

Newly added capacity no longer marked as allocated

Previously, newly added capacity was marked automatically as allocated. As a result, added disk capacity did not add available space.

BlueStore now works as expected with OSDs

Previously, the ceph-bluestore-tool show-label would not work on mounted OSDs and the ceph-volume lvm zap command was not able to erase the identity of an OSD. With this fix, the show-label attribute does not require exclusive access to the disk. In addition, the ceph-volume command now uses ceph-bluestore-tool zap to clear OSD devices.

BlueStore no longer overwrites labels

Previously, BlueFS would write over the location reserved for a label. As a result, the OSD would not start as expected.

RocksDB files now only take as much space as needed

Previously, RocksDB files were generously preallocated but never truncated. This resulted in wasted disk space that was assigned to files that would never be used.

Monitors no longer get stuck in elections during crash or shutdown tests

Previously, the disallowed_leaders attribute of the MonitorMap was conditionally filled only when entering stretch_mode. However, there were instances wherein Monitors that just got revived would not enter stretch_mode right away because they would be in a probing state. This led to a mismatch in the disallowed_leaders set between the monitors across the cluster. Due to this, Monitors would fail to elect a leader, and the election would be stuck, resulting in Ceph being unresponsive.

librbd no longer crashes when handling discard I/O requests

Previously, due to an implementation defect, librbd would crash when handling discard I/O requests that straddle multiple RADOS objects on an image with journaling feature enabled. The work around was to set the setting rbd_skip_partial_discard option to ‘false’ (the default is ‘true’).

rbd du command no longer crashes if a 0-sized block device image is encountered

Previously, due to an implementation defect, rbd du command would crash if it encountered a 0-sized RBD image.

rbd_diff_iterate2() API returns correct results for block device images with LUKS encryption loaded

Previously, due to an implementation defect, rbd_diff_iterate2() API returned incorrect results for RBD images with LUKS encryption loaded.

Encrypted image decryption is no longer skipped after importing or live migration

Previously, due to an implementation defect, when reading from an encrypted image that was live migrated or imported, decryption was skipped. As a result, an encrypted buffer (ciphertext), instead of the actual stored data (plaintext) was returned to the user.

Encryption specification now always propagates to the migration source

Previously, due to an implementation defect, when opening an encrypted clone image that is being live migrated or imported, the encryption specification wouldn’t be propagated to the migration source. As a result, the encrypted clone image that is being live migrated or imported would not open. The only workaround for the user was to pass the encryption specification twice by duplicating it.

rbd-mirror daemon now properly disposes of outdated PoolReplayer instances

Previously, due to an implementation defect, rbd-mirror daemon did not properly dispose of outdated PoolReplayer instances in particular when refreshing the mirror peer configuration. Due to this there was unnecessary resource consumption and number of PoolReplayer instances competed against each other causing rbd-mirror daemon health to be reported as ERROR and replication would hang in some cases. To resume replication the administrator had to restart the rbd-mirror daemon.

All memory consumed by the configuration reload process is now released

Previously, reload exports would not release all the memory consumed by the configuration reload process causing the memory footprint to increase.

The reap_expired_client_list no longer causes a deadlock

Previously, in some cases, the reap_expired_client_list would create a deadlock. This would occur due two threads waiting on each other to acquire a lock.

File parsing and startup time is significantly reduced

Previously, due to poor management of parsed tokens, configuration file parsing was too slow.