import 15.2.6

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/ceph/CMakeLists.txt b/ceph/CMakeLists.txt
index 6d769090dd747a9a021d4c62f287f89410d92066..e5218c1e56deab5256636f78fe6efabed6f1915e 100644 (file)
--- a/ceph/CMakeLists.txt
+++ b/ceph/CMakeLists.txt
@@ -667,4 +667,4 @@ add_custom_target(tags DEPENDS ctags)
 
 find_package(CppCheck)
 find_package(IWYU)
-set(VERSION 15.2.5)
+set(VERSION 15.2.6)

diff --git a/ceph/alpine/APKBUILD b/ceph/alpine/APKBUILD
index a15bd142f6e6f129bb49bb6240d842a3a8e6a216..5a4bca6f2de1efe09a2dc57ffe9e520a95829c06 100644 (file)
--- a/ceph/alpine/APKBUILD
+++ b/ceph/alpine/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: John Coyle <dx9err@gmail.com>
 # Maintainer: John Coyle <dx9err@gmail.com>
 pkgname=ceph
-pkgver=15.2.5
+pkgver=15.2.6
 pkgrel=0
 pkgdesc="Ceph is a distributed object store and file system"
 pkgusers="ceph"
@@ -63,7 +63,7 @@ makedepends="
        xmlstarlet
        yasm
 "
-source="ceph-15.2.5.tar.bz2"
+source="ceph-15.2.6.tar.bz2"
 subpackages="
        $pkgname-base
        $pkgname-common
@@ -116,7 +116,7 @@ _sysconfdir=/etc
 _udevrulesdir=/etc/udev/rules.d
 _python_sitelib=/usr/lib/python2.7/site-packages
 
-builddir=$srcdir/ceph-15.2.5
+builddir=$srcdir/ceph-15.2.6
 
 build() {
        export CEPH_BUILD_VIRTUALENV=$builddir

diff --git a/ceph/ceph.spec b/ceph/ceph.spec
index 0e12976d09a999c21099370b8716cf318d1a3442..a3502a7f81e4842aa3adee075ccf1f938a55597a 100644 (file)
--- a/ceph/ceph.spec
+++ b/ceph/ceph.spec
@@ -98,7 +98,7 @@
 # main package definition
 #################################################################################
 Name:          ceph
-Version:       15.2.5
+Version:       15.2.6
 Release:       0%{?dist}
 %if 0%{?fedora} || 0%{?rhel}
 Epoch:         2
@@ -114,7 +114,7 @@ License:    LGPL-2.1 and LGPL-3.0 and CC-BY-SA-3.0 and GPL-2.0 and BSL-1.0 and BSD-
 Group:         System/Filesystems
 %endif
 URL:           http://ceph.com/
-Source0:       %{?_remote_tarball_prefix}ceph-15.2.5.tar.bz2
+Source0:       %{?_remote_tarball_prefix}ceph-15.2.6.tar.bz2
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@@ -1126,7 +1126,7 @@ This package provides Ceph’s default alerts for Prometheus.
 # common
 #################################################################################
 %prep
-%autosetup -p1 -n ceph-15.2.5
+%autosetup -p1 -n ceph-15.2.6
 
 %build
 # LTO can be enabled as soon as the following GCC bug is fixed:

diff --git a/ceph/changelog.upstream b/ceph/changelog.upstream
index 242e05bf4876b5efa061a1e297049ab9d0a28eea..3ff5c5df080474a37b65396ad607bee8fb13dcdb 100644 (file)
--- a/ceph/changelog.upstream
+++ b/ceph/changelog.upstream
@@ -1,7 +1,13 @@
-ceph (15.2.5-1bionic) bionic; urgency=medium
+ceph (15.2.6-1bionic) bionic; urgency=medium
 
 
- -- Jenkins Build Slave User <jenkins-build@braggi13.front.sepia.ceph.com>  Tue, 15 Sep 2020 19:09:15 +0000
+ -- Jenkins Build Slave User <jenkins-build@braggi11.front.sepia.ceph.com>  Tue, 17 Nov 2020 18:25:05 +0000
+
+ceph (15.2.6-1) stable; urgency=medium
+
+  * New upstream release
+
+ -- Ceph Release Team <ceph-maintainers@ceph.com>  Tue, 17 Nov 2020 18:12:51 +0000
 
 ceph (15.2.5-1) stable; urgency=medium
 

diff --git a/ceph/src/.git_version b/ceph/src/.git_version
index cd1d01c5113dc8dfa663aa66ac1bf5455997cc98..93ceaee81429ddfaeea6a0354760a80419c01bf1 100644 (file)
--- a/ceph/src/.git_version
+++ b/ceph/src/.git_version
@@ -1,2 +1,2 @@
-2c93eff00150f0cc5f106a559557a58d3d7b6f1f
-15.2.5
+cb8c61a60551b72614257d632a574d420064c17a
+15.2.6

diff --git a/ceph/src/auth/Auth.h b/ceph/src/auth/Auth.h
index 642164985e4b576f42a5fcb1585c3c6449803b81..845f56c9bd662424e39bdf952846308994c244ec 100644 (file)
--- a/ceph/src/auth/Auth.h
+++ b/ceph/src/auth/Auth.h
@@ -192,6 +192,9 @@ struct AuthConnectionMeta {
 
   std::unique_ptr<AuthAuthorizer> authorizer;
   std::unique_ptr<AuthAuthorizerChallenge> authorizer_challenge;
+
+  ///< set if msgr1 peer doesn't support CEPHX_V2
+  bool skip_authorizer_challenge = false;
 };
 
 /*

diff --git a/ceph/src/mon/MonClient.cc b/ceph/src/mon/MonClient.cc
index a3937170aa82e7966017ec2873eccd90190098e7..139c18eb1dbab540f7853a0b74047723655f9afa 100644 (file)
--- a/ceph/src/mon/MonClient.cc
+++ b/ceph/src/mon/MonClient.cc
@@ -1666,13 +1666,8 @@ int MonClient::handle_auth_request(
   }
 
   auto ac = &auth_meta->authorizer_challenge;
-  if (!HAVE_FEATURE(con->get_features(), CEPHX_V2)) {
-    if (cct->_conf->cephx_service_require_version >= 2) {
-      ldout(cct,10) << __func__ << " client missing CEPHX_V2 ("
-                   << "cephx_service_requre_version = "
-                   << cct->_conf->cephx_service_require_version << ")" << dendl;
-      return -EACCES;
-    }
+  if (auth_meta->skip_authorizer_challenge) {
+    ldout(cct, 10) << __func__ << " skipping challenge on " << con << dendl;
     ac = nullptr;
   }
 

diff --git a/ceph/src/msg/async/ProtocolV1.cc b/ceph/src/msg/async/ProtocolV1.cc
index 4560cb5a031d163342f245d85c8b6e70cf9daf11..46b3f2698715e1b7ef7bf4f5d2c314219b60aa2e 100644 (file)
--- a/ceph/src/msg/async/ProtocolV1.cc
+++ b/ceph/src/msg/async/ProtocolV1.cc
@@ -1996,7 +1996,8 @@ CtPtr ProtocolV1::handle_connect_message_2() {
   // require signatures for cephx?
   if (connect_msg.authorizer_protocol == CEPH_AUTH_CEPHX) {
     if (connection->peer_type == CEPH_ENTITY_TYPE_OSD ||
-        connection->peer_type == CEPH_ENTITY_TYPE_MDS) {
+        connection->peer_type == CEPH_ENTITY_TYPE_MDS ||
+        connection->peer_type == CEPH_ENTITY_TYPE_MGR) {
       if (cct->_conf->cephx_require_signatures ||
           cct->_conf->cephx_cluster_require_signatures) {
         ldout(cct, 10)
@@ -2005,6 +2006,14 @@ CtPtr ProtocolV1::handle_connect_message_2() {
             << dendl;
         connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (cct->_conf->cephx_require_version >= 2 ||
+          cct->_conf->cephx_cluster_require_version >= 2) {
+        ldout(cct, 10)
+            << __func__
+            << " using cephx, requiring cephx v2 feature bit for cluster"
+            << dendl;
+        connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
     } else {
       if (cct->_conf->cephx_require_signatures ||
           cct->_conf->cephx_service_require_signatures) {
@@ -2014,6 +2023,14 @@ CtPtr ProtocolV1::handle_connect_message_2() {
             << dendl;
         connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (cct->_conf->cephx_require_version >= 2 ||
+          cct->_conf->cephx_service_require_version >= 2) {
+        ldout(cct, 10)
+            << __func__
+            << " using cephx, requiring cephx v2 feature bit for service"
+            << dendl;
+        connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
     }
   }
 
@@ -2029,6 +2046,10 @@ CtPtr ProtocolV1::handle_connect_message_2() {
   bufferlist auth_bl_copy = authorizer_buf;
   auto am = auth_meta;
   am->auth_method = connect_msg.authorizer_protocol;
+  if (!HAVE_FEATURE((uint64_t)connect_msg.features, CEPHX_V2)) {
+    // peer doesn't support it and we won't get here if we require it
+    am->skip_authorizer_challenge = true;
+  }
   connection->lock.unlock();
   ldout(cct,10) << __func__ << " authorizor_protocol "
                << connect_msg.authorizer_protocol