Skip to content

Instantly share code, notes, and snippets.

View cbodley's full-sized avatar

Casey Bodley cbodley

74 followers · 0 following
  • Red Hat
  • Ann Arbor, MI
View GitHub Profile
@cbodley
cbodley / get_role.log
Created February 22, 2024 14:25
iam:get_role access denied
2024-02-22T09:12:02.204-0500 7f9f78c006c0 20 req 5008242608135058575 0.000000000s iam:get_role inline role policy: { Version: 2012-10-17, Statements: [ { Effect: Allow, Action: [ iam:GetRole ], Resource: [ arn:*:*:*::* ] } ], }
2024-02-22T09:12:02.204-0500 7f9f78c006c0 2 req 5008242608135058575 0.000000000s iam:get_role normalizing buckets and tenants
2024-02-22T09:12:02.204-0500 7f9f78c006c0 2 req 5008242608135058575 0.000000000s iam:get_role init permissions
2024-02-22T09:12:02.204-0500 7f9f78c006c0 2 req 5008242608135058575 0.000000000s iam:get_role recalculating target
2024-02-22T09:12:02.205-0500 7f9f78c006c0 2 req 5008242608135058575 0.001000034s iam:get_role reading permissions
2024-02-22T09:12:02.205-0500 7f9f78c006c0 2 req 5008242608135058575 0.001000034s iam:get_role init op
2024-02-22T09:12:02.205-0500 7f9f78c006c0 10 req 5008242608135058575 0.001000034s iam:get_role cache get: name=default.rgw.meta+roles+RGW11111111111111111role_names.s3-tests-myrole : hit (requested=0x1, cached=0x7)
2024-
@cbodley
cbodley / rgw-iam-accounts.md
Created February 21, 2024 14:54
IAM accounts in Ceph

iam accounts

what is IAM? from https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html:

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

each aws account has its own set of users and policies. when you log into the aws website, there's an iam dashboard where you can view/manage all of the account's resources and policies. aws also provides a rest api with all of the same functionality

it's that iam rest api that we implement here for ceph. someday the ceph dashboard might expose this stuff too

$ aws iam create-user --user-name Alice
@cbodley
cbodley / data_changes.h
Created January 30, 2024 18:23
pseudo-design for data change set
#pragma once
#include <set>
#include <string>
#include <vector>
#include "common/ceph_time.h"
namespace data_changes {
// A data change event signals the presence of new entries in a bucket index log
@cbodley
cbodley / FixDirACLs.json
Created October 25, 2023 18:26
bucket policy to restore access to bucket owner
{
"Version": "2012-10-17",
"Id": "FixDirACLs",
"Statement": [
{
"Sid": "AllowBucketOwner",
"Principal": {"AWS": "arn:aws:iam:::user/bucket-owner-uid"},
"Effect": "Allow",
"Action": "*"
},
@cbodley
cbodley / batch_thread_pool.log
Created August 15, 2023 18:32
tsan data race in isal_md5.batch_thread_pool
This file has been truncated, but you can view the full file.
Running main() from gmock_main.cc
Repeating all tests (iteration 1) . . .
Note: Google Test filter = isal_md5.batch_thread_pool
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from isal_md5
[ RUN ] isal_md5.batch_thread_pool
@cbodley
cbodley / get-empty-etag.md
Created March 9, 2023 14:40

when GetObj returns a fake ETag from md5sum /dev/null:

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index ccb8a397aec..dbb8576ebbc 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -445,7 +445,7 @@ int RGWGetObj_ObjStore_S3::send_response_data(bufferlist& bl, off_t bl_ofs,
     } else {
       auto iter = attrs.find(RGW_ATTR_ETAG);
       if (iter != attrs.end()) {
@cbodley
cbodley / get-no-etag.md
Created March 9, 2023 14:32

when GetObj returns no ETag header:

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index ccb8a397aec..dbb8576ebbc 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -445,7 +445,7 @@ int RGWGetObj_ObjStore_S3::send_response_data(bufferlist& bl, off_t bl_ofs,
     } else {
       auto iter = attrs.find(RGW_ATTR_ETAG);
       if (iter != attrs.end()) {
@cbodley
cbodley / radossss.py
Created March 6, 2023 17:05
lsan output from different python versions
cbodley@localhost ~/ceph/build $ LD_PRELOAD=/usr/lib64/libasan.so.8 python3.8 -m radossss
/usr/bin/python3.8: No module named radossss
=================================================================
==166101==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 108160 byte(s) in 83 object(s) allocated from:
#0 0x7f26cb8ba6af in __interceptor_malloc (/usr/lib64/libasan.so.8+0xba6af)
#1 0x7f26cb503419 in PyObject_Malloc (/lib64/libpython3.8.so.1.0+0x103419)
@cbodley
cbodley / asio-in-ceph.md
Created March 6, 2023 16:29
asio and coroutines in ceph
@cbodley
cbodley / gist:9a98541c82664efd13ca3cfc19556d5b
Created March 5, 2023 19:42
asan with detect_stack_use_after_return
$ ASAN_OPTIONS="detect_stack_use_after_return=true" LSAN_OPTIONS="suppressions=../qa/lsan.supp" MON=1 OSD=1 RGW=1 MGR=0 MDS=0 ../src/vstart.sh -n -d
0> 2023-03-05T11:23:04.897-0500 7fcf2463fa40 -1 *** Caught signal (Segmentation fault) **
in thread 7fcf2463fa40 thread_name:radosgw-admin
ceph version Development (no_version) reef (dev)
1: (ceph::ClibBackTrace::ClibBackTrace(int)+0x17f) [0x55df2d7587b3]
2: /home/cbodley/ceph/build/bin/radosgw-admin(+0x13414f84) [0x55df2ed5bf84]
3: /lib64/libc.so.6(+0x3cb20) [0x7fcf23a5fb20]
4: (boost::asio::detail::timer_queue<boost::asio::detail::chrono_time_traits<ceph::coarse_mono_clock, boost::asio::wait_traits<ceph::coarse_mono_clock> > >::get_all_timers(boost::asio::detail::op_queue<boost::asio::detail::scheduler_operation>&)+0x385) [0x55df2d491a9b]
5: (boost::asio::detail::timer_queue_set::get_all_timers(boost::asio::detail::op_queue<boost::asio::detail::scheduler_operation>&)+0x113) [0x55df2b749f6f]