Hi,
I tried to generate a presigned url using SDK PHP, but it doesn't work. (I also tried to use boto3 with the same configures and the url works normally)
Here is my php code:
<?php
require 'aws-autoloader.php';
use Aws\S3\S3Client;
use Aws\Exception\AwsException;
$s3Client = new Aws\S3\S3Client([
'version' => '2006-03-01',
'region' => 'us-east-1',
'signature_version' => 'v4',
'use_path_style_endpoint' => true,
'endpoint' => 'http://hn.ss.bfcplatform.vn',
'credentials' => [
'key' => 'DNMZAFE6G2PP8H9P05UU',
'secret' => 'XXX',
]
]);
$cmd = $s3Client->getCommand('PutObject', [
'Bucket' => 'huynnp-testbucket1',
'Key' => 'testfile.txt',
]);
$request = $s3Client->createPresignedRequest($cmd, '+60 minutes'); // Set the expiration time as desired
$presignedUrl = (string)$request->getUri();
echo "$presignedUrl";
?>
and then:
curl -X PUT -T testfile.txt `php s3.php`
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><RequestId>tx00000b7bb3b2deb6a6ef2-00649d5ebd-d1d50041-hn-1</RequestId><HostId>d1d50041-hn-1-hn</HostId></Error>
I enable the debug_rgw and what I can see is really strange. the domain has been added :8084, so it make "canonical request hash" and "signature" between client and server unmatched. I can't explain why does this happens
2023-06-29T17:10:46.880+0700 7f26014b0700 10 v4 credential format = DNMZAFE6G2PP8H9P05UU/20230629/us-east-1/s3/aws4_request
2023-06-29T17:10:46.880+0700 7f26014b0700 10 access key id = DNMZAFE6G2PP8H9P05UU
2023-06-29T17:10:46.880+0700 7f26014b0700 10 credential scope = 20230629/us-east-1/s3/aws4_request
2023-06-29T17:10:46.880+0700 7f26014b0700 10 req 15647562574720867919 1000005ns canonical headers format = host:hn.ss.bfcplatform.vn:8084
2023-06-29T17:10:46.880+0700 7f26014b0700 10 payload request hash = UNSIGNED-PAYLOAD
2023-06-29T17:10:46.880+0700 7f26014b0700 10 canonical request = PUT
/huynnp-testbucket1/testfile.txt
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=DNMZAFE6G2PP8H9P05UU%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T101046Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host
host:hn.ss.bfcplatform.vn:8084
host
UNSIGNED-PAYLOAD
2023-06-29T17:10:46.880+0700 7f26014b0700 10 canonical request hash = d28e6c3104aff99e9928f902892627d2b284a29d489fbb034ed5c90aa21c566a
2023-06-29T17:10:46.880+0700 7f26014b0700 10 string to sign = AWS4-HMAC-SHA256
20230629T101046Z
20230629/us-east-1/s3/aws4_request
d28e6c3104aff99e9928f902892627d2b284a29d489fbb034ed5c90aa21c566a
Hello,
I've just upgraded a Pacific cluster into Quincy, and all my osd have
the low value osd_mclock_max_capacity_iops_hdd : 315.000000.
The manuel does not explain how to benchmark the OSD with fio or ceph
bench with good options.
Can someone have the good ceph bench options or fio options in order to
configure osd_mclock_max_capacity_iops_hdd for each osd ?
I ran this bench various times on the same OSD (class hdd) and I obtain
different results.
ceph tell ${osd} cache drop
ceph tell ${osd} bench 12288000 4096 4194304 100
example :
osd.21 (hdd): osd_mclock_max_capacity_iops_hdd = 315.000000
bench 1 : 3006.2271379745534
bench 2 : 819.503206458996
bench 3 : 946.5406320134085
How can I succeed in getting the good values for the
osd_mclock_max_capacity_iops_[hdd|ssd] options ?
Thank you for your help,
Rafael
Hi,
As discussed in another thread (Crushmap rule for multi-datacenter
erasure coding), I'm trying to create an EC pool spanning 3 datacenters
(datacenters are present in the crushmap), with the objective to be
resilient to 1 DC down, at least keeping the readonly access to the pool
and if possible the read-write access, and have a storage efficiency
better than 3 replica (let say a storage overhead <= 2).
In the discussion, somebody mentioned LRC plugin as a possible jerasure
alternative to implement this without tweaking the crushmap rule to
implement the 2-step OSD allocation. I looked at the documentation
(https://docs.ceph.com/en/latest/rados/operations/erasure-code-lrc/) but
I have some questions if someone has experience/expertise with this LRC
plugin.
I tried to create a rule for using 5 OSDs per datacenter (15 in total),
with 3 (9 in total) being data chunks and others being coding chunks.
For this, based of my understanding of examples, I used k=9, m=3, l=4.
Is it right? Is this configuration equivalent, in terms of redundancy,
to a jerasure configuration with k=9, m=6?
The resulting rule, which looks correct to me, is:
--------
{
"rule_id": 6,
"rule_name": "test_lrc_2",
"ruleset": 6,
"type": 3,
"min_size": 3,
"max_size": 15,
"steps": [
{
"op": "set_chooseleaf_tries",
"num": 5
},
{
"op": "set_choose_tries",
"num": 100
},
{
"op": "take",
"item": -4,
"item_name": "default~hdd"
},
{
"op": "choose_indep",
"num": 3,
"type": "datacenter"
},
{
"op": "chooseleaf_indep",
"num": 5,
"type": "host"
},
{
"op": "emit"
}
]
}
------------
Unfortunately, it doesn't work as expected: a pool created with this
rule ends up with its pages active+undersize, which is unexpected for
me. Looking at 'ceph health detail` output, I see for each page
something like:
pg 52.14 is stuck undersized for 27m, current state active+undersized,
last acting
[90,113,2147483647,103,64,147,164,177,2147483647,133,58,28,8,32,2147483647]
For each PG, there is 3 '2147483647' entries and I guess it is the
reason of the problem. What are these entries about? Clearly it is not
OSD entries... Looks like a negative number, -1, which in terms of
crushmap ID is the crushmap root (named "default" in our configuration).
Any trivial mistake I would have made?
Thanks in advance for any help or for sharing any successful configuration?
Best regards,
Michel
Hello,
I've just upgraded a Pacific cluster into Quincy, and all my osd have
the low value osd_mclock_max_capacity_iops_hdd : 315.000000.
The manuel does not explain how to benchmark the OSD with fio or ceph
bench with good options.
Can someone have the good ceph bench options or fio options in order to
configure osd_mclock_max_capacity_iops_hdd for each osd ?
I ran this bench various times on the same OSD (class hdd) and I obtain
different results.
ceph tell ${osd} cache drop
ceph tell ${osd} bench 12288000 4096 4194304 100
example :
osd.21 (hdd): osd_mclock_max_capacity_iops_hdd = 315.000000
bench 1 : 3006.2271379745534
bench 2 : 819.503206458996
bench 3 : 946.5406320134085
How can I succeed in getting the good values for the
osd_mclock_max_capacity_iops_[hdd|ssd] options ?
Thank you for your help,
Rafael
Hi,
I have a 3x-replicated pool with Ceph 12.2.7.
One HDD broke, its OSD "2" was automatically marked as "out", the disk was physically replaced by a new one, and that added back in.
Now `ceph health detail` continues to permanently show:
[ERR] OSD_SCRUB_ERRORS: 1 scrub errors
[ERR] PG_DAMAGED: Possible data damage: 1 pg inconsistent
pg 2.87 is active+clean+inconsistent, acting [33,2,20]
What exactly is wrong here?
Why can Ceph not fix the issue?
With BlueStore I have checksums, on two unbroken disks, so what remaining inconsistency can there be?
The suggested command in https://docs.ceph.com/en/pacific/rados/operations/pg-repair/#commands-for-d… does not work:
# rados list-inconsistent-obj 2.87
No scrub information available for pg 2.87
error 2: (2) No such file or directory
Further, I find the documentation in https://docs.ceph.com/en/pacific/rados/operations/pg-repair/#more-informati… extremely unclear.
It says
> In the case of replicated pools, recovery is beyond the scope of pg repair.
while many people on the Internet suggest that `ceph pg repair` might fix the issue.
Yet again others claim that Ceph will fix the issue itself.
I am hesitant to run "ceph pg repair" without understanding what the problem is and what exactly this will do.
I have already reported the "error 2" and the documentation in issue https://tracker.ceph.com/issues/61739 but not received a reply yet, and my cluster stays "inconsistent".
How can this be fixed?
I would appreciate any help!
Hi,
is it a problem that the device class for all my disks is SSD even all of
these disks are NVME disks? If it is just a classification for ceph, so I
can have pools on SSDs and NVMEs separated I don't care. But maybe ceph
handles NVME disks differently internally?
I've added them via
ceph-volume lvm create --bluestore --data /dev/nvme2n1
and they only show up as ssd
root@a0423f621aaa:~# ceph osd metadata osd.0
{
"id": 0,
"arch": "x86_64",
...
"bluefs": "1",
"bluefs_dedicated_db": "0",
"bluefs_dedicated_wal": "0",
"bluefs_single_shared_device": "1",
"bluestore_bdev_access_mode": "blk",
"bluestore_bdev_block_size": "4096",
"bluestore_bdev_dev_node": "/dev/dm-2",
"bluestore_bdev_devices": "nvme0n1",
"bluestore_bdev_driver": "KernelDevice",
"bluestore_bdev_partition_path": "/dev/dm-2",
"bluestore_bdev_rotational": "0",
"bluestore_bdev_size": "1920378863616",
"bluestore_bdev_support_discard": "1",
"bluestore_bdev_type": "ssd",
"ceph_release": "pacific",
"ceph_version": "ceph version 16.2.13
(5378749ba6be3a0868b51803968ee9cde4833a3e) pacific (stable)",
"ceph_version_short": "16.2.13",
"ceph_version_when_created": "ceph version 16.2.13
(5378749ba6be3a0868b51803968ee9cde4833a3e) pacific (stable)",
"cpu": "Intel(R) Xeon(R) Gold 6226R CPU @ 2.90GHz",
"created_at": "2023-06-20T14:03:35.167741Z",
"default_device_class": "ssd",
"device_ids": "nvme0n1=SAMSUNG_MZQLB1T9HAJR-00007_S439NF0M506164",
"device_paths": "nvme0n1=/dev/disk/by-path/pci-0000:5e:00.0-nvme-1",
"devices": "nvme0n1",
"distro": "ubuntu",
"distro_description": "Ubuntu 20.04.6 LTS",
"distro_version": "20.04",
...
"journal_rotational": "0",
"kernel_description": "#169-Ubuntu SMP Tue Jun 6 22:23:09 UTC 2023",
"kernel_version": "5.4.0-152-generic",
"mem_swap_kb": "0",
"mem_total_kb": "196668116",
"network_numa_unknown_ifaces": "back_iface,front_iface",
"objectstore_numa_node": "0",
"objectstore_numa_nodes": "0",
"os": "Linux",
"osd_data": "/var/lib/ceph/osd/ceph-0",
"osd_objectstore": "bluestore",
"osdspec_affinity": "",
"rotational": "0"
}
Cheers
Boris
Reef RC linking failure on Alpine Linux. Do we worry about that?
1. https://tracker.ceph.com/issues/61718
2. Nice to fix, but not a requirement
3. If there are patches available, we should accept them, but probably
don't put too much work into it currently
debian bullseye build failure on reef rc:
1. https://tracker.ceph.com/issues/61845
2. want to fix before final release
clean-up in AuthMonitor – CephFS and core are fine. Any other component
interested in?
1. https://github.com/ceph/ceph/pull/52008#issuecomment-1606581139
2. Already tested for rados and cephfs
3. No other components requesting testing
Reef rc v18.1.2 in progress
1. Next rc build in progress
2. build issue to be looked at
1. Failure on a jammy arm build, not a platform we test on meaningfully
2. Think this is an infrastructure issue
3. Generally, this shouldn't be a release blocker
4. Priority of arm builds might rise in the future though
5. investigate today, if we can't figure it out quickly, publish rc
with a known issue
6. NOTE: Rook expects arm builds to be present
3. Would like to release next rc later this week if things work out
4. Would also like to upgrade lrc
CDS agenda https://pad.ceph.com/p/cds-squid
1. leads should add topics
2. plan is for this to happen week of July 17th
mempool monitoring in teuthology tests
https://github.com/ceph/ceph/pull/51853
1. Just an FYI
2. ceph task will now have ability to dump memtools
3. might add a bit of delay to how long tests take
4. expected to be merged soon
5. will follow up in performance meeting
iSCSI packages old/not signed -- want to fix before final release
1. https://tracker.ceph.com/issues/57388
2. tcmu-runner, since containerization of ceph, is being pulled from our
build system
3. This tcmu-runner package is not signed
4. ceph-iscsi package is signed, but outdated (seems to be because this
is the newest one that is signed and pushed to download.ceph.com)
5. someone with access to tools to sign the packages would have to help
fix this
6. been like this for a long time and nobody noticed
7. only ceph-iscsi package, not tcmu-runner, is distributed through
download.ceph.com
8. getting updated ceph-iscsi package on download.ceph.com should be
done before reef release
9. tcmu-runner inside the container being unsigned is not as big of a
deal (was this way in quincy/pacific as well)
Mystery solved. I loaded the zonegroup up with 100K hostnanes. That caused the period to fail to decode when other zones try to pick up the new period. Apparently, there is a size limit on how big zonegroup info can be but implicitly.
Regards, Yixin
Sent from Yahoo Mail on Android