From cbe8e227084581327417e9c2cadff91808ec2561 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 22 Apr 2021 15:20:45 +0000 Subject: [PATCH] 3p/nixpkgs: add patch for ceph upgrade --- third_party/nixpkgs/patches/pr120071.patch | 177 +++++++++++++++++++++ third_party/nixpkgs/patches/series | 1 + 2 files changed, 178 insertions(+) create mode 100644 third_party/nixpkgs/patches/pr120071.patch diff --git a/third_party/nixpkgs/patches/pr120071.patch b/third_party/nixpkgs/patches/pr120071.patch new file mode 100644 index 0000000000..8baed4f155 --- /dev/null +++ b/third_party/nixpkgs/patches/pr120071.patch @@ -0,0 +1,177 @@ +From c3bd75c75255c993fb1ec61c590a23ac31169744 Mon Sep 17 00:00:00 2001 +From: Johan Thomsen +Date: Wed, 21 Apr 2021 10:02:36 +0200 +Subject: [PATCH 1/2] ceph: 15.2.10 -> 16.2.1 + +--- + pkgs/tools/filesystems/ceph/default.nix | 23 +++++++++++++++++++---- + pkgs/top-level/all-packages.nix | 3 ++- + 2 files changed, 21 insertions(+), 5 deletions(-) + +diff --git a/pkgs/tools/filesystems/ceph/default.nix b/pkgs/tools/filesystems/ceph/default.nix +index e923bb6132ecd..d13d4915e1eb3 100644 +--- a/pkgs/tools/filesystems/ceph/default.nix ++++ b/pkgs/tools/filesystems/ceph/default.nix +@@ -1,5 +1,4 @@ + { lib, stdenv, runCommand, fetchurl +-, fetchpatch + , ensureNewerSourcesHook + , cmake, pkg-config + , which, git +@@ -14,6 +13,15 @@ + , libnl, libcap_ng + , rdkafka + , nixosTests ++, cryptsetup ++, sqlite ++, lua ++, icu ++, bzip2 ++, doxygen ++, graphviz ++, fmt ++, python3 + + # Optional Dependencies + , yasm ? null, fcgi ? null, expat ? null +@@ -123,10 +131,10 @@ let + ]); + sitePackages = ceph-python-env.python.sitePackages; + +- version = "15.2.10"; ++ version = "16.2.1"; + src = fetchurl { + url = "http://download.ceph.com/tarballs/ceph-${version}.tar.gz"; +- sha256 = "1xfijynfb56gydpwh6h4q781xymwxih6nx26idnkcjqih48nsn01"; ++ sha256 = "1qqvfhnc94vfrq1ddizf6habjlcp77abry4v18zlq6rnhwr99zrh"; + }; + in rec { + ceph = stdenv.mkDerivation { +@@ -142,12 +150,18 @@ in rec { + pkg-config which git python3Packages.wrapPython makeWrapper + python3Packages.python # for the toPythonPath function + (ensureNewerSourcesHook { year = "1980"; }) ++ python3 ++ fmt ++ # for building docs/man-pages presumably ++ doxygen ++ graphviz + ]; + + buildInputs = cryptoLibsMap.${cryptoStr} ++ [ + boost ceph-python-env libxml2 optYasm optLibatomic_ops optLibs3 + malloc zlib openldap lttng-ust babeltrace gperf gtest cunit + snappy lz4 oathToolkit leveldb libnl libcap_ng rdkafka ++ cryptsetup sqlite lua icu bzip2 + ] ++ lib.optionals stdenv.isLinux [ + linuxHeaders util-linux libuuid udev keyutils optLibaio optLibxfs optZfs + # ceph 14 +@@ -171,7 +185,6 @@ in rec { + ''; + + cmakeFlags = [ +- "-DWITH_PYTHON3=ON" + "-DWITH_SYSTEM_ROCKSDB=OFF" # breaks Bluestore + "-DCMAKE_INSTALL_DATADIR=${placeholder "lib"}/lib" + +@@ -182,6 +195,8 @@ in rec { + "-DWITH_TESTS=OFF" + # TODO breaks with sandbox, tries to download stuff with npm + "-DWITH_MGR_DASHBOARD_FRONTEND=OFF" ++ # WITH_XFS has been set default ON from Ceph 16, keeping it optional in nixpkgs for now ++ ''-DWITH_XFS=${if optLibxfs != null then "ON" else "OFF"}'' + ]; + + postFixup = '' +diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix +index 71a063a4393fc..e825afd6691e4 100644 +--- a/pkgs/top-level/all-packages.nix ++++ b/pkgs/top-level/all-packages.nix +@@ -3313,7 +3313,8 @@ in + + libceph = ceph.lib; + inherit (callPackages ../tools/filesystems/ceph { +- boost = boost172.override { enablePython = true; python = python38; }; ++ boost = boost17x.override { enablePython = true; python = python3; }; ++ lua = lua5_4; + }) + ceph + ceph-client; + +From 8a6e130c71ed25f4eae8eadd62ef48450ccf8750 Mon Sep 17 00:00:00 2001 +From: Johan Thomsen +Date: Wed, 21 Apr 2021 16:19:00 +0200 +Subject: [PATCH 2/2] nixos/ceph: fix tests + +- 512 -> 1024MB vm memory (had sporadic oom-failures with the lower setting) + +- set "auth_allow_insecure_global_id_reclaim=false" as described here: https://docs.ceph.com/en/latest/security/CVE-2021-20288/ +--- + nixos/tests/ceph-multi-node.nix | 3 ++- + nixos/tests/ceph-single-node-bluestore.nix | 3 ++- + nixos/tests/ceph-single-node.nix | 3 ++- + 3 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/nixos/tests/ceph-multi-node.nix b/nixos/tests/ceph-multi-node.nix +index 4e6d644f96c8a..33736e27b984d 100644 +--- a/nixos/tests/ceph-multi-node.nix ++++ b/nixos/tests/ceph-multi-node.nix +@@ -37,7 +37,7 @@ let + + generateHost = { pkgs, cephConfig, networkConfig, ... }: { + virtualisation = { +- memorySize = 512; ++ memorySize = 1024; + emptyDiskImages = [ 20480 ]; + vlans = [ 1 ]; + }; +@@ -120,6 +120,7 @@ let + ) + monA.wait_for_unit("ceph-mon-${cfg.monA.name}") + monA.succeed("ceph mon enable-msgr2") ++ monA.succeed("ceph config set mon auth_allow_insecure_global_id_reclaim false") + + # Can't check ceph status until a mon is up + monA.succeed("ceph -s | grep 'mon: 1 daemons'") +diff --git a/nixos/tests/ceph-single-node-bluestore.nix b/nixos/tests/ceph-single-node-bluestore.nix +index cc873e8aee576..f706d4d56fcfd 100644 +--- a/nixos/tests/ceph-single-node-bluestore.nix ++++ b/nixos/tests/ceph-single-node-bluestore.nix +@@ -34,7 +34,7 @@ let + + generateHost = { pkgs, cephConfig, networkConfig, ... }: { + virtualisation = { +- memorySize = 512; ++ memorySize = 1024; + emptyDiskImages = [ 20480 20480 20480 ]; + vlans = [ 1 ]; + }; +@@ -95,6 +95,7 @@ let + ) + monA.wait_for_unit("ceph-mon-${cfg.monA.name}") + monA.succeed("ceph mon enable-msgr2") ++ monA.succeed("ceph config set mon auth_allow_insecure_global_id_reclaim false") + + # Can't check ceph status until a mon is up + monA.succeed("ceph -s | grep 'mon: 1 daemons'") +diff --git a/nixos/tests/ceph-single-node.nix b/nixos/tests/ceph-single-node.nix +index 19919371a3ca7..d1d56ea6708cc 100644 +--- a/nixos/tests/ceph-single-node.nix ++++ b/nixos/tests/ceph-single-node.nix +@@ -34,7 +34,7 @@ let + + generateHost = { pkgs, cephConfig, networkConfig, ... }: { + virtualisation = { +- memorySize = 512; ++ memorySize = 1024; + emptyDiskImages = [ 20480 20480 20480 ]; + vlans = [ 1 ]; + }; +@@ -95,6 +95,7 @@ let + ) + monA.wait_for_unit("ceph-mon-${cfg.monA.name}") + monA.succeed("ceph mon enable-msgr2") ++ monA.succeed("ceph config set mon auth_allow_insecure_global_id_reclaim false") + + # Can't check ceph status until a mon is up + monA.succeed("ceph -s | grep 'mon: 1 daemons'") diff --git a/third_party/nixpkgs/patches/series b/third_party/nixpkgs/patches/series index c4d4698053..37f0682095 100644 --- a/third_party/nixpkgs/patches/series +++ b/third_party/nixpkgs/patches/series @@ -2,3 +2,4 @@ various.patch patch-cherrypy.patch pomerium-fix.patch tracker-i686.patch +pr120071.patch