mgr/dashboard: Make saml2 robust against module load errors

[marcan]

Loading saml2 can fail due to issues with the xmlsec package (subinterpreter related):

  File "/usr/share/ceph/mgr/dashboard/controllers/saml2.py", line 6, in <module>
    from onelogin.saml2.auth import OneLogin_Saml2_Auth
  File "/lib/python3.13/site-packages/onelogin/saml2/auth.py", line 12, in <module>
    import xmlsec
xmlsec.Error: (100, 'lxml & xmlsec libxml2 library version mismatch')

Instead of taking down the entire dashboard module, treat this exception like a missing saml2 package.

Improves: https://tracker.ceph.com/issues/70411

Contribution Guidelines

• To sign and title your commits, please refer to Submitting Patches to Ceph.

• If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.

• When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

• Tracker (select at least one)
  • References tracker ticket
  • Very recent bug; references commit where it was introduced
  • New feature (ticket optional)
  • Doc update (no ticket needed)
  • Code cleanup (no ticket needed)
• Component impact
  • Affects Dashboard, opened tracker ticket
  • Affects Orchestrator, opened tracker ticket
  • No impact that needs to be tracked
• Documentation (select at least one)
  • Updates relevant documentation
  • No doc update is appropriate
• Tests (select at least one)
  • Includes unit test(s)
  • Includes integration test(s)
  • Includes bug reproducer
  • No tests

Show available Jenkins commands

• jenkins test classic perf Jenkins Job | Jenkins Job Definition
• jenkins test crimson perf Jenkins Job | Jenkins Job Definition
• jenkins test signed Jenkins Job | Jenkins Job Definition
• jenkins test make check Jenkins Job | Jenkins Job Definition
• jenkins test make check arm64 Jenkins Job | Jenkins Job Definition
• jenkins test submodules Jenkins Job | Jenkins Job Definition
• jenkins test dashboard Jenkins Job | Jenkins Job Definition
• jenkins test dashboard cephadm Jenkins Job | Jenkins Job Definition
• jenkins test api Jenkins Job | Jenkins Job Definition
• jenkins test docs ReadTheDocs | Github Workflow Definition
• jenkins test ceph-volume all Jenkins Jobs | Jenkins Jobs Definition
• jenkins test windows Jenkins Job | Jenkins Job Definition
• jenkins test rook e2e Jenkins Job | Jenkins Job Definition

You must only issue one Jenkins command per-comment. Jenkins does not understand
comments with more than one command.

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[ceph-jenkins]

Can one of the admins verify this patch?

[marcan]

The tracker issue is https://tracker.ceph.com/issues/70411, which however was closed with CI changes that didn't actually improve anything on the Ceph side. This PR actually fixes the issue in the most reasonable way (if the saml2 package does not work, do not take down the entire dashboard).

The underlying issue is unclear and hard to debug, but seems likely to be yet another subinterpreter problem. Since saml2 support is optional, it makes sense to at least just disable saml2 for deployments which run into this.

[marcan]

I've changed the commit tag to "Improves:" instead of "Fixes:", as this doesn't fix the underlying issue (which is now positively identified as subinterpreters).

[tchaikov]

lgtm

[tchaikov]

Thanks for the work on this! Once the workflows are all green, we're good to merge.
Note: The CI runs are taking longer than usual right now due to the lab migration — the Jenkins worker nodes are experiencing increased load times while consuming the workload. This should resolve once the migration is complete.

[github-actions]

This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days.
If you are a maintainer or core committer, please follow-up on this pull request to identify what steps should be taken by the author to move this proposed change forward.
If you are the author of this pull request, thank you for your proposed contribution. If you believe this change is still appropriate, please ensure that any feedback has been addressed and ask for a code review.

[marcan]

Ping, not sure what happened with the workflows here?

[nizamial09]

jenkins retest this please