diff options
| author | Sage Weil <sage@inktank.com> | 2013-06-23 09:25:55 -0700 |
|---|---|---|
| committer | Sage Weil <sage@inktank.com> | 2013-06-24 12:54:15 -0700 |
| commit | 4474a0cc6c009a566ecf46efadb39d80343a7c68 (patch) | |
| tree | c5ce5453368fac32c0861692d69e2184fdf1ecbd | |
| parent | d572cf6f77418f217a5a8e37f1124dc566e24d0b (diff) | |
| download | ceph-4474a0cc6c009a566ecf46efadb39d80343a7c68.tar.gz | |
mon/AuthMonitor: make initial auth include rotating keys
This closes a very narrow race during mon creation where there are no
service keys.
Fixes: #5427
Signed-off-by: Sage Weil <sage@inktank.com>
(cherry picked from commit cd98eb0c651d9ee62e19c2cc92eadae9bed678cd)
| -rw-r--r-- | src/auth/cephx/CephxKeyServer.cc | 1 | ||||
| -rw-r--r-- | src/mon/AuthMonitor.cc | 14 | ||||
| -rw-r--r-- | src/mon/AuthMonitor.h | 2 |
3 files changed, 11 insertions, 6 deletions
diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc index c3e4f9cfdc1..3207b71c690 100644 --- a/src/auth/cephx/CephxKeyServer.cc +++ b/src/auth/cephx/CephxKeyServer.cc @@ -160,6 +160,7 @@ bool KeyServer::_check_rotating_secrets() added += _rotate_secret(CEPH_ENTITY_TYPE_MDS); if (added) { + ldout(cct, 10) << __func__ << " added " << added << dendl; data.rotating_ver++; //data.next_rotating_time = ceph_clock_now(cct); //data.next_rotating_time += MIN(g_conf->auth_mon_ticket_ttl, g_conf->auth_service_ticket_ttl); diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 264fb221a10..a5bc4f9d7e4 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -48,15 +48,15 @@ ostream& operator<<(ostream& out, AuthMonitor& pm) return out << "auth"; } -void AuthMonitor::check_rotate() +bool AuthMonitor::check_rotate() { KeyServerData::Incremental rot_inc; rot_inc.op = KeyServerData::AUTH_INC_SET_ROTATING; if (!mon->key_server.updated_rotating(rot_inc.rotating_bl, last_rotating_ver)) - return; - dout(10) << "AuthMonitor::tick() updated rotating, now calling propose_pending" << dendl; + return false; + dout(10) << __func__ << " updated rotating" << dendl; push_cephx_inc(rot_inc); - propose_pending(); + return true; } /* @@ -72,7 +72,8 @@ void AuthMonitor::tick() if (!mon->is_leader()) return; - check_rotate(); + if (check_rotate()) + propose_pending(); } void AuthMonitor::on_active() @@ -106,6 +107,9 @@ void AuthMonitor::create_initial() inc.inc_type = GLOBAL_ID; inc.max_global_id = max_global_id; pending_auth.push_back(inc); + + // initalize rotating keys, too + check_rotate(); } void AuthMonitor::update_from_paxos() diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h index 5d1422bbc4d..896384dbc95 100644 --- a/src/mon/AuthMonitor.h +++ b/src/mon/AuthMonitor.h @@ -145,7 +145,7 @@ private: bool preprocess_command(MMonCommand *m); bool prepare_command(MMonCommand *m); - void check_rotate(); + bool check_rotate(); public: AuthMonitor(Monitor *mn, Paxos *p, const string& service_name) : PaxosService(mn, p, service_name), last_rotating_ver(0), |