git.apps.os.sepia.ceph.com Git

author	Sage Weil <sage@newdream.net>
	Thu, 25 Mar 2021 22:07:53 +0000 (18:07 -0400)
committer	Ilya Dryomov <idryomov@gmail.com>
	Mon, 12 Apr 2021 18:56:35 +0000 (20:56 +0200)
commit	106d31462e89e4df40bb1ed64eec523dd74b0002
tree	56bba5a255672207d6d3090e212922724278fa61	tree \| snapshot
parent	9f3efe7cd1a780b91e5c8cfee192a0c51d0151dc	commit \| diff

mon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]

Two new alerts:

- AUTH_INSECURE_GLOBAL_ID_RENEWAL_ALLOWED if we are allowing clients to reclaim
global_ids in an insecure manner (for backwards compatibility until
clients are upgraded)

- AUTH_INSECURE_GLBOAL_ID_RENEWAL if there are currently clients connected that
do not know how to securely renew their global_id, as exposed by
auth_expose_insecure_global_id_reclaim=true. The client auth names and IPs
are listed the alert details (up to a limit, at least).

The docs recommend operators mute these alerts instead of silencing, but
we still include option that allow the alerts to be disabled entirely.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 18b343b06e5dd904af425dc99e2c848e12f3b552)

Conflicts:
src/mon/HealthMonitor.cc [ commit e4bf716bfa07 ("mon: store
a reference as member variable") not in octopus ]

doc/rados/operations/health-checks.rst		diff \| blob \| history
src/common/options.cc		diff \| blob \| history
src/mon/HealthMonitor.cc		diff \| blob \| history