git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Patrick Donnelly <pdonnell@ibm.com>
	Wed, 26 Mar 2025 01:59:34 +0000 (21:59 -0400)
committer	Patrick Donnelly <pdonnell@ibm.com>
	Mon, 13 Oct 2025 23:59:34 +0000 (19:59 -0400)
commit	dc7e0dbd0f33e25779ab44a44b0a101550ee2bc5
tree	6852c152df604deb006981f1d11343d1ef7f51ec	tree \| snapshot
parent	354bcbcc17b5d458850709da05f6379202c03c57	commit \| diff

mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f7b15b982a96a25a98e7b47755d4317723c4aa8d)

src/auth/cephx/CephxKeyServer.cc		diff \| blob \| history
src/auth/cephx/CephxKeyServer.h		diff \| blob \| history
src/mon/AuthMonitor.cc		diff \| blob \| history
src/mon/MonCommands.h		diff \| blob \| history
src/tools/ceph_monstore_tool.cc		diff \| blob \| history