git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Patrick Donnelly <pdonnell@ibm.com>
	Wed, 26 Mar 2025 01:59:34 +0000 (21:59 -0400)
committer	Patrick Donnelly <pdonnell@ibm.com>
	Mon, 22 Sep 2025 16:34:42 +0000 (12:34 -0400)
commit	dfcc83ef6c6945f97d616e206c18107aeeddfbf7
tree	a676fce4fead7b5bbf4dccd8ce3da65824db06ca	tree \| snapshot
parent	73c097797211cea6ab70b1edfe08392eed7cef1f	commit \| diff

mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f7b15b982a96a25a98e7b47755d4317723c4aa8d)

src/auth/cephx/CephxKeyServer.cc		diff \| blob \| history
src/auth/cephx/CephxKeyServer.h		diff \| blob \| history
src/mon/AuthMonitor.cc		diff \| blob \| history
src/mon/MonCommands.h		diff \| blob \| history
src/tools/ceph_monstore_tool.cc		diff \| blob \| history