git-server-git.apps.pok.os.sepia.ceph.com Git

author	Sage Weil <sage@newdream.net>
	Thu, 25 Mar 2021 22:07:53 +0000 (18:07 -0400)
committer	Ilya Dryomov <idryomov@gmail.com>
	Mon, 12 Apr 2021 18:50:53 +0000 (20:50 +0200)
commit	f217c0d61d3d34617e0eb9d6b804db58c0afd069
tree	4645255a3fd0cc4d632e1dca6bd2f266496305f8	tree \| snapshot
parent	13f1f5d91d6e3f6c446863e93eafda2ed198cb29	commit \| diff

mon/HealthMonitor: raise AUTH_INSECURE_GLOBAL_ID_RENEWAL[_ALLOWED]

Two new alerts:

- AUTH_INSECURE_GLOBAL_ID_RENEWAL_ALLOWED if we are allowing clients to reclaim
global_ids in an insecure manner (for backwards compatibility until
clients are upgraded)

- AUTH_INSECURE_GLBOAL_ID_RENEWAL if there are currently clients connected that
do not know how to securely renew their global_id, as exposed by
auth_expose_insecure_global_id_reclaim=true. The client auth names and IPs
are listed the alert details (up to a limit, at least).

The docs recommend operators mute these alerts instead of silencing, but
we still include option that allow the alerts to be disabled entirely.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 18b343b06e5dd904af425dc99e2c848e12f3b552)

doc/rados/operations/health-checks.rst		diff \| blob \| history
src/common/options.cc		diff \| blob \| history
src/mon/HealthMonitor.cc		diff \| blob \| history