]> git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit
mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys
authorPatrick Donnelly <pdonnell@ibm.com>
Wed, 26 Mar 2025 01:59:34 +0000 (21:59 -0400)
committerPatrick Donnelly <pdonnell@ibm.com>
Wed, 1 Oct 2025 18:46:57 +0000 (14:46 -0400)
commitf90cbe291b1e6e5a6802a5f9b6cefa2f57fc3fb2
tree81a504fa3123f8d0059c45e6d7d8f89b0eb80380
parent3ccac4f7c6a9cf5043cc730ab8fb2192ebc3e189
mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
src/auth/cephx/CephxKeyServer.cc
src/auth/cephx/CephxKeyServer.h
src/mon/AuthMonitor.cc
src/mon/MonCommands.h
src/tools/ceph_monstore_tool.cc