rgw: Early Linux process keyring initialization

To allow RGW threads to share possession over process keyring keys the
keyring must be created before a child thread adds keys.

Since we only use the process keyring for KMS cache secrets, only
initialize the keyring if it is enabled on startup.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@clyso.com>
On-behalf-of: SAP marcel.lauhoff@sap.com

diff --git a/src/rgw/CMakeLists.txt b/src/rgw/CMakeLists.txt
index 5055d3d5d35529ff32e14f04a296590c657789b1..3d9db673db4284df965cf94860a782f0ac8eeca7 100644 (file)
--- a/src/rgw/CMakeLists.txt
+++ b/src/rgw/CMakeLists.txt
@@ -310,6 +310,7 @@ target_link_libraries(rgw_common
     legacy-option-headers
     global
     cls_rgw_client
+    keyring
     rt
     ICU::uc
     OATH::OATH

diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc
index a3a38c8189e87ae0fa1265f8aa901ab43c54e1e9..5c5c14879345677b801f43bcea302ccff431ee5f 100644 (file)
--- a/src/rgw/rgw_main.cc
+++ b/src/rgw/rgw_main.cc
@@ -3,6 +3,7 @@
 
 #include <boost/intrusive/list.hpp>
 #include "common/ceph_argparse.h"
+#include "common/keyring.h"
 #include "global/global_init.h"
 #include "global/signal_handler.h"
 #include "common/config.h"
@@ -107,6 +108,8 @@ int main(int argc, char *argv[])
   DoutPrefix dp(cct.get(), dout_subsys, "rgw main: ");
   rgw::AppMain main(&dp);
 
+  LinuxKeyringSecret::initialize_process_keyring();
+
   main.init_frontends1(false /* nfs */);
   main.init_numa();