mon/AuthMonitor: clear_secrets() in create_initial()

If we are creating the initial state and initial proposal, start with an
empty keyring.  Specifically, we want to clear out any rotating secrets
from a previously failed paxos round so that the subsequent call to
check_rotate() will correctly populate the initial proposal with new
rotating keys.  (When we don't do this, the leader OSD will have the
keys from an earlier round in memory but no other mons will.)

Fixes: http://tracker.ceph.com/issues/40634
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit a346713516ed6d6935ad6894ffeac3bd41ac99a1)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index a25a5fb1c1083bba1079350065416a71afc6fc9f..126758e0c458acf20125bb2e06182b8ae35a8aa2 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -171,6 +171,7 @@ void AuthMonitor::create_initial()
   dout(10) << "create_initial -- creating initial map" << dendl;
 
   // initialize rotating keys
+  mon->key_server.clear_secrets();
   last_rotating_ver = 0;
   check_rotate();
   assert(pending_auth.size() == 1);