osd, mgr, mds: make timeout of updating rotating keys configurable

Signed-off-by: xie xingguo <xie.xingguo@zte.com.cn>

diff --git a/src/common/options.cc b/src/common/options.cc
index b85bc2e776c9b7dd077e6b7a57d7fdd9d7651fee..899af0eab64cb9eaad72f637015ea25570b06259 100644 (file)
--- a/src/common/options.cc
+++ b/src/common/options.cc
@@ -2014,7 +2014,15 @@ std::vector<Option> get_global_options() {
 
     Option("max_rotating_auth_attempts", Option::TYPE_INT, Option::LEVEL_ADVANCED)
     .set_default(10)
-    .set_description(""),
+    .set_description("number of attempts to initialize rotating keys before giving up"),
+
+    Option("rotating_keys_bootstrap_timeout", Option::TYPE_INT, Option::LEVEL_ADVANCED)
+    .set_default(30)
+    .set_description("timeout for obtaining rotating keys during bootstrap phase (seconds)"),
+
+    Option("rotating_keys_renewal_timeout", Option::TYPE_INT, Option::LEVEL_ADVANCED)
+    .set_default(10)
+    .set_description("timeout for updating rotating keys (seconds)"),
 
     Option("cephx_require_signatures", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
     .set_default(false)

diff --git a/src/mds/MDSDaemon.cc b/src/mds/MDSDaemon.cc
index d4295e6c2671aed0be0218c5b312184d8d9ea6bb..1db7785643b39c68004deea439d8a9dcd9423cdc 100644 (file)
--- a/src/mds/MDSDaemon.cc
+++ b/src/mds/MDSDaemon.cc
@@ -507,7 +507,9 @@ int MDSDaemon::init()
   }
 
   int rotating_auth_attempts = 0;
-  while (monc->wait_auth_rotating(30.0) < 0) {
+  auto rotating_auth_timeout =
+    g_conf().get_val<int64_t>("rotating_keys_bootstrap_timeout");
+  while (monc->wait_auth_rotating(rotating_auth_timeout) < 0) {
     if (++rotating_auth_attempts <= g_conf()->max_rotating_auth_attempts) {
       derr << "unable to obtain rotating service keys; retrying" << dendl;
       continue;
@@ -1177,7 +1179,8 @@ bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bo
     return true;
 
   if (force_new) {
-    if (monc->wait_auth_rotating(10) < 0)
+    auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
+    if (monc->wait_auth_rotating(timeout) < 0)
       return false;
   }
 

diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc
index d4e5f8021143c4fa6b6ae6e8634c9f6b479f0077..e240e98fa7b82ba087d3373a58fa8c36a09d9c25 100644 (file)
--- a/src/mgr/DaemonServer.cc
+++ b/src/mgr/DaemonServer.cc
@@ -227,7 +227,8 @@ bool DaemonServer::ms_get_authorizer(int dest_type,
   }
 
   if (force_new) {
-    if (monc->wait_auth_rotating(10) < 0)
+    auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
+    if (monc->wait_auth_rotating(timeout) < 0)
       return false;
   }
 

diff --git a/src/mgr/MgrStandby.cc b/src/mgr/MgrStandby.cc
index 8522fcd7d200c601dfd91741b4d60686b20bbf3e..466a703787a6559676ceea67800ba73d44d013a6 100644 (file)
--- a/src/mgr/MgrStandby.cc
+++ b/src/mgr/MgrStandby.cc
@@ -436,7 +436,8 @@ bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
     return true;
 
   if (force_new) {
-    if (monc.wait_auth_rotating(10) < 0)
+    auto timeout = cct->_conf.get_val<int64_t>("rotating_keys_renewal_timeout");
+    if (monc.wait_auth_rotating(timeout) < 0)
       return false;
   }
 

diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index f7ae90e31b59056b689bc3978e8bfd82239681f0..df894bc91484a48c616d2b68adb9ddef99c8a058 100644 (file)
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -2677,6 +2677,8 @@ int OSD::init()
   }
 
   int rotating_auth_attempts = 0;
+  auto rotating_auth_timeout =
+    g_conf().get_val<int64_t>("rotating_keys_bootstrap_timeout");
 
   // sanity check long object name handling
   {
@@ -2923,7 +2925,7 @@ int OSD::init()
     exit(1);
   }
 
-  while (monc->wait_auth_rotating(30.0) < 0) {
+  while (monc->wait_auth_rotating(rotating_auth_timeout) < 0) {
     derr << "unable to obtain rotating service keys; retrying" << dendl;
     ++rotating_auth_attempts;
     if (rotating_auth_attempts > g_conf()->max_rotating_auth_attempts) {
@@ -6935,7 +6937,8 @@ bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool for
   if (force_new) {
     /* the MonClient checks keys every tick(), so we should just wait for that cycle
        to get through */
-    if (monc->wait_auth_rotating(10) < 0) {
+    auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
+    if (monc->wait_auth_rotating(timeout) < 0) {
       derr << "OSD::ms_get_authorizer wait_auth_rotating failed" << dendl;
       return false;
     }

diff --git a/src/tools/cephfs/MDSUtility.cc b/src/tools/cephfs/MDSUtility.cc
index 3519c16984a7ba5ff705699692e81627ee6e764f..a262d2056e019fb2dbcb5633982526dcbb2b9c13 100644 (file)
--- a/src/tools/cephfs/MDSUtility.cc
+++ b/src/tools/cephfs/MDSUtility.cc
@@ -163,7 +163,9 @@ bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
     return true;
 
   if (force_new) {
-    if (monc->wait_auth_rotating(10) < 0)
+    auto timeout =
+      g_ceph_context->_conf.get_val<int64_t>("rotating_keys_renewal_timeout");
+    if (monc->wait_auth_rotating(timeout) < 0)
       return false;
   }