mon/AuthMonitor: make initial auth include rotating keys

This closes a very narrow race during mon creation where there are no
service keys.

Fixes: #5427
Signed-off-by: Sage Weil <sage@inktank.com>
(cherry picked from commit cd98eb0c651d9ee62e19c2cc92eadae9bed678cd)

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index c3e4f9cfdc1f6f71199fc489309ef0ae17ff1bc2..3207b71c690ba8f0356ab3bee1689fcd0c5468f6 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -160,6 +160,7 @@ bool KeyServer::_check_rotating_secrets()
   added += _rotate_secret(CEPH_ENTITY_TYPE_MDS);
 
   if (added) {
+    ldout(cct, 10) << __func__ << " added " << added << dendl;
     data.rotating_ver++;
     //data.next_rotating_time = ceph_clock_now(cct);
     //data.next_rotating_time += MIN(g_conf->auth_mon_ticket_ttl, g_conf->auth_service_ticket_ttl);

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 264fb221a100b5681fb551462462c0f0bc1094f4..a5bc4f9d7e4af3196e8d06e10abf6b3a4e6114fc 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -48,15 +48,15 @@ ostream& operator<<(ostream& out, AuthMonitor& pm)
   return out << "auth";
 }
 
-void AuthMonitor::check_rotate()
+bool AuthMonitor::check_rotate()
 {
   KeyServerData::Incremental rot_inc;
   rot_inc.op = KeyServerData::AUTH_INC_SET_ROTATING;
   if (!mon->key_server.updated_rotating(rot_inc.rotating_bl, last_rotating_ver))
-    return;
-  dout(10) << "AuthMonitor::tick() updated rotating, now calling propose_pending" << dendl;
+    return false;
+  dout(10) << __func__ << " updated rotating" << dendl;
   push_cephx_inc(rot_inc);
-  propose_pending();
+  return true;
 }
 
 /*
@@ -72,7 +72,8 @@ void AuthMonitor::tick()
 
   if (!mon->is_leader()) return; 
 
-  check_rotate();
+  if (check_rotate())
+    propose_pending();
 }
 
 void AuthMonitor::on_active()
@@ -106,6 +107,9 @@ void AuthMonitor::create_initial()
   inc.inc_type = GLOBAL_ID;
   inc.max_global_id = max_global_id;
   pending_auth.push_back(inc);
+
+  // initalize rotating keys, too
+  check_rotate();
 }
 
 void AuthMonitor::update_from_paxos()

diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index 5d1422bbc4d7cfffa88b5316ed4e36b770b40fb8..896384dbc952b4f15255108e2100c0605d95d5ff 100644 (file)
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -145,7 +145,7 @@ private:
   bool preprocess_command(MMonCommand *m);
   bool prepare_command(MMonCommand *m);
 
-  void check_rotate();
+  bool check_rotate();
  public:
   AuthMonitor(Monitor *mn, Paxos *p, const string& service_name)
     : PaxosService(mn, p, service_name), last_rotating_ver(0),