timer.init();
schedule_tick();
+ cct->get_admin_socket()->register_command(
+ "rotate-key",
+ this,
+ "rotate live authentication key");
+
return 0;
}
void MonClient::shutdown()
{
ldout(cct, 10) << __func__ << dendl;
+
+ cct->get_admin_socket()->unregister_commands(this);
+
monc_lock.lock();
stopping = true;
while (!version_requests.empty()) {
return authenticate_err;
}
+int MonClient::call(
+ std::string_view command,
+ const cmdmap_t& cmdmap,
+ const ceph::buffer::list &inbl,
+ ceph::Formatter *f,
+ std::ostream& errss,
+ ceph::buffer::list& out)
+{
+ if (command == "rotate-key") {
+ CryptoKey key;
+ try {
+ key.decode_base64(inbl.to_str());
+ } catch (buffer::error& e) {
+ errss << "error decoding key: " << e.what();
+ return -EINVAL;
+ }
+ if (keyring) {
+ ldout(cct, 1) << "rotate live key for " << entity_name << dendl;
+ keyring->add(entity_name, key);
+ } else {
+ errss << "cephx not enabled; no key to rotate";
+ return -EINVAL;
+ }
+ }
+ return 0;
+}
+
void MonClient::handle_auth(MAuthReply *m)
{
ceph_assert(ceph_mutex_is_locked(monc_lock));
#include "MonMap.h"
#include "MonSub.h"
+#include "common/admin_socket.h"
#include "common/async/completion.h"
#include "common/Timer.h"
#include "common/config.h"
class MonClient : public Dispatcher,
public AuthClient,
- public AuthServer /* for mgr, osd, mds */ {
+ public AuthServer, /* for mgr, osd, mds */
+ public AdminSocketHook {
static constexpr auto dout_subsys = ceph_subsys_monc;
public:
// Error, Newest, Oldest
void handle_auth(MAuthReply *m);
+ int call(
+ std::string_view command,
+ const cmdmap_t& cmdmap,
+ const ceph::buffer::list &inbl,
+ ceph::Formatter *f,
+ std::ostream& errss,
+ ceph::buffer::list& out) override;
+
// monitor session
utime_t last_keepalive;
utime_t last_send_log;
projects / ceph.git / commitdiff