auth: remove superfluous error log message

It's also possible that _refresh_config can be called multiple times before the
keyring config has been set (by an arg/env for instance). This would pollute
the log with erroneous error warnings.

MonClient::authenticate already warns about this.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit addb4d39a13af6cb89b7765aec08f6e490048619)

diff --git a/src/auth/AuthRegistry.cc b/src/auth/AuthRegistry.cc
index 1f60c6e06edbb7fbcd16d8eb57af5e36e8ee9f3c..27e546acdf359d10d91a7198a48c7b7783a9f207 100644 (file)
--- a/src/auth/AuthRegistry.cc
+++ b/src/auth/AuthRegistry.cc
@@ -176,10 +176,6 @@ void AuthRegistry::_refresh_config()
        }
       }
     }
-    if (_no_keyring_disabled_cephx) {
-      lderr(cct) << "no keyring found at " << cct->_conf->keyring
-              << ", disabling cephx" << dendl;
-    }
   }
 }
 

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index eca429d0bd0489fcef351dd71eb2259f3ae2e217..fd6bbc540addfa56602bda0b2273f02eecc10a85 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -47,12 +47,11 @@ int KeyRing::from_ceph_context(CephContext *cct)
   int ret = ceph_resolve_file_search(conf->keyring, filename);
   if (!ret) {
     ret = load(cct, filename);
-    if (ret < 0)
+    if (ret < 0) {
       lderr(cct) << "failed to load " << filename
                 << ": " << cpp_strerror(ret) << dendl;
-  } else if (conf->key.empty() && conf->keyfile.empty()) {
-    lderr(cct) << "unable to find a keyring on " << conf->keyring
-              << ": " << cpp_strerror(ret) << dendl;
+    }
+    return ret;
   }
 
   if (!conf->key.empty()) {
@@ -81,15 +80,17 @@ int KeyRing::from_ceph_context(CephContext *cct)
     try {
       ea.key.decode_base64(k);
       add(conf->name, ea);
+      return 0;
     }
     catch (ceph::buffer::error& e) {
       lderr(cct) << "failed to decode key '" << k << "'" << dendl;
       return -EINVAL;
     }
-    return 0;
   }
 
-  return ret;
+  /* this can happen during startup when configs are still being set */
+  ldout(cct, 2) << "unable to find a keyring on " << conf->keyring << ": " << cpp_strerror(ret) << dendl;
+  return -ENOENT;
 }
 
 int KeyRing::set_modifier(const char *type,

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 2ae255a7e3dfa823d2da5d5f302302c6a1879662..272cbd1549382ee479d167736b078a8c78f57444 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -521,6 +521,8 @@ int MonClient::init()
     }
   }
   if (!auth_registry.any_supported_methods(messenger->get_mytype())) {
+    lderr(cct) << "no supported authentication method found! Is the keyring missing?" << dendl;
+    lderr(cct) << "Try debugging using arguments: --debug_monc=20 --debug_auth=5" << dendl;
     return -ENOENT;
   }