mon/AuthMonitor: fix mgr mon caps to 'allow profile mgr'

author Sage Weil <sage@redhat.com>

Tue, 14 Mar 2017 02:41:37 +0000 (22:41 -0400)

committer Sage Weil <sage@redhat.com>

Wed, 29 Mar 2017 15:39:26 +0000 (11:39 -0400)
author Sage Weil <sage@redhat.com>
Tue, 14 Mar 2017 02:41:37 +0000 (22:41 -0400)
committer Sage Weil <sage@redhat.com>
Wed, 29 Mar 2017 15:39:26 +0000 (11:39 -0400)
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc

index dcee3c11f7e7aff4b71016aa9914863dc49fb33a..48f334a0064495425a8b7558d69ace13697cd459 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1134,6 +1134,26 @@ void AuthMonitor::upgrade_format()
         auth_inc.op = KeyServerData::AUTH_INC_ADD;
         push_cephx_inc(auth_inc);
        }
+
+      if (n.find("mgr.") == 0 &&
+         p->second.caps.count("mon")) {
+       // the kraken ceph-mgr@.service set the mon cap to 'allow *'.
+       auto blp = p->second.caps["mon"].begin();
+       string oldcaps;
+       ::decode(oldcaps, blp);
+       if (oldcaps == "allow *") {
+         dout(5) << " fixing " << n << " mon cap to 'allow profile mgr'"
+                 << dendl;
+         bufferlist bl;
+         ::encode("allow profile mgr", bl);
+         KeyServerData::Incremental auth_inc;
+         auth_inc.name = p->first;
+         auth_inc.auth = p->second;
+         auth_inc.auth.caps["mon"] = bl;
+         auth_inc.op = KeyServerData::AUTH_INC_ADD;
+         push_cephx_inc(auth_inc);
+       }
+      }
      }
  
      // add bootstrap key
author	Sage Weil <sage@redhat.com>
	Tue, 14 Mar 2017 02:41:37 +0000 (22:41 -0400)
committer	Sage Weil <sage@redhat.com>
	Wed, 29 Mar 2017 15:39:26 +0000 (11:39 -0400)