]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b3e62ad)
monc: only warn about missing keyring if we fail to authenticate
authorSage Weil <sage@inktank.com>
Fri, 21 Dec 2012 21:44:19 +0000 (13:44 -0800)
committerSage Weil <sage@inktank.com>
Fri, 21 Dec 2012 21:44:19 +0000 (13:44 -0800)
This avoids the situation where a librados or other user with the default
of 'cephx,none' and no keyring is authenticating against a cluster with
required of 'none' and an annoying warning is generated every time.  Now
we only print a helpful message if we actually failed.

Signed-off-by: Sage Weil <sage@inktank.com>
src/mon/MonClient.cc patch | blob | history
src/mon/MonClient.h patch | blob | history

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 6a1c3567e5497eabc6d01aab3c265858830aa353..ae4d711d31a84de61ec6111bbe1b8f8b3e7cbd68 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -54,6 +54,7 @@ MonClient::MonClient(CephContext *cct_) :
   timer(cct_, monc_lock), finisher(cct_),
   authorize_handler_registry(NULL),
   initialized(false),
+  no_keyring_disabled_cephx(false),
   log_client(NULL),
   more_log_pending(false),
   auth_supported(NULL),
@@ -283,11 +284,10 @@ int MonClient::init()
   if (auth_supported->is_supported_auth(CEPH_AUTH_CEPHX)) {
     r = keyring->from_ceph_context(cct);
     if (r == -ENOENT) {
-      lderr(cct) << "failed to open keyring: " << cpp_strerror(r) << dendl;
       auth_supported->remove_supported_auth(CEPH_AUTH_CEPHX);
       if (auth_supported->get_supported_set().size() > 0) {
-       lderr(cct) << "WARNING: keyring not found, will not use cephx for authentication" << dendl;
        r = 0;
+       no_keyring_disabled_cephx = true;
       } else {
        lderr(cct) << "ERROR: missing keyring, cannot use cephx for authentication" << dendl;
       }
@@ -357,6 +357,10 @@ int MonClient::authenticate(double timeout)
     ldout(cct, 5) << "authenticate success, global_id " << global_id << dendl;
   }
 
+  if (authenticate_err < 0 && no_keyring_disabled_cephx) {
+    lderr(cct) << "authenticate NOTE: no keyring found; disabled cephx authentication" << dendl;
+  }
+
   return authenticate_err;
 }
 
diff --git a/src/mon/MonClient.h b/src/mon/MonClient.h
index 1d38ed27602e2acf7d530d10cf976d4049be32a8..ed7b18b8b322916d66eb39baf03d676e07f893bb 100644 (file)
--- a/src/mon/MonClient.h
+++ b/src/mon/MonClient.h
@@ -77,6 +77,7 @@ private:
   AuthAuthorizeHandlerRegistry *authorize_handler_registry;
 
   bool initialized;
+  bool no_keyring_disabled_cephx;
 
   LogClient *log_client;
   bool more_log_pending;
Unnamed repository; edit this file 'description' to name the repository.