mon/MonClient: do not request MGR key from pre-kraken mons

If we do, the older mon will return EPERM.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 19b76405a96d5c70117a293bba240ccd39175a44..1e6dcc122f3b2f66b9364959ff0fbe51e436a38f 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -494,6 +494,18 @@ void MonClient::handle_auth(MAuthReply *m)
        m->put();
        return;
       }
+      // do not request MGR key unless the mon has the SERVER_KRAKEN
+      // feature.  otherwise it will give us an auth error.  note that
+      // we have to check for both the kraken and jewel key because
+      // pre-jewel the kraken feature bit was used for something else.
+      if ((want_keys & CEPH_ENTITY_TYPE_MGR) &&
+         !(m->get_connection()->has_feature(CEPH_FEATURE_SERVER_KRAKEN) &&
+           m->get_connection()->has_feature(CEPH_FEATURE_SERVER_JEWEL))) {
+       ldout(cct, 1) << __func__
+                     << " not requesting MGR keys from pre-kraken monitor"
+                     << dendl;
+       want_keys &= ~CEPH_ENTITY_TYPE_MGR;
+      }
       auth->set_want_keys(want_keys);
       auth->init(entity_name);
       auth->set_global_id(global_id);