rgw/iam: CreateRole ignores EEXIST after forwarded request

when issued against a secondary zone in multisite, the CreateRole
request is first forwarded to the metadata master zone and created there

once that forwarded request succeeds, the secondary zone creates the
same role. between these two events, metadata sync may race to replicate
that role from the master. this causes the local role creation to fail
with EEXIST

ignore EEXIST errors from local role creation if we know that our
forwarded request succeeded

Fixes: https://tracker.ceph.com/issues/67012
Signed-off-by: Casey Bodley <cbodley@redhat.com>

diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index 2d6a96cfe62aa29342d0d81b85073dd551a080ed..b824939582de5cdfb88b543d195debc1d6bcb128 100644 (file)
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -314,8 +314,14 @@ void RGWCreateRole::execute(optional_yield y)
 
   op_ret = role->create(s, true, role_id, y);
   if (op_ret == -EEXIST) {
-    op_ret = -ERR_ROLE_EXISTS;
-    return;
+    if (site.is_meta_master()) {
+      op_ret = -ERR_ROLE_EXISTS;
+      return;
+    }
+    // the forwarded request succeeded on the metadata master. if we get
+    // EEXIST now, it's probably because metadata sync raced to replicate
+    // this first
+    op_ret = 0;
   }
 
   if (op_ret == 0) {