mon/AuthMonitor: clear_secrets() in create_initial()

If we are creating the initial state and initial proposal, start with an
empty keyring.  Specifically, we want to clear out any rotating secrets
from a previously failed paxos round so that the subsequent call to
check_rotate() will correctly populate the initial proposal with new
rotating keys.  (When we don't do this, the leader OSD will have the
keys from an earlier round in memory but no other mons will.)

Fixes: http://tracker.ceph.com/issues/40634
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit a346713516ed6d6935ad6894ffeac3bd41ac99a1)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 6cbe420e4e0df6571e7ea667850dc74bfd9422d4..89f88b65cda78d124c6361429f88ecb0b4ce8f92 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -211,6 +211,7 @@ void AuthMonitor::create_initial()
   dout(10) << "create_initial -- creating initial map" << dendl;
 
   // initialize rotating keys
+  mon->key_server.clear_secrets();
   last_rotating_ver = 0;
   check_rotate();
   ceph_assert(pending_auth.size() == 1);