auth: remove superfluous error log message

It's also possible that _refresh_config can be called multiple times before the
keyring config has been set (by an arg/env for instance). This would pollute
the log with erroneous error warnings.

MonClient::authenticate already warns about this.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

diff --git a/src/auth/AuthRegistry.cc b/src/auth/AuthRegistry.cc
index 4dfba8486bd9fe0c98ee4bf9ef59b2fb1618369b..7c8a72b7b797e51793a4e1bcf8d6c8f59830f97e 100644 (file)
--- a/src/auth/AuthRegistry.cc
+++ b/src/auth/AuthRegistry.cc
@@ -175,10 +175,6 @@ void AuthRegistry::_refresh_config()
        }
       }
     }
-    if (_no_keyring_disabled_cephx) {
-      lderr(cct) << "no keyring found at " << cct->_conf->keyring
-              << ", disabling cephx" << dendl;
-    }
   }
 }
 

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index 008c9c19c34bc1f6f4557458560d2fb75edb42e4..37c1d67316ad7f3f0c3729a6d3f73495c4be350c 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -48,12 +48,11 @@ int KeyRing::from_ceph_context(CephContext *cct)
   int ret = ceph_resolve_file_search(conf->keyring, filename);
   if (!ret) {
     ret = load(cct, filename);
-    if (ret < 0)
+    if (ret < 0) {
       lderr(cct) << "failed to load " << filename
                 << ": " << cpp_strerror(ret) << dendl;
-  } else if (conf->key.empty() && conf->keyfile.empty()) {
-    lderr(cct) << "unable to find a keyring on " << conf->keyring
-              << ": " << cpp_strerror(ret) << dendl;
+    }
+    return ret;
   }
 
   if (!conf->key.empty()) {
@@ -82,15 +81,17 @@ int KeyRing::from_ceph_context(CephContext *cct)
     try {
       ea.key.decode_base64(k);
       add(conf->name, ea);
+      return 0;
     }
     catch (ceph::buffer::error& e) {
       lderr(cct) << "failed to decode key '" << k << "'" << dendl;
       return -EINVAL;
     }
-    return 0;
   }
 
-  return ret;
+  /* this can happen during startup when configs are still being set */
+  ldout(cct, 2) << "unable to find a keyring on " << conf->keyring << ": " << cpp_strerror(ret) << dendl;
+  return -ENOENT;
 }
 
 int KeyRing::set_modifier(const char *type,

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 872b1046624839776ae3f9b0f5b3b02f8d9c8d34..c0de55abf421866e3ad1044d25719a18178beb39 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -523,6 +523,8 @@ int MonClient::init()
     }
   }
   if (!auth_registry.any_supported_methods(messenger->get_mytype())) {
+    lderr(cct) << "no supported authentication method found! Is the keyring missing?" << dendl;
+    lderr(cct) << "Try debugging using arguments: --debug_monc=20 --debug_auth=5" << dendl;
     return -ENOENT;
   }