auth: osd loads rotating keys on startup

author Yehuda Sadeh <yehuda@hq.newdream.net>

Tue, 22 Sep 2009 19:13:35 +0000 (12:13 -0700)

committer Yehuda Sadeh <yehuda@hq.newdream.net>

Tue, 22 Sep 2009 19:13:35 +0000 (12:13 -0700)
author Yehuda Sadeh <yehuda@hq.newdream.net>
Tue, 22 Sep 2009 19:13:35 +0000 (12:13 -0700)
committer Yehuda Sadeh <yehuda@hq.newdream.net>
Tue, 22 Sep 2009 19:13:35 +0000 (12:13 -0700)
diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc

index 47bc5f3c0f2c0242b629ac9dd12b0674c6fa8eb7..5a7302751a2f7acfb01cf91aca1ddeacc553efc2 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -55,7 +55,7 @@ bool KeyRing::load_master(const char *filename)
    struct stat st;
    int rc = fstat(fd, &st);
    if (rc != 0) {
-    dout(0) << "error stating key ring file " << filename << dendl;
+    dout(0) << "error stat'ing key ring file " << filename << dendl;
      return false;
    }
    __int32_t len = st.st_size;
diff --git a/src/auth/KeysServer.cc b/src/auth/KeysServer.cc

index 51892c2b11d9856db7aa5731e824cf88a620e2de..143e2c73676f0a08312b40772397fac4f34beba3 100644 (file)
--- a/src/auth/KeysServer.cc
+++ b/src/auth/KeysServer.cc
@@ -238,5 +238,7 @@ bool KeysServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl)
    RotatingSecrets secrets = rotate_iter->second;
  
    encode_encrypt(secrets, specific_key, enc_bl);
+
+  return true;
  }
  
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc

index 7cae40c99ce1a89c5538d9190ccd6411aca4ddf0..b504c3cf960d3cad6c29f34273766c5980fedef0 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -147,7 +147,7 @@ bool AuthMonitor::update_from_paxos()
      inc.decode_entry(entry);
      switch (inc.op) {
      case AUTH_INC_ADD:
-      if (entry.rotating) {
+      if (!entry.rotating) {
          keys_server.add_secret(entry.name, entry.secret);
        } else {
          derr(0) << "got AUTH_INC_ADD with entry.rotating" << dendl;
@@ -293,7 +293,6 @@ bool AuthMonitor::preprocess_command(MMonCommand *m)
    if (m->cmd.size() > 1) {
      if (m->cmd[1] == "add" ||
          m->cmd[1] == "del" ||
-        m->cmd[1] == "activate" ||
          m->cmd[1] == "list") {
        return false;
      }
diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc

index e00747394c65cb563a87c869686108c52d5dabae..1bb3b403196cf3f9f9f9cb0f853b6b57d50853c2 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -32,6 +32,7 @@
  
  #include "auth/Auth.h"
  #include "auth/AuthProtocol.h"
+#include "auth/KeysServer.h"
  
  #include "config.h"
  
@@ -335,7 +336,13 @@ void MonClient::_reopen_session()
  {
    dout(10) << "_reopen_session" << dendl;
    _pick_new_mon();
+
+  dout(0) << "_reopen_session 0" << dendl;
    auth.start_session(this, 30.0);
+  dout(0) << "_reopen_session 1" << dendl;
+  _start_auth_rotating(KEY_ROTATE_TIME);
+  dout(0) << "_reopen_session 2" << dendl;
+
    if (mounting)
      _send_mount();
    if (!sub_have.empty())
@@ -432,13 +439,16 @@ int MonClient::authorize(double timeout)
    return auth.authorize(CEPHX_PRINCIPAL_MON, timeout);
  }
  
-int MonClient::start_auth_rotating(EntityName& name, double timeout)
+int MonClient::_start_auth_rotating(double timeout)
  {
+  if (entity_name.entity_type != CEPHX_PRINCIPAL_OSD)
+    return 0;
+
    MAuthRotating *m = new MAuthRotating();
    if (!m)
      return -ENOMEM;
  
-  Mutex::Locker l(monc_lock);
+  m->entity_name = entity_name;
  
    _send_mon_message(m);
  
@@ -447,12 +457,12 @@ int MonClient::start_auth_rotating(EntityName& name, double timeout)
      return -ENOMEM;
    timer.add_event_after(timeout, auth_timeout_event);
  
-  dout(0) << "MonClient::start_auth_rotating waiting" << dendl;
+  dout(0) << "MonClient::_start_auth_rotating waiting" << dendl;
    auth_cond.Wait(monc_lock);
-  dout(0) << "MonClient::start_auth_rotating wait ended" << dendl;
+  dout(0) << "MonClient::_start_auth_rotating wait ended" << dendl;
  
    if (auth_got_timeout) {
-    dout(0) << "MonClient::start_auth_rotating got timeout" << dendl;
+    dout(0) << "MonClient::_start_auth_rotating got timeout" << dendl;
      return -ETIMEDOUT;
    }
  
diff --git a/src/mon/MonClient.h b/src/mon/MonClient.h

index 111c766a4cfbd8999dc57a36a410d9c11ba65ef0..e82b103723a369a8a6a50547d65b95ac07ec04c8 100644 (file)
--- a/src/mon/MonClient.h
+++ b/src/mon/MonClient.h
@@ -41,6 +41,8 @@ private:
  
    int cur_mon;
  
+  EntityName entity_name;
+
    entity_addr_t my_addr;
  
    Mutex monc_lock;
@@ -104,12 +106,13 @@ private:
    void handle_mount_ack(MClientMountAck* m);
  
  public:
+  void set_entity_name(EntityName name) { entity_name = name; }
    void _auth_rotating_timeout(double timeout) {
      auth_got_timeout = true;
      auth_cond.Signal();
    }
  
- int start_auth_rotating(EntityName& name, double timeout);
+  int _start_auth_rotating(double timeout);
  
    int mount(double mount_timeout);
    int authenticate(double timeout);
diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc

index 66bc5e8a18aff47dcf827ccd59a709fda419b88b..f5ad0394ad8d9f61842496be9ac10467a59deccf 100644 (file)
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -428,6 +428,8 @@ int OSD::init()
    ename.entity_type = CEPHX_PRINCIPAL_OSD;
    ename.name = g_conf.id;
  
+  monc->set_entity_name(ename);
+
    monc->sub_want("monmap", 0);
    monc->renew_subs();
author	Yehuda Sadeh <yehuda@hq.newdream.net>
	Tue, 22 Sep 2009 19:13:35 +0000 (12:13 -0700)
committer	Yehuda Sadeh <yehuda@hq.newdream.net>
	Tue, 22 Sep 2009 19:13:35 +0000 (12:13 -0700)
src/auth/KeyRing.cc		patch \| blob \| history
src/auth/KeysServer.cc		patch \| blob \| history
src/mon/AuthMonitor.cc		patch \| blob \| history
src/mon/MonClient.cc		patch \| blob \| history
src/mon/MonClient.h		patch \| blob \| history
src/osd/OSD.cc		patch \| blob \| history