auth/cephx: do not re-request *only* the MGR key

If we request a bunch of service keys, we may not get
back a MGR key because of an in-progress upgrade.  If we
have everything we need except for just the MGR key, do
not bother re-requesting it.  Instead just continue and
we'll re-request it later when the secrets rotate.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc
index ced5ff3a41b1670f28191d0a7e2b29251550506d..1254f9a5b18061a00ce4327296fcd51fa735ae5c 100644 (file)
--- a/src/auth/cephx/CephxClientHandler.cc
+++ b/src/auth/cephx/CephxClientHandler.cc
@@ -74,7 +74,7 @@ int CephxClientHandler::build_request(bufferlist& bl) const
     return 0;
   }
 
-  if (need) {
+  if (_need_tickets()) {
     /* get service tickets */
     ldout(cct, 10) << "get service keys: want=" << want << " need=" << need << " have=" << have << dendl;
 
@@ -96,6 +96,15 @@ int CephxClientHandler::build_request(bufferlist& bl) const
   return 0;
 }
 
+bool CephxClientHandler::_need_tickets() const
+{
+  // do not bother (re)requesting tickets if we *only* need the MGR
+  // ticket; that can happen during an upgrade and we want to avoid a
+  // loop.  we'll end up re-requesting it later when the secrets
+  // rotating.
+  return need && need != CEPH_ENTITY_TYPE_MGR;
+}
+
 int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
 {
   ldout(cct, 10) << "handle_response ret = " << ret << dendl;
@@ -135,7 +144,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
       }
       ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl;
       validate_tickets();
-      if (need)
+      if (_need_tickets())
        ret = -EAGAIN;
       else
        ret = 0;
@@ -152,7 +161,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
         return -EPERM;
       }
       validate_tickets();
-      if (!need) {
+      if (!_need_tickets()) {
        ret = 0;
       }
     }
@@ -230,8 +239,11 @@ bool CephxClientHandler::need_tickets()
   RWLock::WLocker l(lock);
   validate_tickets();
 
-  ldout(cct, 20) << "need_tickets: want=" << want << " need=" << need << " have=" << have << dendl;
+  ldout(cct, 20) << "need_tickets: want=" << want
+                << " have=" << have
+                << " need=" << need
+                << dendl;
 
-  return (need != 0);
+  return _need_tickets();
 }
 

diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h
index d2f4506c947894989eff6490981cb0f41c9fd4be..1256074ccf210ead33380e8453ec3a4eece4e5ec 100644 (file)
--- a/src/auth/cephx/CephxClientHandler.h
+++ b/src/auth/cephx/CephxClientHandler.h
@@ -70,6 +70,7 @@ public:
   }
 private:
   void validate_tickets();
+  bool _need_tickets() const;
 };
 
 #endif