From: Patrick Donnelly Date: Fri, 9 May 2025 18:54:47 +0000 (-0400) Subject: mon/AuthMonitor: bump auth epoch when wiping service keys X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1b15bdd4ecb96d58971b44f2a0de290750b4ce42;p=ceph-ci.git mon/AuthMonitor: bump auth epoch when wiping service keys Signed-off-by: Patrick Donnelly --- diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 3326070ec17..d69655cc6a4 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -15,6 +15,7 @@ #include #include "mon/AuthMonitor.h" +#include "mon/MonmapMonitor.h" #include "mon/Monitor.h" #include "mon/MonitorDBStore.h" #include "mon/OSDMonitor.h" @@ -1915,6 +1916,15 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) } else if (prefix == "auth wipe-rotating-service-keys") { /* N.B.: doing this requires all service daemons to restart to get new service keys. */ /* is this true?? */ + + auto&& monmon = mon.monmon(); + if (!monmon->is_writeable()) { + monmon->wait_for_writeable(op, new PaxosService::C_RetryMessage(this, op)); + return false; + } + + paxos.plug(); + KeyServerData::Incremental rot_inc; rot_inc.op = KeyServerData::AUTH_INC_SET_ROTATING; bool modified = mon.key_server.prepare_rotating_update(rot_inc.rotating_bl, true); @@ -1922,8 +1932,14 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) rs = "wiped rotating service keys!"; dout(5) << __func__ << " wiped rotating service keys!" << dendl; push_cephx_inc(rot_inc); - wait_for_commit(op, new Monitor::C_Command(mon, op, 0, rs, rdata, - get_last_committed() + 1)); + + auto const next_epoch = get_last_committed() + 1; + monmon->bump_auth_epoch(next_epoch); + request_proposal(monmon); + + paxos.unplug(); + + wait_for_commit(op, new Monitor::C_Command(mon, op, 0, rs, rdata, next_epoch)); return true; } done: