From: Sage Weil <sage@redhat.com>
Date: Tue, 2 Jul 2019 23:04:09 +0000 (-0500)
Subject: mon/AuthMonitor: clear_secrets() in create_initial()
X-Git-Tag: v13.2.7~157^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1ebaaaa3f03cbfa438283fdaabeb326bb7d7e339;p=ceph.git

mon/AuthMonitor: clear_secrets() in create_initial()

If we are creating the initial state and initial proposal, start with an
empty keyring.  Specifically, we want to clear out any rotating secrets
from a previously failed paxos round so that the subsequent call to
check_rotate() will correctly populate the initial proposal with new
rotating keys.  (When we don't do this, the leader OSD will have the
keys from an earlier round in memory but no other mons will.)

Fixes: http://tracker.ceph.com/issues/40634
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit a346713516ed6d6935ad6894ffeac3bd41ac99a1)
---

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index a25a5fb1c10..126758e0c45 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -171,6 +171,7 @@ void AuthMonitor::create_initial()
   dout(10) << "create_initial -- creating initial map" << dendl;
 
   // initialize rotating keys
+  mon->key_server.clear_secrets();
   last_rotating_ver = 0;
   check_rotate();
   assert(pending_auth.size() == 1);