From: Patrick Donnelly Date: Fri, 9 May 2025 18:54:47 +0000 (-0400) Subject: mon/AuthMonitor: bump auth epoch when wiping service keys X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3e352c108949cb20985783fca102d21303a29bbb;p=ceph-ci.git mon/AuthMonitor: bump auth epoch when wiping service keys Signed-off-by: Patrick Donnelly --- diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 4ec1a9c3420..2efa73fea17 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -16,6 +16,7 @@ #include #include "mon/AuthMonitor.h" +#include "mon/MonmapMonitor.h" #include "mon/Monitor.h" #include "mon/MonitorDBStore.h" #include "mon/OSDMonitor.h" @@ -1916,6 +1917,15 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) } else if (prefix == "auth wipe-rotating-service-keys") { /* N.B.: doing this requires all service daemons to restart to get new service keys. */ /* is this true?? */ + + auto&& monmon = mon.monmon(); + if (!monmon->is_writeable()) { + monmon->wait_for_writeable(op, new PaxosService::C_RetryMessage(this, op)); + return false; + } + + paxos.plug(); + KeyServerData::Incremental rot_inc; rot_inc.op = KeyServerData::AUTH_INC_SET_ROTATING; bool modified = mon.key_server.prepare_rotating_update(rot_inc.rotating_bl, true); @@ -1923,8 +1933,14 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) rs = "wiped rotating service keys!"; dout(5) << __func__ << " wiped rotating service keys!" << dendl; push_cephx_inc(rot_inc); - wait_for_commit(op, new Monitor::C_Command(mon, op, 0, rs, rdata, - get_last_committed() + 1)); + + auto const next_epoch = get_last_committed() + 1; + monmon->bump_auth_epoch(next_epoch); + request_proposal(monmon); + + paxos.unplug(); + + wait_for_commit(op, new Monitor::C_Command(mon, op, 0, rs, rdata, next_epoch)); return true; } done: