From: Sage Weil <sage@redhat.com>
Date: Tue, 2 Jul 2019 23:04:09 +0000 (-0500)
Subject: mon/AuthMonitor: clear_secrets() in create_initial()
X-Git-Tag: v15.1.0~2255^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a346713516ed6d6935ad6894ffeac3bd41ac99a1;p=ceph.git

mon/AuthMonitor: clear_secrets() in create_initial()

If we are creating the initial state and initial proposal, start with an
empty keyring.  Specifically, we want to clear out any rotating secrets
from a previously failed paxos round so that the subsequent call to
check_rotate() will correctly populate the initial proposal with new
rotating keys.  (When we don't do this, the leader OSD will have the
keys from an earlier round in memory but no other mons will.)

Fixes: http://tracker.ceph.com/issues/40634
Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 6cbe420e4e0..89f88b65cda 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -211,6 +211,7 @@ void AuthMonitor::create_initial()
   dout(10) << "create_initial -- creating initial map" << dendl;
 
   // initialize rotating keys
+  mon->key_server.clear_secrets();
   last_rotating_ver = 0;
   check_rotate();
   ceph_assert(pending_auth.size() == 1);