From: Radoslaw Zarzynski Date: Tue, 26 Jul 2022 09:31:38 +0000 (+0000) Subject: crimson/monc: unify handling auth_service_ticket_ttl with classical OSD X-Git-Tag: v18.0.0~421^2~1 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=b9d2456fa6939eed317eaddef8ddf7ca077b564d;p=ceph-ci.git crimson/monc: unify handling auth_service_ticket_ttl with classical OSD In the classical `MonClient` the `auth_service_ticket_ttl` is lower bounded to `30` units. ```cpp utime_t now = ceph_clock_now(); utime_t cutoff = now; cutoff -= std::min(30.0, cct->_conf->auth_service_ticket_ttl / 4.0); utime_t issued_at_lower_bound = now; issued_at_lower_bound -= cct->_conf->auth_service_ticket_ttl; if (!rotating_secrets->need_new_secrets(cutoff)) { ldout(cct, 10) << "_check_auth_rotating have uptodate secrets (they expire after " << cutoff << ")" << dendl; rotating_secrets->dump_rotating(); return 0; } ``` The unification affects also the debug mesages. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc index 7f2b821b586..aee0c517019 100644 --- a/src/crimson/mon/MonClient.cc +++ b/src/crimson/mon/MonClient.cc @@ -156,9 +156,14 @@ seastar::future<> Connection::renew_rotating_keyring() auto now = clock_t::now(); auto ttl = std::chrono::seconds{ static_cast(crimson::common::local_conf()->auth_service_ticket_ttl)}; - auto cutoff = now - ttl / 4; - if (!rotating_keyring->need_new_secrets(utime_t(cutoff))) { + auto cutoff = utime_t{now - std::min(std::chrono::seconds{30}, ttl / 4)}; + if (!rotating_keyring->need_new_secrets(cutoff)) { + logger().debug("renew_rotating_keyring secrets are up-to-date " + "(they expire after {})", cutoff); return seastar::now(); + } else { + logger().info("renew_rotating_keyring renewing rotating keys " + " (they expired before {})", cutoff); } if (now - last_rotating_renew_sent < std::chrono::seconds{1}) { logger().info("renew_rotating_keyring called too often");