From: Patrick Donnelly <pdonnell@ibm.com>
Date: Tue, 16 Sep 2025 20:02:05 +0000 (-0400)
Subject: auth: remove superfluous error log message
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ded3f446adab3b17cfda073cbf489c543a8abf4d;p=ceph-ci.git

auth: remove superfluous error log message

It's also possible that _refresh_config can be called multiple times before the
keyring config has been set (by an arg/env for instance). This would pollute
the log with erroneous error warnings.

MonClient::authenticate already warns about this.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
---

diff --git a/src/auth/AuthRegistry.cc b/src/auth/AuthRegistry.cc
index 4dfba8486bd..7c8a72b7b79 100644
--- a/src/auth/AuthRegistry.cc
+++ b/src/auth/AuthRegistry.cc
@@ -175,10 +175,6 @@ void AuthRegistry::_refresh_config()
 	}
       }
     }
-    if (_no_keyring_disabled_cephx) {
-      lderr(cct) << "no keyring found at " << cct->_conf->keyring
-	       << ", disabling cephx" << dendl;
-    }
   }
 }
 
diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index 008c9c19c34..37c1d67316a 100644
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -48,12 +48,11 @@ int KeyRing::from_ceph_context(CephContext *cct)
   int ret = ceph_resolve_file_search(conf->keyring, filename);
   if (!ret) {
     ret = load(cct, filename);
-    if (ret < 0)
+    if (ret < 0) {
       lderr(cct) << "failed to load " << filename
 		 << ": " << cpp_strerror(ret) << dendl;
-  } else if (conf->key.empty() && conf->keyfile.empty()) {
-    lderr(cct) << "unable to find a keyring on " << conf->keyring
-	       << ": " << cpp_strerror(ret) << dendl;
+    }
+    return ret;
   }
 
   if (!conf->key.empty()) {
@@ -82,15 +81,17 @@ int KeyRing::from_ceph_context(CephContext *cct)
     try {
       ea.key.decode_base64(k);
       add(conf->name, ea);
+      return 0;
     }
     catch (ceph::buffer::error& e) {
       lderr(cct) << "failed to decode key '" << k << "'" << dendl;
       return -EINVAL;
     }
-    return 0;
   }
 
-  return ret;
+  /* this can happen during startup when configs are still being set */
+  ldout(cct, 2) << "unable to find a keyring on " << conf->keyring << ": " << cpp_strerror(ret) << dendl;
+  return -ENOENT;
 }
 
 int KeyRing::set_modifier(const char *type,
diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 872b1046624..c0de55abf42 100644
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -523,6 +523,8 @@ int MonClient::init()
     }
   }
   if (!auth_registry.any_supported_methods(messenger->get_mytype())) {
+    lderr(cct) << "no supported authentication method found! Is the keyring missing?" << dendl;
+    lderr(cct) << "Try debugging using arguments: --debug_monc=20 --debug_auth=5" << dendl;
     return -ENOENT;
   }