From: Sage Weil Date: Fri, 14 Oct 2016 18:45:02 +0000 (-0400) Subject: auth/cephx: do not re-request *only* the MGR key X-Git-Tag: v11.1.0~632^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F11401%2Fhead;p=ceph.git auth/cephx: do not re-request *only* the MGR key If we request a bunch of service keys, we may not get back a MGR key because of an in-progress upgrade. If we have everything we need except for just the MGR key, do not bother re-requesting it. Instead just continue and we'll re-request it later when the secrets rotate. Signed-off-by: Sage Weil --- diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index ced5ff3a41b1..1254f9a5b180 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -74,7 +74,7 @@ int CephxClientHandler::build_request(bufferlist& bl) const return 0; } - if (need) { + if (_need_tickets()) { /* get service tickets */ ldout(cct, 10) << "get service keys: want=" << want << " need=" << need << " have=" << have << dendl; @@ -96,6 +96,15 @@ int CephxClientHandler::build_request(bufferlist& bl) const return 0; } +bool CephxClientHandler::_need_tickets() const +{ + // do not bother (re)requesting tickets if we *only* need the MGR + // ticket; that can happen during an upgrade and we want to avoid a + // loop. we'll end up re-requesting it later when the secrets + // rotating. + return need && need != CEPH_ENTITY_TYPE_MGR; +} + int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) { ldout(cct, 10) << "handle_response ret = " << ret << dendl; @@ -135,7 +144,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) } ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl; validate_tickets(); - if (need) + if (_need_tickets()) ret = -EAGAIN; else ret = 0; @@ -152,7 +161,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) return -EPERM; } validate_tickets(); - if (!need) { + if (!_need_tickets()) { ret = 0; } } @@ -230,8 +239,11 @@ bool CephxClientHandler::need_tickets() RWLock::WLocker l(lock); validate_tickets(); - ldout(cct, 20) << "need_tickets: want=" << want << " need=" << need << " have=" << have << dendl; + ldout(cct, 20) << "need_tickets: want=" << want + << " have=" << have + << " need=" << need + << dendl; - return (need != 0); + return _need_tickets(); } diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h index d2f4506c9478..1256074ccf21 100644 --- a/src/auth/cephx/CephxClientHandler.h +++ b/src/auth/cephx/CephxClientHandler.h @@ -70,6 +70,7 @@ public: } private: void validate_tickets(); + bool _need_tickets() const; }; #endif