From: Sage Weil Date: Tue, 7 Aug 2018 17:59:25 +0000 (-0500) Subject: mon: only share monmap after authenticated X-Git-Tag: v14.0.1~464^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F23741%2Fhead;p=ceph.git mon: only share monmap after authenticated It is no longer necessary to fetch a monmap pre-authentication, something we previous did for get_monmap_privately(). New code has replaced this with get_monmap_and_config(), and it authenticates in order to get that same information (plus configs). That change was made in mimic, but we must support upgrades from N-2, which means that luminous daemons still need to function. The only caller for get_monmap_privately() in luminous is from ceph-osd during mkfs. Disabling this here means that new OSDs cannot be created using nautilus mons and a luminous ceph-osd. Include a note for the (future) nautilus upgrade notes. Reported-by: Christopher Ryan Harrell Signed-off-by: Sage Weil --- diff --git a/PendingReleaseNotes b/PendingReleaseNotes index ae5a1b3e33c..1742eaa6fe3 100644 --- a/PendingReleaseNotes +++ b/PendingReleaseNotes @@ -36,3 +36,16 @@ * The ``osd_heartbeat_addr`` option has been removed as it served no (good) purpose: the OSD should always check heartbeats on both the public and cluster networks. + + + + + + + +Upgrading from Luminous +----------------------- + +* During the upgrade from luminous to nautilus, it will not be possible to create + a new OSD using a luminous ceph-osd daemon after the monitors have been + upgraded to nautilus. diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 687be108770..a81f8cfc663 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -4111,17 +4111,6 @@ void Monitor::dispatch_op(MonOpRequestRef op) case CEPH_MSG_PING: handle_ping(op); return; - - /* MMonGetMap may be used by clients to obtain a monmap *before* - * authenticating with the monitor. We need to handle these without - * checking caps because, even on a cluster without cephx, we only set - * session caps *after* the auth handshake. A good example of this - * is when a client calls MonClient::get_monmap_privately(), which does - * not authenticate when obtaining a monmap. - */ - case CEPH_MSG_MON_GET_MAP: - handle_mon_get_map(op); - return; } if (!op->get_session()->authenticated) { @@ -4132,6 +4121,10 @@ void Monitor::dispatch_op(MonOpRequestRef op) } switch (op->get_req()->get_type()) { + case CEPH_MSG_MON_GET_MAP: + handle_mon_get_map(op); + return; + case MSG_GET_CONFIG: configmon()->handle_get_config(op); return;