From 11bbfd5836150083d97371d82482dec2eb14bb4a Mon Sep 17 00:00:00 2001
From: Michael Fritch <mfritch@suse.com>
Date: Fri, 11 Sep 2020 08:10:32 -0600
Subject: [PATCH] mgr/cephadm: remove keyring during daemon post-remove

Fixes: https://tracker.ceph.com/issues/47298
Signed-off-by: Michael Fritch <mfritch@suse.com>
---
 .../mgr/cephadm/services/cephadmservice.py       | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py
index 0593b39d96930..97cd882775e0a 100644
--- a/src/pybind/mgr/cephadm/services/cephadmservice.py
+++ b/src/pybind/mgr/cephadm/services/cephadmservice.py
@@ -242,6 +242,10 @@ class CephService(CephadmService):
 
         return cephadm_config, []
 
+    def post_remove(self, daemon: DaemonDescription) -> None:
+        super().post_remove(daemon)
+        self.remove_keyring(daemon)
+
     def get_auth_entity(self, daemon_id: str, host: str = "") -> AuthEntity:
         """
         Map the daemon id to a cephx keyring entity name
@@ -286,6 +290,18 @@ class CephService(CephadmService):
             'keyring': keyring,
         }
 
+    def remove_keyring(self, daemon: DaemonDescription):
+        daemon_id: str = daemon.daemon_id
+        host: str = daemon.hostname
+
+        entity = self.get_auth_entity(daemon_id, host=host)
+
+        logger.info(f'Remove keyring: {entity}')
+        ret, out, err = self.mgr.check_mon_command({
+            'prefix': 'auth rm',
+            'entity': entity,
+        })
+
 
 class MonService(CephService):
     TYPE = 'mon'
-- 
2.39.5