From 1ebaaaa3f03cbfa438283fdaabeb326bb7d7e339 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Tue, 2 Jul 2019 18:04:09 -0500 Subject: [PATCH] mon/AuthMonitor: clear_secrets() in create_initial() If we are creating the initial state and initial proposal, start with an empty keyring. Specifically, we want to clear out any rotating secrets from a previously failed paxos round so that the subsequent call to check_rotate() will correctly populate the initial proposal with new rotating keys. (When we don't do this, the leader OSD will have the keys from an earlier round in memory but no other mons will.) Fixes: http://tracker.ceph.com/issues/40634 Signed-off-by: Sage Weil (cherry picked from commit a346713516ed6d6935ad6894ffeac3bd41ac99a1) --- src/mon/AuthMonitor.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index a25a5fb1c1083..126758e0c458a 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -171,6 +171,7 @@ void AuthMonitor::create_initial() dout(10) << "create_initial -- creating initial map" << dendl; // initialize rotating keys + mon->key_server.clear_secrets(); last_rotating_ver = 0; check_rotate(); assert(pending_auth.size() == 1); -- 2.39.5