From 63ce5d9c12c107f63660442178a62e010035bd7f Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Thu, 18 Jul 2024 09:48:40 -0400 Subject: [PATCH] rgw/iam: CreateRole ignores EEXIST after forwarded request when issued against a secondary zone in multisite, the CreateRole request is first forwarded to the metadata master zone and created there once that forwarded request succeeds, the secondary zone creates the same role. between these two events, metadata sync may race to replicate that role from the master. this causes the local role creation to fail with EEXIST ignore EEXIST errors from local role creation if we know that our forwarded request succeeded Fixes: https://tracker.ceph.com/issues/67012 Signed-off-by: Casey Bodley (cherry picked from commit cd2042b1ad097af81615b3e24ac9afe14819f436) --- src/rgw/rgw_rest_role.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index 2d6a96cfe62aa..b824939582de5 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -314,8 +314,14 @@ void RGWCreateRole::execute(optional_yield y) op_ret = role->create(s, true, role_id, y); if (op_ret == -EEXIST) { - op_ret = -ERR_ROLE_EXISTS; - return; + if (site.is_meta_master()) { + op_ret = -ERR_ROLE_EXISTS; + return; + } + // the forwarded request succeeded on the metadata master. if we get + // EEXIST now, it's probably because metadata sync raced to replicate + // this first + op_ret = 0; } if (op_ret == 0) { -- 2.39.5