From 741c021b062d77ddd7ccd82af57b6c1a7c6d2b28 Mon Sep 17 00:00:00 2001 From: Patrick Donnelly Date: Fri, 9 May 2025 14:54:47 -0400 Subject: [PATCH] mon/AuthMonitor: bump auth epoch when wiping service keys Signed-off-by: Patrick Donnelly (cherry picked from commit 77293673ccd2266967e519857d3d9c8d83ca94dc) --- src/mon/AuthMonitor.cc | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 3326070ec17..d69655cc6a4 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -15,6 +15,7 @@ #include #include "mon/AuthMonitor.h" +#include "mon/MonmapMonitor.h" #include "mon/Monitor.h" #include "mon/MonitorDBStore.h" #include "mon/OSDMonitor.h" @@ -1915,6 +1916,15 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) } else if (prefix == "auth wipe-rotating-service-keys") { /* N.B.: doing this requires all service daemons to restart to get new service keys. */ /* is this true?? */ + + auto&& monmon = mon.monmon(); + if (!monmon->is_writeable()) { + monmon->wait_for_writeable(op, new PaxosService::C_RetryMessage(this, op)); + return false; + } + + paxos.plug(); + KeyServerData::Incremental rot_inc; rot_inc.op = KeyServerData::AUTH_INC_SET_ROTATING; bool modified = mon.key_server.prepare_rotating_update(rot_inc.rotating_bl, true); @@ -1922,8 +1932,14 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) rs = "wiped rotating service keys!"; dout(5) << __func__ << " wiped rotating service keys!" << dendl; push_cephx_inc(rot_inc); - wait_for_commit(op, new Monitor::C_Command(mon, op, 0, rs, rdata, - get_last_committed() + 1)); + + auto const next_epoch = get_last_committed() + 1; + monmon->bump_auth_epoch(next_epoch); + request_proposal(monmon); + + paxos.unplug(); + + wait_for_commit(op, new Monitor::C_Command(mon, op, 0, rs, rdata, next_epoch)); return true; } done: -- 2.39.5