From b9d2456fa6939eed317eaddef8ddf7ca077b564d Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Tue, 26 Jul 2022 09:31:38 +0000 Subject: [PATCH] crimson/monc: unify handling auth_service_ticket_ttl with classical OSD In the classical `MonClient` the `auth_service_ticket_ttl` is lower bounded to `30` units. ```cpp utime_t now = ceph_clock_now(); utime_t cutoff = now; cutoff -= std::min(30.0, cct->_conf->auth_service_ticket_ttl / 4.0); utime_t issued_at_lower_bound = now; issued_at_lower_bound -= cct->_conf->auth_service_ticket_ttl; if (!rotating_secrets->need_new_secrets(cutoff)) { ldout(cct, 10) << "_check_auth_rotating have uptodate secrets (they expire after " << cutoff << ")" << dendl; rotating_secrets->dump_rotating(); return 0; } ``` The unification affects also the debug mesages. Signed-off-by: Radoslaw Zarzynski --- src/crimson/mon/MonClient.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc index 7f2b821b5861c..aee0c51701904 100644 --- a/src/crimson/mon/MonClient.cc +++ b/src/crimson/mon/MonClient.cc @@ -156,9 +156,14 @@ seastar::future<> Connection::renew_rotating_keyring() auto now = clock_t::now(); auto ttl = std::chrono::seconds{ static_cast(crimson::common::local_conf()->auth_service_ticket_ttl)}; - auto cutoff = now - ttl / 4; - if (!rotating_keyring->need_new_secrets(utime_t(cutoff))) { + auto cutoff = utime_t{now - std::min(std::chrono::seconds{30}, ttl / 4)}; + if (!rotating_keyring->need_new_secrets(cutoff)) { + logger().debug("renew_rotating_keyring secrets are up-to-date " + "(they expire after {})", cutoff); return seastar::now(); + } else { + logger().info("renew_rotating_keyring renewing rotating keys " + " (they expired before {})", cutoff); } if (now - last_rotating_renew_sent < std::chrono::seconds{1}) { logger().info("renew_rotating_keyring called too often"); -- 2.39.5