From bf0dc6dbdb1cfaf58125c60722f1f417f5d28b92 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Mon, 10 Oct 2016 16:59:28 -0400
Subject: [PATCH] mon/MonClient: do not request MGR key from pre-kraken mons

If we do, the older mon will return EPERM.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/MonClient.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 19b76405a96..1e6dcc122f3 100644
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -494,6 +494,18 @@ void MonClient::handle_auth(MAuthReply *m)
 	m->put();
 	return;
       }
+      // do not request MGR key unless the mon has the SERVER_KRAKEN
+      // feature.  otherwise it will give us an auth error.  note that
+      // we have to check for both the kraken and jewel key because
+      // pre-jewel the kraken feature bit was used for something else.
+      if ((want_keys & CEPH_ENTITY_TYPE_MGR) &&
+	  !(m->get_connection()->has_feature(CEPH_FEATURE_SERVER_KRAKEN) &&
+	    m->get_connection()->has_feature(CEPH_FEATURE_SERVER_JEWEL))) {
+	ldout(cct, 1) << __func__
+		      << " not requesting MGR keys from pre-kraken monitor"
+		      << dendl;
+	want_keys &= ~CEPH_ENTITY_TYPE_MGR;
+      }
       auth->set_want_keys(want_keys);
       auth->init(entity_name);
       auth->set_global_id(global_id);
-- 
2.47.3