From d83d12b90f7d0c2d81c08d3482bc6fecb2bc9059 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 29 Sep 2021 16:29:43 -0400 Subject: [PATCH] ceph-monstore-tool: include rotating keys in rebuilt mon This avoids an initial period after mon restart in which there are no rotating keys and authentication can fail. Signed-off-by: Sage Weil --- src/tools/CMakeLists.txt | 1 + src/tools/ceph_monstore_tool.cc | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/tools/CMakeLists.txt b/src/tools/CMakeLists.txt index fa10db7f3adc8..4fe63fe4686e8 100644 --- a/src/tools/CMakeLists.txt +++ b/src/tools/CMakeLists.txt @@ -48,6 +48,7 @@ install(TARGETS ceph-osdomap-tool DESTINATION bin) add_executable(ceph-monstore-tool ceph_monstore_tool.cc + ../auth/cephx/CephxKeyServer.cc ../mgr/mgr_commands.cc) target_link_libraries(ceph-monstore-tool os global Boost::program_options) install(TARGETS ceph-monstore-tool DESTINATION bin) diff --git a/src/tools/ceph_monstore_tool.cc b/src/tools/ceph_monstore_tool.cc index 69782690b4053..87b84386ed173 100644 --- a/src/tools/ceph_monstore_tool.cc +++ b/src/tools/ceph_monstore_tool.cc @@ -497,6 +497,20 @@ static int update_auth(MonitorDBStore& st, const string& keyring_path) inc.encode(bl, CEPH_FEATURES_ALL); } + // prime rotating secrets + { + KeyServer ks(g_ceph_context, nullptr); + KeyServerData::Incremental auth_inc; + auth_inc.op = KeyServerData::AUTH_INC_SET_ROTATING; + bool r = ks.prepare_rotating_update(auth_inc.rotating_bl); + ceph_assert(r); + AuthMonitor::Incremental inc; + inc.inc_type = AuthMonitor::AUTH_DATA; + encode(auth_inc, inc.auth_data); + inc.auth_type = CEPH_AUTH_CEPHX; + inc.encode(bl, CEPH_FEATURES_ALL); + } + const string prefix("auth"); auto last_committed = st.get(prefix, "last_committed") + 1; auto t = make_shared(); -- 2.39.5