From ed4a692254e71ce7b30566dfd6d16e8a070b3461 Mon Sep 17 00:00:00 2001
From: John Spray <john.spray@redhat.com>
Date: Thu, 19 Oct 2017 09:28:18 -0400
Subject: [PATCH] mon: don't blow away bootstrap-mgr on upgrades

Fixes: http://tracker.ceph.com/issues/20950
Signed-off-by: John Spray <john.spray@redhat.com>
(cherry picked from commit 57229ea2a4369518c7a16b7a09b045b7896f5a70)
---
 src/mon/AuthMonitor.cc | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index c9c836dc515..1f13145a6d9 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1551,11 +1551,15 @@ void AuthMonitor::upgrade_format()
       }
     }
 
-    // add bootstrap key
-    {
+    // add bootstrap key if it does not already exist
+    // (might have already been get-or-create'd by
+    //  ceph-create-keys)
+    EntityName bootstrap_mgr_name;
+    int r = bootstrap_mgr_name.from_str("client.bootstrap-mgr");
+    assert(r);
+    if (!mon->key_server.contains(bootstrap_mgr_name)) {
       KeyServerData::Incremental auth_inc;
-      bool r = auth_inc.name.from_str("client.bootstrap-mgr");
-      assert(r);
+      auth_inc.name = bootstrap_mgr_name;
       ::encode("allow profile bootstrap-mgr", auth_inc.auth.caps["mon"]);
       auth_inc.op = KeyServerData::AUTH_INC_ADD;
       // generate key
-- 
2.47.3