From 16fda71354a5dce317093fe1dfa5f5132149c031 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Fri, 14 Oct 2016 14:45:02 -0400
Subject: [PATCH] auth/cephx: do not re-request *only* the MGR key

If we request a bunch of service keys, we may not get
back a MGR key because of an in-progress upgrade.  If we
have everything we need except for just the MGR key, do
not bother re-requesting it.  Instead just continue and
we'll re-request it later when the secrets rotate.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/auth/cephx/CephxClientHandler.cc | 22 +++++++++++++++++-----
 src/auth/cephx/CephxClientHandler.h  |  1 +
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc
index ced5ff3a41b..1254f9a5b18 100644
--- a/src/auth/cephx/CephxClientHandler.cc
+++ b/src/auth/cephx/CephxClientHandler.cc
@@ -74,7 +74,7 @@ int CephxClientHandler::build_request(bufferlist& bl) const
     return 0;
   }
 
-  if (need) {
+  if (_need_tickets()) {
     /* get service tickets */
     ldout(cct, 10) << "get service keys: want=" << want << " need=" << need << " have=" << have << dendl;
 
@@ -96,6 +96,15 @@ int CephxClientHandler::build_request(bufferlist& bl) const
   return 0;
 }
 
+bool CephxClientHandler::_need_tickets() const
+{
+  // do not bother (re)requesting tickets if we *only* need the MGR
+  // ticket; that can happen during an upgrade and we want to avoid a
+  // loop.  we'll end up re-requesting it later when the secrets
+  // rotating.
+  return need && need != CEPH_ENTITY_TYPE_MGR;
+}
+
 int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
 {
   ldout(cct, 10) << "handle_response ret = " << ret << dendl;
@@ -135,7 +144,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
       }
       ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl;
       validate_tickets();
-      if (need)
+      if (_need_tickets())
 	ret = -EAGAIN;
       else
 	ret = 0;
@@ -152,7 +161,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
         return -EPERM;
       }
       validate_tickets();
-      if (!need) {
+      if (!_need_tickets()) {
 	ret = 0;
       }
     }
@@ -230,8 +239,11 @@ bool CephxClientHandler::need_tickets()
   RWLock::WLocker l(lock);
   validate_tickets();
 
-  ldout(cct, 20) << "need_tickets: want=" << want << " need=" << need << " have=" << have << dendl;
+  ldout(cct, 20) << "need_tickets: want=" << want
+		 << " have=" << have
+		 << " need=" << need
+		 << dendl;
 
-  return (need != 0);
+  return _need_tickets();
 }
 
diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h
index d2f4506c947..1256074ccf2 100644
--- a/src/auth/cephx/CephxClientHandler.h
+++ b/src/auth/cephx/CephxClientHandler.h
@@ -70,6 +70,7 @@ public:
   }
 private:
   void validate_tickets();
+  bool _need_tickets() const;
 };
 
 #endif
-- 
2.47.3