From d6f58697c7443a5323abe96a5f6763d1beea52b7 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Tue, 2 Jul 2019 18:04:09 -0500 Subject: [PATCH] mon/AuthMonitor: clear_secrets() in create_initial() If we are creating the initial state and initial proposal, start with an empty keyring. Specifically, we want to clear out any rotating secrets from a previously failed paxos round so that the subsequent call to check_rotate() will correctly populate the initial proposal with new rotating keys. (When we don't do this, the leader OSD will have the keys from an earlier round in memory but no other mons will.) Fixes: http://tracker.ceph.com/issues/40634 Signed-off-by: Sage Weil (cherry picked from commit a346713516ed6d6935ad6894ffeac3bd41ac99a1) --- src/mon/AuthMonitor.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 6cbe420e4e0..89f88b65cda 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -211,6 +211,7 @@ void AuthMonitor::create_initial() dout(10) << "create_initial -- creating initial map" << dendl; // initialize rotating keys + mon->key_server.clear_secrets(); last_rotating_ver = 0; check_rotate(); ceph_assert(pending_auth.size() == 1); -- 2.47.3