auth: tolerate missing mgr keys #11360
Closed
Commits on Oct 5, 2016
-
auth/cephx: tolerate missing rotating keys
During an upgrade, we may have a client requesting an MGR service key but not have one in the database yet, either because we *just* upgraded and haven't generated one yet, or because the leader mon hasn't been upgraded yet. Fix this by silently tolerating a missing key as long as one or more other service keys were present and we have something to give to the client. Signed-off-by: Sage Weil <sage@redhat.com>
-
auth/cephx: do not re-request *only* the MGR key
If we request a bunch of service keys, we may not get back a MGR key because of an in-progress upgrade. If we have everything we need except for just the MGR key, do not bother re-requesting it. Instead just continue and we'll re-request it later when the secrets rotate. Signed-off-by: Sage Weil <sage@redhat.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.