From 708f02011573c1640cb3bdf8cb565637e153a7e4 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 16 Jan 2019 15:39:53 -0600 Subject: [PATCH 1/3] msg/simple: remove forced authorizer refresh This synchronous check has always been kludgey; remove it and just fault instead, just like we did with 794a8f9cf51cf176636d114ccfbbf68fbc304083 in AsyncMessenger. Signed-off-by: Sage Weil --- src/msg/simple/Pipe.cc | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/msg/simple/Pipe.cc b/src/msg/simple/Pipe.cc index f0a2a4b1ca6..9210224e50e 100644 --- a/src/msg/simple/Pipe.cc +++ b/src/msg/simple/Pipe.cc @@ -993,8 +993,6 @@ void Pipe::set_socket_options() int Pipe::connect() { - bool got_bad_auth = false; - ldout(msgr->cct,10) << "connect " << connect_seq << dendl; ceph_assert(pipe_lock.is_locked()); @@ -1260,13 +1258,7 @@ int Pipe::connect() if (reply.tag == CEPH_MSGR_TAG_BADAUTHORIZER) { ldout(msgr->cct,0) << "connect got BADAUTHORIZER" << dendl; - if (got_bad_auth) - goto stop_locked; - got_bad_auth = true; - pipe_lock.Unlock(); - delete authorizer; - authorizer = msgr->ms_deliver_get_authorizer(peer_type, true); - continue; + goto fail_locked; } if (reply.tag == CEPH_MSGR_TAG_RESETSESSION) { ldout(msgr->cct,0) << "connect got RESETSESSION" << dendl; From 7bb583f2bd2bb8fa556978b8c97906fdbce1fafc Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 16 Jan 2019 15:44:06 -0600 Subject: [PATCH 2/3] crimson/net: drop authenticator retry Signed-off-by: Sage Weil --- src/crimson/net/SocketConnection.cc | 13 ++----------- src/crimson/net/SocketConnection.h | 1 - 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/src/crimson/net/SocketConnection.cc b/src/crimson/net/SocketConnection.cc index 745348f91f2..587fc397857 100644 --- a/src/crimson/net/SocketConnection.cc +++ b/src/crimson/net/SocketConnection.cc @@ -648,17 +648,8 @@ SocketConnection::handle_connect_reply(msgr_tag_t tag) logger().error("{} connect protocol version mispatch", __func__); throw std::system_error(make_error_code(error::negotiation_failure)); case CEPH_MSGR_TAG_BADAUTHORIZER: - if (h.got_bad_auth) { - logger().error("{} got bad authorizer", __func__); - throw std::system_error(make_error_code(error::negotiation_failure)); - } - h.got_bad_auth = true; - // try harder - return dispatcher.ms_get_authorizer(peer_type, true) - .then([this](auto&& auth) { - h.authorizer = std::move(auth); - return stop_t::no; - }); + logger().error("{} got bad authorizer", __func__); + throw std::system_error(make_error_code(error::negotiation_failure)); case CEPH_MSGR_TAG_RESETSESSION: reset_session(); return seastar::make_ready_future(stop_t::no); diff --git a/src/crimson/net/SocketConnection.h b/src/crimson/net/SocketConnection.h index 8cbe575f69a..6d6ea517627 100644 --- a/src/crimson/net/SocketConnection.h +++ b/src/crimson/net/SocketConnection.h @@ -68,7 +68,6 @@ class SocketConnection : public Connection { struct Handshake { ceph_msg_connect connect; ceph_msg_connect_reply reply; - bool got_bad_auth = false; std::unique_ptr authorizer; std::chrono::milliseconds backoff; uint32_t connect_seq = 0; From e62f45d1baa976bc64525ecb3bb49b777d6a0990 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 16 Jan 2019 15:45:32 -0600 Subject: [PATCH 3/3] msg/Dispatcher: remove force_new arg from ms_get_authorizer() Signed-off-by: Sage Weil --- src/client/Client.cc | 2 +- src/client/Client.h | 2 +- src/crimson/net/Dispatcher.cc | 2 +- src/crimson/net/Dispatcher.h | 2 +- src/crimson/net/SocketConnection.cc | 2 +- src/librados/RadosClient.cc | 3 +-- src/librados/RadosClient.h | 2 +- src/mds/MDSDaemon.cc | 8 +------- src/mds/MDSDaemon.h | 2 +- src/mgr/DaemonServer.cc | 11 +++-------- src/mgr/DaemonServer.h | 3 +-- src/mgr/MgrStandby.cc | 9 +-------- src/mgr/MgrStandby.h | 3 +-- src/mon/Monitor.cc | 3 +-- src/mon/Monitor.h | 2 +- src/msg/Dispatcher.h | 4 +++- src/msg/Messenger.h | 4 ++-- src/msg/async/ProtocolV1.cc | 3 +-- src/msg/async/ProtocolV2.cc | 2 +- src/msg/simple/Pipe.cc | 2 +- src/osd/OSD.cc | 12 +----------- src/osd/OSD.h | 7 +++---- src/osdc/Objecter.cc | 3 +-- src/osdc/Objecter.h | 3 +-- src/test/crimson/test_alien_echo.cc | 2 +- src/test/messenger/simple_dispatcher.h | 7 +++---- src/test/messenger/xio_dispatcher.h | 7 +++---- src/tools/cephfs/MDSUtility.cc | 10 +--------- src/tools/cephfs/MDSUtility.h | 3 +-- 29 files changed, 40 insertions(+), 85 deletions(-) diff --git a/src/client/Client.cc b/src/client/Client.cc index 0536ba1aed8..a0b54d3dc10 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -13936,7 +13936,7 @@ bool Client::ms_handle_refused(Connection *con) return false; } -bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) +bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) { if (dest_type == CEPH_ENTITY_TYPE_MON) return true; diff --git a/src/client/Client.h b/src/client/Client.h index 6c4b8b3876a..9b46ad3a5ba 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -924,7 +924,7 @@ protected: bool ms_handle_reset(Connection *con) override; void ms_handle_remote_reset(Connection *con) override; bool ms_handle_refused(Connection *con) override; - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; int authenticate(); diff --git a/src/crimson/net/Dispatcher.cc b/src/crimson/net/Dispatcher.cc index e47290a7025..336ded38f0f 100644 --- a/src/crimson/net/Dispatcher.cc +++ b/src/crimson/net/Dispatcher.cc @@ -4,7 +4,7 @@ namespace ceph::net { seastar::future> -Dispatcher::ms_get_authorizer(peer_type_t, bool force_new) +Dispatcher::ms_get_authorizer(peer_type_t) { return seastar::make_ready_future>(nullptr); } diff --git a/src/crimson/net/Dispatcher.h b/src/crimson/net/Dispatcher.h index f90429cd12f..94d6613e269 100644 --- a/src/crimson/net/Dispatcher.h +++ b/src/crimson/net/Dispatcher.h @@ -53,7 +53,7 @@ class Dispatcher { return seastar::make_ready_future(0, bufferlist{}); } virtual seastar::future> - ms_get_authorizer(peer_type_t, bool force_new); + ms_get_authorizer(peer_type_t); }; } // namespace ceph::net diff --git a/src/crimson/net/SocketConnection.cc b/src/crimson/net/SocketConnection.cc index 587fc397857..766a885bb34 100644 --- a/src/crimson/net/SocketConnection.cc +++ b/src/crimson/net/SocketConnection.cc @@ -737,7 +737,7 @@ SocketConnection::repeat_connect() // this is fyi, actually, server decides! h.connect.flags = policy.lossy ? CEPH_MSG_CONNECT_LOSSY : 0; - return dispatcher.ms_get_authorizer(peer_type, false) + return dispatcher.ms_get_authorizer(peer_type) .then([this](auto&& auth) { h.authorizer = std::move(auth); bufferlist bl; diff --git a/src/librados/RadosClient.cc b/src/librados/RadosClient.cc index 4adc3755cf0..446482e1af2 100644 --- a/src/librados/RadosClient.cc +++ b/src/librados/RadosClient.cc @@ -57,8 +57,7 @@ #define dout_prefix *_dout << "librados: " bool librados::RadosClient::ms_get_authorizer(int dest_type, - AuthAuthorizer **authorizer, - bool force_new) { + AuthAuthorizer **authorizer) { //ldout(cct, 0) << "RadosClient::ms_get_authorizer type=" << dest_type << dendl; /* monitor authorization is being handled on different layer */ if (dest_type == CEPH_ENTITY_TYPE_MON) diff --git a/src/librados/RadosClient.h b/src/librados/RadosClient.h index cc0cc002934..8c12aa066a1 100644 --- a/src/librados/RadosClient.h +++ b/src/librados/RadosClient.h @@ -61,7 +61,7 @@ private: bool _dispatch(Message *m); bool ms_dispatch(Message *m) override; - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; void ms_handle_connect(Connection *con) override; bool ms_handle_reset(Connection *con) override; void ms_handle_remote_reset(Connection *con) override; diff --git a/src/mds/MDSDaemon.cc b/src/mds/MDSDaemon.cc index 0a532b6c4fa..7aadfd43aff 100644 --- a/src/mds/MDSDaemon.cc +++ b/src/mds/MDSDaemon.cc @@ -1169,7 +1169,7 @@ bool MDSDaemon::ms_dispatch2(const Message::ref &m) } } -bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) +bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) { dout(10) << "MDSDaemon::ms_get_authorizer type=" << ceph_entity_type_name(dest_type) << dendl; @@ -1178,12 +1178,6 @@ bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bo if (dest_type == CEPH_ENTITY_TYPE_MON) return true; - if (force_new) { - auto timeout = g_conf().get_val("rotating_keys_renewal_timeout"); - if (monc->wait_auth_rotating(timeout) < 0) - return false; - } - *authorizer = monc->build_authorizer(dest_type); return *authorizer != NULL; } diff --git a/src/mds/MDSDaemon.h b/src/mds/MDSDaemon.h index 366ef26dd9f..130f1044ccf 100644 --- a/src/mds/MDSDaemon.h +++ b/src/mds/MDSDaemon.h @@ -110,7 +110,7 @@ class MDSDaemon : public Dispatcher, public md_config_obs_t { private: bool ms_dispatch2(const Message::ref &m) override; - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; int ms_handle_authentication(Connection *con) override; KeyStore *ms_get_auth1_authorizer_keystore() override; void ms_handle_accept(Connection *con) override; diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc index e240e98fa7b..d9636ff914c 100644 --- a/src/mgr/DaemonServer.cc +++ b/src/mgr/DaemonServer.cc @@ -217,8 +217,9 @@ int DaemonServer::ms_handle_authentication(Connection *con) return ret; } -bool DaemonServer::ms_get_authorizer(int dest_type, - AuthAuthorizer **authorizer, bool force_new) +bool DaemonServer::ms_get_authorizer( + int dest_type, + AuthAuthorizer **authorizer) { dout(10) << "type=" << ceph_entity_type_name(dest_type) << dendl; @@ -226,12 +227,6 @@ bool DaemonServer::ms_get_authorizer(int dest_type, return true; } - if (force_new) { - auto timeout = g_conf().get_val("rotating_keys_renewal_timeout"); - if (monc->wait_auth_rotating(timeout) < 0) - return false; - } - *authorizer = monc->build_authorizer(dest_type); dout(20) << "got authorizer " << *authorizer << dendl; return *authorizer != NULL; diff --git a/src/mgr/DaemonServer.h b/src/mgr/DaemonServer.h index d6a5aafbd6b..35901aad446 100644 --- a/src/mgr/DaemonServer.h +++ b/src/mgr/DaemonServer.h @@ -149,8 +149,7 @@ public: bool ms_handle_reset(Connection *con) override; void ms_handle_remote_reset(Connection *con) override {} bool ms_handle_refused(Connection *con) override; - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, - bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; KeyStore *ms_get_auth1_authorizer_keystore() override; bool handle_open(MMgrOpen *m); diff --git a/src/mgr/MgrStandby.cc b/src/mgr/MgrStandby.cc index 466a703787a..04cac542826 100644 --- a/src/mgr/MgrStandby.cc +++ b/src/mgr/MgrStandby.cc @@ -429,18 +429,11 @@ bool MgrStandby::ms_dispatch(Message *m) } -bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, - bool force_new) +bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) { if (dest_type == CEPH_ENTITY_TYPE_MON) return true; - if (force_new) { - auto timeout = cct->_conf.get_val("rotating_keys_renewal_timeout"); - if (monc.wait_auth_rotating(timeout) < 0) - return false; - } - *authorizer = monc.build_authorizer(dest_type); return *authorizer != NULL; } diff --git a/src/mgr/MgrStandby.h b/src/mgr/MgrStandby.h index 9b1071117ee..cdbd572e2ec 100644 --- a/src/mgr/MgrStandby.h +++ b/src/mgr/MgrStandby.h @@ -73,8 +73,7 @@ public: bool ms_dispatch(Message *m) override; bool ms_handle_reset(Connection *con) override { return false; } void ms_handle_remote_reset(Connection *con) override {} - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, - bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; bool ms_handle_refused(Connection *con) override; int init(); diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index e3dcd96b1bc..c4a8f77d78e 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -5799,8 +5799,7 @@ void Monitor::extract_save_mon_key(KeyRing& keyring) } } -bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer, - bool force_new) +bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer) { dout(10) << "ms_get_authorizer for " << ceph_entity_type_name(service_id) << dendl; diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h index f6ba7231258..018a41110c8 100644 --- a/src/mon/Monitor.h +++ b/src/mon/Monitor.h @@ -888,7 +888,7 @@ public: void dispatch_op(MonOpRequestRef op); //mon_caps is used for un-connected messages from monitors MonCap mon_caps; - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; KeyStore *ms_get_auth1_authorizer_keystore(); public: // for AuthMonitor msgr1: int ms_handle_authentication(Connection *con) override; diff --git a/src/msg/Dispatcher.h b/src/msg/Dispatcher.h index 9ddf95bd56c..fbfa80e86a4 100644 --- a/src/msg/Dispatcher.h +++ b/src/msg/Dispatcher.h @@ -238,7 +238,9 @@ public: * * @return True if this function call properly filled in *a, false otherwise. */ - virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) { return false; } + virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) { + return false; + } /** * @} //Authentication */ diff --git a/src/msg/Messenger.h b/src/msg/Messenger.h index 07e536a8380..04a7686c868 100644 --- a/src/msg/Messenger.h +++ b/src/msg/Messenger.h @@ -752,10 +752,10 @@ public: * @param force_new True if we want to wait for new keys, false otherwise. * @return A pointer to the AuthAuthorizer, if we have one; NULL otherwise */ - AuthAuthorizer *ms_deliver_get_authorizer(int peer_type, bool force_new) { + AuthAuthorizer *ms_deliver_get_authorizer(int peer_type) { AuthAuthorizer *a = 0; for (const auto& dispatcher : dispatchers) { - if (dispatcher->ms_get_authorizer(peer_type, &a, force_new)) + if (dispatcher->ms_get_authorizer(peer_type, &a)) return a; } return NULL; diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc index 7700cd2873a..6cbd83a8bae 100644 --- a/src/msg/async/ProtocolV1.cc +++ b/src/msg/async/ProtocolV1.cc @@ -1419,8 +1419,7 @@ CtPtr ProtocolV1::send_connect_message() { ldout(cct, 20) << __func__ << dendl; if (!authorizer) { - authorizer = messenger->ms_deliver_get_authorizer(connection->peer_type, - false); + authorizer = messenger->ms_deliver_get_authorizer(connection->peer_type); } ceph_msg_connect connect; diff --git a/src/msg/async/ProtocolV2.cc b/src/msg/async/ProtocolV2.cc index 16d56ad7abf..42cc204fdb6 100644 --- a/src/msg/async/ProtocolV2.cc +++ b/src/msg/async/ProtocolV2.cc @@ -1450,7 +1450,7 @@ CtPtr ProtocolV2::send_connect_message() { if (!authorizer) { authorizer = - messenger->ms_deliver_get_authorizer(connection->peer_type, false); + messenger->ms_deliver_get_authorizer(connection->peer_type); } ceph_msg_connect connect; diff --git a/src/msg/simple/Pipe.cc b/src/msg/simple/Pipe.cc index 9210224e50e..de933aa49df 100644 --- a/src/msg/simple/Pipe.cc +++ b/src/msg/simple/Pipe.cc @@ -1146,7 +1146,7 @@ int Pipe::connect() while (1) { if (!authorizer) { - authorizer = msgr->ms_deliver_get_authorizer(peer_type, false); + authorizer = msgr->ms_deliver_get_authorizer(peer_type); } bufferlist authorizer_reply; diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index 2539c3fdc15..5ba037bba15 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -7035,7 +7035,7 @@ void OSD::ms_fast_preprocess(Message *m) } } -bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) +bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) { dout(10) << "OSD::ms_get_authorizer type=" << ceph_entity_type_name(dest_type) << dendl; @@ -7047,16 +7047,6 @@ bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool for if (dest_type == CEPH_ENTITY_TYPE_MON) return true; - if (force_new) { - /* the MonClient checks keys every tick(), so we should just wait for that cycle - to get through */ - auto timeout = g_conf().get_val("rotating_keys_renewal_timeout"); - if (monc->wait_auth_rotating(timeout) < 0) { - derr << "OSD::ms_get_authorizer wait_auth_rotating failed" << dendl; - return false; - } - } - *authorizer = monc->build_authorizer(dest_type); return *authorizer != NULL; } diff --git a/src/osd/OSD.h b/src/osd/OSD.h index b875200bc3b..6b0dface06f 100644 --- a/src/osd/OSD.h +++ b/src/osd/OSD.h @@ -1661,13 +1661,12 @@ public: int ms_handle_authentication(Connection *con) override { return true; } - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, - bool force_new) override { + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override { // some pre-nautilus OSDs get confused if you include an // authorizer but they are not expecting it. do not try to authorize // heartbeat connections until all OSDs are nautilus. if (osd->get_osdmap()->require_osd_release >= CEPH_RELEASE_NAUTILUS) { - return osd->ms_get_authorizer(dest_type, authorizer, force_new); + return osd->ms_get_authorizer(dest_type, authorizer); } return false; } @@ -2197,7 +2196,7 @@ private: void ms_fast_dispatch(Message *m) override; void ms_fast_preprocess(Message *m) override; bool ms_dispatch(Message *m) override; - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; void ms_handle_connect(Connection *con) override; void ms_handle_fast_connect(Connection *con) override; void ms_handle_fast_accept(Connection *con) override; diff --git a/src/osdc/Objecter.cc b/src/osdc/Objecter.cc index bececfc1283..ded800e8a67 100644 --- a/src/osdc/Objecter.cc +++ b/src/osdc/Objecter.cc @@ -4415,8 +4415,7 @@ bool Objecter::ms_handle_refused(Connection *con) } bool Objecter::ms_get_authorizer(int dest_type, - AuthAuthorizer **authorizer, - bool force_new) + AuthAuthorizer **authorizer) { if (!initialized) return false; diff --git a/src/osdc/Objecter.h b/src/osdc/Objecter.h index cbb9517be1f..3dfa1a2d7f7 100644 --- a/src/osdc/Objecter.h +++ b/src/osdc/Objecter.h @@ -3047,8 +3047,7 @@ public: void ms_handle_remote_reset(Connection *con) override; bool ms_handle_refused(Connection *con) override; bool ms_get_authorizer(int dest_type, - AuthAuthorizer **authorizer, - bool force_new) override; + AuthAuthorizer **authorizer) override; void blacklist_self(bool set); diff --git a/src/test/crimson/test_alien_echo.cc b/src/test/crimson/test_alien_echo.cc index 046d48971b4..7210ac35b56 100644 --- a/src/test/crimson/test_alien_echo.cc +++ b/src/test/crimson/test_alien_echo.cc @@ -60,7 +60,7 @@ struct Server { 0, bufferlist{}); } seastar::future> - ms_get_authorizer(peer_type_t, bool) override { + ms_get_authorizer(peer_type_t) override { return seastar::make_ready_future>( new DummyAuthAuthorizer{}); } diff --git a/src/test/messenger/simple_dispatcher.h b/src/test/messenger/simple_dispatcher.h index cc598237fec..a2d3bd46fc7 100644 --- a/src/test/messenger/simple_dispatcher.h +++ b/src/test/messenger/simple_dispatcher.h @@ -89,13 +89,12 @@ public: * @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill * in *a with the correct AuthAuthorizer, if it can. Make sure that you have * set *a to NULL before calling in. - * @param force_new Force the Dispatcher to wait for a new set of keys before - * returning the authorizer. * * @return True if this function call properly filled in *a, false otherwise. */ - bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, - bool force_new) override { return false; }; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) override { + return false; + }; int ms_handle_authentication(Connection *con) override { return 1; diff --git a/src/test/messenger/xio_dispatcher.h b/src/test/messenger/xio_dispatcher.h index 6ab9d92dd16..519168610d5 100644 --- a/src/test/messenger/xio_dispatcher.h +++ b/src/test/messenger/xio_dispatcher.h @@ -89,13 +89,12 @@ public: * @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill * in *a with the correct AuthAuthorizer, if it can. Make sure that you have * set *a to NULL before calling in. - * @param force_new Force the Dispatcher to wait for a new set of keys before - * returning the authorizer. * * @return True if this function call properly filled in *a, false otherwise. */ - virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, - bool force_new) { return false; }; + virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) { + return false; + }; }; diff --git a/src/tools/cephfs/MDSUtility.cc b/src/tools/cephfs/MDSUtility.cc index a262d2056e0..7e7da209bb6 100644 --- a/src/tools/cephfs/MDSUtility.cc +++ b/src/tools/cephfs/MDSUtility.cc @@ -156,19 +156,11 @@ void MDSUtility::handle_fs_map(MFSMap* m) } -bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, - bool force_new) +bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) { if (dest_type == CEPH_ENTITY_TYPE_MON) return true; - if (force_new) { - auto timeout = - g_ceph_context->_conf.get_val("rotating_keys_renewal_timeout"); - if (monc->wait_auth_rotating(timeout) < 0) - return false; - } - *authorizer = monc->build_authorizer(dest_type); return *authorizer != NULL; } diff --git a/src/tools/cephfs/MDSUtility.h b/src/tools/cephfs/MDSUtility.h index 21164bfaa87..e75a7192eb5 100644 --- a/src/tools/cephfs/MDSUtility.h +++ b/src/tools/cephfs/MDSUtility.h @@ -51,8 +51,7 @@ public: bool ms_handle_reset(Connection *con) override { return false; } void ms_handle_remote_reset(Connection *con) override {} bool ms_handle_refused(Connection *con) override { return false; } - bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, - bool force_new) override; + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override; int init(); void shutdown(); };