auth: fix system init

2025-01-04 02:02:36 +00:00 · 2009-10-01 13:54:21 -07:00 · 2009-10-01 13:54:21 -07:00 · 960d3854a7
commit 960d3854a7
parent ca96595c06
6 changed files with 27 additions and 12 deletions
--- a/src/auth/AuthServiceManager.cc
+++ b/src/auth/AuthServiceManager.cc
@ -137,6 +137,7 @@ int CephAuthService_X::handle_request(bufferlist::iterator& indata, bufferlist&
      map<string,bufferlist> caps;
      dout(0) << "entity_name=" << entity_name.to_str() << dendl;
      if (!mon->keys_server.get_secret(entity_name, secret, caps)) {
+        dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl;
 	ret = -EPERM;
 	break;
      }
@ -281,6 +282,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe

  case CEPHX_OPEN_SESSION:
    {
+      dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY " << cephx_header.request_type << dendl;
      CryptoKey service_secret;

      if (mon->keys_server.get_service_secret(CEPHX_PRINCIPAL_MON, service_secret) < 0) {
@ -292,6 +294,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe
      bufferlist tmp_bl;
      AuthServiceTicketInfo auth_ticket_info;
      if (!verify_authorizer(service_secret, indata, auth_ticket_info, tmp_bl)) {
+        dout(0) << "could not verify authorizer" << dendl;
        ret = -EPERM;
      }
      build_cephx_response_header(request_type, ret, result_bl);
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@ -66,6 +66,8 @@ bool KeyRing::load_master(const char *filename)

  string name = g_conf.entity_name->to_str();

+  dout(0) << "looking for key entry name=" << name << dendl;
+
  miter = m.find(name);
  if (miter == m.end()) {
    miter = m.find("");
--- a/src/cosd.cc
+++ b/src/cosd.cc
@ -49,7 +49,16 @@ int main(int argc, const char **argv)
  vector<const char*> args;
  argv_to_vec(argc, argv, args);
  env_to_vec(args);
-  common_init(args, "osd", true, true);
+  bool should_authenticate = true;
+  vector<const char *>::iterator args_iter;
+
+  for (args_iter = args.begin(); args_iter != args.end(); ++args_iter) {
+    if (strcmp(*args_iter, "--mkfs") == 0) {
+      should_authenticate = false;
+      break;
+    } 
+  }
+  common_init(args, "osd", true, should_authenticate);

  if (g_conf.clock_tare) g_clock.tare();

--- a/src/librados.cc
+++ b/src/librados.cc
@ -302,7 +302,7 @@ bool RadosClient::init()
  rank.start(1);
  messenger->add_dispatcher_head(this);

-  monclient.set_want_keys(CEPHX_PRINCIPAL_MON | CEPHX_PRINCIPAL_OSD);
+//  monclient.set_want_keys(CEPHX_PRINCIPAL_MON | CEPHX_PRINCIPAL_OSD);
  monclient.init();

  if (monclient.get_monmap() < 0)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@ -433,7 +433,7 @@ void MonClient::tick()
    auth.send_session_request(this, &auth_handler, 30.0);
    return;
  }
-  if (state == MC_STATE_AUTHENTICATING)
+  if (state != MC_STATE_HAVE_SESSION)
    return;

  if (hunting) {
--- a/src/vstart.sh
+++ b/src/vstart.sh
@ -180,6 +180,9 @@ echo "ip $IP"
 [ "$CEPH_BIN" = "" ] && CEPH_BIN=.
 [ "$CEPH_PORT" = "" ] && CEPH_PORT=6789

+monkeys_fn=monkeys.bin
+CEPH_ADM="$CEPH_BIN/ceph -k $monkeys_fn -I admin"
+
 if [ "$start_mon" -eq 1 ]; then
 	if [ "$new" -eq 1 ]; then
 	# build and inject an initial osd map
@ -217,7 +220,7 @@ EOF
 			echo
 		fi

-            	$SUDO $CEPH_BIN/authtool --gen-key --name=client.admin monkeys.bin
+	        $SUDO $CEPH_BIN/authtool --gen-key --name=client.admin $monkeys_fn

 		# build a fresh fs monmap, mon fs
 		# $CEPH_BIN/monmaptool --create --clobber --print .ceph_monmap
@ -229,7 +232,6 @@ EOF
 [mon$f]
        mon data = "dev/mon$f"
        mon addr = $IP:$(($CEPH_PORT+$f))
-        keys file = dev/mon$f/monkeys.bin
 EOF
 		done
 		str=$str" --print .ceph_monmap"
@ -239,8 +241,7 @@ EOF
 		for f in `seq 0 $((CEPH_NUM_MON-1))`
 		do
 		    echo $CEPH_BIN/mkmonfs --clobber --mon-data dev/mon$f -i $f --monmap .ceph_monmap --osdmap .ceph_osdmap
-		    key_fn=monkeys.bin
-		    $CEPH_BIN/mkmonfs -c $conf --clobber --mon-data=dev/mon$f -i $f --monmap=.ceph_monmap --osdmap=.ceph_osdmap --keys-file=$key_fn
+		    $CEPH_BIN/mkmonfs -c $conf --clobber --mon-data=dev/mon$f -i $f --monmap=.ceph_monmap --osdmap=.ceph_osdmap --keys-file=$monkeys_fn
 		done
 	fi

@ -270,7 +271,7 @@ EOF
 	    $SUDO $CEPH_BIN/cosd -i $osd $ARGS --mkfs # --debug_journal 20 --debug_osd 20 --debug_filestore 20 --debug_ebofs 20
 	    key_fn=dev/osd$osd/osd$osd.keys.bin
            $SUDO $CEPH_BIN/authtool --gen-key $key_fn
-            $SUDO $CEPH_BIN/ceph -i $key_fn auth add osd.$osd
+            $SUDO $CEPH_ADM -i $key_fn auth add osd.$osd
 	fi
 	echo start osd$osd
 	run 'osd' $SUDO $CEPH_BIN/cosd -i $osd $ARGS $COSD_ARGS
@ -289,7 +290,7 @@ if [ "$start_mds" -eq 1 ]; then
        keys file = $key_fn
 EOF
            $SUDO $CEPH_BIN/authtool --gen-key $key_fn
-            $SUDO $CEPH_BIN/ceph -i $key_fn auth add mds.$name
+            $SUDO $CEPH_ADM -i $key_fn auth add mds.$name
 	fi
 	
 	run 'mds' $CEPH_BIN/cmds -i $name $ARGS $CMDS_ARGS
@ -299,10 +300,10 @@ EOF

 #valgrind --tool=massif $CEPH_BIN/cmds $ARGS --mds_log_max_segments 2 --mds_thrash_fragments 0 --mds_thrash_exports 0 > m  #--debug_ms 20
 #$CEPH_BIN/cmds -d $ARGS --mds_thrash_fragments 0 --mds_thrash_exports 0 #--debug_ms 20
-#$CEPH_BIN/ceph mds set_max_mds 2
+#$CEPH_ADM mds set_max_mds 2
    done
-    echo $CEPH_BIN/ceph mds set_max_mds $CEPH_NUM_MDS
-    $CEPH_BIN/ceph mds set_max_mds $CEPH_NUM_MDS
+    echo $CEPH_ADM mds set_max_mds $CEPH_NUM_MDS
+    $CEPH_ADM mds set_max_mds $CEPH_NUM_MDS
 fi

 echo "started.  stop.sh to stop.  see out/* (e.g. 'tail -f out/????') for debug output."