From 960d3854a793a040fe1b78c7a78249e50468a15d Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Thu, 1 Oct 2009 13:54:21 -0700 Subject: [PATCH] auth: fix system init --- src/auth/AuthServiceManager.cc | 3 +++ src/auth/KeyRing.cc | 2 ++ src/cosd.cc | 11 ++++++++++- src/librados.cc | 2 +- src/mon/MonClient.cc | 2 +- src/vstart.sh | 19 ++++++++++--------- 6 files changed, 27 insertions(+), 12 deletions(-) diff --git a/src/auth/AuthServiceManager.cc b/src/auth/AuthServiceManager.cc index a626c66a3c4..6b59e453418 100644 --- a/src/auth/AuthServiceManager.cc +++ b/src/auth/AuthServiceManager.cc @@ -137,6 +137,7 @@ int CephAuthService_X::handle_request(bufferlist::iterator& indata, bufferlist& map caps; dout(0) << "entity_name=" << entity_name.to_str() << dendl; if (!mon->keys_server.get_secret(entity_name, secret, caps)) { + dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl; ret = -EPERM; break; } @@ -281,6 +282,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe case CEPHX_OPEN_SESSION: { + dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY " << cephx_header.request_type << dendl; CryptoKey service_secret; if (mon->keys_server.get_service_secret(CEPHX_PRINCIPAL_MON, service_secret) < 0) { @@ -292,6 +294,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe bufferlist tmp_bl; AuthServiceTicketInfo auth_ticket_info; if (!verify_authorizer(service_secret, indata, auth_ticket_info, tmp_bl)) { + dout(0) << "could not verify authorizer" << dendl; ret = -EPERM; } build_cephx_response_header(request_type, ret, result_bl); diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc index 93a2224e3f7..6a590da0940 100644 --- a/src/auth/KeyRing.cc +++ b/src/auth/KeyRing.cc @@ -66,6 +66,8 @@ bool KeyRing::load_master(const char *filename) string name = g_conf.entity_name->to_str(); + dout(0) << "looking for key entry name=" << name << dendl; + miter = m.find(name); if (miter == m.end()) { miter = m.find(""); diff --git a/src/cosd.cc b/src/cosd.cc index d3098b2290a..588d7b83be7 100644 --- a/src/cosd.cc +++ b/src/cosd.cc @@ -49,7 +49,16 @@ int main(int argc, const char **argv) vector args; argv_to_vec(argc, argv, args); env_to_vec(args); - common_init(args, "osd", true, true); + bool should_authenticate = true; + vector::iterator args_iter; + + for (args_iter = args.begin(); args_iter != args.end(); ++args_iter) { + if (strcmp(*args_iter, "--mkfs") == 0) { + should_authenticate = false; + break; + } + } + common_init(args, "osd", true, should_authenticate); if (g_conf.clock_tare) g_clock.tare(); diff --git a/src/librados.cc b/src/librados.cc index 83005f023f8..e66a036d74d 100644 --- a/src/librados.cc +++ b/src/librados.cc @@ -302,7 +302,7 @@ bool RadosClient::init() rank.start(1); messenger->add_dispatcher_head(this); - monclient.set_want_keys(CEPHX_PRINCIPAL_MON | CEPHX_PRINCIPAL_OSD); +// monclient.set_want_keys(CEPHX_PRINCIPAL_MON | CEPHX_PRINCIPAL_OSD); monclient.init(); if (monclient.get_monmap() < 0) diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index 9b6965d030e..4ff347c3963 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -433,7 +433,7 @@ void MonClient::tick() auth.send_session_request(this, &auth_handler, 30.0); return; } - if (state == MC_STATE_AUTHENTICATING) + if (state != MC_STATE_HAVE_SESSION) return; if (hunting) { diff --git a/src/vstart.sh b/src/vstart.sh index 7b7a5758ee9..982c0ed9fc6 100755 --- a/src/vstart.sh +++ b/src/vstart.sh @@ -180,6 +180,9 @@ echo "ip $IP" [ "$CEPH_BIN" = "" ] && CEPH_BIN=. [ "$CEPH_PORT" = "" ] && CEPH_PORT=6789 +monkeys_fn=monkeys.bin +CEPH_ADM="$CEPH_BIN/ceph -k $monkeys_fn -I admin" + if [ "$start_mon" -eq 1 ]; then if [ "$new" -eq 1 ]; then # build and inject an initial osd map @@ -217,7 +220,7 @@ EOF echo fi - $SUDO $CEPH_BIN/authtool --gen-key --name=client.admin monkeys.bin + $SUDO $CEPH_BIN/authtool --gen-key --name=client.admin $monkeys_fn # build a fresh fs monmap, mon fs # $CEPH_BIN/monmaptool --create --clobber --print .ceph_monmap @@ -229,7 +232,6 @@ EOF [mon$f] mon data = "dev/mon$f" mon addr = $IP:$(($CEPH_PORT+$f)) - keys file = dev/mon$f/monkeys.bin EOF done str=$str" --print .ceph_monmap" @@ -239,8 +241,7 @@ EOF for f in `seq 0 $((CEPH_NUM_MON-1))` do echo $CEPH_BIN/mkmonfs --clobber --mon-data dev/mon$f -i $f --monmap .ceph_monmap --osdmap .ceph_osdmap - key_fn=monkeys.bin - $CEPH_BIN/mkmonfs -c $conf --clobber --mon-data=dev/mon$f -i $f --monmap=.ceph_monmap --osdmap=.ceph_osdmap --keys-file=$key_fn + $CEPH_BIN/mkmonfs -c $conf --clobber --mon-data=dev/mon$f -i $f --monmap=.ceph_monmap --osdmap=.ceph_osdmap --keys-file=$monkeys_fn done fi @@ -270,7 +271,7 @@ EOF $SUDO $CEPH_BIN/cosd -i $osd $ARGS --mkfs # --debug_journal 20 --debug_osd 20 --debug_filestore 20 --debug_ebofs 20 key_fn=dev/osd$osd/osd$osd.keys.bin $SUDO $CEPH_BIN/authtool --gen-key $key_fn - $SUDO $CEPH_BIN/ceph -i $key_fn auth add osd.$osd + $SUDO $CEPH_ADM -i $key_fn auth add osd.$osd fi echo start osd$osd run 'osd' $SUDO $CEPH_BIN/cosd -i $osd $ARGS $COSD_ARGS @@ -289,7 +290,7 @@ if [ "$start_mds" -eq 1 ]; then keys file = $key_fn EOF $SUDO $CEPH_BIN/authtool --gen-key $key_fn - $SUDO $CEPH_BIN/ceph -i $key_fn auth add mds.$name + $SUDO $CEPH_ADM -i $key_fn auth add mds.$name fi run 'mds' $CEPH_BIN/cmds -i $name $ARGS $CMDS_ARGS @@ -299,10 +300,10 @@ EOF #valgrind --tool=massif $CEPH_BIN/cmds $ARGS --mds_log_max_segments 2 --mds_thrash_fragments 0 --mds_thrash_exports 0 > m #--debug_ms 20 #$CEPH_BIN/cmds -d $ARGS --mds_thrash_fragments 0 --mds_thrash_exports 0 #--debug_ms 20 -#$CEPH_BIN/ceph mds set_max_mds 2 +#$CEPH_ADM mds set_max_mds 2 done - echo $CEPH_BIN/ceph mds set_max_mds $CEPH_NUM_MDS - $CEPH_BIN/ceph mds set_max_mds $CEPH_NUM_MDS + echo $CEPH_ADM mds set_max_mds $CEPH_NUM_MDS + $CEPH_ADM mds set_max_mds $CEPH_NUM_MDS fi echo "started. stop.sh to stop. see out/* (e.g. 'tail -f out/????') for debug output."