RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-20 10:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

crimson/monc: unify handling auth_service_ticket_ttl with classical OSD

Browse Source 
In the classical `MonClient` the `auth_service_ticket_ttl` is lower
bounded to `30` units.

```cpp
  utime_t now = ceph_clock_now();
  utime_t cutoff = now;
  cutoff -= std::min(30.0, cct->_conf->auth_service_ticket_ttl / 4.0);
  utime_t issued_at_lower_bound = now;
  issued_at_lower_bound -= cct->_conf->auth_service_ticket_ttl;
  if (!rotating_secrets->need_new_secrets(cutoff)) {
    ldout(cct, 10) << "_check_auth_rotating have uptodate secrets (they expire after " << cutoff << ")" << dendl;
    rotating_secrets->dump_rotating();
    return 0;
  }
```

The unification affects also the debug mesages.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
This commit is contained in:
Radoslaw Zarzynski 2022-07-26 09:31:38 +00:00
parent 7ea3d373b7
commit b9d2456fa6
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/crimson/mon/MonClient.cc
View File

@ -156,9 +156,14 @@ seastar::future<> Connection::renew_rotating_keyring()
auto now = clock_t::now();
auto ttl = std::chrono::seconds{
static_cast<long>(crimson::common::local_conf()->auth_service_ticket_ttl)};
auto cutoff = now - ttl / 4;
if (!rotating_keyring->need_new_secrets(utime_t(cutoff))) {
auto cutoff = utime_t{now - std::min(std::chrono::seconds{30}, ttl / 4)};
if (!rotating_keyring->need_new_secrets(cutoff)) {
logger().debug("renew_rotating_keyring secrets are up-to-date "
"(they expire after {})", cutoff);
return seastar::now();
} else {
logger().info("renew_rotating_keyring renewing rotating keys "
" (they expired before {})", cutoff);
}
if (now - last_rotating_renew_sent < std::chrono::seconds{1}) {
logger().info("renew_rotating_keyring called too often");