summaryrefslogtreecommitdiff
path: root/fs/ceph
diff options
context:
space:
mode:
authorSage Weil <sage@inktank.com>2013-03-25 10:26:01 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-06-20 12:01:32 -0700
commitd2c7223497cf8228416c70e3f4238ddd6c5bdf3c (patch)
treeef28b3569210839a399698f34605da9dd7202632 /fs/ceph
parentdef71c018b0cc6c1eb7f30aa3268e764f48e9cf0 (diff)
libceph: add update_authorizer auth method
commit 0bed9b5c523d577378b6f83eab5835fe30c27208 upstream. Currently the messenger calls out to a get_authorizer con op, which will create a new authorizer if it doesn't yet have one. In the meantime, when we rotate our service keys, the authorizer doesn't get updated. Eventually it will be rejected by the server on a new connection attempt and get invalidated, and we will then rebuild a new authorizer, but this is not ideal. Instead, if we do have an authorizer, call a new update_authorizer op that will verify that the current authorizer is using the latest secret. If it is not, we will build a new one that does. This avoids the transient failure. This fixes one of the sorry sequence of events for bug http://tracker.ceph.com/issues/4282 Signed-off-by: Sage Weil <sage@inktank.com> Reviewed-by: Alex Elder <elder@inktank.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/ceph')
-rw-r--r--fs/ceph/mds_client.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 3efa94a3493d..0239be75ceb1 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -3444,7 +3444,12 @@ static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con,
}
if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) {
int ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_MDS,
- auth);
+ auth);
+ if (ret)
+ return ERR_PTR(ret);
+ } else if (ac->ops && ac->ops_update_authorizer) {
+ int ret = ac->ops->update_authorizer(ac, CEPH_ENTITY_TYPE_MDS,
+ auth);
if (ret)
return ERR_PTR(ret);
}