[pve-devel] applied: [PATCH v3 manager] pvestatd: rotate auth keys if necessary

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Mar 18 12:48:42 CET 2019


On 3/13/19 3:01 PM, Fabian Gr├╝nbichler wrote:
> as a fallback to ensure rotation even if no logins happen on a given
> cluster.
> 
> Signed-off-by: Fabian Gr├╝nbichler <f.gruenbichler at proxmox.com>
> ---
> Notes:
>     VERSIONED DEPENDENCY: pve-access-control with auth key rotation patch
>     
>     unchanged since v2
> 
>  PVE/Service/pvestatd.pm | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/PVE/Service/pvestatd.pm b/PVE/Service/pvestatd.pm
> index 2c8454d6..ce2adbbd 100755
> --- a/PVE/Service/pvestatd.pm
> +++ b/PVE/Service/pvestatd.pm
> @@ -21,6 +21,7 @@ use PVE::LXC::Config;
>  use PVE::RPCEnvironment;
>  use PVE::API2::Subscription;
>  use PVE::AutoBalloon;
> +use PVE::AccessControl;
>  
>  use PVE::Status::Plugin;
>  use PVE::Status::Graphite;
> @@ -440,6 +441,10 @@ sub update_storage_status {
>      }
>  }
>  
> +sub rotate_authkeys {
> +    PVE::AccessControl::rotate_authkey() if !PVE::AccessControl::check_authkey(1);
> +}
> +
>  sub update_status {
>  
>      # update worker list. This is not really required and
> @@ -491,6 +496,13 @@ sub update_status {
>      };
>      $err = $@;
>      syslog('err', "lxc console cleanup error: $err") if $err;
> +
> +    eval {
> +	rotate_authkeys();
> +    };
> +    $err = $@;
> +    syslog('err', "authkey rotation error: $err") if $err;
> +
>  }
>  
>  my $next_update = 0;
> 

applied




More information about the pve-devel mailing list