as a fallback to ensure rotation even if no logins happen on a given
cluster.
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
Notes:
VERSIONED DEPENDENCY: pve-access-control with auth key rotation patch
unchanged since v2
PVE/Service/pvestatd.pm | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/PVE/Service/pvestatd.pm b/PVE/Service/pvestatd.pm
index 2c8454d6..ce2adbbd 100755
--- a/PVE/Service/pvestatd.pm
+++ b/PVE/Service/pvestatd.pm
@@ -21,6 +21,7 @@ use PVE::LXC::Config;
use PVE::RPCEnvironment;
use PVE::API2::Subscription;
use PVE::AutoBalloon;
+use PVE::AccessControl;
use PVE::Status::Plugin;
use PVE::Status::Graphite;
@@ -440,6 +441,10 @@ sub update_storage_status {
}
}
+sub rotate_authkeys {
+ PVE::AccessControl::rotate_authkey() if
!PVE::AccessControl::check_authkey(1);
+}
+
sub update_status {
# update worker list. This is not really required and
@@ -491,6 +496,13 @@ sub update_status {
};
$err = $@;
syslog('err', "lxc console cleanup error: $err") if $err;
+
+ eval {
+ rotate_authkeys();
+ };
+ $err = $@;
+ syslog('err', "authkey rotation error: $err") if $err;
+
}
my $next_update = 0;
--
2.20.1
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
