On 3/13/19 3:01 PM, Fabian Grünbichler wrote:
> as a fallback to ensure rotation even if no logins happen on a given
> cluster.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
> ---
> Notes:
> VERSIONED DEPENDENCY: pve-access-control with auth key rotation patch
>
> unchanged since v2
>
> PVE/Service/pvestatd.pm | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/PVE/Service/pvestatd.pm b/PVE/Service/pvestatd.pm
> index 2c8454d6..ce2adbbd 100755
> --- a/PVE/Service/pvestatd.pm
> +++ b/PVE/Service/pvestatd.pm
> @@ -21,6 +21,7 @@ use PVE::LXC::Config;
> use PVE::RPCEnvironment;
> use PVE::API2::Subscription;
> use PVE::AutoBalloon;
> +use PVE::AccessControl;
>
> use PVE::Status::Plugin;
> use PVE::Status::Graphite;
> @@ -440,6 +441,10 @@ sub update_storage_status {
> }
> }
>
> +sub rotate_authkeys {
> + PVE::AccessControl::rotate_authkey() if
> !PVE::AccessControl::check_authkey(1);
> +}
> +
> sub update_status {
>
> # update worker list. This is not really required and
> @@ -491,6 +496,13 @@ sub update_status {
> };
> $err = $@;
> syslog('err', "lxc console cleanup error: $err") if $err;
> +
> + eval {
> + rotate_authkeys();
> + };
> + $err = $@;
> + syslog('err', "authkey rotation error: $err") if $err;
> +
> }
>
> my $next_update = 0;
>
applied
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
