From 5ea29d1398cf1bd91e7ee6ea649b5b970e200871 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 13 Mar 2019 15:01:34 +0100
Subject: [PATCH] pvestatd: rotate auth keys if necessary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

as a fallback to ensure rotation even if no logins happen on a given
cluster.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 PVE/Service/pvestatd.pm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/PVE/Service/pvestatd.pm b/PVE/Service/pvestatd.pm
index 2c8454d6..ce2adbbd 100755
--- a/PVE/Service/pvestatd.pm
+++ b/PVE/Service/pvestatd.pm
@@ -21,6 +21,7 @@ use PVE::LXC::Config;
 use PVE::RPCEnvironment;
 use PVE::API2::Subscription;
 use PVE::AutoBalloon;
+use PVE::AccessControl;
 
 use PVE::Status::Plugin;
 use PVE::Status::Graphite;
@@ -440,6 +441,10 @@ sub update_storage_status {
     }
 }
 
+sub rotate_authkeys {
+    PVE::AccessControl::rotate_authkey() if !PVE::AccessControl::check_authkey(1);
+}
+
 sub update_status {
 
     # update worker list. This is not really required and
@@ -491,6 +496,13 @@ sub update_status {
     };
     $err = $@;
     syslog('err', "lxc console cleanup error: $err") if $err;
+
+    eval {
+	rotate_authkeys();
+    };
+    $err = $@;
+    syslog('err', "authkey rotation error: $err") if $err;
+
 }
 
 my $next_update = 0;