On Thu, 7 Apr 2016, Gregory Farnum wrote: > On Thu, Apr 7, 2016 at 7:03 AM, Sage Weil <sweil@xxxxxxxxxx> wrote: > > On Thu, 7 Apr 2016, Owen Synge wrote: > >> Hi Sage, > >> > >> On 04/07/2016 02:26 PM, Sage Weil wrote: > >> > Hi Owen, > >> > > >> > I never really liked ceph-create-keys either, but it simplified the > >> > deployment process. > >> > >> I would propose we do this in two stages. > >> > >> (A) Remove calling the command from the init scripts as a side effect of > >> starting the mon. > >> > >> This allows us to get most of the issues solved. > >> > >> (B) Remove the command. > >> > >> This is the long term goal, which is not as urgent in my opinion but > >> others may disagree. > > > > Works for me. We just need to change ceph-deploy and get the other > > install/deploy tool folks on board before A. > > > >> > I have no problem with removing it as long as we make > >> > sure the deployment process doesn't too much harder for ceph-deploy users. > >> > >> The documentation for the manual process without using ceph-deploy will > >> need to be changed if we remove calling ceph-create-keys from the boot > >> scripts. > > > > Yeah. > > > >> For ceph-deploy users I think we should see if any changes to the > >> process are needed, the next question is will any be wanted? > > > > Actually, thinking about it a bit more, I don't think ceph-deploy usage > > has to change at all. The old way was > > > > 1. ceph-create-keys creates and installs the keys on the mons > > 2. ceph-deploy gatherkeys or create-initial slurps them up > > > > We can just change ceph-deploy so it creates and stores them locally, and > > doesn't store them on the mons at all. Users don't get the side-effect > > that the mons have the keys installed, but that is arguably better anyway. > > Note that this would mean users can only run "ceph -s" from a node > that has explicitly installed the keys — if you are debugging a > problem and ssh into the monitor node, you'll have to run fugly > command lines pointing to the monitor's data directory and using a > "mon." entity name in order to get any cluster debug info. :/ Yeah. We could make 'mon create-initial' also install the admin (and maybe bootstrap) keys on the mon, and make a note in the manual ceph-deploy sequence about this (add 'ceph-deploy admin HOST' to the sequence). sage
