On 04/07/2016 04:03 PM, Sage Weil wrote: > On Thu, 7 Apr 2016, Owen Synge wrote: >> Hi Sage, >> >> On 04/07/2016 02:26 PM, Sage Weil wrote: >>> Hi Owen, >>> >>> I never really liked ceph-create-keys either, but it simplified the >>> deployment process. >> >> I would propose we do this in two stages. >> >> (A) Remove calling the command from the init scripts as a side effect of >> starting the mon. >> >> This allows us to get most of the issues solved. >> >> (B) Remove the command. >> >> This is the long term goal, which is not as urgent in my opinion but >> others may disagree. > > Works for me. We just need to change ceph-deploy and get the other > install/deploy tool folks on board before A. Are you intending to get this into Jewel? I had assumed this would only be done on master, and only come into the next release. As a change to master I felt that we could just do (A) as soon as ceph-deploy works without the mon boot up scripts calling ceph-create-keys, ideally without having ceph-create-keys in ceph-deploy's process. We can then file bugs as needed against other install processes that depend on ceph-create-keys, and they can test against master. >>> I have no problem with removing it as long as we make >>> sure the deployment process doesn't too much harder for ceph-deploy users. >> >> The documentation for the manual process without using ceph-deploy will >> need to be changed if we remove calling ceph-create-keys from the boot >> scripts. > > Yeah. > >> For ceph-deploy users I think we should see if any changes to the >> process are needed, the next question is will any be wanted? > > Actually, thinking about it a bit more, I don't think ceph-deploy usage > has to change at all. The old way was > > 1. ceph-create-keys creates and installs the keys on the mons > 2. ceph-deploy gatherkeys or create-initial slurps them up > > We can just change ceph-deploy so it creates and stores them locally, and > doesn't store them on the mons at all. Users don't get the side-effect > that the mons have the keys installed, but that is arguably better anyway. > >> https://github.com/SUSE/ceph-deploy/commit/58b030dbe0a964b32f1fbc9a3762e64dd74bf50c > > Instead of this, it should do the same steps as ceph-create-keys (use the > mon. internal key to authenticate to create the admin and bootstrap > keys), but just write them to the local ceph-dpeloy work dir. That sounds like a better plan than my idea of just using ceph-create-keys in ceph-deploy to me. Best regards Owen -- SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
