I figured out that I'll need to update the lv tag `ceph.cephx_lockbox_secret` as well. -Zhongzhou Cai On Mon, Feb 6, 2023 at 5:27 PM Zhongzhou Cai <zhongzhoucai@xxxxxxxxxx> wrote: > Hi, > > I'm on Ceph 16.2.10, and I'm trying to rotate the ceph lockbox keyring. I > used ceph-authtool to create a new keyring, and used `ceph auth import -i > <new-keyring>` to update the lockbox keyring. I also updated the keyring > file, which is /var/lib/ceph/osd/ceph-<osd-id>/lockbox.keyring. I tried > `systemctl restart ceph-volume@lvm-<osd-id>-<osd-fsid>.service`, the > command succeeded. Then I rebooted the node, ceph-volume failed because the > lockbox.keyring file was overwritten with the old key, which doesn't match > the lockbox keyring in `ceph auth get`. Does anyone know where it gets the > lockbox.keyring during reboot? > > Thanks, > Zhongzhou Cai > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |