Cephadm stored the key internally within the cluster and it can be grabbed with `ceph config-key get mgr/cephadm/ssh_identity_key`. As for if you already have keys setup, I'd recommend passing filepaths to those keys to the `--ssh-private-key` and `--ssh-public-key` flags the bootstrap command has and not passing `--skip-ssh`. If the private and public key are passed, cephadm will use them and not generate a new one during bootstrap. Passing `--skip-ssh` would cause it to not set up those keys internally for use when connecting to nodes and you'd have to do so manually afterwards. On Sun, Sep 22, 2024 at 6:17 PM Kozakis, Anestis < Anestis.Kozakis@xxxxxxxxxxxxxxx> wrote: > Hi All, > > Very new to Ceph and hoping someone can help me out. > > We are implementing Ceph in our team's environment, and I have been able > to manually set up a test cluster using cephadm bootstrap and answering all > the prompts. > > What we want to do is to automate the setup and maintenance of the > production Ceph cluster using SaltStack. This involves pre-configuring the > hosts using Salt High States, including installation of packages, firewall > configuration, etc etc, and the distribution of ssh keys (root user) and > configuring openssh on each host. > > Whilst I can see the public ssh key in authotrized_keys on all the nodes, > I cannot seem to find to find the private key on the initial admin host > (the first node). It is not in /root/.ssh and the only file there is the > authorized_keys file. Where does cephadm bootstrap store the private key? > > Also, if we already have ssh keys set up on all the hosts and we use the > -skip-ssh option in the cephadm bootstrap command, will using a spec file > with the --apply-spec option work to add additional hosts and all the > services we need. > > Thanks in advance for any help/advice on this. > > Anestis Kozakis > Systems Administrator - Multi-Level Security Solutions > > P: + 61 2 6122 0205 > M: +61 4 88 376 339 > anestis.kozakis@xxxxxxxxxxxxxxx<mailto:anestis.kozakis@xxxxxxxxxxxxxxx> > > Raytheon Australia > Cybersecurity and Information Assurance > 4 Brindabella Cct > Brindabella Business Park > Canberra Airport, ACT 2609 > > www.raytheonaustralia.com.au<http://www.raytheonaustralia.com.au/> > LinkedIn<https://au.linkedin.com/company/raytheon-australia> | Twitter< > https://twitter.com/RaytheonAU> | Facebook< > https://www.facebook.com/RaytheonAustralia> | Instagram< > https://www.instagram.com/raytheonaustralia/> > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |