Re: Help with cephadm bootstrap and ssh private key location

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>
> So, use Salt to copy the keys from pillar (GPG encrypted) to an accessible
> location, then, when running the Ceph Salt State to set up and configure
> Ceph, use the --ssh-public-key and ssh-private-key options to point to the
> location of the key files.


Sounds about right. As long as bootstrap receives the keyring from those
parameters, that's what cephadm will use to connect to the other nodes you
add to the cluster.

On Sun, Sep 22, 2024 at 7:00 PM Kozakis, Anestis <
Anestis.Kozakis@xxxxxxxxxxxxxxx> wrote:

> Hi Adam,
>
> Thanks for that.  I had a suspicion it stored it in the cluster, but
> wasn't sure where or how to access it.  Thank you.
>
> So, use Salt to copy the keys from pillar (GPG encrypted) to an accessible
> location, then, when running the Ceph Salt State to set up and configure
> Ceph, use the --ssh-public-key and ssh-private-key options to point to the
> location of the key files.
>
> Anestis Kozakis
> Systems Administrator  - Multi-Level Security Solutions
>
> P: + 61 2 6122 0205
> M: +61 4 88 376 339
> anestis.kozakis@xxxxxxxxxxxxxxx
>
> Raytheon Australia
> Cybersecurity and Information Assurance
> 4 Brindabella Cct
> Brindabella Business Park
> Canberra Airport, ACT 2609
>
> www.raytheonaustralia.com.au
> LinkedIn | Twitter | Facebook | Instagram
>
> -----Original Message-----
> From: Adam King <adking@xxxxxxxxxx>
> Sent: Monday, September 23, 2024 8:36 AM
> To: Kozakis, Anestis <Anestis.Kozakis@xxxxxxxxxxxxxxx>
> Cc: ceph-users <ceph-users@xxxxxxx>
> Subject: [External]  Re: Help with cephadm bootstrap and ssh
> private key location
>
> Cephadm stored the key internally within the cluster and it can be grabbed
> with `ceph config-key get mgr/cephadm/ssh_identity_key`. As for if you
> already have keys setup, I'd recommend passing filepaths to those keys to
> the `--ssh-private-key` and `--ssh-public-key` flags the bootstrap command
> has and not passing `--skip-ssh`. If the private and public key are passed,
> cephadm will use them and not generate a new one during bootstrap. Passing
> `--skip-ssh` would cause it to not set up those keys internally for use
> when connecting to nodes and you'd have to do so manually afterwards.
>
> On Sun, Sep 22, 2024 at 6:17 PM Kozakis, Anestis <
> Anestis.Kozakis@xxxxxxxxxxxxxxx> wrote:
>
> > Hi All,
> >
> > Very new to Ceph and hoping someone can help me out.
> >
> > We are implementing Ceph in our team's environment, and I have been
> > able to manually set up a test cluster using cephadm bootstrap and
> > answering all the prompts.
> >
> > What we want to do is to automate the setup and maintenance of the
> > production Ceph cluster using SaltStack.  This involves
> > pre-configuring the hosts using Salt High States, including
> > installation of packages, firewall configuration, etc etc, and the
> > distribution of ssh keys (root user) and configuring openssh on each
> host.
> >
> > Whilst I can see the public ssh key in authotrized_keys on all the
> > nodes, I cannot seem to find to find the private key on the initial
> > admin host (the first node).  It is not in /root/.ssh and the only
> > file there is the authorized_keys file.  Where does cephadm bootstrap
> store the private key?
> >
> > Also, if we already have ssh keys set up on all the hosts and we use
> > the -skip-ssh option in the cephadm bootstrap command, will using a
> > spec file with the --apply-spec option work to add additional hosts
> > and all the services we need.
> >
> > Thanks in advance for any help/advice on this.
> >
> > Anestis Kozakis
> > Systems Administrator  - Multi-Level Security Solutions
> >
> > P: + 61 2 6122 0205
> > M: +61 4 88 376 339
> > anestis.kozakis@xxxxxxxxxxxxxxx<mailto:anestis.kozakis@xxxxxxxxxxxxxxx
> > >
> >
> > Raytheon Australia
> > Cybersecurity and Information Assurance
> > 4 Brindabella Cct
> > Brindabella Business Park
> > Canberra Airport, ACT 2609
> >
> > www.raytheonaustralia.com.au<http://www.raytheonaustralia.com.au/>
> > LinkedIn<https://au.linkedin.com/company/raytheon-australia> |
> > Twitter< https://twitter.com/RaytheonAU> | Facebook<
> > https://www.facebook.com/RaytheonAustralia> | Instagram<
> > https://www.instagram.com/raytheonaustralia/>
> >
> > _______________________________________________
> > ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an
> > email to ceph-users-leave@xxxxxxx
> >
> >
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an
> email to ceph-users-leave@xxxxxxx
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux