[pve-devel] [PATCH pve-manager 5/8] fix #4759: ceph: configure keyring for ceph-crash.service
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Feb 12 14:41:23 CET 2024
On February 5, 2024 12:57 pm, Max Carrara wrote:
> On 1/31/24 14:17, Fabian Grünbichler wrote:
>> we have another helper for creating a keyring (and another inline call
>> to ceph-authtool when creating a monitor), should we unify them?
>
> In this case it's better not to, in my opinion - the function for `ceph-crash`
> specifically uses `ceph auth get-or-create` as that's quite a bit easier to use
> in this scenario, as the key will automatically be generated if it doesn't exist.
> This does require a connection to RADOS, but that will exist once the first mon is
> set up anyway.
>
> Otherwise we'd have to use `ceph-authtool` and then also import the key to cephx
> if it doesn't exist already, like we do in other places.
>
> Ultimately it ends up achieving the same, but the former just seemed more
> straightforward IMO.
>
> I did however notice that there are several `run_command` calls to `ceph-authtool`
> floating around that could maaaybe benefit from a helper function, but I would
> rather implement that in a different patch series, as that's not really relevant
> for this one.
saw this too late, disregard that comment in my review of v2 ;) it might
still make sense to have a common helper - after all, we could also
create the mon keys via `ceph auth get-or-create` after the first one..
More information about the pve-devel
mailing list