Hi Adam,

Thanks for that.  I had a suspicion it stored it in the cluster, but wasn't 
sure where or how to access it.  Thank you.

So, use Salt to copy the keys from pillar (GPG encrypted) to an accessible 
location, then, when running the Ceph Salt State to set up and configure Ceph, 
use the --ssh-public-key and ssh-private-key options to point to the location 
of the key files.

Anestis Kozakis
Systems Administrator  - Multi-Level Security Solutions

P: + 61 2 6122 0205
M: +61 4 88 376 339

Raytheon Australia
Cybersecurity and Information Assurance
4 Brindabella Cct
Brindabella Business Park
Canberra Airport, ACT 2609 

LinkedIn | Twitter | Facebook | Instagram

-----Original Message-----
From: Adam King <adk...@redhat.com> 
Sent: Monday, September 23, 2024 8:36 AM
To: Kozakis, Anestis <anestis.koza...@raytheon.com.au>
Cc: ceph-users <ceph-users@ceph.io>
Subject: [External] [ceph-users] Re: Help with cephadm bootstrap and ssh 
private key location

Cephadm stored the key internally within the cluster and it can be grabbed with 
`ceph config-key get mgr/cephadm/ssh_identity_key`. As for if you already have 
keys setup, I'd recommend passing filepaths to those keys to the 
`--ssh-private-key` and `--ssh-public-key` flags the bootstrap command has and 
not passing `--skip-ssh`. If the private and public key are passed, cephadm 
will use them and not generate a new one during bootstrap. Passing `--skip-ssh` 
would cause it to not set up those keys internally for use when connecting to 
nodes and you'd have to do so manually afterwards.

On Sun, Sep 22, 2024 at 6:17 PM Kozakis, Anestis < 
anestis.koza...@raytheon.com.au> wrote:

> Hi All,
> Very new to Ceph and hoping someone can help me out.
> We are implementing Ceph in our team's environment, and I have been 
> able to manually set up a test cluster using cephadm bootstrap and 
> answering all the prompts.
> What we want to do is to automate the setup and maintenance of the 
> production Ceph cluster using SaltStack.  This involves 
> pre-configuring the hosts using Salt High States, including 
> installation of packages, firewall configuration, etc etc, and the 
> distribution of ssh keys (root user) and configuring openssh on each host.
> Whilst I can see the public ssh key in authotrized_keys on all the 
> nodes, I cannot seem to find to find the private key on the initial 
> admin host (the first node).  It is not in /root/.ssh and the only 
> file there is the authorized_keys file.  Where does cephadm bootstrap store 
> the private key?
> Also, if we already have ssh keys set up on all the hosts and we use 
> the -skip-ssh option in the cephadm bootstrap command, will using a 
> spec file with the --apply-spec option work to add additional hosts 
> and all the services we need.
> Thanks in advance for any help/advice on this.
> Anestis Kozakis
> Systems Administrator  - Multi-Level Security Solutions
> P: + 61 2 6122 0205
> M: +61 4 88 376 339
> anestis.koza...@raytheon.com.au<mailto:anestis.koza...@raytheon.com.au
> >
> Raytheon Australia
> Cybersecurity and Information Assurance
> 4 Brindabella Cct
> Brindabella Business Park
> Canberra Airport, ACT 2609
> www.raytheonaustralia.com.au<http://www.raytheonaustralia.com.au/>
> LinkedIn<https://au.linkedin.com/company/raytheon-australia> | 
> Twitter< https://twitter.com/RaytheonAU> | Facebook< 
> https://www.facebook.com/RaytheonAustralia> | Instagram< 
> https://www.instagram.com/raytheonaustralia/>
> _______________________________________________
> ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an 
> email to ceph-users-le...@ceph.io
ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to 
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io

Reply via email to