gatherkeys¶
The gatherkeys
subcommand provides an interface to get with a cluster’s
cephx bootstrap keys.
keyrings¶
The gatherkeys
subcommand retrieves the following keyrings.
ceph.mon.keyring¶
This keyring is used by all mon nodes to communicate with other mon nodes.
ceph.client.admin.keyring¶
This keyring is ceph client commands by default to administer the ceph cluster.
ceph.bootstrap-osd.keyring¶
This keyring is used to generate cephx keyrings for OSD instances.
ceph.bootstrap-mds.keyring¶
This keyring is used to generate cephx keyrings for MDS instances.
ceph.bootstrap-rgw.keyring¶
This keyring is used to generate cephx keyrings for RGW instances.
Example¶
The gatherkeys
subcommand contacts the mon and creates or retrieves existing
keyrings from the mon internal store. To run:
ceph-deploy gatherkeys MON [MON..]
You can optionally add as many mon nodes to the command line as desired. The
gatherkeys
subcommand will succeed on the first mon to respond successfully
with all the keyrings.
Backing up of old keyrings¶
If old keyrings exist in the current working directory that do not match the retrieved keyrings these old keyrings will be renamed with a time stamp extention so you will not loose valuable keyrings.
Note
Before version v1.5.33 ceph-deploy relied upon ceph-create-keys
and did not backup existing keys. Using ceph-create-keys
produced
a side effect of deploying all bootstrap keys on the mon node so
making all mon nodes admin nodes.