Bug #53762
openProblem with cephfs-mirror and cephadm / ceph orch
0%
Description
After setting up cephfs mirroring and <tt>ceph orch apply cephfs-mirror</tt>, the mirroring daemon complains
2022-01-04T09:34:16.148+0000 7f39db6ac700 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.NAME.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
There is no (documented) way that I found to hand in the keyring to the cephfs-mirror daemon when running inside of Docker. The only way appears to be to use a custom container service (https://docs.ceph.com/en/latest/cephadm/services/custom-container/) and there is no guidance how to fill that out for the cephfs-mirror.
Updated by Venky Shankar over 2 years ago
Hey Manuel,
Did you bootstrap the remote peer using the "bootstrap create" and "bootstrap import" commands? The remote peer' user and key should get stored in monitor config store.
Also, note that, bootstrapping a peer is the recommended way to add a peer.
Updated by Manuel Holtgrewe over 2 years ago
Hello. Yes, I can confirm that I used this bootstrapping.
Updated by Sebastian Wagner over 2 years ago
- Project changed from Ceph to Orchestrator
Updated by Sebastian Wagner over 2 years ago
you really should not try to deploy physical keys within the containers. The only sane way is to have those keys accessible directly via the MONs (config, config-key etc)
Updated by Manuel Holtgrewe almost 2 years ago
Sebastian Wagner wrote:
you really should not try to deploy physical keys within the containers. The only sane way is to have those keys accessible directly via the MONs (config, config-key etc)
I agree. But what options do I have when using cephadm? I was unable to make it work by the manual.
Updated by Redouane Kachach Elhichou almost 2 years ago
This new functionality may help (once merged) to add any custom file to your container: https://github.com/ceph/ceph/pull/46883