Documentation #58449
openDocument cephadm set-priv-key command
0%
Description
I inadvertently ran, note the missing '-i' for the first command.
ceph config-key set mgr/cephadm/ssh_identity_key /root/.ssh/id_rsa
ceph config-key set mgr/cephadm/ssh_identity_pub -i /root/.ssh/id_rsa.pub
The result was an error when adding hosts
[ceph: root@kb-1 ~]# ceph orch host add kb-2
Error EINVAL: Failed to connect to kb-2 (kb-2): KeyImportError('Invalid private key',)
Log:
[ceph: root@kb-1 ~]#
It might be helpful to see if the key looks like something that is a path, or perhaps use the private key to sign something and attempt to validate it with the public key, if it fails, then print a warning about the keys not matching as a health warning.
Updated by Adam King about 1 year ago
- Tracker changed from Bug to Documentation
- Subject changed from Add validation or checking of pub/priv ssh keys to Document cephadm set-priv-key command
- Assignee set to Adam King
We actually have validation built in if the key is set using the "ceph cephadm set-priv-key" command rather than directly setting the config-key option (which we can't control really). I think we just need to better document the set-priv-key command. There's nothing else we can do to stop users from setting certain values in the config-key store I think.
Updated by Adam King about 1 year ago
Turns out set-priv-key and set-pub-key are actually broken and probably have been since we moved to asyncssh. Going to also need to fix them up, and will address this documentation as part of that.