On February 5, 2024 12:57 pm, Max Carrara wrote: > On 1/31/24 14:17, Fabian Grünbichler wrote: >> we have another helper for creating a keyring (and another inline call >> to ceph-authtool when creating a monitor), should we unify them? > > In this case it's better not to, in my opinion - the function for `ceph-crash` > specifically uses `ceph auth get-or-create` as that's quite a bit easier to > use > in this scenario, as the key will automatically be generated if it doesn't > exist. > This does require a connection to RADOS, but that will exist once the first > mon is > set up anyway. > > Otherwise we'd have to use `ceph-authtool` and then also import the key to > cephx > if it doesn't exist already, like we do in other places. > > Ultimately it ends up achieving the same, but the former just seemed more > straightforward IMO. > > I did however notice that there are several `run_command` calls to > `ceph-authtool` > floating around that could maaaybe benefit from a helper function, but I would > rather implement that in a different patch series, as that's not really > relevant > for this one.
saw this too late, disregard that comment in my review of v2 ;) it might still make sense to have a common helper - after all, we could also create the mon keys via `ceph auth get-or-create` after the first one.. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
