Add OSD secret when using encrypted data bags

ceph / ceph-cookbook

Chef cookbooks for Ceph

Apache License 2.0

100 stars 107 forks source link

Add OSD secret when using encrypted data bags #201

Closed scarvalhojr closed 9 years ago

scarvalhojr commented 9 years ago

When encrypted_data_bags is enabled, it is necessary to inject the OSD secret into the monitor keyring used to create the cluster. If that isn't done, by the time the OSD recipe tries to use the OSD secret as client.bootstrap-osd, Ceph will have generated a random key (and it won't match the key from the encrypted data bag).

mick-m commented 9 years ago

plus 1

guilhem commented 9 years ago

I'm obviously :+1: for keyring ;) For the other part... I follow your advice @hufman

hufman commented 9 years ago

That looks great. Perhaps, can you make another one for the bootstrap_mds?