[Bug 1563330] Re: Please do not enable the service ceph-create-keys by default

Dr. Jens Rosenboom j.rosenboom at x-ion.de
Thu Apr 7 06:29:18 UTC 2016 

Sorry, but this is not fixed for me, maybe I wasn't expressing clearly
enough my intentions:

root at controller-node13:~# systemctl status ceph-create-keys
* ceph-create-keys.service - Create Ceph client.admin key when possible
   Loaded: loaded (/lib/systemd/system/ceph-create-keys.service; static; vendor preset: enabled)
   Active: inactive (dead)
root at controller-node13:~# systemctl status ceph-mon        
* ceph-mon.service - Ceph cluster monitor daemon
   Loaded: loaded (/lib/systemd/system/ceph-mon.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:ceph-mon
root at controller-node13:~# systemctl start ceph-mon
root at controller-node13:~# systemctl status ceph-mon                                                                                     
* ceph-mon.service - Ceph cluster monitor daemon
   Loaded: loaded (/lib/systemd/system/ceph-mon.service; disabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Thu 2016-04-07 06:25:40 UTC; 968ms ago
     Docs: man:ceph-mon
  Process: 11068 ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %H --setuser ceph --setgroup ceph (code=exited, status=1/FAILU
 Main PID: 11068 (code=exited, status=1/FAILURE)

Apr 07 06:25:40 controller-node13 systemd[1]: ceph-mon.service: Unit entered failed state.
Apr 07 06:25:40 controller-node13 systemd[1]: ceph-mon.service: Failed with result 'exit-code'.
root at controller-node13:~# systemctl status ceph-create-keys                                                                             
* ceph-create-keys.service - Create Ceph client.admin key when possible
   Loaded: loaded (/lib/systemd/system/ceph-create-keys.service; static; vendor preset: enabled)
   Active: active (running) since Thu 2016-04-07 06:25:40 UTC; 4s ago
 Main PID: 11066 (ceph-create-key)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/ceph-create-keys.service
           `-11066 /usr/bin/python /usr/sbin/ceph-create-keys --cluster ceph --id controller-node13

Apr 07 06:25:40 controller-node13 ceph-create-keys[11066]: admin_socket: exception getting command descriptions: [Errno 2] No such file 
Apr 07 06:25:40 controller-node13 ceph-create-keys[11066]: INFO:ceph-create-keys:ceph-mon admin socket not ready yet.
Apr 07 06:25:42 controller-node13 ceph-create-keys[11066]: admin_socket: exception getting command descriptions: [Errno 2] No such file 
Apr 07 06:25:42 controller-node13 ceph-create-keys[11066]: INFO:ceph-create-keys:ceph-mon admin socket not ready yet.
Apr 07 06:25:43 controller-node13 ceph-create-keys[11066]: admin_socket: exception getting command descriptions: [Errno 2] No such file 
Apr 07 06:25:43 controller-node13 ceph-create-keys[11066]: INFO:ceph-create-keys:ceph-mon admin socket not ready yet.
Apr 07 06:25:44 controller-node13 ceph-create-keys[11066]: admin_socket: exception getting command descriptions: [Errno 2] No such file 
Apr 07 06:25:44 controller-node13 ceph-create-keys[11066]: INFO:ceph-create-keys:ceph-mon admin socket not ready yet.
Apr 07 06:25:45 controller-node13 ceph-create-keys[11066]: admin_socket: exception getting command descriptions: [Errno 2] No such file 
Apr 07 06:25:45 controller-node13 ceph-create-keys[11066]: INFO:ceph-create-keys:ceph-mon admin socket not ready yet.
root at controller-node13:~# 

So whenever I start ceph-mon, it will trigger the start of ceph-create-
keys and that will cause the creation of keys that are not wanted in an
automated deployment. So the proper solution would be to remove this
dependency and only run ceph-create-keys when explicitly called for by
the admin.

** Changed in: ceph (Ubuntu)
       Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph in Ubuntu.
https://bugs.launchpad.net/bugs/1563330

Title:
  Please do not enable the service ceph-create-keys by default

Status in ceph package in Ubuntu:
  Confirmed

Bug description:
  This may be useful for an unexperienced user trying to run ceph on a
  small setup, but for an automated deployment of a ceph cluster, it is
  pretty annoying that there may be daemons trying to create credentials
  that will allow access to the whole cluster if only the new machine
  gets compromised.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1563330/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list