| [--initial-dashboard-user INITIAL_DASHBOARD_USER]
| [--initial-dashboard-password INITIAL_DASHBOARD_PASSWORD]
| [--dashboard-key DASHBOARD_KEY]
-| [--dashboard-crt DASHBOARD_CRT] [--skip-mon-network]
+| [--dashboard-crt DASHBOARD_CRT]
+| [--ssh-private-key SSH_PRIVATE_KEY]
+| [--ssh-public-key SSH_PUBLIC_KEY] [--skip-mon-network]
| [--skip-dashboard] [--dashboard-password-noupdate]
| [--no-minimize-config] [--skip-ping-check]
| [--skip-pull] [--skip-firewalld] [--allow-overwrite]
* [--initial-dashboard-password INITIAL_DASHBOARD_PASSWORD] Initial password for the initial dashboard user
* [--dashboard-key DASHBOARD_KEY] Dashboard key
* [--dashboard-crt DASHBOARD_CRT] Dashboard certificate
+* [--ssh-private-key SSH_PRIVATE_KEY] SSH private key
+* [--ssh-public-key SSH_PUBLIC_KEY] SSH public key
* [--skip-mon-network] set mon public_network based on bootstrap mon ip
* [--skip-dashboard] do not enable the Ceph Dashboard
* [--dashboard-password-noupdate] stop forced dashboard password change
logger.info('Setting orchestrator backend to cephadm...')
cli(['orch', 'set', 'backend', 'cephadm'])
- logger.info('Generating ssh key...')
- cli(['cephadm', 'generate-key'])
- ssh_pub = cli(['cephadm', 'get-pub-key'])
-
- with open(args.output_pub_ssh_key, 'w') as f:
- f.write(ssh_pub)
- logger.info('Wrote public SSH key to to %s' % args.output_pub_ssh_key)
-
- logger.info('Adding key to root@localhost\'s authorized_keys...')
- if not os.path.exists('/root/.ssh'):
- os.mkdir('/root/.ssh', 0o700)
- auth_keys_file = '/root/.ssh/authorized_keys'
- add_newline = False
- if os.path.exists(auth_keys_file):
- with open(auth_keys_file, 'r') as f:
- f.seek(0, os.SEEK_END)
- if f.tell() > 0:
- f.seek(f.tell()-1, os.SEEK_SET) # go to last char
- if f.read() != '\n':
- add_newline = True
- with open(auth_keys_file, 'a') as f:
- os.fchmod(f.fileno(), 0o600) # just in case we created it
- if add_newline:
- f.write('\n')
- f.write(ssh_pub.strip() + '\n')
+ if args.ssh_private_key and args.ssh_public_key:
+ logger.info('Using provided ssh keys...')
+ mounts = {
+ pathify(args.ssh_private_key.name): '/tmp/cephadm-ssh-key:z',
+ pathify(args.ssh_public_key.name): '/tmp/cephadm-ssh-key.pub:z'
+ }
+ cli(['cephadm', 'set-priv-key', '-i', '/tmp/cephadm-ssh-key'], extra_mounts=mounts)
+ cli(['cephadm', 'set-pub-key', '-i', '/tmp/cephadm-ssh-key.pub'], extra_mounts=mounts)
+ else:
+ logger.info('Generating ssh key...')
+ cli(['cephadm', 'generate-key'])
+ ssh_pub = cli(['cephadm', 'get-pub-key'])
+
+ with open(args.output_pub_ssh_key, 'w') as f:
+ f.write(ssh_pub)
+ logger.info('Wrote public SSH key to to %s' % args.output_pub_ssh_key)
+
+ logger.info('Adding key to root@localhost\'s authorized_keys...')
+ if not os.path.exists('/root/.ssh'):
+ os.mkdir('/root/.ssh', 0o700)
+ auth_keys_file = '/root/.ssh/authorized_keys'
+ add_newline = False
+ if os.path.exists(auth_keys_file):
+ with open(auth_keys_file, 'r') as f:
+ f.seek(0, os.SEEK_END)
+ if f.tell() > 0:
+ f.seek(f.tell()-1, os.SEEK_SET) # go to last char
+ if f.read() != '\n':
+ add_newline = True
+ with open(auth_keys_file, 'a') as f:
+ os.fchmod(f.fileno(), 0o600) # just in case we created it
+ if add_newline:
+ f.write('\n')
+ f.write(ssh_pub.strip() + '\n')
host = get_hostname()
logger.info('Adding host %s...' % host)
'--dashboard-crt',
help='Dashboard certificate')
+ parser_bootstrap.add_argument(
+ '--ssh-private-key',
+ type=argparse.FileType('r'),
+ help='SSH private key')
+ parser_bootstrap.add_argument(
+ '--ssh-public-key',
+ type=argparse.FileType('r'),
+ help='SSH public key')
+
parser_bootstrap.add_argument(
'--skip-mon-network',
action='store_true',
self._reconfig_ssh()
return 0, '', ''
+ @orchestrator._cli_write_command(
+ 'cephadm set-priv-key',
+ desc='Set cluster SSH private key (use -i <private_key>)')
+ def _set_priv_key(self, inbuf=None):
+ if inbuf is None or len(inbuf) == 0:
+ return -errno.EINVAL, "", "empty private ssh key provided"
+ self.set_store("ssh_identity_key", inbuf)
+ self.log.info('Set ssh private key')
+ self._reconfig_ssh()
+ return 0, "", ""
+
+ @orchestrator._cli_write_command(
+ 'cephadm set-pub-key',
+ desc='Set cluster SSH public key (use -i <public_key>)')
+ def _set_pub_key(self, inbuf=None):
+ if inbuf is None or len(inbuf) == 0:
+ return -errno.EINVAL, "", "empty public ssh key provided"
+ self.set_store("ssh_identity_pub", inbuf)
+ self.log.info('Set ssh public key')
+ self._reconfig_ssh()
+ return 0, "", ""
+
@orchestrator._cli_write_command(
'cephadm clear-key',
desc='Clear cluster SSH key')
projects / ceph.git / commitdiff