From ca63fee82d0c69ff5643d2c191b706c5fc02d399 Mon Sep 17 00:00:00 2001 From: Adam King Date: Sat, 3 Jun 2023 15:42:19 -0400 Subject: [PATCH] doc/cephadm: document setting up CA signed keys in running cluster Signed-off-by: Adam King (cherry picked from commit 2c837ea9cff44d6199ef68c03307e7ff3104adcf) --- doc/cephadm/host-management.rst | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/doc/cephadm/host-management.rst b/doc/cephadm/host-management.rst index 3f12ec1ce6b..6a2aa3b52a1 100644 --- a/doc/cephadm/host-management.rst +++ b/doc/cephadm/host-management.rst @@ -505,7 +505,23 @@ There are two ways to customize this configuration for your environment: manually distributed to the mgr data directory (``/var/lib/ceph//mgr.`` on the host, visible at ``/var/lib/ceph/mgr/ceph-`` from inside the container). - + +Setting up CA signed keys for the cluster +----------------------------------------- + +Cephadm also supports using CA signed keys for SSH authentication +across cluster nodes. In this setup, instead of needing a private +key and public key, we instead need a private key and certificate +created by signing that private key with a CA key. For more info +on setting up nodes for authentication using a CA signed key, see +:ref:`cephadm-bootstrap-ca-signed-keys`. Once you have your private +key and signed cert, they can be set up for cephadm to use by running: + +.. prompt:: bash # + + ceph config-key set mgr/cephadm/ssh_identity_key -i + ceph config-key set mgr/cephadm/ssh_identity_cert -i + .. _cephadm-fqdn: Fully qualified domain names vs bare host names -- 2.39.5