<div><div dir="auto">Hi Jason,</div></div><div dir="auto"><br></div><div dir="auto">I don’t think it should be instead, we could support both modes - happy to help in reviewing/co-authoring.</div><div dir="auto"><br></div><div dir="auto">Best regards,</div><div dir="auto">Michal</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 19 Feb 2020 at 18:23, Jason Anderson <<a href="mailto:jasonanderson@uchicago.edu">jasonanderson@uchicago.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
Hi all,<br>
<br>
My understanding is that KA has dropped support for provisioning Ceph directly, and now requires an external Ceph cluster (side note: we should update the docs[1], which state it is only "sometimes necessary" to use an external cluster--I will try to submit
something today).<br>
<br>
I think this works well, but the handling of keyrings cuts a bit against the grain of KA. The keyring files must be dropped in to the node_custom_config directory. This means that operators who prefer to keep their KA configuration in source control must have
some mechanism for securing that, as it is unencrypted. What does everybody think about storing Ceph keyring secrets in passwords.yml instead, similar to how SSH keys are handled?<br>
<br>
Thanks,<br>
/Jason<br>
<br>
[1]: <a href="https://docs.openstack.org/kolla-ansible/latest/reference/storage/external-ceph-guide.html" target="_blank">
https://docs.openstack.org/kolla-ansible/latest/reference/storage/external-ceph-guide.html</a></div><div><br>
<br>
<div>-- <br>
Jason Anderson<br>
<br>
Chameleon DevOps Lead<br>
<b>Consortium for Advanced Science and Engineering, The University of Chicago</b><br>
<b>Mathematics & Computer Science Division, Argonne National Laboratory</b></div>
</div>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Michał Nasiadka<br><a href="mailto:mnasiadka@gmail.com" target="_blank">mnasiadka@gmail.com</a></div>