ceph-salt
ceph-salt copied to clipboard
What if humans want to use the "cephadm" user to administer their Ceph cluster?
At present, we know that:
- mgr/cephadm (the "cephadm orchestrator"), running on a MGR node, uses SSH to run commands on other cluster nodes managed by it
- ceph-salt is now configuring mgr/cephadm to SSH to other nodes as the user
cephadm
- the user
cephadm
can usesudo
to run certain commands asroot
It occurred to me that human administrators might not want to be logged in as root
while administering their Ceph clusters. Such administrators might welcome the possiblity of using a non-root user for their day-to-day cluster admin work.
Therefore, I opened this issue to discuss whether it would make sense for ceph-salt (or, perhaps, cephadm itself) to set the ownership/permissions of the admin keyring file so that the file becomes readable by the user cephadm
?