►
From YouTube: Ceph Orchestrator 2022-07-26
Description
Join us weekly for the Ceph Orchestrator meeting: https://ceph.io/en/community/meetups
Ceph website: https://ceph.io
Ceph blog: https://ceph.io/en/news/blog/
Contribute to Ceph: https://ceph.io/en/developers/contribute/
What is Ceph: https://ceph.io/en/discover/
A
All
right
yeah,
if
there's
nothing
majors,
I
guess
we
could
just
talk
a
little
bit
about
things
we
have
in
here,
so
the
first
one
I
had
in
here
was
so
we
have
this.
The
underscore
admin
label
a
special
one
that
puts
the
def.conf
and
the
admin
key
ring
on
all
the
hosts.
A
A
You
see
that
there
is
a
tracker.
Somebody
is
having
an
issue
with
it
in
one
of
the
tests
they're
using
I'm
pretty
sure
it's
staying
constant.
I
didn't
actually
go
verify,
but
I'm
pretty
sure
the
reason
that
they're
finding
the
admin
key
ring
has
gone
in
there.
Their
test
is
that
that
house
does
not
have
an
admin
legal
and
we're
probably
removing
it
from
them
so
sort
of
like
I
don't
know,
I
don't
remember
exactly
what
was
the
one
when
we
first
implemented
this
much.
A
I
think
the
idea
was
that
if
you
don't
want
to
be
an
admin
label
anymore,
it
will
just
remove
it
for
you,
so
that
sort
of
makes
it
not
an
admin
host
and
it
sort
of
works
conceptually
like
oh,
the
admin
hosts
have
the
key
rings
and
stuff
and
the
other
ones.
You
know
those
ones,
maybe
they're
less
secure
or
something
so
we'll
get
rid
of
them.
A
At
the
same
time,
you
cause
problems
like
this,
where
maybe
you
know
it's
getting
removed?
If
someone
just
didn't
have
the
label
on,
but
they
still
wanted
it
there
and
we
are
doing
it
too
much.
B
A
Does
that
I'm
pretty
sure,
I
think
it
is
just
deploys
the
ceph.conf
and
the
that
keyring
into.
A
I
I
didn't
look
and
sensitive
to
that.
The
tracker
I
probably
should
have
I
I
was
guessing-
is
that
it
maybe
it
was
some
kind
of
some
kind
of
upgrade
test,
because
I
know
when
upgrade
the
label
isn't
automatically
added
to
any
of
the
hosts
say
if
you
bootstrap
on
an
older
version
and
then
you
upgrade
and
none
of
the
host
will
have
the
label
okay,
that
they
got
fixed.
I
think.
B
Yeah,
okay,
I
would
agree
like
if
my
thinking
is,
if
the
label
is
the
thing
that
caused
the
key
ring
to
appear,
it
should
in
fact
remove
it.
But
if,
like
you
said
earlier,
if
it's
removing
some
other
artifact
that
got
put
there
by
a
different
process,
then
yeah,
maybe
that
that's
probably
the
distinction
we
need
to
make.
B
B
B
A
A
But
I
don't
know
so
like
I
guess
the
situation
I'm
thinking
of
with,
like
the
removing
it
stuff
is
if
we
take
the
label
away
and
then
you
think
well
at
that
point
we
know
as
we're
removing
the
label.
That,
like
is
probably
us
who
wrote
it
there
but
like
if
say
somebody
like
immediately
after
writes
a
new
copy
of
it
like
a
different
one.
A
B
A
B
B
A
Yeah,
because
we
would
at
least
then
know
that
this
is
the
exact
version
that
we
deployed,
which
is
what
we
wanted
at
least.
A
Yeah
that
could
be
where
this
probably,
I
guess,
if
you're
going
to
try
to
detect
like
oh,
this
is
the
version
of
the
file
that
we
put
there
or
not,
and
oh
wow.
That's
probably
how
you'd
have
to
do
it,
I'm
not
sure
I'm
thinking
with
the
admin
key
ring.
I
would
think
we
could
do
the
same
thing,
although
that
really
shouldn't
change
that
much
always
be
the
same,
but
we
can't
really
write
in,
like
I
don't
think
we're
allowed
to
just
write
in
like
a
created
bicep
for
the
input
file.
It.
A
Format,
but
we
could
still
say
we
have
a
hash
of
it
and
then
you
know
we
would
as
well
only
if
it
matches
the
hashtags.
You
could
generate
another
one
on
your
own.
Put
it
there.
If
you
really
wanted
to.
A
A
B
A
Needed
but
I
thought
as
they
I
assumed
they'd,
probably
like
written
it
there
themselves
or
something
because,
like
maybe
it
was
if
they
were
the
sets
before
they
admin,
they
bless
us
or
something,
and
then
you
know
we
just
removed
it
or
something,
but
I
feel,
like
that's,
been
the
behavior
for
a
while.
I
don't
know
why
this
tracker
pump
up
now,
but
I
guess
I'll
just
look
closer
at
what's
going
on
there,
but
I
think
in
general
it
would
be
nice
to
still
be
able
to
remove
them.
A
B
Yeah,
at
least
what
I
like
again
thinking
about
it
more
like
if
the
canonical
file
that
tells
us
whether
we're
in
control
where
we,
when
meaning
orchestration
is,
is
the
file
with
the
hash
in
it.
The
file
of
the
hash
in
it
just
tells
you
that
it's
not
been
tinkered
with
by
someone
else.
I
still
think
it's
okay
to
say:
if
that
file
exists,
we
can
still
manipulate
the
contents,
but
it's
it's
the
I
don't
know
what
the
name
of
it
again.
B
I
you
know,
let's
say
you
know,
managed
you
know
key
ring
managed
by
orchestration.
json
or
something.
If
that
file
is
there.
It
means
that
the
system
has
been
opted
into
having
the
key
ring
managed
by
cepheum.
A
Okay,
so
we
have
like
some
files
and
maybe
we'll
have
like
the
yes,
we'll
say
that
we're
doing
it
then
we'll
have
maybe
we'll
have
the
hashes
of
the
file
or
something
as
well
right
yeah,
and
then
we
could
at
least
make
sure
they
haven't
edited
them.
Although
I
guess,
if
they
have
edited
them
and
we
saw
the
label
on,
we
still
want
to
write
them
again
and
probably
redo
the
hash
right.
A
B
Yeah,
it
might
be
worth
writing
this
one
up
on
an
etherpad,
page
or
doc,
or
something.
A
A
B
B
B
A
I
would
think
that
if
you
already
have
the
label
on,
can
we
just
make
our
own
hash
file
at
that
point
and
just
say:
well,
you
have
the
label
so
yeah.
I
feel
like
this.
I
feel
like
the
sort
of
the
behavior
when
the
label
is
on
shouldn't
change
at
all,
like
we
still
want
to
overwrite
the
file
always
and
like
manage
it.
Do
we
say
we
do
it's
really
just
that
we
file
the
label
is
not
there.
It's.
I
think
it's
when
we
want
to
be
careful
with
removing
something.
B
New
version
y
would
say:
I'm
going
to
clobber
whatever
you
have
there
and
I'm
going
to
put
down
the
metadata
file
yeah
and
then,
if
you
delete
the
label
and
the
file
is
there,
it
will
remove
the
file
and
the
metadata
file.
B
B
A
A
B
Yeah
you've
done
because
it
might
be
like
an
auditing
thing.
You
might
say.
Okay,
these
three
hosts
out
of
my
cluster
are
things
that
you
can
log
into
to
use.
But
if
we
see
you,
people
logging
into
the
other
ones
we're
gonna
like
have
to
like
take
action,
you
know,
it'll
be
in
our
alerts,
and
people
will
be
like
you
know,
is
someone
misbehaving,
blah
blah.
A
I'm
assuming
you
can't
even
find
anything,
because
if
you
don't
have
that
the
sefcon
anyone
find
the
monitor,
addresses
or
any
of
that.
So
if
you
have
only
those
files
on
those
like
sort
of
protected
admin
hosts
and
all
the
other
hosts
shouldn't
be
able
to
do
too
much.
You
think
the
demons
on
the
host,
but
you
can't
do
much
yeah
yeah.
B
A
Yeah
I
mean,
I
guess
the
thing
is:
if
they
don't
want
it,
does
it
mean
by
having
it
not
remove
them
when
the
label
is
not,
there
is
good.
Is
that
if
that
means,
if
they
you
don't
want
it,
then
they
can
only
if
you
still
put
the
label
on
we'll,
never
touch
anything,
that's
kind
of
what's
happening.
It
seems
like
well,
we'll
touch
it.
If
you
have,
we
have
the
metadata
file
there
that
the
hash
matches.
A
A
A
A
B
A
If
there's
any
other
situation,
we
would
ever
do
that,
and
also
because
I
happen
to
have
been
messing
with
nfs
stuff.
They
have
nfs
stuff
with
the
failover
and
all
that-
and
I
think,
running
into
some
issue-
maybe
another
reason
not
to
be
removing
things
where
there
was
a
host
that
was
offline
and
the
server
loop
was
setting
issues
where
I
was
trying
to
remove
the
admin
keyring
from
the
offline
host,
and
it
was
not
working.
Obviously,
but
I
I
could
see
it
doing
that.
A
All
right,
that's
probably
good
for
that
topic.
That's
what
we're
going
to
do
going
forward
fashion
thing.
A
The
next
thing
I
had
on
here
was
about
that
keep
alive
the
nfs.
I
don't
think
anyone
from
the
openstack
team
has
had
a
chance
to
look
at
it.
I
said
I
did
an
interview.
I
had
to
kind
of
miss
that
you
reviewed
this.
A
A
B
B
Repetition
than
just
that,
like
even
the
other
block,
there's
like
every
single
section,
puts
calls
like
like
register
service
for
nfs,
like
it
always
does
that,
so
why
is
it
in
every
single
if
block
that
kind
of
thing.
A
B
So
by
just
looking
at
your
ether
pad,
if
you
want,
I
can
reply
right
in
the
ether
pad
too
my
gut
feeling
and
of
course
take
that
as
with
grain
of
salt,
is
keep
the
virtual
ip
flag
and
then
have
a
boolean
flag
like
keep
a
live
dash
only
to
tell
it
don't
deploy,
because
the
other
scenario
does
deploy
keep
alive.
It's
just.
It's
keep
alive
and
h.a
proxy
right.
A
B
B
Alternatively,
I'm
always
a
fan
of
like
a
mode
flag.
Whatever
you
want
to
call
it,
it
could
be,
you
know,
beam
or
mode
or
approach,
and
that
would
be
a
multi.
It
would
be
a
strict.
The
right
hand
side
would
be
like
using
the
terminology
of
our
parse.
It
would
be
choices.
You
can't
put
an
arbitrary
value
there,
but
you
could
do
dash
dash
mode
equals
h,
a
proxy
or
or
mode
equals
people
live.
B
Actually,
I
think
seth
works.
I
think,
there's
a
ceph
choices
thing
in
the
magic,
a
command
line
generally.
B
A
B
A
If
we
did,
we
began
because
I
know
I
was
thinking
before
the
enums.
I
know
that's
what
we
do
a
bunch
of
times
in
stephanie
or
the
orchestrator
module.
I
think
as
like
some
enum
classes,
and
you
have
to
give
me
something
that's
like
in
the
enum
list
or
it's
not
like
allowed,
and
then
we
just,
I
think,
we're
just
manually,
checking
it
against
the
enum
to
make
sure
it
like
makes
sense
and
like
raising
errors
on
our
own.
We
don't,
but
we
don't
use
it.
Built-Ins
have
choices.
B
Util.Py
stuff
and
how
it
tries
to
basically
go
from
the
function
signature
to
the
again.
I
don't
know
what
it's
called
that
we'll
call
it
sephargs
for
now
the
seth
args
expression
that
gets
turned
into
the
json
manager
command
magic,
json
thingy.
A
B
B
It
should
default
to
the
current
behavior,
which
would
be
whatever
it
is
proxy
and
keep
in
mind.
A
All
yeah
we
have
another
mode,
live
only
mode.
I
guess.
B
B
Right,
that's
what
I'm
saying
is
if
you
want
to
be
extra
cautious
and
to
like
double
check
that
people
aren't
accidentally
misusing
things,
and
that
would
definitely
be
just
in
the
manager
function.
You
know
you
just
do
a
double
check
and
I'm
not
saying
we
have
to
I'm
just
saying.
If
we
want
to
you.
A
A
A
A
Get
rid
of
the
keep
the
live
ip
flag
of
virtual
ip
at
this
ingress
mode,
flag,
figure
out
somehow
they're
important,
either
with
the
sf
choice.
If
you
can
or
an
email
list
otherwise,
and
then
you'll
need
to
keep
a
live
one,
I
just
keep
a
live
only
mode
and
we'll
name
for
the
other
one.
I
guess
as
well
yeah.
A
I
don't
know
we're
going
to
call
that
one
right,
but
well.
I
have
some
name
for
that,
one
as
well.
You.
A
B
B
B
Well,
nothing's
too
short.
The
question
is:
is
it
misleading
because
it's
the
only
is
the
other
mode
just
as
h
a
or
it's
like
it's
slightly
less
aj.
B
A
B
B
A
So
that's
and
there's
one
thing
I
was
going
to
write
down
here.
I
know.
A
B
A
B
Yeah,
I
mean
imagine
some
like
fancy
ip
tables
or
nf
tables
based
thing.
Where
you'd
you
could
actually
have
similar
behavior
to
the
aj
proxy
stuff
that
they
were
talking
about,
that
they
couldn't
use
for
whatever
reason
you're,
like
oh
as
a
third
mode.
A
A
B
New
one
yeah,
this
is,
if
you've
ever
never
heard
my
rant
about
booleans.
That
has
something
partly
to
do
with
this
kind
of
thing
is
like.
If
you
know
you're
only
ever
going
to
have
two
things:
a
boolean
is
okay,
but
usually
I
tell
people
if
you,
if
there's
a
possibility,
you're
going
to
add
something
in
the
future,
do
do
like
an
enum,
basically,
whether
it's
command
line
or
a
config
file
onto
disk
or
whatever.
A
B
A
B
A
Yeah,
I
think
this
is
definitely
the
the
way
forward,
because,
because
it's
still
like
a
work
in
progress,
pr,
I
can
still
just
hopefully
whoever
one
annoying
thing
is
that
I
was
asking
other
people
to
test
it.
I
did
put
this,
like
example
of
how
to
do
it,
which
of
course,
has
the
old
file
not
to
keep
updating
that
comment
start
every
time,
but
yeah
other
than
that.
It
seems
like
it's
way
forward.
B
Excuse
me
and
after
this
afternoon,
because
I'm
curious
I'll,
try
and
spend
a
couple
of
minutes
to
see
how
the
manager,
deaf
parts
translation
thing
could
potentially
do
generators
f
choices.
B
A
A
If
that
covers
that
topic,
basically
yeah
there,
the
other
one
I
put
on
here-
there's
not
really
anything
discussed
with
this
one.
I
guess
I
just
put
it
in
here,
say
something
we
probably
should
do.
We
were
talking
about
this
in
the
clt
call
about
the
archiving
notes.
They
had
the
problem
there
with
the
other
part
without
the
crashing.
They
had
never
archived
it
ever
so.
It
had
like
years
of
notes
in
there
I
I
looked
at
here.
I
was
wondering
if
we
were
our
archives,
I
found
out.
A
B
A
B
A
B
A
B
Because
I
created
the
compiles
fadm
one,
but
I
don't
remember
what
I
did.
It
was
definitely
easy.
Don't
worry
about
it
because
I
did
it
and
I
don't
even
remember.
B
A
I'll
figure
it
out
yeah,
let
me
do
that
I'll
put
the
21
and
I'll
probably
put
some
links
at
the
top
I'll
have
like
a
you
know.
We
have
like
an
orchestrated
pr
section
and
that
will
have
like
a
yes
archive
like
section
instead
of
having
at
the
very
bottom
of
the
file
where
it
is
now
that'll
be
good,
all
right,
cool
guys.
That
was
it.
What
topics
I
have
done?
Do
you
have
any
other
things
you
want
to
create
here?
Do
you
want
an
update
on
the
compile
stuff?
I
knew
that
stuff.
B
B
I
think
I'll
wait
a
week
so
if,
if
by
next
monday,
he
hasn't
replied,
I
hope
everything's
okay
with
him,
but
I'll
just
take
that
as
a
tacit,
okay
and
worst
case
scenario.
What
I'll
do
is
I'll,
probably
archive
the
branch
under
a
different
name.
B
A
B
If
you
prefer
that,
I
would
definitely
be
enthusiastic
about
that.
I
can't.
A
B
A
B
A
A
A
All
right,
good,
I
guess
I'll
see
you're
the
one
here
see
you
on
thursday.
A
Yeah,
I'm
not
end
here
all
right.