Hi ceph-users! I'm going through the process of migrating to use cephadm for my clusters. Previously I used ceph-ansible. My question is essentially "How can I configure RGW multisite with self-signed certificates with cephadm?". I have prototyped the migration and redeployed RGWs. Everything on my adopted site is running the latest version of Reef (18.2.2). The remote site is using Octopus as historically deployed with ceph-ansible.
My RGWs on both sites are up and I can make requests to them, but they are failing to sync, and "radosgw-admin sync status" shows a generic input/output error. Taking some network capture I can see that the TLS handshake is failing with "Unknown CA", so it looks like the RGWs don't trust my self-signed certificate, I suppose that's not a surprise. However, I can't work out how to establish the trust. I've tried mounting in the /etc/pki directory from the machine it's running on into the RGW containers, which does contain the self-signed CA, but I still see errors in my multi-site sync. I did notice that I can curl from within the containers successfully to the remote HTTPS RGWs after this though, so it did do something. Where do the RGWs infer which CAs to trust from? I should also mention that when stepping all the RGWs down to HTTP the sync works with no issues (I was nervous about the Reef to Octopus pairing, but it seems fine). Kind regards, Alex _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
