Hi,
I don't have a good explanation for you, but it should be a
workaround. I've been looking into all kinds of variations with
concatenated certs etc., but what works for me is to set the mentioned
config-key. You can find an example in the (old-ish) SUSE docs [0].
ceph config-key set rgw/cert/{REALM}/{zone}.key
So in your case you should set the private key like:
ceph config-key set rgw/cert/obspm/meudon.key -i your-private.key
Let us know if that works for you, or are you not willing to retry
again with ssl enabled? ;-)
[0]
https://documentation.suse.com/ses/7.1/single-html/ses-admin/#ogw-sssl-config
Zitat von Albert Shih <albert.s...@obspm.fr>:
Le 06/06/2025 à 11:41:46+0000, Michael Worsham a écrit
Hi,
service_type: rgw
service_id: encrypted_rgw
placement:
label: encrypted
count_per_host: 1
networks:
- your-network/24
spec:
rgw_frontend_port: 8101
ssl: true
rgw_frontend_ssl_certificate: |
It should follow the certificate chain your SSL provider gives,
generally the
order would be: Your Certificate → Intermediary Certificate(s) → Root
Certificate → Private Key
Thanks...but that's not working.
First I check (again) the certicats (we use same certificats and chain CA
on our website).
Than I try every possible combinaisons (well not all, didn't try random
order ;-) )
I check with the openssl the key is correct against the certificat.
I check the yaml is correctly formated.
But not working.
Too much waste time, I will just run the rgw without ssl, after all I got a
haproxy in the front and he got the certificat without a issue.
But if someone know where the problem is I will be glad to know and learn
something.
Thanks again.
Regards
This is an external email. Please take care when clicking links or opening
attachments. When in doubt, check with the Help Desk or Security.
Hi everyone.
I'm trying to configure a RGW for S3.
I'm currently running reef 18.2.7
I was able to make the rgw working (= the service is up and listen on the
correct port) without ssl.
I'm trying to configure the ssl port and I didn't find the correct syntaxe
for that.
I create a yaml file with something like
spec:
rgw_frontend_port: 8080
zone_endpoints: https://host1:8080, https://host2:8080,etc.
ssl: true
rgw_frontend_ssl_certificate: |
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
or with the all chain of CA
spec:
rgw_frontend_port: 8080
zone_endpoints: https://host1:8080, https://host2:8080,etc.
ssl: true
rgw_frontend_ssl_certificate: |
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
.....
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
both not working the journalctl say
ssl_private_key was not found: rgw/cert/obspm/meudon.key
I find somewhere on the net this syntaxe
spec:
rgw_frontend_port: 8080
zone_endpoints: https://host1:8080, https://host2:8080,etc.
ssl: true
ssl_private_key: |
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
ssl_certificate: |
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
and I got
Error EINVAL: ServiceSpec: __init__() got an unexpected keyword argument
'ssl_private_key'
Any clue ?
Regards
--
Albert SHIH 🦫 🐸
France
Heure locale/Local time:
ven. 06 juin 2025 10:47:08 CEST
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
This message and its attachments are from Data Dimensions and are
intended only
for the use of the individual or entity to which it is addressed, and may
contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If the reader of this message is not the
intended recipient, or the employee or agent responsible for delivering the
message to the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error,
please notify the
sender immediately and permanently delete the original email and destroy any
copies or printouts of this email as well as any attachments.
--
Albert SHIH 🦫 🐸
Observatoire de Paris
France
Heure locale/Local time:
ven. 06 juin 2025 16:44:45 CEST
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
