Hi,
We are trying to enable S3 on the object protocol within scale but there seem
to be little to no documentation to enable https endpoints for the S3 protocol?
According to the documentation enabling S3 for the keystone server is possible
with the mmuserauth command but when i try to run it as IBM have documented, it
says that Object protocol is not correctly installed.. And yes it hasnt been
configured yet..
The "mmobj swift base" command which is used to configure Object/S3
automatically includes the "mmuserauth" command without the ssl option
enabled.. and then all endpoints will start with http://
I hope that anyone out there have a guide to do this ? or is able to explain
how to set it up?
Basically all i need is this:
https://s3.something.com:8080 which points to the WAN ip of the CES cluster
(already configured and ready)
and endpoints like this:
None | keystone | identity | True | public | https://cluster_domain:5000/
RegionOne | swift | object-store | True | public |
https://cluster_domain:443/v1/AUTH_%(tenant_id)s
RegionOne | swift | object-store | True | public |
https://cluster_domain:8080/v1/AUTH_%(tenant_id)s
if i manually add those endpoints and put my certificates in /etc/swift/ and
update the config it says (SSL: Wrong_Version_Number). Here is output:
C:\Users\Andi Christiansen>aws --endpoint-url https://WAN_IP/DOMAIN https://WAN
:443 s3 ls
SSL validation failed for https://WAN_IP/DOMAIN:443/ [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate
(_ssl.c:1076)
C:\Users\Andi Christiansen>aws --endpoint-url https://WAN_IP/DOMAIN:8080 s3 ls
SSL validation failed for https://WAN_IP/DOMAIN:8080/ [SSL:
WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076)
its only port 8080 and 5000 that is allowed through the firewall, so i only
tested with 443 to see if it gave another error as it is not allowed through
and it did..
It works just fine when "mmobj swift base" is run normally and i only have http
endpoints, then it is reachable from local network or WAN with no issues..
Thanks in advance!
Best Regards
Andi Christiansen
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
