Hello All - Happy 2015.
I have been successful in establishing communication using --insecure option. I have two problems here.
1. swift calls without --insecure option continues to fail. Not sure why?
2. ceph gateway logs has the following error logs. Any thoughts on why I am seeing this error? Please note that I do have converted keystone certs copied in /var/ceph/nss directory.
2015-01-13 18:19:38.258956 7f54e17fa700 20 sending request to https://192.0.2.26:5000/v2.0/tokens/revoked
2015-01-13 18:19:38.433790 7f54e17fa700 10 request returned {"signed": "-----BEGIN CMS-----\nMIIBygYJKoZIhvcNAQcCoIIBuzCCAbcCAQExDTALBglghkgBZQMEAgEwHgYJKoZI\nhvcNAQcBoBEED3sicmV2b2tlZCI6IFtdfTGCAYEwggF9AgEBMFgwUzELMAkGA1UE\nBhMCWFgxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQHDAVVbnNldDEOMAwGA1UECgwF\nVW5zZXQxFDASBgNVBAMMC0tleXN0b25lIENBAgECMAsGCWCGSAFlAwQCATANBgkq\nhkiG9w0BAQEFAASCAQCk8YvhUFIWL5HazFO1UexNqTiGJUmYf+nvOBASB/540qaI\n99cTg/vDI1f/bdHz9OpoNpm1ESDYuWswMBu+Z+fcN59B4Da7cK3UMZPjHLrhwYo3\nJolh9ZS1Ia2deue/F4I7nrkBsJmAcVOoAPFcu/72no1nGhAdCHApOaet2WOSUPfo\nIue4zqOYcOBHpq536adyITHiKtq4mhNHDvElZRp8OOJ0twQ+GtwIwckX7KHV2Hqk\nmEAXjGOgLks/pAmh/l8VvTCqtPS/aeLyPQW8MplUeF8a80ypEbYVuwvUWAPRaWf4\nQ4gqk47zO2AqgDUTiDmgpD7g7vmj7BNJtKs8KiNK\n-----END CMS-----\n"}
2015-01-13 18:19:38.435725 7f54e17fa700 10 signed=-----BEGIN CMS-----
MIIBygYJKoZIhvcNAQcCoIIBuzCCAbcCAQExDTALBglghkgBZQMEAgEwHgYJKoZI
hvcNAQcBoBEED3sicmV2b2tlZCI6IFtdfTGCAYEwggF9AgEBMFgwUzELMAkGA1UE
BhMCWFgxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQHDAVVbnNldDEOMAwGA1UECgwF
VW5zZXQxFDASBgNVBAMMC0tleXN0b25lIENBAgECMAsGCWCGSAFlAwQCATANBgkq
hkiG9w0BAQEFAASCAQCk8YvhUFIWL5HazFO1UexNqTiGJUmYf+nvOBASB/540qaI
99cTg/vDI1f/bdHz9OpoNpm1ESDYuWswMBu+Z+fcN59B4Da7cK3UMZPjHLrhwYo3
Jolh9ZS1Ia2deue/F4I7nrkBsJmAcVOoAPFcu/72no1nGhAdCHApOaet2WOSUPfo
Iue4zqOYcOBHpq536adyITHiKtq4mhNHDvElZRp8OOJ0twQ+GtwIwckX7KHV2Hqk
mEAXjGOgLks/pAmh/l8VvTCqtPS/aeLyPQW8MplUeF8a80ypEbYVuwvUWAPRaWf4
Q4gqk47zO2AqgDUTiDmgpD7g7vmj7BNJtKs8KiNK
-----END CMS-----
2015-01-13 18:19:38.438107 7f54e17fa700 10 content=MIIBygYJKoZIhvcNAQcCoIIBuzCCAbcCAQExDTALBglghkgBZQMEAgEwHgYJKoZIhvcNAQcBoBEED3sicmV2b2tlZCI6IFtdfTGCAYEwggF9AgEBMFgwUzELMAkGA1UEBhMCWFgxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQHDAVVbnNldDEOMAwGA1UECgwFVW5zZXQxFDASBgNVBAMMC0tleXN0b25lIENBAgECMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQCk8YvhUFIWL5HazFO1UexNqTiGJUmYf+nvOBASB/540qaI99cTg/vDI1f/bdHz9OpoNpm1ESDYuWswMBu+Z+fcN59B4Da7cK3UMZPjHLrhwYo3Jolh9ZS1Ia2deue/F4I7nrkBsJmAcVOoAPFcu/72no1nGhAdCHApOaet2WOSUPfoIue4zqOYcOBHpq536adyITHiKtq4mhNHDvElZRp8OOJ0twQ+GtwIwckX7KHV2HqkmEAXjGOgLks/pAmh/l8VvTCqtPS/aeLyPQW8MplUeF8a80ypEbYVuwvUWAPRaWf4Q4gqk47zO2AqgDUTiDmgpD7g7vmj7BNJtKs8KiNK
2015-01-13 18:19:38.439062 7f54e17fa700 0 ERROR: signer 0 status = SigningCertNotFound
2015-01-13 18:19:38.439492 7f54e17fa700 0 ERROR: problem decoding
2015-01-13 18:19:38.439548 7f54e17fa700 0 ceph_decode_cms returned -22
2015-01-13 18:19:38.439608 7f54e17fa700 0 ERROR: keystone revocation processing returned error r=-22
On Friday, December 5, 2014 10:41 AM, lakshmi k s <lux_ks@xxxxxxxxx> wrote:
Hello -
I have rados gateway setup working with http. But when I enable SSL on gateway node, I am having trouble making successful swift requests over https.
root@hrados:~# swift -V 1.0 -A https://hrados1.ex.com/auth/v1.0 -U s3User:swiftUser -K 8fJfd6YW2poqhvBI+uUYJZE1uscnmrDncRXrkjHR list
[Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
Output of CURL command is as follows.
root@hrados:~# curl --insecure -X GET -i -H "X-Auth-Key:8fJfd6YW2poqhvBI+uUYJZE1uscnmrDncRXrkjHR" -H "X-Auth-User:s3User:swiftUser" https://hrados1.ex.com/auth/v1.0
HTTP/1.1 204 No Content
Date: Fri, 05 Dec 2014 17:53:58 GMT
Server: Apache/2.4.10 (Debian)
X-Storage-Url: https://hrados1.ex.com/swift/v1
X-Storage-Token: AUTH_rgwtk100000007333557365723a737769667455736572961633914ab868f0b6428354483a6b08fc254e33b1283ed9f428c61436aa05c0f44069d8
X-Auth-Token: AUTH_rgwtk100000007333557365723a737769667455736572961633914ab868f0b6428354483a6b08fc254e33b1283ed9f428c61436aa05c0f44069d8
Content-Type: application/json
Appreciate your help.
Thanks,
Lakshmi.
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com