No official documentation but here is how I got it to work on
Ubuntu 16.04.01 (in this case I'm using a self-signed certificate):
assuming you're running rgw on a computer called rgwnode:
1. create self-signed certificate
ssh rgwnode
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1000
cat key.pem >> /usr/share/ca-certificates/cert.pem
^--- without doing this you get errors like this "civetweb: 0x564d0357d8c0: set_ssl_option: cannot open /usr/share/ca-certificates/cert.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line"
cp cert.pem /usr/share/ca-certificates/
assuming you're running rgw on a computer called rgwnode:
1. create self-signed certificate
ssh rgwnode
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1000
cat key.pem >> /usr/share/ca-certificates/cert.pem
^--- without doing this you get errors like this "civetweb: 0x564d0357d8c0: set_ssl_option: cannot open /usr/share/ca-certificates/cert.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line"
cp cert.pem /usr/share/ca-certificates/
2. configure civitweb:
edit your ceph.conf on the admin node and add:[client.rgw.rgwnode]
rgw_frontends = civetweb port=443s ssl_certificate=/usr/share/ca-certificates/cert.pem
push the config
ceph-deploy push rgwnode
ssh rgwnode 'sudo systemctl restart ceph-radosgw@rgwnode'
this ended up not being enough and I found log messages like these in the logs:
2016-09-09 17:22:21.593231 7f36c33f8a00 0 civetweb: 0x555a3b7988c0: load_dll: cannot load libssl.so
2016-09-09 17:22:21.593278 7f36c33f8a00 0 civetweb: 0x555a3b7988c0: load_dll: cannot load libcrypto.so
2016-09-09 17:22:21.593231 7f36c33f8a00 0 civetweb: 0x555a3b7988c0: load_dll: cannot load libssl.so
2016-09-09 17:22:21.593278 7f36c33f8a00 0 civetweb: 0x555a3b7988c0: load_dll: cannot load libcrypto.so
to fix it:
ssh rgwnodesudo ln -s /lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so
sudo ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so
On Thu, Dec 8, 2016 at 7:44 AM, Puff, Jonathon <Jonathon.Puff@xxxxxxxxxx> wrote:
There’s a few documents out around this subject, but I can’t find anything official. Can someone point me to any official documentation for deploying this? Other alternatives appear to be a HAproxy frontend. Currently running 10.2.3 with a single radosgw.
-JP
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com