Re: Unable to use iscsi gateway with https | iscsi-gateway-add returns errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/29/2020 04:43 PM, givemeone  wrote:
> Hi all,
> I am installing ceph Nautilus and getting constantly errors while adding iscsi gateways
> It was working using http schema but after moving to https with wildcard certs gives API errors
> 
> Below some of my configurations
> Thanks for your help
> 
> 
> Command: 
> ceph --cluster ceph dashboard iscsi-gateway-add https://myadmin:admin.01@1.2.3.4:5050
> 
> Error:
> Error EINVAL: iscsi REST API cannot be reached. Please check your configuration and that the API endpoint is accessible
> 
> Tried also disabling ssl verify
> # ceph dashboard set-rgw-api-ssl-verify False
> Option RGW_API_SSL_VERIFY updated
> 
> 
> "/etc/ceph/iscsi-gateway.cfg" 23L, 977C
> # Ansible managed
> [config]
> api_password = admin.01
> api_port = 5050
> # API settings.
> # The API supports a number of options that allow you to tailor it to your
> # local environment. If you want to run the API under https, you will need to
> # create cert/key files that are compatible for each iSCSI gateway node, that is
> # not locked to a specific node. SSL cert and key files *must* be called
> # 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory
> # on *each* gateway node. With the SSL files in place, you can use 'api_secure = true'
> # to switch to https mode.
> # To support the API, the bear minimum settings are:
> api_secure = True


Maybe sure after you set this value you restart the rbd-target-api
daemons on all the nodes so the new value is used.

We might also need to set

api_ssl_verify = True

for some gateway to gateway operations. I'm not sure what happened with
the docs, because I do not see any info on it.

> # Optional settings related to the CLI/API service
> api_user = myadmin
> cluster_name = ceph
> loop_delay = 1
> trusted_ip_list = 1.2.3.3,1.2.3.4
> 
> 
> 
> Log  file
> ======

Are there any errors in /var/log/rbd-target-api/rbd-target-api.log?
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux