*sigh* and this time reply to all.
rbd-target-api is a little opinionated on where the ssl cert and key files
live and what they're named. It expects:
cert_files = ['/etc/ceph/iscsi-gateway.crt',
'/etc/ceph/iscsi-gateway.key']
So make sure these exist, and are named correctly.
Otherwise, we probably need to see the log :)
On Tue, Mar 31, 2020 at 3:56 AM Mike Christie <mchristi@xxxxxxxxxx> wrote:
> On 03/29/2020 04:43 PM, givemeone wrote:
> > Hi all,
> > I am installing ceph Nautilus and getting constantly errors while adding
> iscsi gateways
> > It was working using http schema but after moving to https with wildcard
> certs gives API errors
> >
> > Below some of my configurations
> > Thanks for your help
> >
> >
> > Command:
> > ceph --cluster ceph dashboard iscsi-gateway-add
> https://myadmin:admin.01@1.2.3.4:5050
> >
> > Error:
> > Error EINVAL: iscsi REST API cannot be reached. Please check your
> configuration and that the API endpoint is accessible
> >
> > Tried also disabling ssl verify
> > # ceph dashboard set-rgw-api-ssl-verify False
> > Option RGW_API_SSL_VERIFY updated
> >
> >
> > "/etc/ceph/iscsi-gateway.cfg" 23L, 977C
> > # Ansible managed
> > [config]
> > api_password = admin.01
> > api_port = 5050
> > # API settings.
> > # The API supports a number of options that allow you to tailor it to
> your
> > # local environment. If you want to run the API under https, you will
> need to
> > # create cert/key files that are compatible for each iSCSI gateway node,
> that is
> > # not locked to a specific node. SSL cert and key files *must* be called
> > # 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the
> '/etc/ceph/' directory
> > # on *each* gateway node. With the SSL files in place, you can use
> 'api_secure = true'
> > # to switch to https mode.
> > # To support the API, the bear minimum settings are:
> > api_secure = True
>
>
> Maybe sure after you set this value you restart the rbd-target-api
> daemons on all the nodes so the new value is used.
>
> We might also need to set
>
> api_ssl_verify = True
>
> for some gateway to gateway operations. I'm not sure what happened with
> the docs, because I do not see any info on it.
>
> > # Optional settings related to the CLI/API service
> > api_user = myadmin
> > cluster_name = ceph
> > loop_delay = 1
> > trusted_ip_list = 1.2.3.3,1.2.3.4
> >
> >
> >
> > Log file
> > ======
>
> Are there any errors in /var/log/rbd-target-api/rbd-target-api.log?
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
