Hi Edward, You need to set configuration like this, assuming that certificate and key are on your local disk: ceph mgr module disable dashboard ceph dashboard set-ssl-certificate -i <your_certificate>.crt ceph dashboard set-ssl-certificate-key -i <your_certificate_key>.key ceph config-key set mgr/cephadm/grafana_crt -i <your_certificate>.crt ceph config-key set mgr/cephadm/grafana_key -i <your_certificate_key>.key ceph orch reconfig grafana ceph mgr module enable dashboard Hope this helps! Regards, Yury. On Tue, Oct 26, 2021 at 2:45 AM Edward R Huyer <erhvks@xxxxxxx> wrote: > Continuing my containerized Ceph adventures.... > > I'm trying to set up SAML2 auth for the dashboard (specifically pointing > at the institute Shibboleth service). The service requires the use of the > x509 certificates. Following the instructions in the documentation ( > https://docs.ceph.com/en/latest/mgr/dashboard/#dashboard-sso-support ) > leads to an error about the certificate file not existing. > > Some digging suggests that's because the daemon is looking in the > container's filesystem rather than the physical host's filesystem. That > makes some sense, but it annoying. > > So my question is: How do I get the cert and key file into the > container's filesystem in a persistent way? cephadm enter --name > "mgr.hostname" results in a "no such container" error. cephadm shell > --name "mgr.hostname" works, but changes don't persist. > > Any suggestions about this problem specifically, authing the dashboard > against Shibboleth, or SAML2 in general? > > ----- > Edward Huyer > Golisano College of Computing and Information Sciences > Rochester Institute of Technology > Golisano 70-2373 > 152 Lomb Memorial Drive > Rochester, NY 14623 > 585-475-6651 > erhvks@xxxxxxx<mailto:erhvks@xxxxxxx> > > Obligatory Legalese: > The information transmitted, including attachments, is intended only for > the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon > this information by persons or entities other than the intended recipient > is prohibited. If you received this in error, please contact the sender and > destroy any copies of this information. > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |