Hi Edward, Yes, you probably are right, I thought about dashboard SSL certificate, not the SAML2, sorry for that. Regards, Yury. On Tue, Oct 26, 2021 at 3:10 AM Edward R Huyer <erhvks@xxxxxxx> wrote: > I don’t think that’s correct? I already have a certificate set up for > HTTPS, and it doesn’t show up in the SAML2 configuration. Maybe I’m > mistaken, but I think the SAML2 cert is separate from the regular HTTPS > cert? > > > > *From:* Yury Kirsanov <y.kirsanov@xxxxxxxxx> > *Sent:* Monday, October 25, 2021 11:52 AM > *To:* Edward R Huyer <erhvks@xxxxxxx> > *Cc:* ceph-users@xxxxxxx > *Subject:* Re: Doing SAML2 Auth With Containerized mgrs > > > > *CAUTION: This message came from outside RIT. If you are unsure about the > source or content of this message, please contact the RIT Service Center at > 585-475-5000 or help.rit.edu <http://help.rit.edu> before clicking links, > opening attachments or responding.* > > Hi Edward, > > You need to set configuration like this, assuming that certificate and key > are on your local disk: > > ceph mgr module disable dashboard > ceph dashboard set-ssl-certificate -i <your_certificate>.crt > ceph dashboard set-ssl-certificate-key -i <your_certificate_key>.key > ceph config-key set mgr/cephadm/grafana_crt -i <your_certificate>.crt > ceph config-key set mgr/cephadm/grafana_key -i <your_certificate_key>.key > ceph orch reconfig grafana > ceph mgr module enable dashboard > > Hope this helps! > > Regards, > Yury. > > > > On Tue, Oct 26, 2021 at 2:45 AM Edward R Huyer <erhvks@xxxxxxx> wrote: > > Continuing my containerized Ceph adventures.... > > I'm trying to set up SAML2 auth for the dashboard (specifically pointing > at the institute Shibboleth service). The service requires the use of the > x509 certificates. Following the instructions in the documentation ( > https://docs.ceph.com/en/latest/mgr/dashboard/#dashboard-sso-support ) > leads to an error about the certificate file not existing. > > Some digging suggests that's because the daemon is looking in the > container's filesystem rather than the physical host's filesystem. That > makes some sense, but it annoying. > > So my question is: How do I get the cert and key file into the > container's filesystem in a persistent way? cephadm enter --name > "mgr.hostname" results in a "no such container" error. cephadm shell > --name "mgr.hostname" works, but changes don't persist. > > Any suggestions about this problem specifically, authing the dashboard > against Shibboleth, or SAML2 in general? > > ----- > Edward Huyer > Golisano College of Computing and Information Sciences > Rochester Institute of Technology > Golisano 70-2373 > 152 Lomb Memorial Drive > Rochester, NY 14623 > 585-475-6651 > erhvks@xxxxxxx<mailto:erhvks@xxxxxxx> > > Obligatory Legalese: > The information transmitted, including attachments, is intended only for > the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon > this information by persons or entities other than the intended recipient > is prohibited. If you received this in error, please contact the sender and > destroy any copies of this information. > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |