No worries. It's a pretty specific problem, and the documentation could be better. -----Original Message----- From: Yury Kirsanov <y.kirsanov@xxxxxxxxx> Sent: Monday, October 25, 2021 12:17 PM To: Edward R Huyer <erhvks@xxxxxxx> Cc: ceph-users@xxxxxxx Subject: Re: Doing SAML2 Auth With Containerized mgrs Hi Edward, Yes, you probably are right, I thought about dashboard SSL certificate, not the SAML2, sorry for that. Regards, Yury. On Tue, Oct 26, 2021 at 3:10 AM Edward R Huyer <erhvks@xxxxxxx> wrote: > I don’t think that’s correct? I already have a certificate set up for > HTTPS, and it doesn’t show up in the SAML2 configuration. Maybe I’m > mistaken, but I think the SAML2 cert is separate from the regular > HTTPS cert? > > > > *From:* Yury Kirsanov <y.kirsanov@xxxxxxxxx> > *Sent:* Monday, October 25, 2021 11:52 AM > *To:* Edward R Huyer <erhvks@xxxxxxx> > *Cc:* ceph-users@xxxxxxx > *Subject:* Re: Doing SAML2 Auth With Containerized mgrs > > > > *CAUTION: This message came from outside RIT. If you are unsure about > the source or content of this message, please contact the RIT Service > Center at > 585-475-5000 or help.rit.edu <http://help.rit.edu> before clicking > links, opening attachments or responding.* > > Hi Edward, > > You need to set configuration like this, assuming that certificate and > key are on your local disk: > > ceph mgr module disable dashboard > ceph dashboard set-ssl-certificate -i <your_certificate>.crt ceph > dashboard set-ssl-certificate-key -i <your_certificate_key>.key ceph > config-key set mgr/cephadm/grafana_crt -i <your_certificate>.crt ceph > config-key set mgr/cephadm/grafana_key -i <your_certificate_key>.key > ceph orch reconfig grafana ceph mgr module enable dashboard > > Hope this helps! > > Regards, > Yury. > > > > On Tue, Oct 26, 2021 at 2:45 AM Edward R Huyer <erhvks@xxxxxxx> wrote: > > Continuing my containerized Ceph adventures.... > > I'm trying to set up SAML2 auth for the dashboard (specifically > pointing at the institute Shibboleth service). The service requires > the use of the > x509 certificates. Following the instructions in the documentation ( > https://docs.ceph.com/en/latest/mgr/dashboard/#dashboard-sso-support ) > leads to an error about the certificate file not existing. > > Some digging suggests that's because the daemon is looking in the > container's filesystem rather than the physical host's filesystem. > That makes some sense, but it annoying. > > So my question is: How do I get the cert and key file into the > container's filesystem in a persistent way? cephadm enter --name > "mgr.hostname" results in a "no such container" error. cephadm shell > --name "mgr.hostname" works, but changes don't persist. > > Any suggestions about this problem specifically, authing the dashboard > against Shibboleth, or SAML2 in general? > > ----- > Edward Huyer > Golisano College of Computing and Information Sciences Rochester > Institute of Technology Golisano 70-2373 > 152 Lomb Memorial Drive > Rochester, NY 14623 > 585-475-6651 > erhvks@xxxxxxx<mailto:erhvks@xxxxxxx> > > Obligatory Legalese: > The information transmitted, including attachments, is intended only > for the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance > upon this information by persons or entities other than the intended > recipient is prohibited. If you received this in error, please contact > the sender and destroy any copies of this information. > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an > email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |