Hello everybody, I'm quite new to ceph and I'm facing a myriad of issues trying to use it. So I've subscribed to this mailing list. Hopefully you guys can help me with some of those issues. My current goal is to setup a local S3 storage -- i.e. a ceph "cluster" with radosgw. In my test environment this is the only purpose of ceph so I get along with a single ceph node. I failed to setup ceph with cephadm (maybe I file an additional request for this) so I've installed proxmox, using its built-in ceph support. This works nicely. As proxmox does not feature radosgw support I've followed this procedure to set it up: https://pve.proxmox.com/wiki/User:Grin/Ceph_Object_Gateway Because I'm running a single node cluster I had to modify the crushmap: https://www.cnblogs.com/boshen-hzb/p/13305560.html Now I have a running radosgw listening on port 7480. This is the actual starting point of this request. The next step would be to setup https on the radosgw. I followed this procedure: https://greenstatic.dev/posts/2020/ssl-tls-rgw-ceph-config/ My current radosgw settings are: [client.radosgw.pve] host = pve keyring = /var/lib/ceph/radosgw/ceph-pve/keyring log file = /var/log/ceph/client.radosgw.$host.log rgw_frontends = beast ssl_endpoint=0.0.0.0:7480 ssl_certificate=config://rgw/cert/terraform/default.crt ssl_private_key=config://rgw/cert/terraform/default.key This is the result in the logs: 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 0 framework: beast 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 0 framework conf key: ssl_certificate, val: config://rgw/cert/$realm/$zone.crt 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 0 framework conf key: ssl_private_key, val: config://rgw/cert/$realm/$zone.key 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 0 starting handler: beast 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 -1 ssl_private_key was not found: rgw/cert/terraform/default.key 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 -1 ssl_private_key was not found: rgw/cert/terraform/default.crt 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 -1 no ssl_certificate configured for ssl_endpoint 2021-11-04T18:05:35.668+0100 7fdf8d2ce6c0 -1 ERROR: failed initializing frontend The referenced config keys do exist: root@pve:~# ceph config-key get rgw/cert/terraform/default.crt -----BEGIN CERTIFICATE----- ... root@pve:~# ceph config-key get rgw/cert/terraform/default.key -----BEGIN RSA PRIVATE KEY----- ... Trying to use local files does not improve things: 2021-11-04T18:13:41.680+0100 7f05df2f46c0 0 framework: beast 2021-11-04T18:13:41.680+0100 7f05df2f46c0 0 framework conf key: ssl_certificate, val: config://rgw/cert/$realm/$zone.crt 2021-11-04T18:13:41.680+0100 7f05df2f46c0 0 framework conf key: ssl_private_key, val: config://rgw/cert/$realm/$zone.key 2021-11-04T18:13:41.680+0100 7f05df2f46c0 0 starting handler: beast 2021-11-04T18:13:41.680+0100 7f0575feb700 0 INFO: RGWReshardLock::lock found lock on reshard.0000000002 to be held by another RGW process; skipping for now 2021-11-04T18:13:41.680+0100 7f05df2f46c0 -1 failed to add ssl_private_key=/root/default.key: No such file or directory 2021-11-04T18:13:41.680+0100 7f05df2f46c0 -1 failed to use ssl_certificate=/root/default.crt as a private key: No such file or directory 2021-11-04T18:13:41.680+0100 7f05df2f46c0 -1 no ssl_certificate configured for ssl_endpoint 2021-11-04T18:13:41.680+0100 7f05df2f46c0 -1 ERROR: failed initializing frontend With:, s root@pve:~# cat /root/default.crt -----BEGIN CERTIFICATE----- ... root@pve:~# cat /root/default.key -----BEGIN RSA PRIVATE KEY----- ... For me this behavior looks like a bug, but please correct me if I'm wrong. So how would I setup https for radosgw? I've also tried out to setup apache as TLS endpoint by following these instructions: https://docs.ceph.com/en/pacific/man/8/radosgw/ Communication is expected to take place via unix domain sockets. But... radosgw does not create the socket file, so it does not work either. Of course the next attempt would be to skip unix domain sockets and listen on localhost instead... BTW: I'm using this software setup: * Proxmox 7.0-11, based on * Debian 11.0 bullseye * Ceph 16.2.6 pacific I hope anybody can help me. Regards, Carsten _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx