Re: No SSL Dashboard working after installing mgr crt|key with RSA/4096 secp384r1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was able to reproduce the error with a self-signed elliptic curves based certificate. But I also got out of it by removing cert and key:

quincy-1:~ # ceph config-key rm mgr/dashboard/key
key deleted
quincy-1:~ # ceph config-key rm mgr/dashboard/crt
key deleted

Then I failed the mgr just to be sure:

quincy-1:~ # ceph mgr fail
quincy-1:~ # ceph config-key get mgr/dashboard/crt
Error ENOENT:

And then I configured the previous key, did a mgr fail and now the dashboard is working again.

Zitat von Eugen Block <eblock@xxxxxx>:

Hi,

did you get your dashboard back in the meantime? I don't have an answer regarding the certificate based on elliptic curves but since you wrote:

So we tried to go back to the original state by removing CRT anf KEY but
without success. The new key seems to stuck into the config

how did you try to remove it? I would just assume that this should work:

$ ceph config-key rm mgr/dashboard/cert

Do you get an error message when removing it or does the mgr log anything when you try to remove it which fails?
Also which ceph version is this?

Thanks,
Eugen

Zitat von "Ackermann, Christoph" <c.ackermann@xxxxxxxxxxxx>:

Hello all,

today i got a new certificate for our internal domain based on  RSA/4096
secp384r1. After inserting  CRT and Key i got both "...updated" messages.
After checking the dashboard i got an empty page and this error:

  health: HEALTH_ERR
          Module 'dashboard' has failed: key type unsupported

So we tried to go back to the original state by removing CRT anf KEY but
without success. The new key seems to stuck into the config

[root@cephxxxx ~]# ceph config-key get mgr/dashboard/crt
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgIMB5tjLSz264Ic8zeHMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
[...]
ItzkEzq4SZ6V1Jhuf4bFlOMBVAKgAwZ90gXlguoiFFQu5+NIqNljZ8Jz7d0jhH43
e3zhm5sn21+eIqRbiQ==
-----END CERTIFICATE-----

[root@cephxxxx ~]# ceph config-key get mgr/dashboard/key

*Error ENOENT: *

We tried to generate a self signed Cert but no luck. It looks like manger
stays in an intermediate state. The only way to get back the dashboard is
to disable SSL  and use plain http.

Can somebody explain this behaviour?  Maybe secp384r1 elliptic curves
aren't supported? How can we clean up SSL configuration?

Thanks,
Christoph Ackermann

Ps we checked some Information like
https://tracker.ceph.com/issues/57924#change-227744 and others  but  no
luck...
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux