I was able to reproduce the error with a self-signed elliptic curves
based certificate. But I also got out of it by removing cert and key:
quincy-1:~ # ceph config-key rm mgr/dashboard/key
key deleted
quincy-1:~ # ceph config-key rm mgr/dashboard/crt
key deleted
Then I failed the mgr just to be sure:
quincy-1:~ # ceph mgr fail
quincy-1:~ # ceph config-key get mgr/dashboard/crt
Error ENOENT:
And then I configured the previous key, did a mgr fail and now the
dashboard is working again.
Zitat von Eugen Block <eblock@xxxxxx>:
Hi,
did you get your dashboard back in the meantime? I don't have an
answer regarding the certificate based on elliptic curves but since
you wrote:
So we tried to go back to the original state by removing CRT anf KEY but
without success. The new key seems to stuck into the config
how did you try to remove it? I would just assume that this should work:
$ ceph config-key rm mgr/dashboard/cert
Do you get an error message when removing it or does the mgr log
anything when you try to remove it which fails?
Also which ceph version is this?
Thanks,
Eugen
Zitat von "Ackermann, Christoph" <c.ackermann@xxxxxxxxxxxx>:
Hello all,
today i got a new certificate for our internal domain based on RSA/4096
secp384r1. After inserting CRT and Key i got both "...updated" messages.
After checking the dashboard i got an empty page and this error:
health: HEALTH_ERR
Module 'dashboard' has failed: key type unsupported
So we tried to go back to the original state by removing CRT anf KEY but
without success. The new key seems to stuck into the config
[root@cephxxxx ~]# ceph config-key get mgr/dashboard/crt
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgIMB5tjLSz264Ic8zeHMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
[...]
ItzkEzq4SZ6V1Jhuf4bFlOMBVAKgAwZ90gXlguoiFFQu5+NIqNljZ8Jz7d0jhH43
e3zhm5sn21+eIqRbiQ==
-----END CERTIFICATE-----
[root@cephxxxx ~]# ceph config-key get mgr/dashboard/key
*Error ENOENT: *
We tried to generate a self signed Cert but no luck. It looks like manger
stays in an intermediate state. The only way to get back the dashboard is
to disable SSL and use plain http.
Can somebody explain this behaviour? Maybe secp384r1 elliptic curves
aren't supported? How can we clean up SSL configuration?
Thanks,
Christoph Ackermann
Ps we checked some Information like
https://tracker.ceph.com/issues/57924#change-227744 and others but no
luck...
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx