Hi ceph-users! I'm going through the process of migrating to use cephadm for my clusters. Previously I used ceph-ansible. I have a few questions related to this. 1. How can I configure RGW multisite with self-signed certificates? I have prototyped the migration and redeployed RGWs. Everything is running the latest version of Reef (18.2.2). My RGWs on both sites are up and I can make requests to them, but they are failing to sync, and "radosgw-admin sync status" shows a generic input/output error. Taking some network capture I can see that the TLS handshake is failing with "Unknown CA", so it looks like the RGWs don't trust my self-signed certificate, I suppose that's not a surprise. However, I can't work out how to establish the trust. I'm running in docker containers on RHEL 9, I've tried mounting in the /etc/pki directory from the machine it's running on, which does contain the self-signed CA (I can curl from the machine), but I still see errors in my multi-site sync. 2. How can I use the "ceph orch upgrade" command in a disconnected environment? After adopting my cluster, I want to upgrade it. It works great, I run something like "ceph orch upgrade start --image quay.io/ceph/ceph:v18.2.2" and it all just works. Awesome. My problem is that I can't reach out to the quay.io registry on my production systems to do this upgrade, they are all locked down and don't have internet access. I can install the docker image directly by copying up the file, but I don't see a way to invoke the "ceph orch upgrade" command with a locally available docker image. Am I missing the obvious? Many thanks, Alex _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |