Re: Ceph Dashboard TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I just used a self sign cert, but it's been a while and remember it pretty
much just working. Out of curiosity, what's is ssl_server_port set to?

On Sun, 22 Sept 2024, 22:10 , <matthew@xxxxxxxxxxxxxxx> wrote:

> Hi All,
>
> I'm running an (experimental) 3-Node Ceph Reef (v18.2.4) Cluster.
>
> Each of the 3 nodes runs (amongst other services) the Ceph Dashboard - for
> fail-over purposes.
>
> I can connect to the Ceph Dashboard when not using TLS (ie ceph config set
> mgr mgr/dashboard/ssl false).
>
> I've got a private PKI (Step-CA) and I'd like to use its TLS Certificates
> for the Ceph Dashboard.
>
> The private PKI's CA Cert has been added to my browser, and internal
> websites, etc, using the internal PKI's Certificates work as expected.
>
> I'd like each of the three Ceph Nodes to use their own TLS Certificate.
> The 3 node's hostnames are ceph01.example.com, ceph02.example.com, and
> ceph03.example.com.
>
> The 3 node's mgr instances are (I think; & this could be where I'm going
> wrong) are mgr.ceph01, mgr.ceph02, and mgr.ceph03.
>
> I've created 3 TLS Certificates with names of cephdash-ceph01.example.com.crt,
> etc, CNs of cephdash-ceph01.example.com, etc, and SANs of
> ceph01.example.com, etc
>
> I've followed the documentation here:
> https://docs.ceph.com/en/reef/mgr/dashboard/#ssl-tls-support
>
> I have stopped and restarted the Ceph Dashboard service.
>
> Commands used (on ceph01.example.com):
>
> ceph dashboard set-ssl-certificate ceph01 -i cephdash-ceph01.example.com
> .crt
> ceph dashboard set-ssl-certificate-key ceph01 -i
> cephdash-ceph01.example.com.key
> ceph mgr module disable dashboard
> ceph mgr module enable dashboard
>
> It's not working (I get an Unable to connect page), and I can't work out
> why - but I suspect it'll be something bleedingly obvious.  :-)
>
> My Qs:
>
>     Can I use EC Certs or must I use RSA Certs? I've tryied both and
> neither work.
>     Can anyone spot what I'm doing wrong?
>
> Thanks in advance
>
> Cheers
>
> Dulux-Oz
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux