Re: Issue With Dasboard TLS Certificate (Renewal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I just replaced an expired cert in a 18.2.2 test cluster:

ceph config-key set mgr/dashboard/crt -i /tmp/newcert.pem
ceph config-key set mgr/dashboard/key -i /tmp/newkey.pem
ceph mgr fail

And that was it. In our prod Pacific cluster we use per server certificates (mgr/dashboard/{host1}/crt, mgr/dashboard/{host2}/crt and so on).

Maybe you have some remainders in the config-keys? I would check all of the dashboard/cert related and remove any expired certs/keys.

Zitat von duluxoz <duluxoz@xxxxxxxxx>:

Hi Chris,

Yeah, I did that (sorry I didn't mention that in the original post) - no joy.  :-(

Any other suggestions?  :-)

On 19/12/24 21:14, Chris Palmer wrote:
IIRC, the certificate and key are only read from their files when the commands to specify the file are executed. At that point they are stored somewhere else. Try executing the two commands (one for key, one for cert) again, then restart (disable/enable might be enough, I can't remember).

Regards, Chris


On 19/12/2024 07:04, duluxoz wrote:
Hi All,

So we've been using the Ceph (v18.2.4) Dashboard with internally generated TLS Certificates (via our Step-CA CA), one for each of our three Ceph Manager Nodes.

Everything was working AOK.

The TLS Certificates came up for renewal, which they were successfully renewed. Accordingly, the old Certificates & Keys were overwritten by the new ones and the commands `ceph mgr module disable/enabled dashboard` (respectively) were run.

HOWEVER, the Ceph Dashboard stopped working / wouldn't use the renewed Certificates; as per the logs the Dashboard was still using the old Certificates and is now complaining that they have expired, and therefore the Dashboard won't run (unless I disable SSL via the CLI).

I've been through the documentation and I can't work out what I've done wrong; according to this page (https://docs.ceph.com/en/latest/mgr/dashboard/#dashboard-ssl-tls-support) - in particular the Blue-Box Note - there's nothing else that needs to be done - EXCEPT that I've done all of that and the logs still tell me the Certificate(s) has expired - ie I can't get the Dashboard to recognise the new Certificates.

Any help greatly appreciated.

Thanks in advance

Dulux-Oz
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux