I just replaced an expired cert in a 18.2.2 test cluster:
ceph config-key set mgr/dashboard/crt -i /tmp/newcert.pem
ceph config-key set mgr/dashboard/key -i /tmp/newkey.pem
ceph mgr fail
And that was it. In our prod Pacific cluster we use per server
certificates (mgr/dashboard/{host1}/crt, mgr/dashboard/{host2}/crt and
so on).
Maybe you have some remainders in the config-keys? I would check all
of the dashboard/cert related and remove any expired certs/keys.
Zitat von duluxoz <duluxoz@xxxxxxxxx>:
Hi Chris,
Yeah, I did that (sorry I didn't mention that in the original post)
- no joy. :-(
Any other suggestions? :-)
On 19/12/24 21:14, Chris Palmer wrote:
IIRC, the certificate and key are only read from their files when
the commands to specify the file are executed. At that point they
are stored somewhere else. Try executing the two commands (one for
key, one for cert) again, then restart (disable/enable might be
enough, I can't remember).
Regards, Chris
On 19/12/2024 07:04, duluxoz wrote:
Hi All,
So we've been using the Ceph (v18.2.4) Dashboard with internally
generated TLS Certificates (via our Step-CA CA), one for each of
our three Ceph Manager Nodes.
Everything was working AOK.
The TLS Certificates came up for renewal, which they were
successfully renewed. Accordingly, the old Certificates & Keys
were overwritten by the new ones and the commands `ceph mgr module
disable/enabled dashboard` (respectively) were run.
HOWEVER, the Ceph Dashboard stopped working / wouldn't use the
renewed Certificates; as per the logs the Dashboard was still
using the old Certificates and is now complaining that they have
expired, and therefore the Dashboard won't run (unless I disable
SSL via the CLI).
I've been through the documentation and I can't work out what I've
done wrong; according to this page
(https://docs.ceph.com/en/latest/mgr/dashboard/#dashboard-ssl-tls-support)
- in particular the Blue-Box Note - there's nothing else that
needs to be done - EXCEPT that I've done all of that and the logs
still tell me the Certificate(s) has expired - ie I can't get the
Dashboard to recognise the new Certificates.
Any help greatly appreciated.
Thanks in advance
Dulux-Oz
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx