it occurs to me that the beast frontend's logic to fetch the ssl certificate and private key from the monitor via `config-key get` probably breaks rdma in the same way that fetching mon config did before https://github.com/ceph/ceph/pull/28012, since this happens before setuid() as well On Tue, Oct 26, 2021 at 3:26 PM Casey Bodley <cbodley@xxxxxxxxxx> wrote: > > there's an rgw bug about mon config no longer working for the > 'rgw_frontends' variable at https://tracker.ceph.com/issues/50249 > > the tracker identifies the regression as an rdma fix from July 2019, > "global/global_init: do first transport connection after setuid()" > from https://github.com/ceph/ceph/pull/28012. this moves the code to > fetch mon config after the setuid() > > rgw starts the http frontends before setuid(), so that it's able to > bind privileged ports like 80/443 > > so it seems to me that one of 3 things has to give here: > 1. ability to store frontend config in mon > 2. ability to bind privileged ports > 3. rgw support for rdma in AsyncMessenger > > currently it's #1 that's broken, meaning that you either have to > override rgw_frontends in a config file, or live with the default > config (port 80, and port 443 if we can fetch the cert/key from the > monitor?) > > with respect to #2, the use of privileged ports isn't a big deal if > you have a proxy in front. but rgw has long supported privileged > ports, and this configuration without a proxy is the simplest > standalone deployment possible > > support for #3 is the one i'd least like to drop as, unlike #1 and #2, > i don't know of any workaround to get it back > > so is the current situation the best we can do? i'd love to hear any > suggestions! _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
