Re: cephadm in air gapped environment

Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx> · Thu, 3 Mar 2022 21:43:14 +0000

Following up, still having issues.  Since I'm running an insecure local (air-gapped) registry, is there a way to tell cephadm to NOT use SSL when it requests an image?  It appears to be failing now because it is using HTTPS instead of just HTTP.

From: Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx>

Sent: Wednesday, March 2, 2022 5:08 PM

To: Adam King <adking@xxxxxxxxxx>

Cc: dev@xxxxxxx <dev@xxxxxxx>

Subject: Re: cephadm in air gapped environment

Thanks for that link, I hadn't seen it before.  That might just be exactly what I'm looking for. I'll try it out and let you know if Im still struggling.

thanks!

From: Adam King <adking@xxxxxxxxxx>

Sent: Wednesday, March 2, 2022 4:01 PM

To: Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx>

Cc: dev@xxxxxxx <dev@xxxxxxx>

Subject: Re: cephadm in air gapped environment

Hello Wyll,

Which daemon types in particular are you trying to deploy that don't use the ceph image? If it's monitoring stack ones you should be able to set the image for them as outlined

here [1]

- Adam King

[1] https://docs.ceph.com/en/latest/cephadm/services/monitoring/#using-custom-images

On Wed, Mar 2, 2022 at 3:30 PM Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx> wrote:

I'm trying to install deploy ceph (pacific 16.2.7) in an air gapped environment.  I have a static dump of the basic docker images (saved from an internet facing server) that I import into the air gapped dockerd.  I can bootstrap the cluster successfully using
 the "--skip-pull" option to "cephadm bootstrap" and the main node seems to come up ok without pulling anything in from outside.

I have read the note here: https://docs.ceph.com/en/pacific/cephadm/install/#deployment-in-an-isolated-environment

but it's a little short on detail...

When adding additional hosts (osds, etc) using "ceph orch host add ...", they always attempt to call out to the external "quay.io" repository.  I see how to configure the "global container_image" value to point to
 a local registry, but that only applies to the ceph/ceph image.  I don't see any way to have the other services pull from a local registry since the image names appear to be hardcoded in /usr/sbin/cephadm (see "DEFAULT_**_IMAGE" global variables in the module).

TL/DR - If I'm running a local registry on the main node, how do I make sure that new hosts pull their images from the local registry instead of failing when attempting to get them externally from
quay.io

thanks,

   Wyllys Ingersoll

_______________________________________________

Dev mailing list -- dev@xxxxxxx

To unsubscribe send an email to 
dev-leave@xxxxxxx

_______________________________________________
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx