Hello Wyll,
To disable TLS you can use the option "--insecure" as the following:
> cephadm pull --insecure
On Thu, Mar 3, 2022 at 10:43 PM Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx> wrote:
_______________________________________________Following up, still having issues. Since I'm running an insecure local (air-gapped) registry, is there a way to tell cephadm to NOT use SSL when it requests an image? It appears to be failing now because it is using HTTPS instead of just HTTP.
From: Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx>
Sent: Wednesday, March 2, 2022 5:08 PM
To: Adam King <adking@xxxxxxxxxx>
Cc: dev@xxxxxxx <dev@xxxxxxx>
Subject: Re: cephadm in air gapped environmentThanks for that link, I hadn't seen it before. That might just be exactly what I'm looking for. I'll try it out and let you know if Im still struggling.
thanks!
From: Adam King <adking@xxxxxxxxxx>
Sent: Wednesday, March 2, 2022 4:01 PM
To: Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx>
Cc: dev@xxxxxxx <dev@xxxxxxx>
Subject: Re: cephadm in air gapped environmentHello Wyll,
Which daemon types in particular are you trying to deploy that don't use the ceph image? If it's monitoring stack ones you should be able to set the image for them as outlined here [1]
- Adam King
On Wed, Mar 2, 2022 at 3:30 PM Wyll Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx> wrote:
_______________________________________________
I'm trying to install deploy ceph (pacific 16.2.7) in an air gapped environment. I have a static dump of the basic docker images (saved from an internet facing server) that I import into the air gapped dockerd. I can bootstrap the cluster successfully using the "--skip-pull" option to "cephadm bootstrap" and the main node seems to come up ok without pulling anything in from outside.
I have read the note here: https://docs.ceph.com/en/pacific/cephadm/install/#deployment-in-an-isolated-environmentbut it's a little short on detail...
When adding additional hosts (osds, etc) using "ceph orch host add ...", they always attempt to call out to the external "quay.io" repository. I see how to configure the "global container_image" value to point to a local registry, but that only applies to the ceph/ceph image. I don't see any way to have the other services pull from a local registry since the image names appear to be hardcoded in /usr/sbin/cephadm (see "DEFAULT_**_IMAGE" global variables in the module).
TL/DR - If I'm running a local registry on the main node, how do I make sure that new hosts pull their images from the local registry instead of failing when attempting to get them externally from quay.io
thanks,Wyllys Ingersoll
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx
_______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx