Bug 1952011

Summary: [RGW][SSE-KMS: Vault] Add Support customed CA certificate from vault KMS for SSE encryption
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Jiffin <jthottan>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: high    
Version: 4.2CC: cbodley, ceph-eng-bugs, jthottan, kbader, mbenjamin, sweil, tserlin, vereddy, vimishra
Target Milestone: ---   
Target Release: 4.2z2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-14.2.11-165.el8cp, ceph-14.2.11-165.el7cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-15 17:14:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: pacific
Embargoed:

Description Jiffin 2021-04-21 10:26:46 UTC 
Description of problem:


The KMS backend vault supports multiple TLS config such as

Vault Client Certificate
Vault Client Key
Vault CA Certificate
Vault TLS Server Name

Currently, RGW can communicate with vault using default SSL installed in the system, not with customed one


Version-Release number of selected component (if applicable):
master

Additional info:
Upstream tracker link https://tracker.ceph.com/issues/47776
PR link:  https://github.com/ceph/ceph/pull/37730
Comment 1 RHEL Program Management 2021-04-21 10:26:50 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 8 errata-xmlrpc 2021-06-15 17:14:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 4.2 Security and Bug Fix Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2445