Bug 1965504

Summary: [cee/sd][ceph-ansible][mutli-site] ceph-ansible does not correctly set zone endpoints when https is set
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Tomas Petr <tpetr>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED ERRATA QA Contact: Madhavi Kasturi <mkasturi>
Severity: high Docs Contact: Ranjini M N <rmandyam>
Priority: high    
Version: 4.2CC: aschoen, ceph-eng-bugs, gabrioux, gmeno, gsitlani, matti.koskimies, mkasturi, nthomas, rmandyam, tserlin, vereddy, ykaul
Target Milestone: ---   
Target Release: 4.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-ansible-4.0.63-1.el8cp, ceph-ansible-4.0.63-1.el7cp Doc Type: Bug Fix
Doc Text:
.Use a fully-qualified domain name (FQDN) when HTTPS is enabled in a multi-site configuration Previously, in a multi-site Ceph configuration, `ceph-ansible` would not differentiate between HTTP and HTTPS and set the zone endpoints with the IP address instead of the host name when HTTPS was enabled. With this release, ceph-ansible uses the fully-qualified domain name (FQDN) instead of the IP address when HTTPS is enabled and the zone endpoints are set with the FQDN and match the TLS certificate CN.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-05 07:53:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2031070    

Description Tomas Petr 2021-05-27 20:09:52 UTC 
Description of problem:
Ceph-ansible code does not make difference between https and http configuration for RGW-multisite conf.
With http the zone endpoints can be in current state - http://<IP>:port
but for https the zone endpoint should be  hostname matching the cert - like: https://rgwnode.redhat.com

Currently the code is same, and will set up the zone endpoint like: https://<IP>:port
which will case RGW not work properly, the SSL will return error

---
rgw_multisite: true
rgw_multisite_proto: "https"
rgw_pull_proto: "https" # should be the same as rgw_multisite_proto for the master zone cluster
---

Version-Release number of selected component (if applicable):
ceph-ansible-4.0.49-3.1

How reproducible:
always

Steps to Reproduce:
1. 
2.
3.

Actual results:


Expected results:


Additional info:
Comment 10 errata-xmlrpc 2022-05-05 07:53:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1716
Comment 11 Red Hat Bugzilla 2023-09-15 01:34:18 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days