Bug 2000085

Summary: [RGW][SSE-KMS: Vault] Add Support customed CA certificate from vault KMS for SSE encryption
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Matt Benjamin (redhat) <mbenjamin>
Component: RGWAssignee: Jiffin Tony Thottan <thottanjiffin>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.0CC: cbodley, ceph-eng-bugs, jthottan, kbader, mbenjamin, mkasturi, tchandra, tserlin, vereddy
Target Milestone: ---   
Target Release: 5.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-16.2.6-23.el8cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1995438 Environment:
Last Closed: 2022-04-04 10:21:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1995438    
Bug Blocks:    

Description Matt Benjamin (redhat) 2021-09-01 11:08:51 UTC 
+++ This bug was initially created as a clone of Bug #1995438 +++

This bug was initially created as a copy of Bug #1952011

I am copying this bug because: 

including the change from 4.x release to 5.x

Description of problem:


The KMS backend vault supports multiple TLS config such as

Vault Client Certificate
Vault Client Key
Vault CA Certificate
Vault TLS Server Name

Currently, RGW can communicate with vault using default SSL installed in the system, not with customed one


Version-Release number of selected component (if applicable):
master

Additional info:
Parent tracker link https://tracker.ceph.com/issues/47776
Backport tracker: https://tracker.ceph.com/issues/51310

Upstream PR link:  https://github.com/ceph/ceph/pull/42093
Comment 9 errata-xmlrpc 2022-04-04 10:21:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1174