Bug 2051076

Summary: [External ODF 4.9] [Noobaa] Can not use RGW SSL for Noobaa backend store
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Mustafa Aydın <maydin>
Component: Multi-Cloud Object GatewayAssignee: Nimrod Becker <nbecker>
Status: CLOSED DEFERRED QA Contact: Elad <ebenahar>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.9CC: etamir, jaryan, jrivera, jthottan, muagarwa, ocs-bugs, odf-bz-bot
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-09 03:57:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mustafa Aydın 2022-02-06 07:31:53 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

Can not use SSL terminateion with RGW as the CA is not injected to the Noobaa operator pods, fails with untrusted cert error


Version of all relevant components (if applicable):

ODF 4.9


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

Yes, Can not use RGW SSL

Is there any workaround available to the best of your knowledge?

N/A

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
4

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:


Steps to Reproduce:
- Create a SSL RGW endpoint.

- Run the exporter command to get the json file

python3 ceph-external-cluster-details-exporter.py --rbd-data-pool-name ocp-pool --rgw-endpoint 192.168.0.21:443 --rgw-pool-prefix lab1  --rgw-tls-cert-path /root/ca.pem --rgw-skip-tls true

- Create ODF storage


 gateway:
      externalRgwEndpoints:
      - ip: 192.168.0.21
      instances: 1
      placement: {}
      priorityClassName: openshift-user-critical
      resources: {}
      securePort: 443
      sslCertificateRef: ceph-rgw-tls-cert
    healthCheck:
      bucket:
        interval: 1m0s
    metadataPool:
      compressionMode: none
      erasureCoded:
        codingChunks: 0

-The RGW SC becomes available and able to create OBCs

- The Noobaa SC does not become available but fails with cert error;

\"https://rook-ceph-rgw-ocs-external-storagecluster-cephobjectstore.openshift-storage.svc:443/nb.1644087197689.apps.sno.aydin.lab\": x509: certificate signed by unknown authority" sys=openshift-storage/noobaa




Actual results:

Noobaa operator can not communicate with RGW SSL

Expected results:

Noobaa SC becomes available
Additional info:
Comment 4 Mustafa Aydın 2022-02-06 07:36:56 UTC 
Please also be aware of the BZ https://bugzilla.redhat.com/show_bug.cgi?id=2050792
Comment 6 Mudit Agarwal 2022-02-09 03:57:35 UTC 
Closing the BZ as it is tracked via the Jira now.