Bug 2249984

Summary: [RFE]Cephadm SSL/TLS certificate management. Ability to create Self-Signed Certs(Including SAN modifications)
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: daniel parkes <dparkes>
Component: CephadmAssignee: Adam King <adking>
Status: CLOSED ERRATA QA Contact: Mohit Bisht <mobisht>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.0CC: adking, akraj, cephqe-warriors, jcaratza, mobisht, tserlin, vereddy
Target Milestone: ---Keywords: FutureFeature
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.1.1-4.el9cp Doc Type: Enhancement
Doc Text:
.A self-signed certificate can be generated by cephadm within the Ceph Object Gateway service specification With this enhancement, adding `generate_cert: true` into the Ceph Object Gateway service specification file, enables cephadm to generate a self-signed certificate for the Ceph Object Gateway service. This can be done instead of manually creating the certificate and inserting into the specification file. Using `generate_cert: true` works for the Ceph Object Gateway service, including SAN modifications based on the `zonegroup_hostnames` parameter included in the Ceph Object Gateway specification file. The following is an example of Ceph Object Gateway specification file: ---- service_type: rgw service_id: bar service_name: rgw.bar placement: hosts: - vm-00 - vm-02 spec: generate_cert: true rgw_realm: bar_realm rgw_zone: bar_zone rgw_zonegroup: bar_zonegroup ssl: true zonegroup_hostnames: - s3.example.com - s3.foo.com ---- This specification file would generate a self-signed certificate that includes the following output: ---- X509v3 Subject Alternative Name: DNS:s3.example.com, DNS:s3.foo.com ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-11-25 09:00:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2317218    

Description daniel parkes 2023-11-16 09:43:31 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 RHEL Program Management 2023-11-16 09:43:42 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 11 errata-xmlrpc 2024-11-25 09:00:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:10216