1) Description of problem: The RadosGW implementation in RHCS1.3 doesn't support SSL as of now. The suggested method in the RadosGW documentation is to use a reverse proxy. From the RHCS1.3 documentation of RadosGW: ~~~ In version 1.3, the Ceph Object Gateway does not support SSL. You may setup a reverse proxy server with SSL to dispatch HTTPS requests as HTTP requests to CivetWeb. ~~~ This is a feature request to enable SSL support in RadosGW. 2) Version-Release number of selected component (if applicable): RHCS1.3 ceph-0.94 3) Actual results: RadosGW in RHCS1.3 doesn't support SSL. 4) Expected results: RadosGW should support SSL due to the importance of data encryption needed in enterprise environments. This should be available without the need of setting up a proxy server.
This change is in master, and it's also in v10.0.4. I don't yet have any documentation on it, I'll try to get to that RSN. Matt has a tweak to this to actually check if "openssl-devel" is installed - one of us will make sure that gets pushed out.
Hi Bara, I see Civetweb with SSL section in the doc https://access.qa.redhat.com/documentation/en/red-hat-ceph-storage/2/single/object-gateway-guide-for-red-hat-enterprise-linux#using_ssl_with_civetweb Since it is not supported in 2.0, I think we need to remove this reference.
Hi, could you update the status of the BZ please
(In reply to Edu Alcaniz from comment #23) > Hi, could you update the status of the BZ please Status unchange, looking for -needinfo from John.
Topics were removed, but Pantheon is not behaving. See https://gitlab.cee.redhat.com/red-hat-ceph-storage-documentation/doc-Red_Hat_Ceph_Storage_2-Object_Gateway/commit/e6052472480d0084b95a3ffce6bd20d25fca2c8d
hi, any luck in QA to move forward? Thanks very much.
Followed the doc available offline: https://gitlab.cee.redhat.com/red-hat-ceph-storage-documentation/doc-Red_Hat_Ceph_Storage_2-Object_Gateway/commit/48a9d7b66406123519d2175951dfeb30c9bb9553 After generating the self-signed cert and adding to ceph.conf, rgw crashes. [client.rgw.magna047] rgw_frontends = civetweb port=443s ssl_certificate=/root/selfcert.pem 2016-10-18 09:30:14.109302 7efdcf2889c0 0 ceph version 10.2.3-7.el7cp (f69f9569b426f45d948df4be635aa92f4d656654), process radosgw, pid 8145 2016-10-18 09:30:14.185347 7efd4ffff700 0 RGWGC::process() failed to acquire lock on gc.4 2016-10-18 09:30:14.185884 7efd4ffff700 0 RGWGC::process() failed to acquire lock on gc.5 2016-10-18 09:30:14.186366 7efd4ffff700 0 RGWGC::process() failed to acquire lock on gc.6 2016-10-18 09:30:14.187322 7efdcf2889c0 0 starting handler: civetweb 2016-10-18 09:30:14.187432 7efdcf2889c0 0 civetweb: 0x7efdcf4e2dc0: load_dll: cannot load libssl.so 2016-10-18 09:30:14.187475 7efdcf2889c0 0 civetweb: 0x7efdcf4e2dc0: load_dll: cannot load libcrypto.so 2016-10-18 09:30:14.187485 7efdcf2889c0 -1 ERROR: failed run 2016-10-18 09:30:14.189308 7efd4f7fe700 -1 *** Caught signal (Aborted) ** in thread 7efd4f7fe700 thread_name:rgw_obj_expirer ceph version 10.2.3-7.el7cp (f69f9569b426f45d948df4be635aa92f4d656654) 1: (()+0x56f89a) [0x7efdc59a189a] 2: (()+0xf370) [0x7efdc4db1370] 3: (gsignal()+0x37) [0x7efdc42f41d7] 4: (abort()+0x148) [0x7efdc42f58c8] 5: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7efdc48f6ab5] 6: (()+0x5ea26) [0x7efdc48f4a26] 7: (()+0x5ea53) [0x7efdc48f4a53] 8: (()+0x5ec73) [0x7efdc48f4c73] 9: (operator new(unsigned long)+0x7d) [0x7efdc48f520d] 10: (std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&)+0x59) [0x7efdc4953ce9] 11: (std::string::_Rep::_M_clone(std::allocator<char> const&, unsigned long)+0x1b) [0x7efdc49548fb] 12: (std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::string const&)+0x5c) [0x7efdc4954fcc] 13: (RGWObjectExpirer::process_single_shard(std::string const&, utime_t const&, utime_t const&)+0x133) [0x7efdc57d9943] 14: (RGWObjectExpirer::inspect_all_shards(utime_t const&, utime_t const&)+0xb2) [0x7efdc57d9fb2] 15: (RGWObjectExpirer::OEWorker::entry()+0x7f) [0x7efdc57da25f] 16: (()+0x7dc5) [0x7efdc4da9dc5] 17: (clone()+0x6d) [0x7efdc43b673d] -- Unit ceph-radosgw.service has begun starting up. Oct 18 09:30:56 magna047 radosgw[8575]: error parsing int: 443s: The option value '443s' seems to be invalid Oct 18 09:30:56 magna047 radosgw[8575]: 2016-10-18 09:30:56.185159 7fad36c479c0 -1 ERROR: failed run Oct 18 09:30:56 magna047 radosgw[8575]: terminate called after throwing an instance of 'std::bad_alloc' Oct 18 09:30:56 magna047 radosgw[8575]: what(): std::bad_alloc Oct 18 09:30:56 magna047 radosgw[8575]: *** Caught signal (Aborted) ** Oct 18 09:30:56 magna047 radosgw[8575]: in thread 7facc74fb700 thread_name:rgw_obj_expirer
This is going to need more work upstream (and more Teuthology tests) before we can safely support it for RHCS 2 users.
Verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0514.html
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days