1) Description of problem:
The RadosGW implementation in RHCS1.3 doesn't support SSL as of now. The suggested method in the RadosGW documentation is to use a reverse proxy.
From the RHCS1.3 documentation of RadosGW:
In version 1.3, the Ceph Object Gateway does not support SSL. You may setup a reverse proxy server with SSL to dispatch HTTPS requests as HTTP requests to CivetWeb.
This is a feature request to enable SSL support in RadosGW.
2) Version-Release number of selected component (if applicable):
3) Actual results:
RadosGW in RHCS1.3 doesn't support SSL.
4) Expected results:
RadosGW should support SSL due to the importance of data encryption needed in enterprise environments. This should be available without the need of setting up a proxy server.
This change is in master, and it's also in v10.0.4.
I don't yet have any documentation on it, I'll try to get to that RSN.
Matt has a tweak to this to actually check if "openssl-devel" is installed - one of us will make sure that gets pushed out.
I see Civetweb with SSL section in the doc https://access.qa.redhat.com/documentation/en/red-hat-ceph-storage/2/single/object-gateway-guide-for-red-hat-enterprise-linux#using_ssl_with_civetweb
Since it is not supported in 2.0, I think we need to remove this reference.
Hi, could you update the status of the BZ please
(In reply to Edu Alcaniz from comment #23)
> Hi, could you update the status of the BZ please
Status unchange, looking for -needinfo from John.
Topics were removed, but Pantheon is not behaving. See https://gitlab.cee.redhat.com/red-hat-ceph-storage-documentation/doc-Red_Hat_Ceph_Storage_2-Object_Gateway/commit/e6052472480d0084b95a3ffce6bd20d25fca2c8d
hi, any luck in QA to move forward? Thanks very much.
Followed the doc available offline:
After generating the self-signed cert and adding to ceph.conf, rgw crashes.
rgw_frontends = civetweb port=443s ssl_certificate=/root/selfcert.pem
2016-10-18 09:30:14.109302 7efdcf2889c0 0 ceph version 10.2.3-7.el7cp (f69f9569b426f45d948df4be635aa92f4d656654), process radosgw, pid 8145
2016-10-18 09:30:14.185347 7efd4ffff700 0 RGWGC::process() failed to acquire lock on gc.4
2016-10-18 09:30:14.185884 7efd4ffff700 0 RGWGC::process() failed to acquire lock on gc.5
2016-10-18 09:30:14.186366 7efd4ffff700 0 RGWGC::process() failed to acquire lock on gc.6
2016-10-18 09:30:14.187322 7efdcf2889c0 0 starting handler: civetweb
2016-10-18 09:30:14.187432 7efdcf2889c0 0 civetweb: 0x7efdcf4e2dc0: load_dll: cannot load libssl.so
2016-10-18 09:30:14.187475 7efdcf2889c0 0 civetweb: 0x7efdcf4e2dc0: load_dll: cannot load libcrypto.so
2016-10-18 09:30:14.187485 7efdcf2889c0 -1 ERROR: failed run
2016-10-18 09:30:14.189308 7efd4f7fe700 -1 *** Caught signal (Aborted) **
in thread 7efd4f7fe700 thread_name:rgw_obj_expirer
ceph version 10.2.3-7.el7cp (f69f9569b426f45d948df4be635aa92f4d656654)
1: (()+0x56f89a) [0x7efdc59a189a]
2: (()+0xf370) [0x7efdc4db1370]
3: (gsignal()+0x37) [0x7efdc42f41d7]
4: (abort()+0x148) [0x7efdc42f58c8]
5: (__gnu_cxx::__verbose_terminate_handler()+0x165) [0x7efdc48f6ab5]
6: (()+0x5ea26) [0x7efdc48f4a26]
7: (()+0x5ea53) [0x7efdc48f4a53]
8: (()+0x5ec73) [0x7efdc48f4c73]
9: (operator new(unsigned long)+0x7d) [0x7efdc48f520d]
10: (std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&)+0x59) [0x7efdc4953ce9]
11: (std::string::_Rep::_M_clone(std::allocator<char> const&, unsigned long)+0x1b) [0x7efdc49548fb]
12: (std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::string const&)+0x5c) [0x7efdc4954fcc]
13: (RGWObjectExpirer::process_single_shard(std::string const&, utime_t const&, utime_t const&)+0x133) [0x7efdc57d9943]
14: (RGWObjectExpirer::inspect_all_shards(utime_t const&, utime_t const&)+0xb2) [0x7efdc57d9fb2]
15: (RGWObjectExpirer::OEWorker::entry()+0x7f) [0x7efdc57da25f]
16: (()+0x7dc5) [0x7efdc4da9dc5]
17: (clone()+0x6d) [0x7efdc43b673d]
-- Unit email@example.com has begun starting up.
Oct 18 09:30:56 magna047 radosgw: error parsing int: 443s: The option value '443s' seems to be invalid
Oct 18 09:30:56 magna047 radosgw: 2016-10-18 09:30:56.185159 7fad36c479c0 -1 ERROR: failed run
Oct 18 09:30:56 magna047 radosgw: terminate called after throwing an instance of 'std::bad_alloc'
Oct 18 09:30:56 magna047 radosgw: what(): std::bad_alloc
Oct 18 09:30:56 magna047 radosgw: *** Caught signal (Aborted) **
Oct 18 09:30:56 magna047 radosgw: in thread 7facc74fb700 thread_name:rgw_obj_expirer
This is going to need more work upstream (and more Teuthology tests) before we can safely support it for RHCS 2 users.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.