Description of problem: At the following section , we should mention that the certification file should be copied to the RGWs into a folder which is accessible by the container (ex: /etc/ceph/). We should also show an example how to configure beast rgw ( SSL and w/o SSL) with ceph-ansible. https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/object_gateway_guide_for_red_hat_enterprise_linux/index#using-the-beast-front-end-rgw Version-Release number of selected component (if applicable): 4.0
Thanks Mustafa. Can you provide those steps, in particular the config of beast using ceph-ansible (with and without SSL)?
I think there are many ways to achieve it (through group_vars or host_vars),for instance at one of my case where I used host_vars since only some of the RGWs was supposed to communicate through SSL; - Copy the file rgwcertificate.pem (this file should contain the certificate and the key) to /etc/pki/ca-trust/extracted/ directory of the RGWs where SSL is required - Add the host based variables under host_vars directory [root@mustafa host_vars]# cat klcphdrgt1 radosgw_address: 4.4.4.4 radosgw_frontend_port: 443 radosgw_frontend_ssl_certificate: "/etc/pki/ca-trust/extracted/rgwcertificate.pem" This is where these variables are rendered and ceph-ansible; roles/ceph-config/templates/ceph.conf.j2 ... [client.rgw.{{ _rgw_hostname + '.' + instance['instance_name'] }}] host = {{ _rgw_hostname }} keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ _rgw_hostname + '.' + instance['instance_name'] }}/keyring log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] + '.' + instance['instance_name'] }}.log {% set _rgw_binding_socket = instance['radosgw_address'] | default(_radosgw_address) | string + ':' + instance['radosgw_frontend_port'] | default(radosgw_frontend_port) | string %} {%- macro frontend_line(frontend_type) -%} {%- if frontend_type == 'civetweb' -%} {{ radosgw_frontend_type }} port={{ _rgw_binding_socket }}{{ 's ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }} {%- elif frontend_type == 'beast' -%} {{ radosgw_frontend_type }} {{ 'ssl_' if radosgw_frontend_ssl_certificate else '' }}endpoint={{ _rgw_binding_socket }}{{ ' ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }} {%- endif -%} {%- endmacro -%} rgw frontends = {{ frontend_line(radosgw_frontend_type) }} {{ radosgw_frontend_options }} {% if 'num_threads' not in radosgw_frontend_options %} rgw thread pool size = {{ radosgw_thread_pool_size }} {% endif %} ... There are also some other options you can set such as "radosgw_thread_pool_size". radosgw_frontend_port is an important variable for non-ssl use case (https://bugzilla.redhat.com/show_bug.cgi?id=1828066); roles/ceph-defaults/defaults/main.yml:radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"