1965504 – [cee/sd][ceph-ansible][mutli-site] ceph-ansible does not correctly set zone endpoints when https is set

Bug 1965504 - [cee/sd][ceph-ansible][mutli-site] ceph-ansible does not correctly set zone endpoints when https is set

Summary: [cee/sd][ceph-ansible][mutli-site] ceph-ansible does not correctly set zone e...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Ceph-Ansible
Sub Component:
Version:	4.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.3
Assignee:	Guillaume Abrioux
QA Contact:	Madhavi Kasturi
Docs Contact:	Ranjini M N
URL:
Whiteboard:
Depends On:
Blocks:	2031070
TreeView+	depends on / blocked

Reported:	2021-05-27 20:09 UTC by Tomas Petr
Modified:	2024-06-14 01:34 UTC (History)
CC List:	12 users (show)
Fixed In Version:	ceph-ansible-4.0.63-1.el8cp, ceph-ansible-4.0.63-1.el7cp
Doc Type:	Bug Fix
Doc Text:	.Use a fully-qualified domain name (FQDN) when HTTPS is enabled in a multi-site configuration Previously, in a multi-site Ceph configuration, `ceph-ansible` would not differentiate between HTTP and HTTPS and set the zone endpoints with the IP address instead of the host name when HTTPS was enabled. With this release, ceph-ansible uses the fully-qualified domain name (FQDN) instead of the IP address when HTTPS is enabled and the zone endpoints are set with the FQDN and match the TLS certificate CN.
Clone Of:
Environment:
Last Closed:	2022-05-05 07:53:20 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	ceph ceph-ansible pull 6745	None	Merged	multisite: use node fqdn for endpoints when https (backport #6705)	2021-12-02 08:02:31 UTC
Red Hat Issue Tracker	RHCEPH-87	None	None	None	2021-08-30 11:12:49 UTC
Red Hat Product Errata	RHSA-2022:1716	None	None	None	2022-05-05 07:53:39 UTC

Description Tomas Petr 2021-05-27 20:09:52 UTC

Description of problem:
Ceph-ansible code does not make difference between https and http configuration for RGW-multisite conf.
With http the zone endpoints can be in current state - http://<IP>:port
but for https the zone endpoint should be  hostname matching the cert - like: https://rgwnode.redhat.com

Currently the code is same, and will set up the zone endpoint like: https://<IP>:port
which will case RGW not work properly, the SSL will return error

---
rgw_multisite: true
rgw_multisite_proto: "https"
rgw_pull_proto: "https" # should be the same as rgw_multisite_proto for the master zone cluster
---

Version-Release number of selected component (if applicable):
ceph-ansible-4.0.49-3.1

How reproducible:
always

Steps to Reproduce:
1. 
2.
3.

Actual results:


Expected results:


Additional info:

Comment 10 errata-xmlrpc 2022-05-05 07:53:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1716

Comment 11 Red Hat Bugzilla 2023-09-15 01:34:18 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days

Note You need to log in before you can comment on or make changes to this bug.