Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2395169

Summary: RFE [Cephadm] [NFS-Ganesha]: Cephadm support for NFS-Ganesha TLS configuration
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Deeraj Patil <deepatil>
Component: CephadmAssignee: Shweta Bhosale <shbhosal>
Status: CLOSED ERRATA QA Contact: Manish Singh <manising>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.0CC: akane, cephqe-warriors, ngangadh, shbhosal
Target Milestone: ---   
Target Release: 9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-20.1.0-44 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2026-01-29 06:59:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Deeraj Patil 2025-09-15 10:29:43 UTC 
Description of problem:
New feature has been added TLS support in NFS-Ganesha.
Creating this bug to track : Add support to cephadm for this feature.

Additional info:
NFS-Ganesha needs below block in the ganesha.conf file to support the TLS feature.

TLS_CONFIG {}
-----------------------------------------------------------------------------
       Enable_TLS(bool, default false)
       TLS_CA_File(path, default "")
        eg : TLS_CA_File = "/etc/ganesha/tls/ca.crt";
       TLS_Cert_File(path, default "")
        eg: TLS_Cert_File = "/etc/ganesha/tls/ganesha.crt";
       TLS_Key_File(path, default "")
        eg : TLS_Key_File = "/etc/ganesha/tls/ganesha.key";
       TLS_Ciphers(string, default NULL)
       eg for backend as openssl :
               TLS_Ciphers = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
       eg for backend as gnutls :
               TLS_Ciphers = ":-CIPHER-ALL:+AES-256-GCM";
       TLS_Min_Version(string, "TLSv1.3")
        options = "TLSv1.3", "TLSv1.2";
               eg: TLS_Min_Version = "TLSv1.3"
       Enable_KTLS(bool, default true)
       To enable and disable KTLS transferes.
       Note : Currently applicable for only openssl.
              If user want to enable/disable ktls for gnutls use gnutls config file.
       Enable_debug(bool, default true)
       To enable TLS library callback prints and full debugging logs for TLS.
Comment 7 errata-xmlrpc 2026-01-29 06:59:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 9.0 Security and Enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2026:1536