No official documentation but here is how I got it to work on Ubuntu
16.04.01 (in this case I'm using a self-signed certificate):
assuming you're running rgw on a computer called rgwnode:
1. create self-signed certificate
ssh rgwnode
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem
-days 1000
cat key.pem >> /usr/share/ca-certificates/cert.pem
^--- without doing this you get errors like this "civetweb:
0x564d0357d8c0: set_ssl_option: cannot open
/usr/share/ca-certificates/cert.pem: error:0906D06C:PEM
routines:PEM_read_bio:no start line"
cp cert.pem /usr/share/ca-certificates/
2. configure civitweb:
edit your ceph.conf on the admin node and add:
[client.rgw.rgwnode]
rgw_frontends = civetweb port=443s
ssl_certificate=/usr/share/ca-certificates/cert.pem
push the config
ceph-deploy push rgwnode
ssh rgwnode 'sudo systemctl restart ceph-radosgw@rgwnode'
this ended up not being enough and I found log messages like these in the
logs:
2016-09-09 17:22:21.593231 7f36c33f8a00 0 civetweb: 0x555a3b7988c0:
load_dll: cannot load libssl.so
2016-09-09 17:22:21.593278 7f36c33f8a00 0 civetweb: 0x555a3b7988c0:
load_dll: cannot load libcrypto.so
to fix it:
ssh rgwnode
sudo ln -s /lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so
sudo ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so
On Thu, Dec 8, 2016 at 7:44 AM, Puff, Jonathon <jonathon.p...@netapp.com>
wrote:
> There’s a few documents out around this subject, but I can’t find anything
> official. Can someone point me to any official documentation for deploying
> this? Other alternatives appear to be a HAproxy frontend. Currently
> running 10.2.3 with a single radosgw.
>
>
>
> -JP
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
