Ceph » rgw

Previously civetweb rgw had an option (ssl_short_trust) to automatically reload certs, for instance when they are short-lived and rotated frequently:

https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md#ssl_short_trust-no

When SSL was added to Beast this option was overlooked: https://tracker.ceph.com/issues/22832

This regression(?) is mentioned in the discussion here:

https://github.com/ceph/ceph/pull/20464#issuecomment-464867120

We are testing SSL with RGW using Rook in Kubernetes, and everything seems to work fine other than the certificate expiry, since it is being renewed by Cert-Manager fairly often. The certificate file on disk is updated, radosgw just needs a way to re-read it.

Restarting the rgw is an option but seems a bit heavy-handed and would require some more integration with Kubernetes to gracefully roll the deployment (and/or managed by Rook Operator)