Project

General

Profile

Bug #21151

vstart.sh: Can't start rgw with ssl enabled

Added by Nick Erdmann about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
Start date:
08/28/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

Currently there is no way to start rgw with ssl enabled via vstart.sh. According to rgw's docs an 's' has to be appended to the port number in the configuration to enable ssl, but vstart.sh expects integer port numbers.

If I run RGW=1 ./src/vstart.sh -d -n -x -l --rgw_frontend "civetweb ssl_certificate=~/cert.pem" --rgw_port 443s, I get these error messages near the end of vstart.sh's output:
/root/ceph/src/vstart.sh: line 1011: [: 443s: integer expression expected
/root/ceph/src/vstart.sh: line 1015: 443s: value too great for base (error token is "443s")
started. stop.sh to stop. see out/* (e.g. 'tail -f out/????') for debug output.

History

#1 Updated by Lei Liu about 2 years ago

Try it please,don't use --rgw_port enabled ssl

./src/vstart.sh -d -n -x -l --rgw_frontend "civetweb port=443s ssl_certificate=~/cert.pem" 

#2 Updated by Orit Wasserman about 2 years ago

  • Assignee set to Mark Kogan

#3 Updated by Mark Kogan almost 2 years ago

  • Status changed from New to In Progress

#4 Updated by Orit Wasserman almost 2 years ago

  • Status changed from In Progress to Resolved

#5 Updated by Mark Kogan almost 2 years ago

Notes:

Tested witht he following command:

RGW=1 ../src/vstart.sh -d -x -l --rgw_frontend "civetweb ssl_certificate=$(realpath ./cert.pem)" --rgw_port 443s

radosgw is started with sudo because it needs to bind to privileged port,
stop.sh does not stop the radosgw, it needs to be killed explicitly with “sudo pkill radosgw”

Relative cert path like ~/cert.pem did not work, $(realpath ./cert.pem) works.

The self signed certificate was generated with the following commands:

openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout key.pem -out cert.pem -subj "/CN=localhost" -days 3650

cat key.pem >> cert.pem

Also available in: Atom PDF