Project

General

Profile

Bug #21151

vstart.sh: Can't start rgw with ssl enabled

Added by Nick Erdmann over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Currently there is no way to start rgw with ssl enabled via vstart.sh. According to rgw's docs an 's' has to be appended to the port number in the configuration to enable ssl, but vstart.sh expects integer port numbers.

If I run RGW=1 ./src/vstart.sh -d -n -x -l --rgw_frontend "civetweb ssl_certificate=~/cert.pem" --rgw_port 443s, I get these error messages near the end of vstart.sh's output:
/root/ceph/src/vstart.sh: line 1011: [: 443s: integer expression expected
/root/ceph/src/vstart.sh: line 1015: 443s: value too great for base (error token is "443s")
started. stop.sh to stop. see out/* (e.g. 'tail -f out/????') for debug output.

History

#1 Updated by Lei Liu over 6 years ago

Try it please,don't use --rgw_port enabled ssl

./src/vstart.sh -d -n -x -l --rgw_frontend "civetweb port=443s ssl_certificate=~/cert.pem" 

#2 Updated by Orit Wasserman over 6 years ago

  • Assignee set to Mark Kogan

#3 Updated by Mark Kogan over 6 years ago

  • Status changed from New to In Progress

#4 Updated by Orit Wasserman over 6 years ago

  • Status changed from In Progress to Resolved

#5 Updated by Mark Kogan over 6 years ago

Notes:

Tested witht he following command:

RGW=1 ../src/vstart.sh -d -x -l --rgw_frontend "civetweb ssl_certificate=$(realpath ./cert.pem)" --rgw_port 443s

radosgw is started with sudo because it needs to bind to privileged port,
stop.sh does not stop the radosgw, it needs to be killed explicitly with “sudo pkill radosgw”

Relative cert path like ~/cert.pem did not work, $(realpath ./cert.pem) works.

The self signed certificate was generated with the following commands:

openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout key.pem -out cert.pem -subj "/CN=localhost" -days 3650

cat key.pem >> cert.pem

Also available in: Atom PDF