Ceph » rgw

add the ability to specify ssl certificate to be used by radosgw-admin when acting as https client to radosgw which frontend is configured as https endpoint
(currently there is no mechanism to specify such certificate and such radosgw-admin operations are performed with --rgw_verify_ssl=false)

example MS mstart flow (--rgw_verify_ssl=false --> --rgw_verify_ssl_cacert=./cert.pem):

# PRE-REQ: prepare cert.pem:

openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout key.pem -out cert.pem -subj "/CN=localhost" -days 3650
cat key.pem >> cert.pem

# restart:
../src/mstop.sh c1 ; ../src/mstop.sh c2
kill --verbose -9 $(ps -ef | grep 'bin\/radosgw' | grep "800[12]" | awk '{ print $2 }')
ps -ef | grep '[r]adosgw' ; ps -ef | grep '[c]eph'
/usr/bin/rm -rf ./run/*

###  ZONE 1  ###
export CEPH_DEV=0
env MON=1 OSD=1 MDS=0 MGR=1 RGW=1 ../src/mstart.sh c1 -n -o bluestore_block_size=536870912000 --without-dashboard | ccze -A -onolookups

../src/mrun c1 radosgw-admin realm create --rgw-realm=gold --default | jq

../src/mrun c1 radosgw-admin zonegroup create --rgw-zonegroup=us --endpoints=https://localhost:1443 --master --default | jq

../src/mrun c1 radosgw-admin zone create --rgw-zonegroup=us --rgw-zone=us-east --endpoints=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --master --default | jq

../src/mrun c1 radosgw-admin user create --uid=realm.admin --display-name=RealmAdmin --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --system | jq

../src/mrun c1 radosgw-admin period update --commit | jq

../src/mrun c1 radosgw-admin user create --display-name="Test Id" --uid=testid --access-key b2345678901234567890 --secret b234567890123456789012345678901234567890 | jq

../src/mrun c1 radosgw-admin user modify --uid=testid --max-buckets=0 | jq

# restart radosgw:
pgrep -a ceph ; pgrep -a rados | ccze
kill $(ps -ef | grep radosgw | grep 8001 | awk '{ print $2 }')
kill $(ps -ef | grep radosgw | grep 7001 | awk '{ print $2 }')
truncate -s0 ./run/c1/out/radosgw.7001.log
../src/mrgw.sh c1 7001 1443 --debug-rgw=20 --debug-ms=0 --debug_rgw_sync=0 --rgw-zone=us-east #--rgw_verify_ssl_cacert=./cert.pem  #--rgw_verify_ssl=false
pgrep -a ceph ; pgrep -a rados | ccze

ps -ef | grep "[r]adosgw" 
../src/mrun c1 ceph status | ccze -A -onolookups ; ../src/mrun c1 ceph df | ccze -A -onolookups

###  ZONE 2  ###
env MON=1 OSD=1 MDS=0 MGR=1 RGW=1 ../src/mstart.sh c2 -n -o bluestore_block_size=536870912000 --without-dashboard | ccze -A -onolookups

../src/mrun c2 radosgw-admin realm pull --url=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --default --rgw_verify_ssl_cacert=./cert.pem | jq  #--rgw_verify_ssl=false | jq

../src/mrun c2 radosgw-admin period pull --url=https://localhost:1443 --access-key a2345678901234567890 --secret a234567890123456789012345678901234567890 --default --rgw_verify_ssl_cacert=./cert.pem | jq  #--rgw_verify_ssl=false | jq

../src/mrun c2 radosgw-admin zone create --rgw-zonegroup=us --rgw-zone=us-west  --endpoints=https://localhost:2443 --access-key=a2345678901234567890 --secret=a234567890123456789012345678901234567890 --default | jq

../src/mrun c2 radosgw-admin period update --commit --rgw_verify_ssl_cacert=./cert.pem | jq  #--rgw_verify_ssl=false | jq

# restart radosgw
pgrep -a ceph ; pgrep -a rados | ccze
kill $(ps -ef | grep radosgw | grep 8002 | awk '{ print $2 }')
kill $(ps -ef | grep radosgw | grep 7002 | awk '{ print $2 }')
truncate -s0 ./run/c2/out/radosgw.7002.log
../src/mrgw.sh c2 7002 2443 --debug-rgw=20 --debug-ms=0 --debug_rgw_sync=0 --rgw-zone=us-west #--rgw_verify_ssl_cacert=./cert.pem  #--rgw_verify_ssl=false
pgrep -a ceph ; pgrep -a rados | ccze

ps -ef | grep "[r]adosgw" 
../src/mrun c1 ceph status | ccze -A -onolookups ; ../src/mrun c2 ceph df | ccze -A -onolookups

sleep 4
../src/mrun c2 radosgw-admin sync status --rgw_verify_ssl_cacert=./cert.pem  | ccze -Aonolookups