Ceph » mgr » Dashboard

We have an ochestrated ceph cluster (16.2.11) with 2 radosgw services on 2 separate hosts without HA (i.e. no ingress/haproxy in front). Both of the rgw servers use SSL and have a properly signed certificate. We can access them with standard S3 tools like s3cmd, cyberduck, etc.

The problem seems to be that the the Ceph mgr dashboard fails to access the RGW API because it uses the shortname "gw01" instead of the FQDN "gw01.domain.com" when forming the S3 signature which makes the S3 signature check fail and we get the following error:

Error connecting to Object Gateway: RGW REST API failed request with status code 403 (b'{"Code":"SignatureDoesNotMatch","RequestId":"tx00000521ceca28974e94b-006408e' b'f93-454bbb4e-default","HostId":"454bbb4e-default-default"}')

It seems that the ceph mgr (which we have restarted several times) uses just the short hostname from the cephadm inventory and I don't see how to tell it to use the FQDN (rgw_dns_name). Neither is it possible to configure the RGW to listen on an alternate non-SSL port on the cluster private network since the service spec for RGW only allows to set the rgw_frontend_port and rgw_frontend_type, but not the full frontend spec (which would allow for multiple listeners).

So it seems like there are a couple of issues:
1. The RGW spec doesn't support the enough options to fully control the configuration of an RGW gateway.
2. ceph-mgr dashboard should probably use the rgw_dns_name for the RGW instead of defaulting to the short hostname from the inventory, especially when using SSL.