Instructions on enabling HTTPS/SSL for object gateways result in error messages when running DeepSea stage 2

This document (7023282) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Enterprise Storage 5

Situation

Configuring TLS for object gateways fails with
Rendering SLS 'base:ceph.rgw.key.default' failed: Conflicting ID 'check s'
in running DeepSea stage 2 when following the configuration steps of the SUSE Enterprise Storage 5 Admin Guide.

Resolution

The following updated instructions for chapter 11.6.2 or 11.6.3  need to be followed:

11.6.2 Simple HTTPS Configuration

By default, Ceph on the Object Gateway node reads the /etc/ceph/rgw.pem certificate, and uses port 443 for secure SSL communication. If you do not need to change these values, follow these steps:

1. Edit /srv/pillar/ceph/stack/global.yml and add the following line:

rgw_init: default-ssl

2. Copy the default Object Gateway SSL configuration to the ceph.conf.d subdirectory:

cp /srv/salt/ceph/configuration/files/rgw-ssl.conf \
 /srv/salt/ceph/configuration/files/ceph.conf.d/rgw.conf


3. Run DeepSea Stages 2, 3, and 4 to apply the changes:

salt-run state.orch ceph.stage.2
salt-run state.orch ceph.stage.3
salt-run state.orch ceph.stage.4


11.6.3 Advanced HTTPS Configuration

If you need to change the default values for SSL settings of the Object Gateway, follow these steps:

1. Edit /srv/pillar/ceph/stack/global.yml and add the following line:

rgw_init: default-ssl

2. Copy the default Object Gateway SSL configuration to the ceph.conf.d subdirectory:

cp /srv/salt/ceph/configuration/files/rgw-ssl.conf \
 /srv/salt/ceph/configuration/files/ceph.conf.d/rgw.conf


Edit /srv/salt/ceph/configuration/files/ceph.conf.d/rgw.conf and change the default options, such as port number or path to the SSL certificate, to reflect your setup.

3. Run DeepSea Stage 3 and 4 to apply the changes:
salt-run state.orch ceph.stage.2
salt-run state.orch ceph.stage.3
salt-run state.orch ceph.stage.4

Cause

The rgw_configurations option for global.yml is only intended for special setups and takes an array, not a string.

Additional Information


Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023282
  • Creation Date: 17-Aug-2018
  • Modified Date:03-Mar-2020
    • SUSE Enterprise Storage

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center