*sigh* and this time reply to all.
rbd-target-api is a little opinionated on where the ssl cert and key files
live and what they're named. It expects:
cert_files = ['/etc/ceph/iscsi-gateway.crt',
'/etc/ceph/iscsi-gateway.key']
So make sure these exist, and are named correctly.
Otherwise, we probably need to see the log :)
On Tue, Mar 31, 2020 at 3:56 AM Mike Christie <mchristi(a)redhat.com> wrote:
On 03/29/2020 04:43 PM, givemeone wrote:
Hi all,
I am installing ceph Nautilus and getting constantly errors while adding
iscsi
gateways
It was working using http schema but after moving
to https with wildcard
certs gives API errors
Below some of my configurations
Thanks for your help
Command:
ceph --cluster ceph dashboard iscsi-gateway-add
https://myadmin:admin.01@1.2.3.4:5050
Error:
Error EINVAL: iscsi REST API cannot be reached. Please check your
configuration
and that the API endpoint is accessible
Tried also disabling ssl verify
# ceph dashboard set-rgw-api-ssl-verify False
Option RGW_API_SSL_VERIFY updated
"/etc/ceph/iscsi-gateway.cfg" 23L, 977C
# Ansible managed
[config]
api_password = admin.01
api_port = 5050
# API settings.
# The API supports a number of options that allow you to tailor it to
your
# local environment. If you want to run the API
under https, you will
need to
# create cert/key files that are compatible for
each iSCSI gateway node,
that is
# not locked to a specific node. SSL cert and key
files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the
'/etc/ceph/' directory
# on *each* gateway node. With the SSL files in
place, you can use
'api_secure = true'
# to switch to https mode.
# To support the API, the bear minimum settings are:
api_secure = True
Maybe sure after you set this value you restart the rbd-target-api
daemons on all the nodes so the new value is used.
We might also need to set
api_ssl_verify = True
for some gateway to gateway operations. I'm not sure what happened with
the docs, because I do not see any info on it.
# Optional settings related to the CLI/API
service
api_user = myadmin
cluster_name = ceph
loop_delay = 1
trusted_ip_list = 1.2.3.3,1.2.3.4
Log file
======
Are there any errors in /var/log/rbd-target-api/rbd-target-api.log?
_______________________________________________
ceph-users mailing list -- ceph-users(a)ceph.io
To unsubscribe send an email to ceph-users-leave(a)ceph.io