30 Mar
2020
30 Mar
'20
12:43 a.m.
Hi all,
I am installing ceph Nautilus and getting constantly errors while adding iscsi gateways
It was working using http schema but after moving to https with wildcard certs gives API
errors
Below some of my configurations
Thanks for your help
Command:
ceph --cluster ceph dashboard iscsi-gateway-add https://myadmin:admin.01@1.2.3.4:5050
Error:
Error EINVAL: iscsi REST API cannot be reached. Please check your configuration and that
the API endpoint is accessible
Tried also disabling ssl verify
# ceph dashboard set-rgw-api-ssl-verify False
Option RGW_API_SSL_VERIFY updated
"/etc/ceph/iscsi-gateway.cfg" 23L, 977C
# Ansible managed
[config]
api_password = admin.01
api_port = 5050
# API settings.
# The API supports a number of options that allow you to tailor it to your
# local environment. If you want to run the API under https, you will need to
# create cert/key files that are compatible for each iSCSI gateway node, that is
# not locked to a specific node. SSL cert and key files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the
'/etc/ceph/' directory
# on *each* gateway node. With the SSL files in place, you can use 'api_secure =
true'
# to switch to https mode.
# To support the API, the bear minimum settings are:
api_secure = True
# Optional settings related to the CLI/API service
api_user = myadmin
cluster_name = ceph
loop_delay = 1
trusted_ip_list = 1.2.3.3,1.2.3.4
Log file
======
ceph-rgw-cnode04.rgw0.log
2020-03-30 10:24:20.392 7f6a2dc1b700 1 ====== req done req=0x561d9ce465f0 op status=0
http_status=200 latency=0.0119993s ======
2020-03-30 10:24:20.394 7f6a2cc19700 1 ====== starting new request req=0x561d9ce465f0
=====
2020-03-30 10:24:20.396 7f6a2cc19700 1 ====== req done req=0x561d9ce465f0 op status=0
http_status=404 latency=0.00199988s ======
2020-03-30 10:24:20.397 7f6a2bc17700 1 ====== starting new request req=0x561d9ce465f0
=====
2020-03-30 10:24:20.410 7f6a2bc17700 1 ====== req done req=0x561d9ce465f0 op status=0
http_status=200 latency=0.0129992s ======
2020-03-30 10:24:20.499 7f6a27c0f700 1 ====== starting new request req=0x561d9cec25f0
=====
2020-03-30 10:24:20.502 7f6a27c0f700 1 ====== req done req=0x561d9cec25f0 op status=0
http_status=200 latency=0.00299982s ======
2020-03-30 10:24:20.504 7f6a2740e700 1 ====== starting new request req=0x561d9cec25f0
=====
2020-03-30 10:24:20.506 7f6a2740e700 1 ====== req done req=0x561d9cec25f0 op status=0
http_status=200 latency=0.00199988s ======
2020-03-30 10:24:30.516 7f6a22404700 1 ====== starting new request req=0x561d9cf825f0
=====
2020-03-30 10:24:30.518 7f6a22404700 1 ====== req done req=0x561d9cf825f0 op status=0
http_status=200 latency=0.00199988s ======
2020-03-30 10:24:30.620 7f6a1ebfd700 1 ====== starting new request req=0x561d9cf925f0
=====
2020-03-30 10:24:30.622 7f6a1ebfd700 1 ====== req done req=0x561d9cf925f0 op status=0
http_status=200 latency=0.00199988s ======
2020-03-30 10:24:30.708 7f6a19bf3700 1 ====== starting new request req=0x561d9cfd45f0
=====
2020-03-30 10:24:30.708 7f6a193f2700 1 ====== starting new request req=0x561d9cfaa5f0
=====
2020-03-30 10:24:30.710 7f6a19bf3700 1 ====== req done req=0x561d9cfd45f0 op status=0
http_status=200 latency=0.00199988s ======
2020-03-30 10:24:30.711 7f6a193f2700 1 ====== req done req=0x561d9cfaa5f0 op status=0
http_status=200 latency=0.00299982s ======
/ceph-rgw-cnode05.rgw0.log
2020-03-30 10:07:41.309 7fb79d31c700 1 ====== req done http_status=400 ======
2020-03-30 10:07:41.505 7fb798312700 1 ====== starting new request req=0x5565d88b45f0
=====
2020-03-30 10:07:41.508 7fb798312700 1 ====== req done req=0x5565d88b45f0 op status=0
http_status=200 latency=0.00299982s ======
2020-03-30 10:07:41.531 7fb79430a700 1 failed to read header: bad method
2020-03-30 10:07:41.531 7fb79430a700 1 ====== req done http_status=400 ======
2020-03-30 10:07:41.552 7fb791304700 1 failed to read header: bad method
2020-03-30 10:07:41.552 7fb791304700 1 ====== req done http_status=400 ======
(END)
30 Mar
30 Mar
7:54 p.m.
On 03/29/2020 04:43 PM, givemeone wrote:
Hi all,
I am installing ceph Nautilus and getting constantly errors while adding iscsi gateways
It was working using http schema but after moving to https with wildcard certs gives API
errors
Below some of my configurations
Thanks for your help
Command:
ceph --cluster ceph dashboard iscsi-gateway-add https://myadmin:admin.01@1.2.3.4:5050
Error:
Error EINVAL: iscsi REST API cannot be reached. Please check your configuration and that
the API endpoint is accessible
Tried also disabling ssl verify
# ceph dashboard set-rgw-api-ssl-verify False
Option RGW_API_SSL_VERIFY updated
"/etc/ceph/iscsi-gateway.cfg" 23L, 977C
# Ansible managed
[config]
api_password = admin.01
api_port = 5050
# API settings.
# The API supports a number of options that allow you to tailor it to your
# local environment. If you want to run the API under https, you will need to
# create cert/key files that are compatible for each iSCSI gateway node, that is
# not locked to a specific node. SSL cert and key files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the
'/etc/ceph/' directory
# on *each* gateway node. With the SSL files in place, you can use 'api_secure =
true'
# to switch to https mode.
# To support the API, the bear minimum settings are:
api_secure = True
Maybe sure after you set this value you restart the rbd-target-api
daemons on all the nodes so the new value is used.
We might also need to set
api_ssl_verify = True
for some gateway to gateway operations. I'm not sure what happened with
the docs, because I do not see any info on it.
# Optional settings related to the CLI/API service
api_user = myadmin
cluster_name = ceph
loop_delay = 1
trusted_ip_list = 1.2.3.3,1.2.3.4
Log file
======
Are there any errors in /var/log/rbd-target-api/rbd-target-api.log?
31 Mar
31 Mar
3:46 a.m.
*sigh* and this time reply to all.
rbd-target-api is a little opinionated on where the ssl cert and key files
live and what they're named. It expects:
cert_files = ['/etc/ceph/iscsi-gateway.crt',
'/etc/ceph/iscsi-gateway.key']
So make sure these exist, and are named correctly.
Otherwise, we probably need to see the log :)
On Tue, Mar 31, 2020 at 3:56 AM Mike Christie <mchristi(a)redhat.com> wrote:
On 03/29/2020 04:43 PM, givemeone wrote:
Hi all,
I am installing ceph Nautilus and getting constantly errors while adding
iscsi
gateways
It was working using http schema but after moving
to https with wildcard
certs gives API errors
Below some of my configurations
Thanks for your help
Command:
ceph --cluster ceph dashboard iscsi-gateway-add
https://myadmin:admin.01@1.2.3.4:5050
Error:
Error EINVAL: iscsi REST API cannot be reached. Please check your
configuration
and that the API endpoint is accessible
Tried also disabling ssl verify
# ceph dashboard set-rgw-api-ssl-verify False
Option RGW_API_SSL_VERIFY updated
"/etc/ceph/iscsi-gateway.cfg" 23L, 977C
# Ansible managed
[config]
api_password = admin.01
api_port = 5050
# API settings.
# The API supports a number of options that allow you to tailor it to
your
# local environment. If you want to run the API
under https, you will
need to
# create cert/key files that are compatible for
each iSCSI gateway node,
that is
# not locked to a specific node. SSL cert and key
files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the
'/etc/ceph/' directory
# on *each* gateway node. With the SSL files in
place, you can use
'api_secure = true'
# to switch to https mode.
# To support the API, the bear minimum settings are:
api_secure = True
Maybe sure after you set this value you restart the rbd-target-api
daemons on all the nodes so the new value is used.
We might also need to set
api_ssl_verify = True
for some gateway to gateway operations. I'm not sure what happened with
the docs, because I do not see any info on it.
# Optional settings related to the CLI/API
service
api_user = myadmin
cluster_name = ceph
loop_delay = 1
trusted_ip_list = 1.2.3.3,1.2.3.4
Log file
======
Are there any errors in /var/log/rbd-target-api/rbd-target-api.log?
_______________________________________________
ceph-users mailing list -- ceph-users(a)ceph.io
To unsubscribe send an email to ceph-users-leave(a)ceph.io
1494
days inactive
1496
days old
2 comments
3 participants
participants (3)
-
givemeone -
Matthew Oliver -
Mike Christie