One thing worth noting in this version of Ceph is the support brought forward for both frontends using SSL with ceph-ansible. Because this capability is new-ish using automation, I thought it would be good to have a reference for both configurations.
In addition, if using ceph-ansible, it doesn't yet copy/provision your SSL cert so that will need to be done manually by you prior to deployment. If you are deploying in containers, you'll want to ensure that your cert has the
container_file_t security context. This is also a good reason to consider proper placement of your cert like the
/etc/pki/ca-trust/extracted directory which gets bind mounted into the container by default.
- Civetweb configuration
[client.rgw.$(hostname -s).rgw0] # Civetweb rgw frontends = civetweb port=443s \ ssl_certificate=/etc/pki/ca-trust/extracted/cephtips.pem
- Beast configuration
[client.rgw.$(hostname -s).rgw0] # Beast rgw frontends = beast ssl_endpoint=10.10.10.216:443 \ ssl_certificate=/etc/pki/ca-trust/extracted/cephtips.pem