Yes, that's what I was referring to. If you have one "global" cert for
all mgrs it will override the per-mgr config. I would recommend to
remove the global entry and then see if your per-mgr certs work as
expected.
During a fresh cluster bootstrap (if you don't skip the dashboard), it
will generate a global cert for you. So I wouldn't consider this a
bug, but a note in the docs might help.
Zitat von lejeczek <pelj...@yahoo.co.uk>:
According to ceph own docs -
https://docs.ceph.com/en/quincy/mgr/dashboard/?highlight=certificate#ssl-tls-support
'dashboard' commands do take per-name/mgr certs, case into account,
there should be no need to go to 'config' directly.
Those cmds seem to work - meaning they create config paths and
values - I see:
-> $ ceph config-key get mgr/dashboard/podster2.mine.priv/crt
-> $ ceph config-key get mgr/dashboard/podster2.mine.priv/key
But it seems that whatever is "global" - is under
mgr/dashboard/key|cert - takes precedence and per-node/mgr certs are
ignored by ceph, namely, if I do:
-> $ ceph dashboard create-self-signed-cert
then, I do per-node cert (with FQDN or with short hostname),
self-signed dashboard cert will be still in effect, on all nodes/mgrs.
Would this be a bug - could anybody confirm/reproduce?
many thanks, L
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
