Hello, yes, our proxy is able to handle this:
root@proxmox4:~# wget --no-check-certificate -O xxx https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc --2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx |:8080... connected. WARNING: The certificate of `git.ceph.com' is not trusted. WARNING: The certificate of `git.ceph.com' hasn't got a known issuer. Proxy request sent, awaiting response... 200 OK Length: 34372 (34K) [text/html] Saving to: `xxx' 100%[========================================================================>] 34,372 71.4K/s in 0.5s 2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372] As you can see i simply disabled cert checks. Kind regards Petric > -----Original Message----- > From: pve-user [mailto:[email protected]] On Behalf Of > Thomas Lamprecht > Sent: Dienstag, 8. September 2015 10:30 > To: [email protected] > Subject: Re: [PVE-User] Ceph install failed > > > > On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote: > > Hello, > > > > after some "try and error" I got some workaround. I modified the ceph > key URL to use http instead of https. > > The web server SSL key cert of ceph.org is not listed in any official > CA. > > Using wget for a test download i get: > > > > root@proxmox4:~# wget -O xxx > https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc > > --2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git > > Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx > > Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080... > connected. > > ERROR: The certificate of `git.ceph.com' is not trusted. > > ERROR: The certificate of `git.ceph.com' hasn't got a known > issuer. > > > > It may be that the perl class LWP::UserAgent is not able to handle > this. > No it is, AFAIK. It's the reason we use it instead of wget, quoting the > comments from the code: > > # Note: wget on Debian wheezy cannot handle new ceph.com > certificates, > > so # we use LWP::UserAgent > Stupid question but can your proxy handle the https stuff? > > > > So i temporarily patched /usr/bin/pveceph to use > http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to > obtain the PGP key. > you only modified the URL, and it worked? https should be preferred > though, to counter man in the middle attacks and other security issues. > > Regards > > > > Kind regards > > Petric > > > > > >> -----Original Message----- > >> From: pve-user [mailto:[email protected]] On Behalf > Of > >> Thomas Lamprecht > >> Sent: Dienstag, 8. September 2015 09:38 > >> To: [email protected] > >> Subject: Re: [PVE-User] Ceph install failed > >> > >> > >> > >> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote: > >>> Hello, > >>> > >>> i got a little further. > >>> > >>> After viewing the script i realized that i have to set the env > >> variables > >>> http(s)_proxy > >> http://search.cpan.org/~ether/libwww-perl- > >> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes > >> > >> look at the 'env_proxy' entry, but I think you figured that out > >> already. > >>> After doing so (export http(s)_proxy=http://<proxy-server>:<proxy- > >> port>) i get another error: > >> you did: > >> > export http_proxy=http://... > >> > >> you can also use: > >> http_proxy=http://... pveceph install -version hammer > >>> root@proxmox4:~# pveceph install -version hammer > >>> download and import ceph repository keys > >>> unable to download ceph release key: 400 Bad Request > >> 400 looks like it didn't has the completely correct proxy settings? > >>> Any ideas ? > >>> > >>> Kind regards > >>> Petric > >>> > >>>> -----Original Message----- > >>>> From: pve-user [mailto:[email protected]] On Behalf > >> Of > >>>> Frank, Petric (Petric) > >>>> Sent: Dienstag, 8. September 2015 08:51 > >>>> To: [email protected] > >>>> Subject: [PVE-User] Ceph install failed > >>>> > >>>> Hello, > >>>> > >>>> i tried to setup a ceph-cluster on machines located behind a http- > >>>> proxy. I followed the guide at > >>>> http://pve.proxmox.com/wiki/Ceph_Server > >>>> > >>>> But I got this: > >>>> root@proxmox4:~# pveceph install -version hammer > >>>> download and import ceph repository keys > >>>> unable to download ceph release key: 500 Can't connect to > >>>> git.ceph.com:443 (timeout) > >>>> > >>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf was > >>>> updated to reflect the proxy server setting. But I got the same > >> output. > >>>> Is there another location to be provided with a proxy setting to > >>>> get this working ? > >>>> > >>>> > >>>> Installed is Proxmox 3.4 with the latest updates applied as of > >> today. > >>>> Kind regards > >>>> Petric > >>>> > >>>> _______________________________________________ > >>>> pve-user mailing list > >>>> [email protected] > >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >>> _______________________________________________ > >>> pve-user mailing list > >>> [email protected] > >>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >>> > >> > >> _______________________________________________ > >> pve-user mailing list > >> [email protected] > >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > _______________________________________________ > > pve-user mailing list > > [email protected] > > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > > _______________________________________________ > pve-user mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
