On 09/08/2015 10:43 AM, Frank, Petric (Petric) wrote:
Hello,
yes, our proxy is able to handle this:
root@proxmox4:~# wget --no-check-certificate -O xxx
https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
--2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git
Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx |:8080...
connected.
WARNING: The certificate of `git.ceph.com' is not trusted.
WARNING: The certificate of `git.ceph.com' hasn't got a known issuer.
Proxy request sent, awaiting response... 200 OK
Length: 34372 (34K) [text/html]
Saving to: `xxx'
100%[========================================================================>]
34,372 71.4K/s in 0.5s
2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372]
As you can see i simply disabled cert checks.
Unusable for general use, as we _want_ cert checks, else https is unsecure.
Only to know,
https_proxy=https://your.proxy pveceph install -version hammer
didn't work?
Kind regards
Petric
-----Original Message-----
From: pve-user [mailto:[email protected]] On Behalf Of
Thomas Lamprecht
Sent: Dienstag, 8. September 2015 10:30
To: [email protected]
Subject: Re: [PVE-User] Ceph install failed
On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
Hello,
after some "try and error" I got some workaround. I modified the ceph
key URL to use http instead of https.
The web server SSL key cert of ceph.org is not listed in any official
CA.
Using wget for a test download i get:
root@proxmox4:~# wget -O xxx
https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
--2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git
Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080...
connected.
ERROR: The certificate of `git.ceph.com' is not trusted.
ERROR: The certificate of `git.ceph.com' hasn't got a known
issuer.
It may be that the perl class LWP::UserAgent is not able to handle
this.
No it is, AFAIK. It's the reason we use it instead of wget, quoting the
comments from the code:
# Note: wget on Debian wheezy cannot handle new ceph.com
certificates,
so # we use LWP::UserAgent
Stupid question but can your proxy handle the https stuff?
So i temporarily patched /usr/bin/pveceph to use
http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to
obtain the PGP key.
you only modified the URL, and it worked? https should be preferred
though, to counter man in the middle attacks and other security issues.
Regards
Kind regards
Petric
-----Original Message-----
From: pve-user [mailto:[email protected]] On Behalf
Of
Thomas Lamprecht
Sent: Dienstag, 8. September 2015 09:38
To: [email protected]
Subject: Re: [PVE-User] Ceph install failed
On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
Hello,
i got a little further.
After viewing the script i realized that i have to set the env
variables
http(s)_proxy
http://search.cpan.org/~ether/libwww-perl-
6.13/lib/LWP/UserAgent.pm#Proxy_attributes
look at the 'env_proxy' entry, but I think you figured that out
already.
After doing so (export http(s)_proxy=http://<proxy-server>:<proxy-
port>) i get another error:
you did:
> export http_proxy=http://...
you can also use:
http_proxy=http://... pveceph install -version hammer
root@proxmox4:~# pveceph install -version hammer
download and import ceph repository keys
unable to download ceph release key: 400 Bad Request
400 looks like it didn't has the completely correct proxy settings?
Any ideas ?
Kind regards
Petric
-----Original Message-----
From: pve-user [mailto:[email protected]] On Behalf
Of
Frank, Petric (Petric)
Sent: Dienstag, 8. September 2015 08:51
To: [email protected]
Subject: [PVE-User] Ceph install failed
Hello,
i tried to setup a ceph-cluster on machines located behind a http-
proxy. I followed the guide at
http://pve.proxmox.com/wiki/Ceph_Server
But I got this:
root@proxmox4:~# pveceph install -version hammer
download and import ceph repository keys
unable to download ceph release key: 500 Can't connect to
git.ceph.com:443 (timeout)
I've updated the proxy entries at /etc/wgetrc - also apt.conf was
updated to reflect the proxy server setting. But I got the same
output.
Is there another location to be provided with a proxy setting to
get this working ?
Installed is Proxmox 3.4 with the latest updates applied as of
today.
Kind regards
Petric
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
