Hello, no, "https_proxy=http://<proxy-host>:<proxy-port> pveceph install -version hammer" does not work. It aborts in the PGP-key getting phase.
Kind regards Petric > -----Original Message----- > From: Thomas Lamprecht [mailto:[email protected]] > Sent: Dienstag, 8. September 2015 11:18 > To: Frank, Petric (Petric); [email protected] > Subject: Re: [PVE-User] Ceph install failed > > > > On 09/08/2015 10:43 AM, Frank, Petric (Petric) wrote: > > Hello, > > > > yes, our proxy is able to handle this: > > > > root@proxmox4:~# wget --no-check-certificate -O xxx > https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc > > --2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git > > Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx > > Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx > |:8080... connected. > > WARNING: The certificate of `git.ceph.com' is not trusted. > > WARNING: The certificate of `git.ceph.com' hasn't got a known > issuer. > > Proxy request sent, awaiting response... 200 OK > > Length: 34372 (34K) [text/html] > > Saving to: `xxx' > > > > > 100%[================================================================== > ======>] 34,372 71.4K/s in 0.5s > > > > 2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372] > > > > As you can see i simply disabled cert checks. > Unusable for general use, as we _want_ cert checks, else https is > unsecure. > > Only to know, > > https_proxy=https://your.proxy pveceph install -version hammer > > didn't work? > > > > Kind regards > > Petric > > > >> -----Original Message----- > >> From: pve-user [mailto:[email protected]] On Behalf > Of > >> Thomas Lamprecht > >> Sent: Dienstag, 8. September 2015 10:30 > >> To: [email protected] > >> Subject: Re: [PVE-User] Ceph install failed > >> > >> > >> > >> On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote: > >>> Hello, > >>> > >>> after some "try and error" I got some workaround. I modified the > >>> ceph > >> key URL to use http instead of https. > >>> The web server SSL key cert of ceph.org is not listed in any > >>> official > >> CA. > >>> Using wget for a test download i get: > >>> > >>> root@proxmox4:~# wget -O xxx > >> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc > >>> --2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git > >>> Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx > >>> Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080... > >> connected. > >>> ERROR: The certificate of `git.ceph.com' is not trusted. > >>> ERROR: The certificate of `git.ceph.com' hasn't got a known > >> issuer. > >>> It may be that the perl class LWP::UserAgent is not able to handle > >> this. > >> No it is, AFAIK. It's the reason we use it instead of wget, quoting > >> the comments from the code: > >>> # Note: wget on Debian wheezy cannot handle new ceph.com > >> certificates, > >>> so # we use LWP::UserAgent > >> Stupid question but can your proxy handle the https stuff? > >>> So i temporarily patched /usr/bin/pveceph to use > >> http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to > >> obtain the PGP key. > >> you only modified the URL, and it worked? https should be preferred > >> though, to counter man in the middle attacks and other security > issues. > >> > >> Regards > >>> Kind regards > >>> Petric > >>> > >>> > >>>> -----Original Message----- > >>>> From: pve-user [mailto:[email protected]] On Behalf > >> Of > >>>> Thomas Lamprecht > >>>> Sent: Dienstag, 8. September 2015 09:38 > >>>> To: [email protected] > >>>> Subject: Re: [PVE-User] Ceph install failed > >>>> > >>>> > >>>> > >>>> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote: > >>>>> Hello, > >>>>> > >>>>> i got a little further. > >>>>> > >>>>> After viewing the script i realized that i have to set the env > >>>> variables > >>>>> http(s)_proxy > >>>> http://search.cpan.org/~ether/libwww-perl- > >>>> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes > >>>> > >>>> look at the 'env_proxy' entry, but I think you figured that out > >>>> already. > >>>>> After doing so (export http(s)_proxy=http://<proxy- > server>:<proxy- > >>>> port>) i get another error: > >>>> you did: > >>>> > export http_proxy=http://... > >>>> > >>>> you can also use: > >>>> http_proxy=http://... pveceph install -version hammer > >>>>> root@proxmox4:~# pveceph install -version hammer > >>>>> download and import ceph repository keys > >>>>> unable to download ceph release key: 400 Bad Request > >>>> 400 looks like it didn't has the completely correct proxy > settings? > >>>>> Any ideas ? > >>>>> > >>>>> Kind regards > >>>>> Petric > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: pve-user [mailto:[email protected]] On > >>>>>> Behalf > >>>> Of > >>>>>> Frank, Petric (Petric) > >>>>>> Sent: Dienstag, 8. September 2015 08:51 > >>>>>> To: [email protected] > >>>>>> Subject: [PVE-User] Ceph install failed > >>>>>> > >>>>>> Hello, > >>>>>> > >>>>>> i tried to setup a ceph-cluster on machines located behind a > >>>>>> http- proxy. I followed the guide at > >>>>>> http://pve.proxmox.com/wiki/Ceph_Server > >>>>>> > >>>>>> But I got this: > >>>>>> root@proxmox4:~# pveceph install -version hammer > >>>>>> download and import ceph repository keys > >>>>>> unable to download ceph release key: 500 Can't connect to > >>>>>> git.ceph.com:443 (timeout) > >>>>>> > >>>>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf > was > >>>>>> updated to reflect the proxy server setting. But I got the same > >>>> output. > >>>>>> Is there another location to be provided with a proxy setting to > >>>>>> get this working ? > >>>>>> > >>>>>> > >>>>>> Installed is Proxmox 3.4 with the latest updates applied as of > >>>> today. > >>>>>> Kind regards > >>>>>> Petric > >>>>>> > >>>>>> _______________________________________________ > >>>>>> pve-user mailing list > >>>>>> [email protected] > >>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >>>>> _______________________________________________ > >>>>> pve-user mailing list > >>>>> [email protected] > >>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >>>>> > >>>> _______________________________________________ > >>>> pve-user mailing list > >>>> [email protected] > >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >>> _______________________________________________ > >>> pve-user mailing list > >>> [email protected] > >>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > >>> > >> > >> _______________________________________________ > >> pve-user mailing list > >> [email protected] > >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
