推送配置至ceph-mon01
[cephadm@ceph-admin ceph-cluster]$ ceph-deploy --overwrite-conf config pushceph-mon01[ceph_deploy.conf][DEBUG ] found configuration file at: /home/cephadm/.cephdeploy.conf[ceph_deploy.cli][INFO] Invoked (2.0.1): /bin/ceph-deploy --overwrite-conf config push ceph-mon01[ceph_deploy.cli][INFO] ceph-deploy options:[ceph_deploy.cli][INFO]username: None[ceph_deploy.cli][INFO]verbose: False[ceph_deploy.cli][INFO]overwrite_conf: True[ceph_deploy.cli][INFO]subcommand: push[ceph_deploy.cli][INFO]quiet: False[ceph_deploy.cli][INFO]cd_conf: <ceph_deploy.conf.cephdeploy.Conf instance at 0x7f327dce58c0>[ceph_deploy.cli][INFO]cluster: ceph[ceph_deploy.cli][INFO]client: ['ceph-mon01'][ceph_deploy.cli][INFO]func: <function config at 0x7f327df14cf8>[ceph_deploy.cli][INFO]ceph_conf: None[ceph_deploy.cli][INFO]default_release: False[ceph_deploy.config][DEBUG ] Pushing config to ceph-mon01[ceph-mon01][DEBUG ] connection detected need for sudo[ceph-mon01][DEBUG ] connected to host: ceph-mon01[ceph-mon01][DEBUG ] detect platform information from remote host[ceph-mon01][DEBUG ] detect machine type[ceph-mon01][DEBUG ] write cluster configuration to /etc/ceph/{cluster}.conf[cephadm@ceph-admin ceph-cluster]$重启ceph-radosgw@rgw进程生效新配置
[cephadm@ceph-admin ceph-cluster]$ ssh ceph-mon01 'sudo systemctl restart ceph-radosgw@rgw'[cephadm@ceph-admin ceph-cluster]$ ssh ceph-mon01 'sudo ss -tnl|grep 8080'LISTEN0128*:8080*:*[cephadm@ceph-admin ceph-cluster]$测试:ceph-mon01的8080是否可访问?
[cephadm@ceph-admin ceph-cluster]$ curl ceph-mon01:8080<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[cephadm@ceph-admin ceph-cluster]$配置rgw以https的方式提供服务
1、准备证书
生成key
[root@ceph-mon01 ~]# mkdir /etc/ceph/ssl[root@ceph-mon01 ~]# cd /etc/ceph/ssl[root@ceph-mon01 ssl]# openssl genrsa -out /etc/ceph/ssl/ceph.test.keyGenerating RSA private key, 2048 bit long modulus............+++................................+++e is 65537 (0x10001)[root@ceph-mon01 ssl]# cat /etc/ceph/ssl/ceph.test.key-----BEGIN RSA PRIVATE KEY-----MIIEogIBAAKCAQEAth2CA5M9psyG7Nmq4pWK8CMfgQpCfaQdKHU6qyQKq4/TflnBkhrWlz2sANEUQpLkzhjAeto7PU+ykgpMN3J8a3TZu3SIsKC/MBB1yDHx6raU33R0I6hbdtumjvP4XVWDcY0Zod4zkRH/iCkQKMw2RhjVEaKT+0KnHAle5RxLojcrqIz9iibmUqdH35T8aM8EIAwRcJx0QBYDlQJmqdhuHGt41ujqSpWcZEoGfsODxYuisZlkwOgTzTlfMcjOesPoSSqJ2X8zXzdbcMI6kEJb/xPa8ByTVOR8OAQJILezg2T5T6rMo3J9WVcGmDwqSczpzcyirRk+OavfawL3JJHsAQIDAQABAoIBAEphbOum5KROnsD3+gqHR3Li9YgPt653LA2NK8QgeVcu7BOL9zqESacF4k2HF35FXrwqcdr7bPySo31wRUbUNKry08bzRqzVSqEH6AM3GvZhUhaeCp1RsuGtvq5eSM9eEMx8874f8fHLZxGmq9nt5jDlDYkhXM1foL8buK1czCtZKqekhtFF9k5xis1d+QPeA0Pp/u94L0srzemhJDBcu52lw1kipnYWTn2jvfPoh0Ob/Bwm53Pl8ZhweD3peyxGpRZd41gY6LRzbFGG6QqG5syXzNeE9p5ozJjA3w0En1XwPOGnOcrrjCvY/Jk1mYkd9ERBpFDaPMIM52ArbIE84kECgYEA4bbxi0We62rwGOFJvPQ54O5hMEhxaYNxqcEDhwEBFUAU9f7Y6FFTk36obztXFjwhte3H9raIPuZjHpkZ+UZG4R1eESbWX1C3UvfFHHQFHqaS8l+sG1xhjVbyhif9wJwx8Wu4gAsdzmGXYQ1NzNXkucLX9Tn6xoAM6X7qbaBDkYkCgYEAzoz5EGkdmoPeYlV2aBgsvrcVQH8CHDdsg+8vgigq7WBsRO/lZPHRwdsjI60QJJ6RJkqJY01Rk5hOYSEqAckE8FKSS9ynFHxomAncvO0ZRpvH2aQr+Ecr5oi4mzyOt1LRVgxwguEGDBku0vXYaJQTXZM3FaeLLQ5aDrE9pg8fwLkCgYBOEgUB8xbAvsBFGsdyf9b1If6jwKrZoAlUedpKe+JwAzY8z+UeleKehZSkxJWerzXJw3ECuKfveaiXEMWXHuOtQYcjz5ceaMDABcs7yDVtIJh7FPRmklF7nbNNC9ANKvlrU6MBRtcMZ10AyKU8UE9IoUgpHeDLf8b3jFpxiJlWYQKBgBhC8tZ8ol+N8cc3Jqtfe5IDS1nCEWtjDzoIFFqDgVdUpiMK0rUiunK83MnKAEVs4rvOsYiagmSF1V8PWDHRfOUFre1/Q5jibB6/uc/vQbLLhZQI9qk5Iuz3Tkfdux3JepFS8LxO1jkBlEBvZDYUfpnVOvkuLujh8K4dH5Kr4BzxAoGAKVyF4cBthBBZ0d7hKLGjBLr0mNLPmroGbYnzLfqwz2OZiudvIrA1EDFPsQwJGHgkYd9tWhIvrp1orfOtRxocFYCUyBDba5yZjTplSKbYQ+muBHCmNsurc/KMUreFCZGVU/oEG0ebGVbavG8lAVKs17+tr/Ct2UpsgO99+XxeP5Y=-----END RSA PRIVATE KEY-----[root@ceph-mon01 ssl]#自签证书签署
[root@ceph-mon01 ssl]# openssl req -new -x509 -key /etc/ceph/ssl/ceph.test.key -out /etc/ceph/ssl/ceph.test.pem -days 365You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:SICHUANLocality Name (eg, city) [Default City]:GYOrganization Name (eg, company) [Default Company Ltd]:TESTOrganizational Unit Name (eg, section) []:TESTCommon Name (eg, your name or your server's hostname) []:ceph-mon01.ilinux.ioEmail Address []:[root@ceph-mon01 ssl]# lsceph.test.keyceph.test.pem[root@ceph-mon01 ssl]#
经验总结扩展阅读
- 记一次某制造业ERP系统 CPU打爆事故分析
- 没有使用IaC的DevOps系统都是耍流氓
- JuiceFS 元数据引擎选型指南
- 怎么用u盘重装系统
- 分布式存储系统之Ceph集群MDS扩展
- 苹果手机怎么删除系统软件
- win7升级到win10系统后,node13升级为node16,node版本node-sass版本与不匹配,导致出现npm ERR! ERESOLVE could not resolve
- day09-1存储引擎
- 手把手教你玩转 Gitea|在 Windows 系统上安装 Gitea
- 分布式存储系统之Ceph集群CephFS基础使用