Ceph叢集部署及RGW開啟https訪問
阿新 • • 發佈:2020-10-16
(1)Ceph叢集和rgw搭建請自行參考資料完成
本人蔘考資料如下:
Ceph叢集安裝部署:https://www.cnblogs.com/leo001/p/12242362.html
Ceph-物件儲存使用者配額管理:https://blog.csdn.net/u012720518/article/details/107157627
(2)在RGW部署節點生成CA證書
注:ca證書建立流程多種多樣,如有需要請自行學習,此處僅提供一種稍簡單的建立方式,以下流程請嚴格按照順序執行
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.pem cat server.key >> server.pem
#將生成好的證書複製到其他節點的證書目錄下
scp /etc/ceph/cert/* node02:/etc/ceph/cert/
scp /etc/ceph/cert/* node03:/etc/ceph/cert/
(3)在RGW部署節點開啟https
修改配置檔案(單個閘道器為例)
vi /etc/ceph/ceph.conf
修改內容如下:
#7480為原閘道器http埠,8080為https埠,/etc/ceph/cert/server.pem為證書路徑
[client.rgw.node01] rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
[client.rgw.node02]
rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
[client.rgw.node03]
rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
(4)重啟RGW閘道器
systemctl restart ceph-radosgw@rgw.node01 systemctl status ceph-radosgw@rgw.node01
(5)測試https埠是否開通成功,有返回值代表開通成功
#192.168.5.112為本機ip地址
curl https://192.168.5.112:8080 -k