[PVE-User] Ceph install failed

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Sep 8 10:30:05 CEST 2015



On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
> Hello,
>
> after some "try and error" I got some workaround. I modified the ceph key URL to use http instead of https.
> The web server SSL key cert of ceph.org is not listed in any official CA.
> Using wget for a test download i get:
>
>    root at proxmox4:~# wget -O xxx https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
>    --2015-09-08 10:57:11--  https://git.ceph.com/?p=ceph.git
>    Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
>    Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080... connected.
>    ERROR: The certificate of `git.ceph.com' is not trusted.
>    ERROR: The certificate of `git.ceph.com' hasn't got a known issuer.
>
> It may be that the perl class LWP::UserAgent is not able to handle this.
No it is, AFAIK. It's the reason we use it instead of wget, quoting the 
comments from the code:
> # Note: wget on Debian wheezy cannot handle new ceph.com certificates, so
> # we use LWP::UserAgent
Stupid question but can your proxy handle the https stuff?
>
> So i temporarily patched /usr/bin/pveceph to use http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to obtain the PGP key.
you only modified the URL, and it worked? https should be preferred 
though, to counter man in the middle attacks and other security issues.

Regards
>
> Kind regards
>    Petric
>
>
>> -----Original Message-----
>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of
>> Thomas Lamprecht
>> Sent: Dienstag, 8. September 2015 09:38
>> To: pve-user at pve.proxmox.com
>> Subject: Re: [PVE-User] Ceph install failed
>>
>>
>>
>> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
>>> Hello,
>>>
>>> i got a little further.
>>>
>>> After viewing the script i realized that i have to set the env
>> variables
>>>     http(s)_proxy
>> http://search.cpan.org/~ether/libwww-perl-
>> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes
>>
>> look at the 'env_proxy' entry, but I think you figured that out
>> already.
>>> After doing so (export http(s)_proxy=http://<proxy-server>:<proxy-
>> port>) i get another error:
>> you did:
>>   > export http_proxy=http://...
>>
>> you can also use:
>> http_proxy=http://... pveceph install -version hammer
>>>     root at proxmox4:~# pveceph install -version hammer
>>>     download and import ceph repository keys
>>>     unable to download ceph release key: 400 Bad Request
>> 400 looks like it didn't has the completely correct proxy settings?
>>> Any ideas ?
>>>
>>> Kind regards
>>>     Petric
>>>
>>>> -----Original Message-----
>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
>> Of
>>>> Frank, Petric (Petric)
>>>> Sent: Dienstag, 8. September 2015 08:51
>>>> To: pve-user at pve.proxmox.com
>>>> Subject: [PVE-User] Ceph install failed
>>>>
>>>> Hello,
>>>>
>>>> i tried to setup a ceph-cluster on machines located behind a http-
>>>> proxy. I followed the guide at
>>>>     http://pve.proxmox.com/wiki/Ceph_Server
>>>>
>>>> But I got this:
>>>>     root at proxmox4:~# pveceph install -version hammer
>>>>     download and import ceph repository keys
>>>>     unable to download ceph release key: 500 Can't connect to
>>>> git.ceph.com:443 (timeout)
>>>>
>>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf was
>>>> updated to reflect the proxy server setting. But I got the same
>> output.
>>>> Is there another location to be provided with a proxy setting to get
>>>> this working ?
>>>>
>>>>
>>>> Installed is Proxmox 3.4 with the latest updates applied as of
>> today.
>>>> Kind regards
>>>>     Petric
>>>>
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>





More information about the pve-user mailing list