[PVE-User] Ceph install failed
Frank, Petric (Petric)
Petric.Frank at alcatel-lucent.com
Tue Sep 8 10:43:27 CEST 2015
Hello,
yes, our proxy is able to handle this:
root at proxmox4:~# wget --no-check-certificate -O xxx https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
--2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git
Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx |:8080... connected.
WARNING: The certificate of `git.ceph.com' is not trusted.
WARNING: The certificate of `git.ceph.com' hasn't got a known issuer.
Proxy request sent, awaiting response... 200 OK
Length: 34372 (34K) [text/html]
Saving to: `xxx'
100%[========================================================================>] 34,372 71.4K/s in 0.5s
2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372]
As you can see i simply disabled cert checks.
Kind regards
Petric
> -----Original Message-----
> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of
> Thomas Lamprecht
> Sent: Dienstag, 8. September 2015 10:30
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] Ceph install failed
>
>
>
> On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
> > Hello,
> >
> > after some "try and error" I got some workaround. I modified the ceph
> key URL to use http instead of https.
> > The web server SSL key cert of ceph.org is not listed in any official
> CA.
> > Using wget for a test download i get:
> >
> > root at proxmox4:~# wget -O xxx
> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
> > --2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git
> > Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
> > Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080...
> connected.
> > ERROR: The certificate of `git.ceph.com' is not trusted.
> > ERROR: The certificate of `git.ceph.com' hasn't got a known
> issuer.
> >
> > It may be that the perl class LWP::UserAgent is not able to handle
> this.
> No it is, AFAIK. It's the reason we use it instead of wget, quoting the
> comments from the code:
> > # Note: wget on Debian wheezy cannot handle new ceph.com
> certificates,
> > so # we use LWP::UserAgent
> Stupid question but can your proxy handle the https stuff?
> >
> > So i temporarily patched /usr/bin/pveceph to use
> http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to
> obtain the PGP key.
> you only modified the URL, and it worked? https should be preferred
> though, to counter man in the middle attacks and other security issues.
>
> Regards
> >
> > Kind regards
> > Petric
> >
> >
> >> -----Original Message-----
> >> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
> Of
> >> Thomas Lamprecht
> >> Sent: Dienstag, 8. September 2015 09:38
> >> To: pve-user at pve.proxmox.com
> >> Subject: Re: [PVE-User] Ceph install failed
> >>
> >>
> >>
> >> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
> >>> Hello,
> >>>
> >>> i got a little further.
> >>>
> >>> After viewing the script i realized that i have to set the env
> >> variables
> >>> http(s)_proxy
> >> http://search.cpan.org/~ether/libwww-perl-
> >> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes
> >>
> >> look at the 'env_proxy' entry, but I think you figured that out
> >> already.
> >>> After doing so (export http(s)_proxy=http://<proxy-server>:<proxy-
> >> port>) i get another error:
> >> you did:
> >> > export http_proxy=http://...
> >>
> >> you can also use:
> >> http_proxy=http://... pveceph install -version hammer
> >>> root at proxmox4:~# pveceph install -version hammer
> >>> download and import ceph repository keys
> >>> unable to download ceph release key: 400 Bad Request
> >> 400 looks like it didn't has the completely correct proxy settings?
> >>> Any ideas ?
> >>>
> >>> Kind regards
> >>> Petric
> >>>
> >>>> -----Original Message-----
> >>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
> >> Of
> >>>> Frank, Petric (Petric)
> >>>> Sent: Dienstag, 8. September 2015 08:51
> >>>> To: pve-user at pve.proxmox.com
> >>>> Subject: [PVE-User] Ceph install failed
> >>>>
> >>>> Hello,
> >>>>
> >>>> i tried to setup a ceph-cluster on machines located behind a http-
> >>>> proxy. I followed the guide at
> >>>> http://pve.proxmox.com/wiki/Ceph_Server
> >>>>
> >>>> But I got this:
> >>>> root at proxmox4:~# pveceph install -version hammer
> >>>> download and import ceph repository keys
> >>>> unable to download ceph release key: 500 Can't connect to
> >>>> git.ceph.com:443 (timeout)
> >>>>
> >>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf was
> >>>> updated to reflect the proxy server setting. But I got the same
> >> output.
> >>>> Is there another location to be provided with a proxy setting to
> >>>> get this working ?
> >>>>
> >>>>
> >>>> Installed is Proxmox 3.4 with the latest updates applied as of
> >> today.
> >>>> Kind regards
> >>>> Petric
> >>>>
> >>>> _______________________________________________
> >>>> pve-user mailing list
> >>>> pve-user at pve.proxmox.com
> >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>> _______________________________________________
> >>> pve-user mailing list
> >>> pve-user at pve.proxmox.com
> >>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>
> >>
> >> _______________________________________________
> >> pve-user mailing list
> >> pve-user at pve.proxmox.com
> >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> > _______________________________________________
> > pve-user mailing list
> > pve-user at pve.proxmox.com
> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list