[PVE-User] Ceph install failed

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Sep 8 11:18:01 CEST 2015



On 09/08/2015 10:43 AM, Frank, Petric (Petric) wrote:
> Hello,
>
> yes, our proxy is able to handle this:
>
>    root at proxmox4:~# wget --no-check-certificate -O xxx https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
>    --2015-09-08 11:29:39--  https://git.ceph.com/?p=ceph.git
>    Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
>    Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx |:8080... connected.
>    WARNING: The certificate of `git.ceph.com' is not trusted.
>    WARNING: The certificate of `git.ceph.com' hasn't got a known issuer.
>    Proxy request sent, awaiting response... 200 OK
>    Length: 34372 (34K) [text/html]
>    Saving to: `xxx'
>
>    100%[========================================================================>] 34,372      71.4K/s   in 0.5s
>
>    2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372]
>
> As you can see i simply disabled cert checks.
Unusable for general use, as we _want_ cert checks, else https is unsecure.

Only to know,

https_proxy=https://your.proxy pveceph install -version hammer

didn't work?
>
> Kind regards
>    Petric
>
>> -----Original Message-----
>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of
>> Thomas Lamprecht
>> Sent: Dienstag, 8. September 2015 10:30
>> To: pve-user at pve.proxmox.com
>> Subject: Re: [PVE-User] Ceph install failed
>>
>>
>>
>> On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
>>> Hello,
>>>
>>> after some "try and error" I got some workaround. I modified the ceph
>> key URL to use http instead of https.
>>> The web server SSL key cert of ceph.org is not listed in any official
>> CA.
>>> Using wget for a test download i get:
>>>
>>>     root at proxmox4:~# wget -O xxx
>> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
>>>     --2015-09-08 10:57:11--  https://git.ceph.com/?p=ceph.git
>>>     Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
>>>     Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080...
>> connected.
>>>     ERROR: The certificate of `git.ceph.com' is not trusted.
>>>     ERROR: The certificate of `git.ceph.com' hasn't got a known
>> issuer.
>>> It may be that the perl class LWP::UserAgent is not able to handle
>> this.
>> No it is, AFAIK. It's the reason we use it instead of wget, quoting the
>> comments from the code:
>>> # Note: wget on Debian wheezy cannot handle new ceph.com
>> certificates,
>>> so # we use LWP::UserAgent
>> Stupid question but can your proxy handle the https stuff?
>>> So i temporarily patched /usr/bin/pveceph to use
>> http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to
>> obtain the PGP key.
>> you only modified the URL, and it worked? https should be preferred
>> though, to counter man in the middle attacks and other security issues.
>>
>> Regards
>>> Kind regards
>>>     Petric
>>>
>>>
>>>> -----Original Message-----
>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
>> Of
>>>> Thomas Lamprecht
>>>> Sent: Dienstag, 8. September 2015 09:38
>>>> To: pve-user at pve.proxmox.com
>>>> Subject: Re: [PVE-User] Ceph install failed
>>>>
>>>>
>>>>
>>>> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
>>>>> Hello,
>>>>>
>>>>> i got a little further.
>>>>>
>>>>> After viewing the script i realized that i have to set the env
>>>> variables
>>>>>      http(s)_proxy
>>>> http://search.cpan.org/~ether/libwww-perl-
>>>> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes
>>>>
>>>> look at the 'env_proxy' entry, but I think you figured that out
>>>> already.
>>>>> After doing so (export http(s)_proxy=http://<proxy-server>:<proxy-
>>>> port>) i get another error:
>>>> you did:
>>>>    > export http_proxy=http://...
>>>>
>>>> you can also use:
>>>> http_proxy=http://... pveceph install -version hammer
>>>>>      root at proxmox4:~# pveceph install -version hammer
>>>>>      download and import ceph repository keys
>>>>>      unable to download ceph release key: 400 Bad Request
>>>> 400 looks like it didn't has the completely correct proxy settings?
>>>>> Any ideas ?
>>>>>
>>>>> Kind regards
>>>>>      Petric
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
>>>> Of
>>>>>> Frank, Petric (Petric)
>>>>>> Sent: Dienstag, 8. September 2015 08:51
>>>>>> To: pve-user at pve.proxmox.com
>>>>>> Subject: [PVE-User] Ceph install failed
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> i tried to setup a ceph-cluster on machines located behind a http-
>>>>>> proxy. I followed the guide at
>>>>>>      http://pve.proxmox.com/wiki/Ceph_Server
>>>>>>
>>>>>> But I got this:
>>>>>>      root at proxmox4:~# pveceph install -version hammer
>>>>>>      download and import ceph repository keys
>>>>>>      unable to download ceph release key: 500 Can't connect to
>>>>>> git.ceph.com:443 (timeout)
>>>>>>
>>>>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf was
>>>>>> updated to reflect the proxy server setting. But I got the same
>>>> output.
>>>>>> Is there another location to be provided with a proxy setting to
>>>>>> get this working ?
>>>>>>
>>>>>>
>>>>>> Installed is Proxmox 3.4 with the latest updates applied as of
>>>> today.
>>>>>> Kind regards
>>>>>>      Petric
>>>>>>
>>>>>> _______________________________________________
>>>>>> pve-user mailing list
>>>>>> pve-user at pve.proxmox.com
>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>> _______________________________________________
>>>>> pve-user mailing list
>>>>> pve-user at pve.proxmox.com
>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>>
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user





More information about the pve-user mailing list