[PVE-User] Ceph install failed
Frank, Petric (Petric)
Petric.Frank at alcatel-lucent.com
Tue Sep 8 11:32:34 CEST 2015
Hello,
no, "https_proxy=http://<proxy-host>:<proxy-port> pveceph install -version hammer" does not work.
It aborts in the PGP-key getting phase.
Kind regards
Petric
> -----Original Message-----
> From: Thomas Lamprecht [mailto:t.lamprecht at proxmox.com]
> Sent: Dienstag, 8. September 2015 11:18
> To: Frank, Petric (Petric); pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] Ceph install failed
>
>
>
> On 09/08/2015 10:43 AM, Frank, Petric (Petric) wrote:
> > Hello,
> >
> > yes, our proxy is able to handle this:
> >
> > root at proxmox4:~# wget --no-check-certificate -O xxx
> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
> > --2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git
> > Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
> > Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx
> |:8080... connected.
> > WARNING: The certificate of `git.ceph.com' is not trusted.
> > WARNING: The certificate of `git.ceph.com' hasn't got a known
> issuer.
> > Proxy request sent, awaiting response... 200 OK
> > Length: 34372 (34K) [text/html]
> > Saving to: `xxx'
> >
> >
> 100%[==================================================================
> ======>] 34,372 71.4K/s in 0.5s
> >
> > 2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372]
> >
> > As you can see i simply disabled cert checks.
> Unusable for general use, as we _want_ cert checks, else https is
> unsecure.
>
> Only to know,
>
> https_proxy=https://your.proxy pveceph install -version hammer
>
> didn't work?
> >
> > Kind regards
> > Petric
> >
> >> -----Original Message-----
> >> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
> Of
> >> Thomas Lamprecht
> >> Sent: Dienstag, 8. September 2015 10:30
> >> To: pve-user at pve.proxmox.com
> >> Subject: Re: [PVE-User] Ceph install failed
> >>
> >>
> >>
> >> On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
> >>> Hello,
> >>>
> >>> after some "try and error" I got some workaround. I modified the
> >>> ceph
> >> key URL to use http instead of https.
> >>> The web server SSL key cert of ceph.org is not listed in any
> >>> official
> >> CA.
> >>> Using wget for a test download i get:
> >>>
> >>> root at proxmox4:~# wget -O xxx
> >> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
> >>> --2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git
> >>> Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
> >>> Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080...
> >> connected.
> >>> ERROR: The certificate of `git.ceph.com' is not trusted.
> >>> ERROR: The certificate of `git.ceph.com' hasn't got a known
> >> issuer.
> >>> It may be that the perl class LWP::UserAgent is not able to handle
> >> this.
> >> No it is, AFAIK. It's the reason we use it instead of wget, quoting
> >> the comments from the code:
> >>> # Note: wget on Debian wheezy cannot handle new ceph.com
> >> certificates,
> >>> so # we use LWP::UserAgent
> >> Stupid question but can your proxy handle the https stuff?
> >>> So i temporarily patched /usr/bin/pveceph to use
> >> http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to
> >> obtain the PGP key.
> >> you only modified the URL, and it worked? https should be preferred
> >> though, to counter man in the middle attacks and other security
> issues.
> >>
> >> Regards
> >>> Kind regards
> >>> Petric
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
> >> Of
> >>>> Thomas Lamprecht
> >>>> Sent: Dienstag, 8. September 2015 09:38
> >>>> To: pve-user at pve.proxmox.com
> >>>> Subject: Re: [PVE-User] Ceph install failed
> >>>>
> >>>>
> >>>>
> >>>> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
> >>>>> Hello,
> >>>>>
> >>>>> i got a little further.
> >>>>>
> >>>>> After viewing the script i realized that i have to set the env
> >>>> variables
> >>>>> http(s)_proxy
> >>>> http://search.cpan.org/~ether/libwww-perl-
> >>>> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes
> >>>>
> >>>> look at the 'env_proxy' entry, but I think you figured that out
> >>>> already.
> >>>>> After doing so (export http(s)_proxy=http://<proxy-
> server>:<proxy-
> >>>> port>) i get another error:
> >>>> you did:
> >>>> > export http_proxy=http://...
> >>>>
> >>>> you can also use:
> >>>> http_proxy=http://... pveceph install -version hammer
> >>>>> root at proxmox4:~# pveceph install -version hammer
> >>>>> download and import ceph repository keys
> >>>>> unable to download ceph release key: 400 Bad Request
> >>>> 400 looks like it didn't has the completely correct proxy
> settings?
> >>>>> Any ideas ?
> >>>>>
> >>>>> Kind regards
> >>>>> Petric
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On
> >>>>>> Behalf
> >>>> Of
> >>>>>> Frank, Petric (Petric)
> >>>>>> Sent: Dienstag, 8. September 2015 08:51
> >>>>>> To: pve-user at pve.proxmox.com
> >>>>>> Subject: [PVE-User] Ceph install failed
> >>>>>>
> >>>>>> Hello,
> >>>>>>
> >>>>>> i tried to setup a ceph-cluster on machines located behind a
> >>>>>> http- proxy. I followed the guide at
> >>>>>> http://pve.proxmox.com/wiki/Ceph_Server
> >>>>>>
> >>>>>> But I got this:
> >>>>>> root at proxmox4:~# pveceph install -version hammer
> >>>>>> download and import ceph repository keys
> >>>>>> unable to download ceph release key: 500 Can't connect to
> >>>>>> git.ceph.com:443 (timeout)
> >>>>>>
> >>>>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf
> was
> >>>>>> updated to reflect the proxy server setting. But I got the same
> >>>> output.
> >>>>>> Is there another location to be provided with a proxy setting to
> >>>>>> get this working ?
> >>>>>>
> >>>>>>
> >>>>>> Installed is Proxmox 3.4 with the latest updates applied as of
> >>>> today.
> >>>>>> Kind regards
> >>>>>> Petric
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> pve-user mailing list
> >>>>>> pve-user at pve.proxmox.com
> >>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>>> _______________________________________________
> >>>>> pve-user mailing list
> >>>>> pve-user at pve.proxmox.com
> >>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>>>
> >>>> _______________________________________________
> >>>> pve-user mailing list
> >>>> pve-user at pve.proxmox.com
> >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>> _______________________________________________
> >>> pve-user mailing list
> >>> pve-user at pve.proxmox.com
> >>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>
> >>
> >> _______________________________________________
> >> pve-user mailing list
> >> pve-user at pve.proxmox.com
> >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
More information about the pve-user
mailing list