[PVE-User] Ceph install failed
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Sep 8 11:36:52 CEST 2015
On 09/08/2015 11:32 AM, Frank, Petric (Petric) wrote:
> Hello,
>
> no, "https_proxy=http://<proxy-host>:<proxy-port> pveceph install -version hammer" does not work.
hmm, shouldn't there be https://<proxy-host>:<proxy-port> ...
(note the s ) or am I mistaken?
> It aborts in the PGP-key getting phase.
>
> Kind regards
> Petric
>
>
>> -----Original Message-----
>> From: Thomas Lamprecht [mailto:t.lamprecht at proxmox.com]
>> Sent: Dienstag, 8. September 2015 11:18
>> To: Frank, Petric (Petric); pve-user at pve.proxmox.com
>> Subject: Re: [PVE-User] Ceph install failed
>>
>>
>>
>> On 09/08/2015 10:43 AM, Frank, Petric (Petric) wrote:
>>> Hello,
>>>
>>> yes, our proxy is able to handle this:
>>>
>>> root at proxmox4:~# wget --no-check-certificate -O xxx
>> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
>>> --2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git
>>> Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
>>> Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx
>> |:8080... connected.
>>> WARNING: The certificate of `git.ceph.com' is not trusted.
>>> WARNING: The certificate of `git.ceph.com' hasn't got a known
>> issuer.
>>> Proxy request sent, awaiting response... 200 OK
>>> Length: 34372 (34K) [text/html]
>>> Saving to: `xxx'
>>>
>>>
>> 100%[==================================================================
>> ======>] 34,372 71.4K/s in 0.5s
>>> 2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372]
>>>
>>> As you can see i simply disabled cert checks.
>> Unusable for general use, as we _want_ cert checks, else https is
>> unsecure.
>>
>> Only to know,
>>
>> https_proxy=https://your.proxy pveceph install -version hammer
>>
>> didn't work?
>>> Kind regards
>>> Petric
>>>
>>>> -----Original Message-----
>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
>> Of
>>>> Thomas Lamprecht
>>>> Sent: Dienstag, 8. September 2015 10:30
>>>> To: pve-user at pve.proxmox.com
>>>> Subject: Re: [PVE-User] Ceph install failed
>>>>
>>>>
>>>>
>>>> On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
>>>>> Hello,
>>>>>
>>>>> after some "try and error" I got some workaround. I modified the
>>>>> ceph
>>>> key URL to use http instead of https.
>>>>> The web server SSL key cert of ceph.org is not listed in any
>>>>> official
>>>> CA.
>>>>> Using wget for a test download i get:
>>>>>
>>>>> root at proxmox4:~# wget -O xxx
>>>> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
>>>>> --2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git
>>>>> Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
>>>>> Connecting <proxy-host> (<proxy-host>)|xxx.xxx.xxx.xxx|:8080...
>>>> connected.
>>>>> ERROR: The certificate of `git.ceph.com' is not trusted.
>>>>> ERROR: The certificate of `git.ceph.com' hasn't got a known
>>>> issuer.
>>>>> It may be that the perl class LWP::UserAgent is not able to handle
>>>> this.
>>>> No it is, AFAIK. It's the reason we use it instead of wget, quoting
>>>> the comments from the code:
>>>>> # Note: wget on Debian wheezy cannot handle new ceph.com
>>>> certificates,
>>>>> so # we use LWP::UserAgent
>>>> Stupid question but can your proxy handle the https stuff?
>>>>> So i temporarily patched /usr/bin/pveceph to use
>>>> http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to
>>>> obtain the PGP key.
>>>> you only modified the URL, and it worked? https should be preferred
>>>> though, to counter man in the middle attacks and other security
>> issues.
>>>> Regards
>>>>> Kind regards
>>>>> Petric
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
>>>> Of
>>>>>> Thomas Lamprecht
>>>>>> Sent: Dienstag, 8. September 2015 09:38
>>>>>> To: pve-user at pve.proxmox.com
>>>>>> Subject: Re: [PVE-User] Ceph install failed
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> i got a little further.
>>>>>>>
>>>>>>> After viewing the script i realized that i have to set the env
>>>>>> variables
>>>>>>> http(s)_proxy
>>>>>> http://search.cpan.org/~ether/libwww-perl-
>>>>>> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes
>>>>>>
>>>>>> look at the 'env_proxy' entry, but I think you figured that out
>>>>>> already.
>>>>>>> After doing so (export http(s)_proxy=http://<proxy-
>> server>:<proxy-
>>>>>> port>) i get another error:
>>>>>> you did:
>>>>>> > export http_proxy=http://...
>>>>>>
>>>>>> you can also use:
>>>>>> http_proxy=http://... pveceph install -version hammer
>>>>>>> root at proxmox4:~# pveceph install -version hammer
>>>>>>> download and import ceph repository keys
>>>>>>> unable to download ceph release key: 400 Bad Request
>>>>>> 400 looks like it didn't has the completely correct proxy
>> settings?
>>>>>>> Any ideas ?
>>>>>>>
>>>>>>> Kind regards
>>>>>>> Petric
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On
>>>>>>>> Behalf
>>>>>> Of
>>>>>>>> Frank, Petric (Petric)
>>>>>>>> Sent: Dienstag, 8. September 2015 08:51
>>>>>>>> To: pve-user at pve.proxmox.com
>>>>>>>> Subject: [PVE-User] Ceph install failed
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> i tried to setup a ceph-cluster on machines located behind a
>>>>>>>> http- proxy. I followed the guide at
>>>>>>>> http://pve.proxmox.com/wiki/Ceph_Server
>>>>>>>>
>>>>>>>> But I got this:
>>>>>>>> root at proxmox4:~# pveceph install -version hammer
>>>>>>>> download and import ceph repository keys
>>>>>>>> unable to download ceph release key: 500 Can't connect to
>>>>>>>> git.ceph.com:443 (timeout)
>>>>>>>>
>>>>>>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf
>> was
>>>>>>>> updated to reflect the proxy server setting. But I got the same
>>>>>> output.
>>>>>>>> Is there another location to be provided with a proxy setting to
>>>>>>>> get this working ?
>>>>>>>>
>>>>>>>>
>>>>>>>> Installed is Proxmox 3.4 with the latest updates applied as of
>>>>>> today.
>>>>>>>> Kind regards
>>>>>>>> Petric
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> pve-user mailing list
>>>>>>>> pve-user at pve.proxmox.com
>>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>>>> _______________________________________________
>>>>>>> pve-user mailing list
>>>>>>> pve-user at pve.proxmox.com
>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>>>>
>>>>>> _______________________________________________
>>>>>> pve-user mailing list
>>>>>> pve-user at pve.proxmox.com
>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>> _______________________________________________
>>>>> pve-user mailing list
>>>>> pve-user at pve.proxmox.com
>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>>
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
More information about the pve-user
mailing list