[PVE-User] Ceph install failed
Frank, Petric (Petric)
Petric.Frank at alcatel-lucent.com
Tue Sep 8 11:48:24 CEST 2015
Hello,
http is correct - in our environment. Also used for ftp requests (like given in wgetrc), because we do not have an ftp proxy.
For example in the Firefox network config the proxy-protocol is not given, but used for all requested protocols.
Kind regards
Petric
> -----Original Message-----
> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of
> Thomas Lamprecht
> Sent: Dienstag, 8. September 2015 11:37
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] Ceph install failed
>
>
>
> On 09/08/2015 11:32 AM, Frank, Petric (Petric) wrote:
> > Hello,
> >
> > no, "https_proxy=http://<proxy-host>:<proxy-port> pveceph install -
> version hammer" does not work.
> hmm, shouldn't there be https://<proxy-host>:<proxy-port> ...
> (note the s ) or am I mistaken?
>
> > It aborts in the PGP-key getting phase.
> >
> > Kind regards
> > Petric
> >
> >
> >> -----Original Message-----
> >> From: Thomas Lamprecht [mailto:t.lamprecht at proxmox.com]
> >> Sent: Dienstag, 8. September 2015 11:18
> >> To: Frank, Petric (Petric); pve-user at pve.proxmox.com
> >> Subject: Re: [PVE-User] Ceph install failed
> >>
> >>
> >>
> >> On 09/08/2015 10:43 AM, Frank, Petric (Petric) wrote:
> >>> Hello,
> >>>
> >>> yes, our proxy is able to handle this:
> >>>
> >>> root at proxmox4:~# wget --no-check-certificate -O xxx
> >> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
> >>> --2015-09-08 11:29:39-- https://git.ceph.com/?p=ceph.git
> >>> Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
> >>> Connecting to <proxy-host> (<proxy-host>)| xxx.xxx.xxx.xxx
> >> |:8080... connected.
> >>> WARNING: The certificate of `git.ceph.com' is not trusted.
> >>> WARNING: The certificate of `git.ceph.com' hasn't got a known
> >> issuer.
> >>> Proxy request sent, awaiting response... 200 OK
> >>> Length: 34372 (34K) [text/html]
> >>> Saving to: `xxx'
> >>>
> >>>
> >>
> 100%[==================================================================
> >> ======>] 34,372 71.4K/s in 0.5s
> >>> 2015-09-08 11:29:46 (71.4 KB/s) - `xxx' saved [34372/34372]
> >>>
> >>> As you can see i simply disabled cert checks.
> >> Unusable for general use, as we _want_ cert checks, else https is
> >> unsecure.
> >>
> >> Only to know,
> >>
> >> https_proxy=https://your.proxy pveceph install -version hammer
> >>
> >> didn't work?
> >>> Kind regards
> >>> Petric
> >>>
> >>>> -----Original Message-----
> >>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf
> >> Of
> >>>> Thomas Lamprecht
> >>>> Sent: Dienstag, 8. September 2015 10:30
> >>>> To: pve-user at pve.proxmox.com
> >>>> Subject: Re: [PVE-User] Ceph install failed
> >>>>
> >>>>
> >>>>
> >>>> On 09/08/2015 10:15 AM, Frank, Petric (Petric) wrote:
> >>>>> Hello,
> >>>>>
> >>>>> after some "try and error" I got some workaround. I modified the
> >>>>> ceph
> >>>> key URL to use http instead of https.
> >>>>> The web server SSL key cert of ceph.org is not listed in any
> >>>>> official
> >>>> CA.
> >>>>> Using wget for a test download i get:
> >>>>>
> >>>>> root at proxmox4:~# wget -O xxx
> >>>> https://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc
> >>>>> --2015-09-08 10:57:11-- https://git.ceph.com/?p=ceph.git
> >>>>> Resolving <proxy-host> (<proxy-host>)... xxx.xxx.xxx.xxx
> >>>>> Connecting <proxy-host> (<proxy-
> host>)|xxx.xxx.xxx.xxx|:8080...
> >>>> connected.
> >>>>> ERROR: The certificate of `git.ceph.com' is not trusted.
> >>>>> ERROR: The certificate of `git.ceph.com' hasn't got a known
> >>>> issuer.
> >>>>> It may be that the perl class LWP::UserAgent is not able to
> handle
> >>>> this.
> >>>> No it is, AFAIK. It's the reason we use it instead of wget,
> quoting
> >>>> the comments from the code:
> >>>>> # Note: wget on Debian wheezy cannot handle new ceph.com
> >>>> certificates,
> >>>>> so # we use LWP::UserAgent
> >>>> Stupid question but can your proxy handle the https stuff?
> >>>>> So i temporarily patched /usr/bin/pveceph to use
> >>>> http://git.ceph.com/?p=ceph.git;a=blob_plain;f=keys/release.asc to
> >>>> obtain the PGP key.
> >>>> you only modified the URL, and it worked? https should be
> preferred
> >>>> though, to counter man in the middle attacks and other security
> >> issues.
> >>>> Regards
> >>>>> Kind regards
> >>>>> Petric
> >>>>>
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On
> >>>>>> Behalf
> >>>> Of
> >>>>>> Thomas Lamprecht
> >>>>>> Sent: Dienstag, 8. September 2015 09:38
> >>>>>> To: pve-user at pve.proxmox.com
> >>>>>> Subject: Re: [PVE-User] Ceph install failed
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 09/08/2015 09:30 AM, Frank, Petric (Petric) wrote:
> >>>>>>> Hello,
> >>>>>>>
> >>>>>>> i got a little further.
> >>>>>>>
> >>>>>>> After viewing the script i realized that i have to set the env
> >>>>>> variables
> >>>>>>> http(s)_proxy
> >>>>>> http://search.cpan.org/~ether/libwww-perl-
> >>>>>> 6.13/lib/LWP/UserAgent.pm#Proxy_attributes
> >>>>>>
> >>>>>> look at the 'env_proxy' entry, but I think you figured that out
> >>>>>> already.
> >>>>>>> After doing so (export http(s)_proxy=http://<proxy-
> >> server>:<proxy-
> >>>>>> port>) i get another error:
> >>>>>> you did:
> >>>>>> > export http_proxy=http://...
> >>>>>>
> >>>>>> you can also use:
> >>>>>> http_proxy=http://... pveceph install -version hammer
> >>>>>>> root at proxmox4:~# pveceph install -version hammer
> >>>>>>> download and import ceph repository keys
> >>>>>>> unable to download ceph release key: 400 Bad Request
> >>>>>> 400 looks like it didn't has the completely correct proxy
> >> settings?
> >>>>>>> Any ideas ?
> >>>>>>>
> >>>>>>> Kind regards
> >>>>>>> Petric
> >>>>>>>
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On
> >>>>>>>> Behalf
> >>>>>> Of
> >>>>>>>> Frank, Petric (Petric)
> >>>>>>>> Sent: Dienstag, 8. September 2015 08:51
> >>>>>>>> To: pve-user at pve.proxmox.com
> >>>>>>>> Subject: [PVE-User] Ceph install failed
> >>>>>>>>
> >>>>>>>> Hello,
> >>>>>>>>
> >>>>>>>> i tried to setup a ceph-cluster on machines located behind a
> >>>>>>>> http- proxy. I followed the guide at
> >>>>>>>> http://pve.proxmox.com/wiki/Ceph_Server
> >>>>>>>>
> >>>>>>>> But I got this:
> >>>>>>>> root at proxmox4:~# pveceph install -version hammer
> >>>>>>>> download and import ceph repository keys
> >>>>>>>> unable to download ceph release key: 500 Can't connect
> to
> >>>>>>>> git.ceph.com:443 (timeout)
> >>>>>>>>
> >>>>>>>> I've updated the proxy entries at /etc/wgetrc - also apt.conf
> >> was
> >>>>>>>> updated to reflect the proxy server setting. But I got the
> same
> >>>>>> output.
> >>>>>>>> Is there another location to be provided with a proxy setting
> >>>>>>>> to get this working ?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Installed is Proxmox 3.4 with the latest updates applied as of
> >>>>>> today.
> >>>>>>>> Kind regards
> >>>>>>>> Petric
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> pve-user mailing list
> >>>>>>>> pve-user at pve.proxmox.com
> >>>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>>>>> _______________________________________________
> >>>>>>> pve-user mailing list
> >>>>>>> pve-user at pve.proxmox.com
> >>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>>>>>
> >>>>>> _______________________________________________
> >>>>>> pve-user mailing list
> >>>>>> pve-user at pve.proxmox.com
> >>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>>> _______________________________________________
> >>>>> pve-user mailing list
> >>>>> pve-user at pve.proxmox.com
> >>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >>>>>
> >>>> _______________________________________________
> >>>> pve-user mailing list
> >>>> pve-user at pve.proxmox.com
> >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> > _______________________________________________
> > pve-user mailing list
> > pve-user at pve.proxmox.com
> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list