]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 368e944) | patch
cephadm: Ensure wildcard SAN is included in RGW self-signed certs 61727/head
authorKushal Deb <Kushal.Deb@ibm.com>
Sat, 8 Feb 2025 09:19:27 +0000 (14:49 +0530)
committerKushal Deb <Kushal.Deb@ibm.com>
Fri, 28 Feb 2025 06:00:19 +0000 (11:30 +0530)
commit3c24753af0bd063bf688f4e279ee1370b4448448
tree07ceee883b62aadd6a31876712ef795082b412abtree | snapshot
parent368e94440c276b41126d6218262504a884aaf15ccommit | diff
cephadm: Ensure wildcard SAN is included in RGW self-signed certs

Fix:
- Updated `RgwService` in `cephadmservice.py` to append `*.` before each hostname
  in `zonegroup_hostnames` when generating certificates if wildcard_enabled flag is set to true.
- This ensures that both the entries including the wildcard entry (example: 's3.cephlab.com' and '*.s3.cephlab.com') are included in the SAN.
- After this fix, virtual host bucket access works without SSL errors.

Signed-off-by: Kushal Deb <Kushal.Deb@ibm.com>
doc/cephadm/services/rgw.rst diff | blob | history
src/pybind/mgr/cephadm/services/cephadmservice.py diff | blob | history
src/python-common/ceph/deployment/service_spec.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.