From: Anuradha Gadge <anuradha.gadge@ibm.com>
Date: Tue, 18 Feb 2025 09:09:31 +0000 (+0530)
Subject: doc/mgr: Add root CA cert instructions to rgw.rst
X-Git-Tag: v20.0.0~126^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=76106dd9890fdbd9440a5f7de85e9d5de6d0a2b4;p=ceph.git

doc/mgr: Add root CA cert instructions to rgw.rst

Add documentation for adding fs_id in root_ca_cert upgrade path

Fixes: https://tracker.ceph.com/issues/70014

Signed-off-by: Anuradha Gadge <anuradha.gadge@ibm.com>
---

diff --git a/doc/mgr/rgw.rst b/doc/mgr/rgw.rst
index a3f53280a75..8ad02c312f4 100644
--- a/doc/mgr/rgw.rst
+++ b/doc/mgr/rgw.rst
@@ -139,3 +139,41 @@ Join an existing realm by creating a new secondary zone (using the realm token)
   ceph rgw admin [*]
 
 RGW admin command
+
+Upgrading root ca certificates
+------------------------------
+
+
+To upgrade root ca certificate, make sure rgw serives is upgraded. Make sure the rgw service is up and running.
+On Primary cluster on manger node run command:
+
+::
+
+  ceph orch cert-store get cert cephadm_root_ca_cert
+
+Store the certificate on node where rgw service is running on path
+::
+
+   /etc/pki/ca-trust/source/anchors/<cert_name>.crt
+
+Verify certificate using command:
+
+::
+
+  openssl x509 -in <cert_name>.crt -noout -text
+
+Perform above steps on mgr node and rgw node of secondary clusters.
+
+Once certificates are validated on all the sites. Run:
+
+::
+
+  update-ca-trust
+
+on all the nodes where certificates are generated.
+
+Check from primary node if the curl command works for the user:
+
+::
+
+  [root@ceph-pri-node-0 anchors]# curl https://<host_ip>:443
\ No newline at end of file