<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
Hi Smita,
</div>
<div>
<br>
</div>
<div>
Thanks for your reply.
</div>
<div>
<br>
</div>
<div>
i have tried what you suggested. mmobj swift base ran fine. but after i have deleted the userauth and try to set it up again with ks-ssl enabled it just hangs:
</div>
<div>
<br>
</div>
<div>
<div class="default-style">
# mmuserauth service create --data-access-method object --type local --enable-ks-ssl
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
still waiting for it to finish, 15 mins now.. :)
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
Best Regards
</div>
<div class="default-style">
Andi Christiansen
</div>
</div>
<blockquote type="cite">
<div>
On April 1, 2020 11:52 AM Smita J Raut <smita.raut@in.ibm.com> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<span style="font-size: 10pt; font-family: sans-serif;">Hi Andi,</span>
<br>
<br>
<span style="font-size: 10pt; font-family: sans-serif;">For object SSL configuration you need to reconfigure auth after "mmobj swift base". Instructions are here-</span>
<br>
<a href="https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.4/com.ibm.spectrum.scale.v5r04.doc/bl1adm_configlocalauthssl.htm"><span style="font-size: 10pt; color: blue; font-family: sans-serif;">https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.4/com.ibm.spectrum.scale.v5r04.doc/bl1adm_configlocalauthssl.htm</span></a>
<br>
<br>
<span style="font-size: 10pt; font-family: sans-serif;">Some more info on object auth configuration-</span>
<br>
<a href="https://www.slideshare.net/SmitaRaut/ibm-spectrum-scale-authentication-for-object-deep-dive"><span style="font-size: 10pt; color: blue; font-family: sans-serif;">https://www.slideshare.net/SmitaRaut/ibm-spectrum-scale-authentication-for-object-deep-dive</span></a>
<span style="font-size: 10pt; font-family: sans-serif;">(Check slide 26)</span>
<br>
<br>
<span style="font-size: 10pt; font-family: sans-serif;">Thanks,</span>
<br>
<span style="font-size: 10pt; font-family: sans-serif;">Smita</span>
<br>
<br>
<br>
<br>
<span style="font-size: 9pt; color: #5f5f5f; font-family: sans-serif;">From: </span>
<span style="font-size: 9pt; font-family: sans-serif;">Andi Christiansen <andi@christiansen.xxx></span>
<br>
<span style="font-size: 9pt; color: #5f5f5f; font-family: sans-serif;">To: </span>
<span style="font-size: 9pt; font-family: sans-serif;">"gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org></span>
<br>
<span style="font-size: 9pt; color: #5f5f5f; font-family: sans-serif;">Date: </span>
<span style="font-size: 9pt; font-family: sans-serif;">04/01/2020 02:35 PM</span>
<br>
<span style="font-size: 9pt; color: #5f5f5f; font-family: sans-serif;">Subject: </span>
<span style="font-size: 9pt; font-family: sans-serif;">[EXTERNAL] [gpfsug-discuss] Enabling SSL/HTTPS/ on Object S3.</span>
<br>
<span style="font-size: 9pt; color: #5f5f5f; font-family: sans-serif;">Sent by: </span>
<span style="font-size: 9pt; font-family: sans-serif;">gpfsug-discuss-bounces@spectrumscale.org</span>
<br>
<hr noshade>
<br>
<br>
<br>
<span style="font-size: 12pt;">Hi, </span>
<br>
<br>
<span style="font-size: 12pt;">We are trying to enable S3 on the object protocol within scale but there seem to be little to no documentation to enable https endpoints for the S3 protocol? </span>
<br>
<br>
<span style="font-size: 12pt;">According to the documentation enabling S3 for the keystone server is possible with the mmuserauth command but when i try to run it as IBM have documented, it says that Object protocol is not correctly installed.. And yes it hasnt been configured yet.. </span>
<br>
<br>
<span style="font-size: 12pt;">The "mmobj swift base" command which is used to configure Object/S3 automatically includes the "mmuserauth" command without the ssl option enabled.. and then all endpoints will start with http:// </span>
<br>
<br>
<br>
<span style="font-size: 12pt;">I hope that anyone out there have a guide to do this ? or is able to explain how to set it up? </span>
<br>
<br>
<br>
<span style="font-size: 12pt;">Basically all i need is this: </span>
<br>
<br>
<a href="https://s3.something.com:8080"><span style="font-size: 12pt; color: blue;"><u>https://s3.something.com:8080</u></span></a>
<span style="font-size: 12pt;">which points to the WAN ip of the CES cluster (already configured and ready) </span>
<br>
<br>
<span style="font-size: 12pt;">and endpoints like this: </span>
<br>
<br>
<span style="font-size: 12pt;">None | keystone | identity | True | public | </span>
<a href="https://cluster_domain:5000/"><span style="font-size: 12pt; color: blue;"><u>https://cluster_domain:5000/</u></span></a>
<span style="font-size: 12pt;"><br>RegionOne | swift | object-store | True | public | </span>
<a href="https://cluster_domain:443/v1/AUTH_%(tenant_id)s"><span style="font-size: 12pt; color: blue;"><u>https://cluster_domain:443/v1/AUTH_%(tenant_id)s</u></span></a>
<span style="font-size: 12pt;"><br>RegionOne | swift | object-store | True | public | </span>
<a href="https://cluster_domain:8080/v1/AUTH_%(tenant_id)s"><span style="font-size: 12pt; color: blue;"><u>https://cluster_domain:8080/v1/AUTH_%(tenant_id)s</u></span></a>
<br>
<br>
<span style="font-size: 12pt;">if i manually add those endpoints and put my certificates in /etc/swift/ and update the config it says (SSL: Wrong_Version_Number). Here is output: </span>
<br>
<br>
<span style="font-size: 12pt;">C:\Users\Andi Christiansen>aws --endpoint-url </span>
<a href="https://WAN"><span style="font-size: 12pt; color: blue;"><u>https://WAN_IP/DOMAIN</u></span></a>
<span style="font-size: 12pt;">:443 s3 ls </span>
<br>
<span style="font-size: 12pt;">SSL validation failed for </span>
<a href="https://WAN_IP/DOMAIN:443/"><span style="font-size: 12pt; color: blue;"><u>https://WAN_IP/DOMAIN:443/</u></span></a>
<span style="font-size: 12pt;">[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076) </span>
<br>
<span style="font-size: 12pt;">C:\Users\Andi Christiansen>aws --endpoint-url </span>
<a href="https://WAN_IP/DOMAIN:8080"><span style="font-size: 12pt; color: blue;"><u>https://WAN_IP/DOMAIN:8080</u></span></a>
<span style="font-size: 12pt;">s3 ls </span>
<br>
<span style="font-size: 12pt;">SSL validation failed for </span>
<a href="https://WAN_IP/DOMAIN:8080/"><span style="font-size: 12pt; color: blue;"><u>https://WAN_IP/DOMAIN:8080/</u></span></a>
<span style="font-size: 12pt;">[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076) </span>
<br>
<br>
<br>
<span style="font-size: 12pt;">its only port 8080 and 5000 that is allowed through the firewall, so i only tested with 443 to see if it gave another error as it is not allowed through and it did.. </span>
<br>
<br>
<br>
<span style="font-size: 12pt;">It works just fine when "mmobj swift base" is run normally and i only have http endpoints, then it is reachable from local network or WAN with no issues.. </span>
<br>
<br>
<br>
<br>
<span style="font-size: 12pt;">Thanks in advance! </span>
<br>
<br>
<br>
<span style="font-size: 12pt;">Best Regards <br>Andi Christiansen </span>
<tt><span style="font-size: 10pt;">_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br></span></tt>
<a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss"><tt><span style="font-size: 10pt;">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</span></tt></a>
<tt><span style="font-size: 10pt;"><br></span></tt>
<br>
<br>
<br>
</blockquote>
</body>
</html>