<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div class="default-style">
Hi,
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
We are trying to enable S3 on the object protocol within scale but there seem to be little to no documentation to enable https endpoints for the S3 protocol?
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
According to the documentation enabling S3 for the keystone server is possible with the mmuserauth command but when i try to run it as IBM have documented, it says that Object protocol is not correctly installed.. And yes it hasnt been configured yet..
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
The "mmobj swift base" command which is used to configure Object/S3 automatically includes the "mmuserauth" command without the ssl option enabled.. and then all endpoints will start with http://
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
I hope that anyone out there have a guide to do this ? or is able to explain how to set it up?
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
Basically all i need is this:
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<a href="https://s3.something.com:8080">https://s3.something.com:8080</a> which points to the WAN ip of the CES cluster (already configured and ready)
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
and endpoints like this:
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
None | keystone | identity | True | public | https://cluster_domain:5000/
<br>RegionOne | swift | object-store | True | public | https://cluster_domain:443/v1/AUTH_%(tenant_id)s
<br>RegionOne | swift | object-store | True | public |
<a href="https://cluster_domain:8080/v1/AUTH_%(tenant_id)s">https://cluster_domain:8080/v1/AUTH_%(tenant_id)s</a>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
if i manually add those endpoints and put my certificates in /etc/swift/ and update the config it says (SSL: Wrong_Version_Number). Here is output:
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<div class="default-style">
C:\Users\Andi Christiansen>aws --endpoint-url
<a href="https://WAN">https://WAN_IP/DOMAIN</a>:443 s3 ls
</div>
<div class="default-style">
SSL validation failed for https://WAN_IP/DOMAIN:443/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
</div>
<div class="default-style">
C:\Users\Andi Christiansen>aws --endpoint-url https://WAN_IP/DOMAIN:8080 s3 ls
</div>
<div class="default-style">
SSL validation failed for https://WAN_IP/DOMAIN:8080/ [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076)
</div>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
its only port 8080 and 5000 that is allowed through the firewall, so i only tested with 443 to see if it gave another error as it is not allowed through and it did..
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
It works just fine when "mmobj swift base" is run normally and i only have http endpoints, then it is reachable from local network or WAN with no issues..
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
Thanks in advance!
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
<br>
</div>
<div class="default-style">
Best Regards
<br>Andi Christiansen
</div>
</body>
</html>