Ceph RADOS Gateway Charm

  1. Bug #2021560
  2. Activity log

Activity log for bug #2021560

Date Who What changed Old value New value Message
2023-05-30 06:13:00 Samuel Allan bug added bug
2023-05-30 06:16:41 Samuel Allan description For use with encryption, the `rgw trust forwarded https` option must be enabled. > Requests for server-side encryption must be sent over a secure HTTPS connection to avoid sending secrets in plaintext. If a proxy is used for SSL termination, rgw trust forwarded https must be enabled before forwarded requests will be trusted as secure. https://docs.ceph.com/en/latest/radosgw/encryption/ This option is not currently set by the charm. It should be set, so that SSE-C encryption can work out of the box. --- Note: a current workaround is to run this: ``` juju config ceph-radosgw config-flags='{"global":{"rgw trust forwarded https": true}}' ``` For use with encryption, the `rgw trust forwarded https` option must be enabled. > Requests for server-side encryption must be sent over a secure HTTPS connection to avoid sending secrets in plaintext. If a proxy is used for SSL termination, rgw trust forwarded https must be enabled before forwarded requests will be trusted as secure. https://docs.ceph.com/en/latest/radosgw/encryption/ This option is not currently set by the charm. It should be set, so that SSE-C encryption can work out of the box. It should be always set if the apache2 proxy with ssl is being used. Not sure the security implications of setting it if ssl is not enabled. --- Note: a current workaround is to run this: ``` juju config ceph-radosgw config-flags='{"global":{"rgw trust forwarded https": true}}' ``` Which configures /etc/ceph/ceph.conf as required with ``` [global] rgw trust forwarded https = True ```
2023-05-30 06:30:59 Nobuto Murata bug added subscriber Nobuto Murata
2023-05-30 14:27:32 Nobuto Murata bug added subscriber Canonical Field High
2023-05-31 04:48:05 OpenStack Infra charm-ceph-radosgw: status New In Progress
2023-05-31 05:33:19 Samuel Allan charm-ceph-radosgw: assignee Samuel Walladge (swalladge)
2023-06-01 09:32:08 OpenStack Infra charm-ceph-radosgw: status In Progress Fix Committed
2023-09-14 11:55:34 Felipe Reyes nominated for series charm-ceph-radosgw/quincy.2
2023-09-14 11:55:34 Felipe Reyes bug task added charm-ceph-radosgw/quincy.2
2023-09-14 11:55:39 Felipe Reyes charm-ceph-radosgw/quincy.2: status New Fix Released