To retrieve ceph-mgr restful plugin self-signed certificate:
openssl x509 -in <(openssl s_client -connect controller-0:5001 -prexit 2>/dev/null) > ceph-restful.pem
However the the certificate is bound to 'ceph-restful' host:
curl --cacert ceph-restful.pem https://controller:5001
fails so a host alias needs to be defined:
sudo sed -i 's/\(\w\+\s\+controller\)\s*$/\1\tceph-restful/' /etc/hosts
and now (note the new host name):
curl --cacert ceph-restful.pem https://ceph-restful:5001
is successful.
Another approach is to generate a certificate and configure ceph-mgr restful plugin to use that certificate instead of generating it. But then we need to manage that certificate and make it available on both controllers.
To retrieve ceph-mgr restful plugin self-signed certificate:
openssl x509 -in <(openssl s_client -connect controller-0:5001 -prexit 2>/dev/null) > ceph-restful.pem
However the the certificate is bound to 'ceph-restful' host:
curl --cacert ceph-restful.pem https:/ /controller: 5001
fails so a host alias needs to be defined:
sudo sed -i 's/\(\w\ +\s\+controller \)\s*$/ \1\tceph- restful/ ' /etc/hosts
and now (note the new host name):
curl --cacert ceph-restful.pem https:/ /ceph-restful: 5001
is successful.
Another approach is to generate a certificate and configure ceph-mgr restful plugin to use that certificate instead of generating it. But then we need to manage that certificate and make it available on both controllers.