FWIW, the initial deployment using Vault went on just fine:
$ juju deploy --series jammy --channel quincy/stable ceph-dashboard ceph-dashboard-ssd $ juju add-relation ceph-dashboard-ssd:dashboard ceph-mon-ssd:dashboard $ juju add-relation ceph-dashboard-ssd:certificates vault:certificates
However then I decided to add my Let's encrypt certificate, driving things south:
$ juju config ceph-dashboard-ssd ssl_ca="$(sudo openssl crl2pkcs7 -nocrl -certfile /etc/letsencrypt/live/int.hrizn.cloud/fullchain.pem | openssl pkcs7 -print_certs -outform PEM | base64)" ssl_cert="$(sudo openssl x509 -in /etc/letsencrypt/live/int.hrizn.cloud/fullchain.pem -outform PEM | base64)" ssl_key="$(sudo cat /etc/letsencrypt/live/int.hrizn.cloud/privkey.pem | base64)"
$ juju config ceph-dashboard-ssd public-hostname="ceph.int.hrizn.cloud"
$ juju remove-relation ceph-dashboard-ssd:certificates vault:certificates
These messages flooded the Mon logs and dashboard units went to relation error state:
2023-07-23T23:39:46.364+0000 7f8df3621640 -1 mgr.server reply reply (5) Input/output error Module 'dashboard' has experienced an error and cannot handle commands: [('x509 certificate routines', '', 'key values mismatch')]
Resetting the SSL juju config keys, deleting the mgr config keys then adding the juju vault relation back did not make a difference to fix the issue:
$ juju config ceph-dashboard-ssd --reset ssl_ca $ juju config ceph-dashboard-ssd --reset ssl_key $ juju config ceph-dashboard-ssd --reset ssl_cert
root@juju-b096f0-88-lxd-0:/var/log/ceph# ceph config-key rm mgr/dashboard/ca key deleted
root@juju-b096f0-88-lxd-0:/var/log/ceph# ceph config-key rm mgr/dashboard/key key deleted
root@juju-b096f0-88-lxd-0:/var/log/ceph# ceph config-key rm mgr/dashboard/crt key deleted
Any updates on the progress?
Thanks, Alan
FWIW, the initial deployment using Vault went on just fine:
$ juju deploy --series jammy --channel quincy/stable ceph-dashboard ceph-dashboard-ssd ssd:dashboard ceph-mon- ssd:dashboard ssd:certificate s vault:certificates
$ juju add-relation ceph-dashboard-
$ juju add-relation ceph-dashboard-
However then I decided to add my Let's encrypt certificate, driving things south:
$ juju config ceph-dashboard-ssd ssl_ca="$(sudo openssl crl2pkcs7 -nocrl -certfile /etc/letsencryp t/live/ int.hrizn. cloud/fullchain .pem | openssl pkcs7 -print_certs -outform PEM | base64)" ssl_cert="$(sudo openssl x509 -in /etc/letsencryp t/live/ int.hrizn. cloud/fullchain .pem -outform PEM | base64)" ssl_key="$(sudo cat /etc/letsencryp t/live/ int.hrizn. cloud/privkey. pem | base64)"
$ juju config ceph-dashboard-ssd public- hostname= "ceph.int. hrizn.cloud"
$ juju remove-relation ceph-dashboard- ssd:certificate s vault:certificates
These messages flooded the Mon logs and dashboard units went to relation error state:
2023-07- 23T23:39: 46.364+ 0000 7f8df3621640 -1 mgr.server reply reply (5) Input/output error Module 'dashboard' has experienced an error and cannot handle commands: [('x509 certificate routines', '', 'key values mismatch')]
Resetting the SSL juju config keys, deleting the mgr config keys then adding the juju vault relation back did not make a difference to fix the issue:
$ juju config ceph-dashboard-ssd --reset ssl_ca
$ juju config ceph-dashboard-ssd --reset ssl_key
$ juju config ceph-dashboard-ssd --reset ssl_cert
root@juju- b096f0- 88-lxd- 0:/var/ log/ceph# ceph config-key rm mgr/dashboard/ca
key deleted
root@juju- b096f0- 88-lxd- 0:/var/ log/ceph# ceph config-key rm mgr/dashboard/key
key deleted
root@juju- b096f0- 88-lxd- 0:/var/ log/ceph# ceph config-key rm mgr/dashboard/crt
key deleted
Any updates on the progress?
Thanks,
Alan