(1)Ceph集群和rgw搭建请参看我的另一篇博客
博客链接如下:
https://www.cnblogs.com/mituxiaogaoyang/p/14489922.html
(2)在RGW部署节点生成CA证书
注:ca证书创建流程多种多样,如有需要请自行学习,此处仅提供一种稍简单的创建方式,以下流程请严格按照顺序执行
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.pem cat server.key >> server.pem
#将生成好的证书复制到其他节点的证书目录下
scp /etc/ceph/cert/* node02:/etc/ceph/cert/
scp /etc/ceph/cert/* node03:/etc/ceph/cert/
(3)在RGW部署节点开启https
修改配置文件(单个网关为例)
vi /etc/ceph/ceph.conf
修改内容如下:
#7480为原网关http端口,8080为https端口,/etc/ceph/cert/server.pem为证书路径
[client.rgw.node01] rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
[client.rgw.node02]
rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
[client.rgw.node03]
rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
(4)重启RGW网关
systemctl restart ceph-radosgw@rgw.node01 systemctl status ceph-radosgw@rgw.node01
(5)测试https端口是否开通成功,有返回值代表开通成功
#192.168.5.112为本机ip地址
curl https://192.168.5.112:8080 -k