Ceph RGW配置SSL

前期准备

已经成功部署了一套ceph集群，包括rgw对象存储，可以参考ceph官网的ceph-deploy进行部署。

开始配置SSL

生成证书

>> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ceph-rgw-cert.key -out ceph-rgw.crt
>> cat ceph-rgw-cert.key >>ceph-rgw.crt

修改ceph.conf配置文件

如果是使用的ceph-deploy部署的ceph集群，修改如下

[client]
rgw frontends = civetweb port=172.16.50.166:6780+172.16.50.166:443s ssl_certificate=/ceph-rgw.crt

6780端口和443端口同时可用。

使用python boto库验证

安装boto库

>> pip install boto

代码如下

import ssl
import boto.s3.connection

try:
    _create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
    pass
else:
    ssl._create_default_https_context = _create_unverified_https_context

access_key = ""
secret_key = ""
host = ""
port = 443

conn = boto.connect_s3(
    aws_access_key_id=access_key,
    aws_secret_access_key=secret_key,
    host=host,
    port=port,
    is_secure=True,
    validate_certs=False,
    calling_format=boto.s3.connection.OrdinaryCallingFormat()
)

container = "bucket01"

bucket = conn.get_bucket(bucket_name=container)
print(list(bucket.list()))