microceph:main

Last commit made on 2024-08-29
Get this branch:
git clone -b main https://git.launchpad.net/microceph

Branch merges

Branch information

Name:
main
Repository:
lp:microceph

Recent commits

36f71d7... by Peter Sabaini

Merge pull request #407 from sabaini/feat/add-interfaces

Add interfaces: rbd kernel module and support

2aebefa... by Peter Sabaini

Add interfaces: rbd kernel module and support

Signed-off-by: Peter Sabaini <email address hidden>

2d07d2f... by Peter Sabaini

Merge pull request #392 from UtkarshBhatthere/core24/squid

MicroCeph Squid: Core24

7ec9614... by utkarsh bhatt

core24 trial

Signed-off-by: Utkarsh Bhatt <email address hidden>

c345ca8... by utkarsh bhatt

abbreviate pkg_version to 10 chars.

Signed-off-by: Utkarsh Bhatt <email address hidden>

ea00d17... by utkarsh bhatt

Fix squid builds and CI failures.

Signed-off-by: Utkarsh Bhatt <email address hidden>

e3625f2... by Billy Olsen

Add liblmdb.so for rgw support

RGW requires liblmbdb but this is not staged. Ensure that this
is staged into the snap.

Signed-off-by: Billy Olsen <email address hidden>

e14eb67... by Billy Olsen

Add setuptools dependency

Ceph has a dependency on distutils, which was removed from the
packaging since it was an undeclared package dependency. This
change adds setuptools package to work around this dependency.

Since distutils has been removed from python 12, this also reverts
to core22.

Signed-off-by: Billy Olsen <email address hidden>

deb68f2... by utkarsh bhatt

Build squid Microceph

Signed-off-by: Utkarsh Bhatt <email address hidden>

f85ee55... by Marcelo Henrique Neppel

Add SSL configuration for RGW (#355)

# Description

Some tools, like [pgBackRest](https://pgbackrest.org/), can currently
only interact with S3-compatible storages if they work with
[SSL/TLS](https://github.com/pgbackrest/pgbackrest/issues/2340). This PR
adds the possibility of enabling RadosGW with SSL/TLS enabled.

The main idea is to use the PostgreSQL charms with MicroCeph so users
can do backups through pgBackRest in bucket without a cloud service
subscription.

## Type of change

- [X] New feature (non-breaking change which adds functionality)

## How Has This Been Tested?

To test, I used the following steps:
1. Generate some SSL files:
```sh
sudo openssl genrsa -out /var/snap/microceph/common/ca.key 2048
sudo openssl req -x509 -new -nodes -key /var/snap/microceph/common/ca.key -days 1024 -out /var/snap/microceph/common/ca.crt -outform PEM
sudo openssl genrsa -out /var/snap/microceph/common/server.key 2048
sudo openssl req -new -key /var/snap/microceph/common/server.key -out /var/snap/microceph/common/server.csr
sudo nano /var/snap/microceph/common/extfile.cnf # and put the following content: subjectAltName = DNS:localhost
sudo openssl x509 -req -in /var/snap/microceph/common/server.csr -CA /var/snap/microceph/common/ca.crt -CAkey /var/snap/microceph/common/ca.key -CAcreateserial -out /var/snap/microceph/common/server.crt -days 365 -extfile /var/snap/microceph/common/extfile.cnf
```
2. Then bootstrap the MicroCeph cluster, enable the RadosGW service with
SSL enabled and create a user:
```sh
sudo microceph cluster bootstrap
sudo microceph disk add loop,4G,3
sudo microceph enable rgw --ssl-certificate=/var/snap/microceph/common/server.crt --ssl-private-key=/var/snap/microceph/common/server.key
sudo microceph.radosgw-admin user create --uid test --display-name test
```
3. To finish, test the access by creating a bucket:
```sh
aws configure # to configure the credentials from RadosGW.
AWS_CA_BUNDLE=/var/snap/microceph/common/ca.crt aws --endpoint-url=https://localhost s3 mb s3://test --region ""
```

## Contributor's Checklist

Please check that you have:

- [X] self-reviewed the code in this PR.
- [ ] added code comments, particularly in hard-to-understand areas.
- [X] updated the user documentation with corresponding changes.
- [X] added tests to verify effectiveness of this change.

---------

Signed-off-by: Marcelo Henrique Neppel <email address hidden>