diff --git a/microceph/ceph/configwriter.go b/microceph/ceph/configwriter.go index 2f7257b3..158bab28 100644 --- a/microceph/ceph/configwriter.go +++ b/microceph/ceph/configwriter.go @@ -87,7 +87,7 @@ auth allow insecure global id reclaim = false [client.radosgw.gateway] rgw init timeout = 1200 -rgw frontends = beast port={{.rgwPort}}{{if and .sslCertificate .sslPrivateKey}} ssl_port={{.sslPort}}{{end}}{{if .sslCertificate}} ssl_certificate={{.sslCertificate}}{{end}}{{if .sslPrivateKey}} ssl_private_key={{.sslPrivateKey}}{{end}} +rgw frontends = beast {{if or (ne .rgwPort 0) (not .sslCertificate) (not .sslPrivateKey)}}port={{.rgwPort}}{{end}}{{if and .sslCertificate .sslPrivateKey}} ssl_port={{.sslPort}} ssl_certificate={{.sslCertificate}} ssl_private_key={{.sslPrivateKey}}{{end}} `)), configFile: "radosgw.conf", configDir: configDir, diff --git a/microceph/ceph/rgw.go b/microceph/ceph/rgw.go index 9988cc0a..c516aea9 100644 --- a/microceph/ceph/rgw.go +++ b/microceph/ceph/rgw.go @@ -18,6 +18,9 @@ func EnableRGW(s interfaces.StateInterface, port int, sslPort int, sslCertificat // Create RGW configuration. conf := newRadosGWConfig(pathConsts.ConfPath) + if sslCertificate == "" || sslPrivateKey == "" { + port = 80 + } err := conf.WriteConfig( map[string]any{ "runDir": pathConsts.RunPath, @@ -126,6 +129,16 @@ func stopRGW() error { return nil } +// Store the SSL material in the ceph key value store. +func storeSSLMaterial(key string, material []byte) error { + // Run the ceph config-key set command + _, err := processExec.RunCommand("ceph", "config-key", "set", fmt.Sprintf("microceph:rgw/%s", key), string(material)) + if err != nil { + return fmt.Errorf("failed to store key: %w", err) + } + return nil +} + // createRGWKeyring creates the RGW keyring. func createRGWKeyring(path string) error { if err := os.MkdirAll(path, 0770); err != nil { diff --git a/microceph/cmd/microceph/enable_rgw.go b/microceph/cmd/microceph/enable_rgw.go index 397404ca..b3f4cb7c 100644 --- a/microceph/cmd/microceph/enable_rgw.go +++ b/microceph/cmd/microceph/enable_rgw.go @@ -24,11 +24,12 @@ type cmdEnableRGW struct { func (c *cmdEnableRGW) Command() *cobra.Command { cmd := &cobra.Command{ - Use: "rgw [--port ] [--ssl-port ] [--ssl-certificate ] [--ssl-private-key ] [--target ] [--wait ]", + Use: "rgw [--port ] [--ssl-port ] [--ssl-certificate ] [--ssl-private-key ] [--target ] [--wait ]", Short: "Enable the RGW service on the --target server (default: this server)", RunE: c.Run, } - cmd.PersistentFlags().IntVar(&c.flagPort, "port", 80, "Service non-SSL port (default: 80)") + // The flagPort has a default value of 0 for the case where both the SSL certificate and private key are provided. + cmd.PersistentFlags().IntVar(&c.flagPort, "port", 0, "Service non-SSL port (default: 80 if no SSL certificate and/or private key are provided)") cmd.PersistentFlags().IntVar(&c.flagSSLPort, "ssl-port", 443, "Service SSL port (default: 443)") cmd.PersistentFlags().StringVar(&c.flagSSLCertificate, "ssl-certificate", "", "Path to SSL certificate") cmd.PersistentFlags().StringVar(&c.flagSSLPrivateKey, "ssl-private-key", "", "Path to SSL private key")