Skip to content

Instantly share code, notes, and snippets.

@MiaAltieri

MiaAltieri/gist:41a78253722cc018f2b82ae6de30da2e

Last active July 21, 2025 14:48
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MiaAltieri/41a78253722cc018f2b82ae6de30da2e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MiaAltieri/41a78253722cc018f2b82ae6de30da2e to your computer and use it in GitHub Desktop.
Download ZIP
local microceph+rgw bucket
Raw
gistfile1.txt
# install
sudo snap install microceph
sudo snap refresh --hold microceph
sudo microceph cluster bootstrap
# install mc tool
curl https://dl.min.io/client/mc/release/linux-amd64/mc \
--create-dirs \
-o $HOME/minio-binaries/mc
chmod +x $HOME/minio-binaries/mc
export PATH=$PATH:$HOME/minio-binaries/
# set up microceph
sudo snap connect microceph:hardware-observe
sudo snap connect microceph:block-devices
sudo snap restart microceph.daemon
sudo microceph status
sudo microceph disk add loop,4G,3
sudo microceph status
# enable RGW - use the name from `sudo microceph status`
sudo microceph enable rgw # --port 8081 not working see bug https://github.com/canonical/microceph/issues/483
sudo vi /var/snap/microceph/1228/conf/radosgw.conf # and automatically set a new port 8081
sudo snap restart microceph.rgw
sudo microceph status # verify rgw service
# create access key + secret key
sudo snap alias microceph.radosgw-admin radosgw-admin
sudo radosgw-admin user create --uid=test-user --display-name=test-user
sudo radosgw-admin caps add --uid=test-user --caps="buckets=*; users=*"
sudo radosgw-admin key create --uid="test-user" --key-type=s3 --gen-access-key --gen-secret
# create a bucket
# first set up the MinIO Client (mc) to interact with MicroCeph RGW storage
mc alias set radosgw http://<ip from status>:8081 ACCESS_KEY SECRET_KEY
# then create the bucket !!! this failed with `mc: <ERROR> Unable to list folder. The specified bucket does not exist.` !!!
mc mb radosgw/test-bucket
mc alias list
# try to see whats at that endpoint
curl -v --user <USER>:<SECRET KEY> http://172.31.26.180:8081
# next steps once above is working
# check bucket
mc ls radosgw
sudo radosgw-admin bucket list
# these credentials are from the key create command
X
Y
# this is from sudo microceph status
172.31.26.180
# this is the default port when we enable rgw
8081
# verify we have ccess to our bucket
nc -zv 172.31.26.180 8081
juju run s3-integrator/leader sync-s3-credentials access-key=X secret-key=Y
juju config s3-integrator \
endpoint="http://172.31.26.180:8081" \
bucket="test-bucket" \
# update to use with TLS
vi openssl-san.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = YourState
L = YourCity
O = YourOrganization
CN = yourdomain.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
IP.1 = <IP>
openssl req -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -config openssl-san.cnf
# check for IP in SAN
openssl x509 -in server.crt -text -noout | grep -A 1 "Subject Alternative Name"
# first disable if running
sudo microceph disable rgw
# check if your desired ssl port is available
sudo netstat -tulpen | grep :445
# now set up microceph with the cert
sudo microceph enable rgw \
--ssl-port 445 \
--ssl-certificate "$(base64 -w0 server.crt)" \
--ssl-private-key "$(base64 -w0 server.key)"
sudo microceph status
# now verify
curl -k https://172.31.26.180:445
# now update s3-integrator
juju config s3-integrator \
endpoint="https://172.31.26.180:445" \
tls-ca-chain="$(base64 -w0 rgw-cert.pem)"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment