Back to bug 2020628

Who When What Removed Added
Red Hat One Jira (issues.redhat.com) 2021-11-05 12:55:24 UTC Link ID Red Hat Issue Tracker RHCEPH-2181
Red Hat One Jira (issues.redhat.com) 2021-11-05 12:55:27 UTC Link ID Red Hat Issue Tracker RHCSDASH-560
Francesco Pantano 2021-11-05 13:07:31 UTC Comment 0 updated
Francesco Pantano 2021-11-05 13:08:30 UTC Depends On 1978869 1902212
Blocks 1890121 1820257
Francesco Pantano 2021-11-05 13:09:27 UTC Summary [GSS]Prometheus alertmanager reports msg="Error on notify" err="Post https://XXXX:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not XXXX" Prometheus alertmanager reports msg="Error on notify" Post https://xxxx:8444/api/prometheus_receiver: x509: cannot validate certificate for XXX because it doesn't contain any IP SANs"
Francesco Pantano 2021-11-05 13:09:48 UTC Target Release 4.2z3 5.2
Francesco Pantano 2021-11-05 16:50:50 UTC CC gfidente, johfulto
Ernesto Puerta 2021-11-08 13:45:08 UTC Flags needinfo?(fpantano)
Francesco Pantano 2021-11-09 09:22:49 UTC Flags needinfo?(fpantano) needinfo?(epuertat)
Ernesto Puerta 2021-11-10 17:09:58 UTC Flags needinfo?(epuertat) needinfo?(fpantano)
Francesco Pantano 2021-11-30 09:52:54 UTC Flags needinfo?(fpantano)
Francesco Pantano 2022-01-10 06:52:59 UTC Blocks 2038798
Francesco Pantano 2022-01-10 06:53:51 UTC Blocks 2038798
Ernesto Puerta 2022-02-02 09:45:27 UTC Target Release 5.2 4.3z1
Version 5.0 4.1
Status NEW ASSIGNED
Assignee epuertat aasharma
Giulio Fidente 2022-02-03 16:27:21 UTC Blocks 1820257 1760354
Giulio Fidente 2022-02-03 16:29:59 UTC Blocks 1760354 1820257
Target Release 4.3z1 5.1z1
Ernesto Puerta 2022-03-03 10:40:10 UTC CC ceph-qe-bugs
Component Ceph-Dashboard Cephadm
QA Contact sangadi sunnagar
Assignee aasharma adking
Docs Contact asriram knortema
Red Hat One Jira (issues.redhat.com) 2022-03-03 10:50:47 UTC Link ID Red Hat Issue Tracker RHCSDASH-560
Francesco Pantano 2022-04-14 09:45:53 UTC Link ID Ceph Project Bug Tracker 55333
Francesco Pantano 2022-04-14 09:48:55 UTC Link ID Github 45907
Francesco Pantano 2022-04-14 09:49:10 UTC Link ID Github 45907
Francesco Pantano 2022-04-14 09:49:25 UTC Link ID Github ceph/ceph/pull/45907
Francesco Pantano 2022-04-14 09:59:05 UTC Flags needinfo?(epuertat)
Francesco Pantano 2022-04-14 11:43:31 UTC Link ID Github ceph/ceph/pull/45907
Francesco Pantano 2022-04-14 11:43:45 UTC Link ID Github ceph/ceph/pull/45860
Francesco Pantano 2022-04-14 11:44:09 UTC Flags needinfo?(epuertat)
Sori kim 2022-04-14 12:36:16 UTC CC sorkim
Karen Norteman 2022-04-14 13:34:49 UTC Docs Contact knortema asriram
Mike Hackett 2022-04-14 13:37:59 UTC CC mhackett
Sunil Angadi 2022-04-18 05:52:53 UTC QA Contact sunnagar sangadi
Adam King 2022-04-18 19:05:04 UTC Status ASSIGNED POST
errata-xmlrpc 2022-04-19 01:36:02 UTC Fixed In Version ceph-16.2.7-106.el8cp
Status POST MODIFIED
Status MODIFIED ON_QA
Ernesto Puerta 2022-04-19 11:53:39 UTC Dependent Products Red Hat OpenStack
Sunil Angadi 2022-04-20 05:55:18 UTC Status ON_QA VERIFIED
Ranjini M N 2022-05-13 12:37:28 UTC CC adking
Flags needinfo?(adking)
Mary Frances Hull 2022-05-13 17:28:57 UTC Blocks 2085458
Mary Frances Hull 2022-05-15 13:34:17 UTC CC mhull
Docs Contact asriram mhull
Adam King 2022-05-16 00:10:58 UTC Doc Type If docs needed, set a value Enhancement
Doc Text Feature: Can now setup alertmanager to not verify certs

Reason: If cert used FQDN instead of IPs or couldn't be verified for any other reason, alertmanager would report errors about not being able to verify the certificate

Result: Now, by default, alertmanagers are deployed with insecure_skip_verify = true, to skip the cert verification. If you'd like the cert verification turned on, you can do so by setting secure to true in your alertmanager spec like so:

service_type: alertmanager
spec:
secure: true

Note, after changing this field you may need to redeploy the alertmanager daemons for this to take effect.
Flags needinfo?(adking)
Mary Frances Hull 2022-05-16 12:53:26 UTC Flags needinfo?(adking)
Doc Text Feature: Can now setup alertmanager to not verify certs

Reason: If cert used FQDN instead of IPs or couldn't be verified for any other reason, alertmanager would report errors about not being able to verify the certificate

Result: Now, by default, alertmanagers are deployed with insecure_skip_verify = true, to skip the cert verification. If you'd like the cert verification turned on, you can do so by setting secure to true in your alertmanager spec like so:

service_type: alertmanager
spec:
secure: true

Note, after changing this field you may need to redeploy the alertmanager daemons for this to take effect.
.Users can now set up the Alertmanager to not verify certificates

Previously, the Alertmanager would report errors about verifying the certificates if they used the fully-qualified domain name (FQDN) instead of IPs or if they could not be verified for any other reason.

With this release, by default, the Alertmanager is deployed with `insecure_skip_verify` parameter as `true` to skip certificate verification. You can turn on the certification by setting the `secure` parameter to `true` in the Alertmanager service specification file:

.Example
----
service_type: alertmanager
spec:
secure: true
----
Adam King 2022-05-16 13:06:24 UTC Flags needinfo?(adking)
errata-xmlrpc 2022-05-17 19:17:38 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2022-05-18 10:38:15 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2022-05-18 10:38:15 UTC
errata-xmlrpc 2022-05-18 10:38:36 UTC Link ID Red Hat Product Errata RHBA-2022:4622
Rajendra Khambadkar 2022-09-06 05:23:18 UTC CC rkhambad

Back to bug 2020628