Bug 1936299

Summary: [GSS] ceph dashboard certification alert "x509: certificate signed by unknown authority"
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Prerna Sony <psony>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED ERRATA QA Contact: Sunil Angadi <sangadi>
Severity: medium Docs Contact: Ranjini M N <rmandyam>
Priority: medium    
Version: 4.0CC: aschoen, ceph-eng-bugs, epuertat, gabrioux, gmeno, jolmomar, lithomas, mhackett, nthomas, rcarrier, rmandyam, sangadi, tserlin, ykaul
Target Milestone: ---Flags: epuertat: needinfo+
Target Release: 4.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-ansible-4.0.63-1.el8cp, ceph-ansible-4.0.63-1.el7cp Doc Type: Bug Fix
Doc Text:
.Alertmanager does not log errors when self-signed or untrusted certificates are used Previously, when using untrusted CA certificates, Alertmanager generated many errors in the logs. With this release, the `ceph-ansible` can set the `insecure_skip_verify` parameter to `true` in the `alertmanager.yml` file by setting `alertmanager_dashboard_api_no_ssl_verify: true` in the `group_vars/all.yml` file when using self-signed or untrusted certificates and the Alertmanager does not log those errors anymore and works as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-05 07:53:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2031070    

Comment 5 Juan Miguel Olmo 2021-03-09 09:22:27 UTC 
@epuertat :

I cannot see any x509 error in the Prometheus/alert manager/or manager log using a fresh installation of cephadm. 

If the user does not provide certificates, Cephadm generates self-signed ones by itself and configure the dashboard with these certificates.
Comment 35 errata-xmlrpc 2022-05-05 07:53:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1716