1866006 – [GSS] Prometheus and Alert Manager not working with https with configuration set to dashboard_protocol: https

Bug 1866006 - [GSS] Prometheus and Alert Manager not working with https with configuration set to dashboard_protocol: https

Summary: [GSS] Prometheus and Alert Manager not working with https with configuration ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Ceph-Ansible
Sub Component:
Version:	4.1
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	z2
Target Release:	4.1
Assignee:	Guillaume Abrioux
QA Contact:	Sunil Angadi
Docs Contact:	Aron Gunn
URL:
Whiteboard:
Duplicates (1):	1869099 (view as bug list)
Depends On:
Blocks:	1760354 1811582 1816167 1856999
TreeView+	depends on / blocked

Reported:	2020-08-04 16:04 UTC by Gaurav Sitlani
Modified:	2023-10-06 21:24 UTC (History)
CC List:	15 users (show)
Fixed In Version:	ceph-ansible-4.0.29-1.el8cp, ceph-ansible-4.0.29-1.el7cp
Doc Type:	Bug Fix
Doc Text:	.Using HTTPS breaks access to Prometheus and the alert manager Setting the `dashboard_protocol` option to `https` was causing the {storage-product} Dashboard to try and access the Prometheus API, which does not support TLS natively. With this release, Prometheus and the alert manager are force to use the HTTP protocol, when setting the `dashboard_protocol` option to `https`.
Clone Of:
Environment:
Last Closed:	2020-09-30 17:26:56 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	ceph ceph-ansible pull 5259	None	closed	Fix for TLS dashboard (bp #5155)	2021-01-30 19:55:39 UTC
Red Hat Issue Tracker	RHCEPH-7679	None	None	None	2023-10-06 21:24:40 UTC
Red Hat Product Errata	RHBA-2020:4144	None	None	None	2020-09-30 17:27:30 UTC

Comment 4 Patrick C. F. Ernzer 2020-08-17 15:28:37 UTC

*** Bug 1869099 has been marked as a duplicate of this bug. ***

Comment 10 Ernesto Puerta 2020-09-03 11:52:47 UTC

Sunil, just grepped ceph-ansible code and it's only used for setting the GRAFANA_API_URL, so the URL used for the iframe-embedded dashboard matches the Fully Qualified Domain Name field defined in the HTTPS certificate. You can of course test that scenario.

Additionally, this allows you to define a hostname for Grafana server other than the default one that Ceph-ansible guesses (that may fix situations where the the default IP address for Grafana is not accessible for end-users, like OpenStack deployments).

Comment 17 errata-xmlrpc 2020-09-30 17:26:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 4.1 Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4144

Note You need to log in before you can comment on or make changes to this bug.