Bug 1936299 - [GSS] ceph dashboard certification alert "x509: certificate signed by unknown authority"
Summary: [GSS] ceph dashboard certification alert "x509: certificate signed by unknown...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: Ceph-Ansible
Version: 4.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.3
Assignee: Guillaume Abrioux
QA Contact: Sunil Angadi
Ranjini M N
URL:
Whiteboard:
Depends On:
Blocks: 2031070
TreeView+ depends on / blocked
 
Reported: 2021-03-08 06:26 UTC by Prerna Sony
Modified: 2024-10-01 17:38 UTC (History)
14 users (show)

Fixed In Version: ceph-ansible-4.0.63-1.el8cp, ceph-ansible-4.0.63-1.el7cp
Doc Type: Bug Fix
Doc Text:
.Alertmanager does not log errors when self-signed or untrusted certificates are used Previously, when using untrusted CA certificates, Alertmanager generated many errors in the logs. With this release, the `ceph-ansible` can set the `insecure_skip_verify` parameter to `true` in the `alertmanager.yml` file by setting `alertmanager_dashboard_api_no_ssl_verify: true` in the `group_vars/all.yml` file when using self-signed or untrusted certificates and the Alertmanager does not log those errors anymore and works as expected.
Clone Of:
Environment:
Last Closed: 2022-05-05 07:53:20 UTC
Embargoed:
epuertat: needinfo+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github ceph ceph-ansible pull 6748 0 None Merged [skip ci] alertmanager: allow disable dashboard tls verify 2021-11-16 09:21:02 UTC
Red Hat Issue Tracker RHCEPH-66 0 None None None 2021-09-06 09:30:01 UTC
Red Hat Product Errata RHSA-2022:1716 0 None None None 2022-05-05 07:53:39 UTC

Comment 5 Juan Miguel Olmo 2021-03-09 09:22:27 UTC 
@epuertat :

I cannot see any x509 error in the Prometheus/alert manager/or manager log using a fresh installation of cephadm. 

If the user does not provide certificates, Cephadm generates self-signed ones by itself and configure the dashboard with these certificates.
Comment 35 errata-xmlrpc 2022-05-05 07:53:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1716
Note You need to log in before you can comment on or make changes to this bug.