Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use Jira Cloud for all bug tracking management.

Bug 1936299

Summary: [GSS] ceph dashboard certification alert "x509: certificate signed by unknown authority"
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Prerna Sony <psony>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED ERRATA QA Contact: Sunil Angadi <sangadi>
Severity: medium Docs Contact: Ranjini M N <rmandyam>
Priority: medium    
Version: 4.0CC: aschoen, ceph-eng-bugs, epuertat, gabrioux, gmeno, jolmomar, lithomas, mhackett, nthomas, rcarrier, rmandyam, sangadi, tserlin, ykaul
Target Milestone: ---Flags: epuertat: needinfo+
Target Release: 4.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-ansible-4.0.63-1.el8cp, ceph-ansible-4.0.63-1.el7cp Doc Type: Bug Fix
Doc Text:
.Alertmanager does not log errors when self-signed or untrusted certificates are used Previously, when using untrusted CA certificates, Alertmanager generated many errors in the logs. With this release, the `ceph-ansible` can set the `insecure_skip_verify` parameter to `true` in the `alertmanager.yml` file by setting `alertmanager_dashboard_api_no_ssl_verify: true` in the `group_vars/all.yml` file when using self-signed or untrusted certificates and the Alertmanager does not log those errors anymore and works as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-05 07:53:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2031070    

Comment 5 Juan Miguel Olmo 2021-03-09 09:22:27 UTC 
@epuertat :

I cannot see any x509 error in the Prometheus/alert manager/or manager log using a fresh installation of cephadm. 

If the user does not provide certificates, Cephadm generates self-signed ones by itself and configure the dashboard with these certificates.
Comment 35 errata-xmlrpc 2022-05-05 07:53:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1716