Hide Forgot
Description of problem: When using the metrics role with "metrics_graph_service: yes", Grafana is installed with the default admin/admin user/password. Upon first login to Grafana, the user is prompted to change the password. If the metrics playbook is re-run, it fails, as it attempts to connect with the admin/admin user/password. Version-Release number of selected component (if applicable): rhel-system-roles-1.0.1-1.el8.noarch How reproducible: Every time Steps to Reproduce: 1. Write playbook call metrics role with "metrics_graph_service: yes" 2. Log in to Grafana and change the default admin password 3. Re-run original playbook Actual results: Playbook Fails: TASK [redhat.rhel_system_roles.private_metrics_subrole_grafana : Ensure graphing service runtime settings are configured] ****************************************************************************************** fatal: [localhost]: FAILED! => {"cache_control": "no-cache", "changed": false, "connection": "close", "content": "{\"message\":\"Invalid username or password\"}", "content_length": "42", "content_type": "application/json; charset=UTF-8", "date": "Wed, 02 Jun 2021 20:23:08 GMT", "elapsed": 0, "expires": "-1", "json": {"message": "Invalid username or password"}, "msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized", "pragma": "no-cache", "redirected": false, "status": 401, "url": "http://admin:admin@localhost:3000/api/plugins/performancecopilot-pcp-app/settings", "x_content_type_options": "nosniff", "x_frame_options": "deny", "x_xss_protection": "1; mode=block"} Expected results: Ability to re-run playbook. It would be preferable if the initial Grafana admin password could be set as a role variable. This way the password could be set in an automated manner at install, and the role would also be able to authenticate to Grafana on future runs.
@nathans ptal
Thanks Brian. Looks like the same issue Marko encountered here: https://github.com/linux-system-roles/metrics/issues/26 What's the latest re your "once the latest Grafana is packaged" comment there Andreas? - is this something we should look into adding to the metric role for 8.5 with the Grafana rebase there? Or would 8.6 be more appropriate? Thanks!
> What's the latest re your "once the latest Grafana is packaged" comment there Andreas? This feature landed in Grafana v7.1, so with the Grafana version in RHEL 8.4 (grafana-7.3.6-2) this feature is available. I'll start the builds for the final Grafana 7.5.7-2 release (with FIPS approved crypto) for RHEL 8.5 today. I don't have any capacity to test this for 8.5, but if you have time you can go ahead - please make sure that the PCP Checklist dashboards get imported when the plugin is enabled in that way (I'd expect them to be imported by Grafana plugin provisioning automatically).
(In reply to Andreas Gerstmayr from comment #3) > > What's the latest re your "once the latest Grafana is packaged" comment there Andreas? > > This feature landed in Grafana v7.1, so with the Grafana version in RHEL 8.4 > (grafana-7.3.6-2) this feature is available. > I'll start the builds for the final Grafana 7.5.7-2 release (with FIPS > approved crypto) for RHEL 8.5 today. OK, thanks. > I don't have any capacity to test this for 8.5, but if you have time you can > go ahead - please make sure that the PCP Checklist dashboards get imported > when the plugin is enabled in that way (I'd expect them to be imported by > Grafana plugin provisioning automatically). I also have no time in the short term as we head towards end of 8.5 dev phase. I've set this as an issue for us to return to in 8.6 timeframes.
Nathan, Honzo - are you going to work on this for 8.6? If so please provide qa ack, otherwise please strip the ITR. Thanks.
Heya Peter - let me check in with Andreas and Jan & get back to you there. Tentatively still 'yes' though. (ps: who's Honzo?)
This is fixed in ansible-pcp-2.2.2 now - I'll look into updating the metric role once I return from a couple weeks PTO.
Thanks Jan ... Rich, I suspect this has actually been complete for some time, since ansible-pcp and the metrics role are fully sync'd up and I think you've pushed through a rebuild of redhat-system-roles since this fix was merged (late Nov, early Dec) - can you confirm? Commit 3e6b4b62c90d in upstream linux-system-roles/metrics is the key commit there. Thanks!
(In reply to Nathan Scott from comment #12) > Thanks Jan ... Rich, I suspect this has actually been complete for some > time, since ansible-pcp and the metrics role are fully sync'd up and I think > you've pushed through a rebuild of redhat-system-roles since this fix was > merged (late Nov, early Dec) - can you confirm? Commit 3e6b4b62c90d in > upstream linux-system-roles/metrics is the key commit there. Thanks! Ok. I'm going to assume this is the case. @briasmit please confirm with metrics 1.4.1 upstream
Hi Rich, I just tried the latest upstream metrics role and this issue appears to be resolved. I can now change the Grafana password and re-run the role without it failing.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1896