RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1967321 - metrics role can't be re-run if the Grafana admin password has been changed
Summary: metrics role can't be re-run if the Grafana admin password has been changed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: rhel-system-roles
Version: 8.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: beta
: 8.6
Assignee: Rich Megginson
QA Contact: Jan Kurik
Gabi Fialová
URL:
Whiteboard: role:metrics
Depends On: 1921191
Blocks: 2041632
TreeView+ depends on / blocked
 
Reported: 2021-06-02 21:03 UTC by Brian Smith
Modified: 2022-05-10 14:38 UTC (History)
10 users (show)

Fixed In Version: rhel-system-roles-1.13.0-1.el8
Doc Type: Bug Fix
Doc Text:
.A playbook using the Metrics role completes successfully on multiple runs even if the Grafana `admin` password is changed Previously, changes to the Grafana `admin` user password after running the Metrics role with the `metrics_graph_service: yes` boolean caused failure on subsequent runs of the Metrics role. This led to failures of playbooks using the Metrics role, and the affected systems were only partially set up for performance analysis. Now, the Metrics role uses the Grafana `deployment` API when it is available and no longer requires knowledge of username or password to perform the necessary configuration actions. As a result, a playbook using the Metrics role completes successfully on multiple runs even if the administrator changes the Grafana `admin` password.
Clone Of:
: 2041632 (view as bug list)
Environment:
Last Closed: 2022-05-10 14:12:08 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1896 0 None None None 2022-05-10 14:12:31 UTC

Description Brian Smith 2021-06-02 21:03:25 UTC 
Description of problem:
When using the metrics role with "metrics_graph_service: yes", Grafana is installed with the default admin/admin user/password.  Upon first login to Grafana, the user is prompted to change the password.  If the metrics playbook is re-run, it fails, as it attempts to connect with the admin/admin user/password.  


Version-Release number of selected component (if applicable):
rhel-system-roles-1.0.1-1.el8.noarch

How reproducible:
Every time

Steps to Reproduce:
1. Write playbook call metrics role with "metrics_graph_service: yes"
2. Log in to Grafana and change the default admin password
3. Re-run original playbook

Actual results:
Playbook Fails:
TASK [redhat.rhel_system_roles.private_metrics_subrole_grafana : Ensure graphing service runtime settings are configured] ******************************************************************************************
fatal: [localhost]: FAILED! => {"cache_control": "no-cache", "changed": false, "connection": "close", "content": "{\"message\":\"Invalid username or password\"}", "content_length": "42", "content_type": "application/json; charset=UTF-8", "date": "Wed, 02 Jun 2021 20:23:08 GMT", "elapsed": 0, "expires": "-1", "json": {"message": "Invalid username or password"}, "msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized", "pragma": "no-cache", "redirected": false, "status": 401, "url": "http://admin:admin@localhost:3000/api/plugins/performancecopilot-pcp-app/settings", "x_content_type_options": "nosniff", "x_frame_options": "deny", "x_xss_protection": "1; mode=block"}


Expected results:

Ability to re-run playbook.  It would be preferable if the initial Grafana admin password could be set as a role variable.  This way the password could be set in an automated manner at install, and the role would also be able to authenticate to Grafana on future runs.
Comment 1 Rich Megginson 2021-06-10 15:52:16 UTC 
@nathans ptal
Comment 2 Nathan Scott 2021-06-10 22:32:22 UTC 
Thanks Brian.  Looks like the same issue Marko encountered here:
https://github.com/linux-system-roles/metrics/issues/26

What's the latest re your "once the latest Grafana is packaged" comment there Andreas?  - is this something we should look into adding to the metric role for 8.5 with the Grafana rebase there?  Or would 8.6 be more appropriate?  Thanks!
Comment 3 Andreas Gerstmayr 2021-06-11 10:56:12 UTC 
> What's the latest re your "once the latest Grafana is packaged" comment there Andreas?

This feature landed in Grafana v7.1, so with the Grafana version in RHEL 8.4 (grafana-7.3.6-2) this feature is available.
I'll start the builds for the final Grafana 7.5.7-2 release (with FIPS approved crypto) for RHEL 8.5 today.

I don't have any capacity to test this for 8.5, but if you have time you can go ahead - please make sure that the PCP Checklist dashboards get imported when the plugin is enabled in that way (I'd expect them to be imported by Grafana plugin provisioning automatically).
Comment 4 Nathan Scott 2021-06-14 23:58:56 UTC 
(In reply to Andreas Gerstmayr from comment #3)
> > What's the latest re your "once the latest Grafana is packaged" comment there Andreas?
> 
> This feature landed in Grafana v7.1, so with the Grafana version in RHEL 8.4
> (grafana-7.3.6-2) this feature is available.
> I'll start the builds for the final Grafana 7.5.7-2 release (with FIPS
> approved crypto) for RHEL 8.5 today.

OK, thanks.

> I don't have any capacity to test this for 8.5, but if you have time you can
> go ahead - please make sure that the PCP Checklist dashboards get imported
> when the plugin is enabled in that way (I'd expect them to be imported by
> Grafana plugin provisioning automatically).

I also have no time in the short term as we head towards end of 8.5 dev phase.
I've set this as an issue for us to return to in 8.6 timeframes.
Comment 5 Peter Kettmann 2021-11-04 14:42:16 UTC 
Nathan, Honzo - are you going to work on this for 8.6? If so please provide qa ack, otherwise please strip the ITR. Thanks.
Comment 6 Peter Kettmann 2021-11-04 14:42:30 UTC 
Nathan, Honzo - are you going to work on this for 8.6? If so please provide qa ack, otherwise please strip the ITR. Thanks.
Comment 7 Nathan Scott 2021-11-04 21:50:06 UTC 
Heya Peter - let me check in with Andreas and Jan & get back to you there.  Tentatively still 'yes' though.

(ps: who's Honzo?)
Comment 8 Nathan Scott 2021-11-12 09:28:51 UTC 
This is fixed in ansible-pcp-2.2.2 now - I'll look into updating the metric role once I return from a couple weeks PTO.
Comment 12 Nathan Scott 2022-01-14 01:36:09 UTC 
Thanks Jan ... Rich, I suspect this has actually been complete for some time, since ansible-pcp and the metrics role are fully sync'd up and I think you've pushed through a rebuild of redhat-system-roles since this fix was merged (late Nov, early Dec) - can you confirm?  Commit 3e6b4b62c90d in upstream linux-system-roles/metrics is the key commit there.  Thanks!
Comment 13 Rich Megginson 2022-01-17 22:20:49 UTC 
(In reply to Nathan Scott from comment #12)
> Thanks Jan ... Rich, I suspect this has actually been complete for some
> time, since ansible-pcp and the metrics role are fully sync'd up and I think
> you've pushed through a rebuild of redhat-system-roles since this fix was
> merged (late Nov, early Dec) - can you confirm?  Commit 3e6b4b62c90d in
> upstream linux-system-roles/metrics is the key commit there.  Thanks!

Ok.  I'm going to assume this is the case.  @briasmit please confirm with metrics 1.4.1 upstream
Comment 14 Brian Smith 2022-01-18 16:53:36 UTC 
Hi Rich, I just tried the latest upstream metrics role and this issue appears to be resolved.  I can now change the Grafana password and re-run the role without it failing.
Comment 25 errata-xmlrpc 2022-05-10 14:12:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1896
Note You need to log in before you can comment on or make changes to this bug.