Hi,
can you paste the following output?
# ceph config-key list | grep grafana
Do you have a mgr/cephadm/grafana_key set? I would check the contents
of crt and key and see if they match. A workaround to test the
certificate and key pair would be to use a per-host config [1]. Maybe
it's not even a workaround but the desired procedure according to this
PR [2].
ceph config-key set mgr/cephadm/{hostname}/grafana_key -i $PWD/key.pem
ceph config-key set mgr/cephadm/{hostname}/grafana_crt -i $PWD/certificate.pem
Hope this helps.
Eugen
[1]
https://docs.ceph.com/en/latest/cephadm/services/monitoring/#setting-up-grafana
[2] https://github.com/ceph/ceph/pull/47098
Zitat von Thorne Lawler <thorne@xxxxxxxxxxx>:
Hi everyone!
I have a containerised (cephadm built) 17.2.6 cluster where I have
installed a custom commercial SSL certificate under dashboard.
Before I upgraded from 17.2 to 17.2.6, I successfully installed the
custom SSL cert everywhere, including grafana, but since the upgrade
I am finding that I can't update the certificate for grafana. Have
tried many many commands like the following:
ceph config-key set mgr/cephadm/grafana_crt -i
/etc/pki/tls/certs/_.quick.net.au_2024.pem
ceph orch reconfig grafana
ceph dashboard set-grafana-frontend-api-url https://san.quick.net.au:3000
restorecon /etc/pki/tls/certs/_.quick.net.au_2024.pem
ceph orch reconfig grafana
ceph dashboard set-grafana-frontend-api-url https://san.quick.net.au:3000
ceph dashboard set-grafana-frontend-url https://san.quick.net.au:3000
ceph dashboard grafana
ceph dashboard grafana dashboards update
ceph orch reconfig grafana
ceph config-key set mgr/cephadm/grafana_crt -i
/etc/pki/tls/certs/_.quick.net.au_2024.pem
ceph orch redeploy grafana
ceph config set mgr mgr/dashboard/GRAFANA_API_URL
https://san.quick.net.au:3000
...but to no avail. The grafana frames within dashboard continue to
use the self-signed key.
Have the commands for updating this changed between 17.2.0 and 17.2.6?
Thank you.
--
Regards,
Thorne Lawler - Senior System Administrator
*DDNS* | ABN 76 088 607 265
First registrar certified ISO 27001-2013 Data Security Standard ITGOV40172
P +61 499 449 170
_DDNS
/_*Please note:* The information contained in this email message and
any attached files may be confidential information, and may also be
the subject of legal professional privilege. _If you are not the
intended recipient any use, disclosure or copying of this email is
unauthorised. _If you received this email in error, please notify
Discount Domain Name Services Pty Ltd on 03 9815 6868 to report this
matter and delete all copies of this transmission together with any
attachments. /
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
