Hi Eugen!
It turns out that I had all of the following set:
mgr/cephadm/grafana_crt
mgr/cephadm/admin/grafana_crt
mgr/cephadm/san1/grafana_crt
...but only the last one was being read.
Fixed now.
On 8/06/2023 7:30 pm, Eugen Block wrote:
Hi,
can you paste the following output?
# ceph config-key list | grep grafana
Do you have a mgr/cephadm/grafana_key set? I would check the contents
of crt and key and see if they match. A workaround to test the
certificate and key pair would be to use a per-host config [1]. Maybe
it's not even a workaround but the desired procedure according to this
PR [2].
ceph config-key set mgr/cephadm/{hostname}/grafana_key -i $PWD/key.pem
ceph config-key set mgr/cephadm/{hostname}/grafana_crt -i
$PWD/certificate.pem
Hope this helps.
Eugen
[1]
https://docs.ceph.com/en/latest/cephadm/services/monitoring/#setting-up-grafana
[2] https://github.com/ceph/ceph/pull/47098
Zitat von Thorne Lawler <thorne@xxxxxxxxxxx>:
Hi everyone!
I have a containerised (cephadm built) 17.2.6 cluster where I have
installed a custom commercial SSL certificate under dashboard.
Before I upgraded from 17.2 to 17.2.6, I successfully installed the
custom SSL cert everywhere, including grafana, but since the upgrade
I am finding that I can't update the certificate for grafana. Have
tried many many commands like the following:
ceph config-key set mgr/cephadm/grafana_crt -i
/etc/pki/tls/certs/_.quick.net.au_2024.pem
ceph orch reconfig grafana
ceph dashboard set-grafana-frontend-api-url
https://san.quick.net.au:3000
restorecon /etc/pki/tls/certs/_.quick.net.au_2024.pem
ceph orch reconfig grafana
ceph dashboard set-grafana-frontend-api-url
https://san.quick.net.au:3000
ceph dashboard set-grafana-frontend-url https://san.quick.net.au:3000
ceph dashboard grafana
ceph dashboard grafana dashboards update
ceph orch reconfig grafana
ceph config-key set mgr/cephadm/grafana_crt -i
/etc/pki/tls/certs/_.quick.net.au_2024.pem
ceph orch redeploy grafana
ceph config set mgr mgr/dashboard/GRAFANA_API_URL
https://san.quick.net.au:3000
...but to no avail. The grafana frames within dashboard continue to
use the self-signed key.
Have the commands for updating this changed between 17.2.0 and 17.2.6?
Thank you.
--
Regards,
Thorne Lawler - Senior System Administrator
*DDNS* | ABN 76 088 607 265
First registrar certified ISO 27001-2013 Data Security Standard
ITGOV40172
P +61 499 449 170
_DDNS
/_*Please note:* The information contained in this email message and
any attached files may be confidential information, and may also be
the subject of legal professional privilege. _If you are not the
intended recipient any use, disclosure or copying of this email is
unauthorised. _If you received this email in error, please notify
Discount Domain Name Services Pty Ltd on 03 9815 6868 to report this
matter and delete all copies of this transmission together with any
attachments. /
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
--
Regards,
Thorne Lawler - Senior System Administrator
*DDNS* | ABN 76 088 607 265
First registrar certified ISO 27001-2013 Data Security Standard ITGOV40172
P +61 499 449 170
_DDNS
/_*Please note:* The information contained in this email message and any
attached files may be confidential information, and may also be the
subject of legal professional privilege. _If you are not the intended
recipient any use, disclosure or copying of this email is unauthorised.
_If you received this email in error, please notify Discount Domain Name
Services Pty Ltd on 03 9815 6868 to report this matter and delete all
copies of this transmission together with any attachments. /
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
