It would be cool, actually, to have the metrics working in 18.2.2, for IPv6
only
Otherwise, everything works fine on my side.
________________________________________________________
Cordialement,
*David CASIER*
________________________________________________________
Le jeu. 25 janv. 2024 à 16:12, Nicolas FOURNIL <nicolas.fournil@xxxxxxxxx>
a écrit :
> Gotcha !
>
> I've got the point, after restarting the CA certificate creation with :
> ceph restful create-self-signed-cert
>
> I get this error :
> Module 'cephadm' has failed: Expected 4 octets in
> 'fd30:xxxx:xxxx:0:1101:2:0:501'
>
>
> *Ouch 4 octets = IP4 address expected... some nice code in perspective.*
>
> I go through podman to get more traces :
>
> File "/usr/share/ceph/mgr/cephadm/ssl_cert_utils.py", line 49, in
> generate_root_cert
> [x509.IPAddress(ipaddress.IPv4Address(addr))]
> File "/lib64/python3.6/ipaddress.py", line 1284, in __init__
> self._ip = self._ip_int_from_string(addr_str)
> File "/lib64/python3.6/ipaddress.py", line 1118, in _ip_int_from_string
> raise AddressValueError("Expected 4 octets in %r" % ip_str)
> ipaddress.AddressValueError: Expected 4 octets in
> 'fd30:xxxx:xxxx:0:1101:2:0:501'
>
> So I github this and find this fix in 19.0.0 (with backport not yet
> released) :
>
>
> https://github.com/ceph/ceph/commit/647b5d67a8a800091acea68d20e87354373b0fac
>
> This example shows that it's impossible to get any metrics in an IPv6 only
> network (Discovery is impossible) and it's visible at install so there's no
> test for IPv6 only environnement before release ?
>
> Now I'm seriously asking myself to put a crappy IPv4 subnet only for my
> ceph cluster, because it's always a headache to get it working in an IPv6
> environment.
>
>
> Le mar. 23 janv. 2024 à 17:58, David C. <david.casier@xxxxxxxx> a écrit :
>
>> According to sources, the certificates are generated automatically at
>> startup. Hence my question if the service started correctly.
>>
>> I also had problems with IPv6 only, but I don't immediately have more info
>> ________________________________________________________
>>
>> Cordialement,
>>
>> *David CASIER*
>> ________________________________________________________
>>
>>
>> Le mar. 23 janv. 2024 à 17:46, Nicolas FOURNIL <nicolas.fournil@xxxxxxxxx>
>> a écrit :
>>
>>> IPv6 only : Yes, the -ms_bind_ipv6=true is already set-
>>>
>>> I had tried a rotation of the keys for node-exporter and I get this :
>>>
>>> 2024-01-23T16:43:56.098796+0000 mgr.srv06-r2b-fl1.foxykh (mgr.342408)
>>> 87074 : cephadm [INF] Rotating authentication key for
>>> node-exporter.srv06-r2b-fl1
>>> 2024-01-23T16:43:56.099224+0000 mgr.srv06-r2b-fl1.foxykh (mgr.342408)
>>> 87075 : cephadm [ERR] unknown daemon type node-exporter
>>> Traceback (most recent call last):
>>> File "/usr/share/ceph/mgr/cephadm/serve.py", line 1039, in
>>> _check_daemons
>>> self.mgr._daemon_action(daemon_spec, action=action)
>>> File "/usr/share/ceph/mgr/cephadm/module.py", line 2203, in
>>> _daemon_action
>>> return self._rotate_daemon_key(daemon_spec)
>>> File "/usr/share/ceph/mgr/cephadm/module.py", line 2147, in
>>> _rotate_daemon_key
>>> 'entity': daemon_spec.entity_name(),
>>> File "/usr/share/ceph/mgr/cephadm/services/cephadmservice.py", line
>>> 108, in entity_name
>>> return get_auth_entity(self.daemon_type, self.daemon_id,
>>> host=self.host)
>>> File "/usr/share/ceph/mgr/cephadm/services/cephadmservice.py", line
>>> 47, in get_auth_entity
>>> raise OrchestratorError(f"unknown daemon type {daemon_type}")
>>> orchestrator._interface.OrchestratorError: unknown daemon type
>>> node-exporter
>>>
>>> Tried to remove & recreate service : it's the same ... how to stop the
>>> rotation now :-/
>>>
>>>
>>>
>>> Le mar. 23 janv. 2024 à 17:18, David C. <david.casier@xxxxxxxx> a
>>> écrit :
>>>
>>>> Is the cephadm http server service starting correctly (in the mgr logs)?
>>>>
>>>> IPv6 ?
>>>> ________________________________________________________
>>>>
>>>> Cordialement,
>>>>
>>>> *David CASIER*
>>>> ________________________________________________________
>>>>
>>>>
>>>>
>>>>
>>>> Le mar. 23 janv. 2024 à 16:29, Nicolas FOURNIL <
>>>> nicolas.fournil@xxxxxxxxx> a écrit :
>>>>
>>>>> Hello,
>>>>>
>>>>> Thanks for advice but Prometheus cert is ok, (Self signed) and tested
>>>>> with curl and web navigator.
>>>>>
>>>>> it seems to be the "Service discovery" certificate from cephadm who
>>>>> is missing but I cannot figure out how to set it.
>>>>>
>>>>> There's in the code a function to create this certificate inside the
>>>>> Key store but how ... that's the point :-(
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>>
>>>>> Le mar. 23 janv. 2024 à 15:52, David C. <david.casier@xxxxxxxx> a
>>>>> écrit :
>>>>>
>>>>>> Hello Nicolas,
>>>>>>
>>>>>> I don't know if it's an update issue.
>>>>>>
>>>>>> If this is not a problem for you, you can consider redeploying
>>>>>> grafana/prometheus.
>>>>>>
>>>>>> It is also possible to inject your own certificates :
>>>>>>
>>>>>> https://docs.ceph.com/en/latest/cephadm/services/monitoring/#example
>>>>>>
>>>>>>
>>>>>> https://github.com/ceph/ceph/blob/main/src/pybind/mgr/cephadm/templates/services/prometheus/prometheus.yml.j2
>>>>>>
>>>>>> ________________________________________________________
>>>>>>
>>>>>> Cordialement,
>>>>>>
>>>>>> *David CASIER*
>>>>>> ________________________________________________________
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le mar. 23 janv. 2024 à 10:56, Nicolas FOURNIL <
>>>>>> nicolas.fournil@xxxxxxxxx> a écrit :
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I've just fresh upgrade from Quincy to Reef and my graphs are now
>>>>>>> blank...
>>>>>>> after investigations, it seems that discovery service is not working
>>>>>>> because of no certificate :
>>>>>>>
>>>>>>> # ceph orch sd dump cert
>>>>>>> Error EINVAL: No certificate found for service discovery
>>>>>>>
>>>>>>> Maybe an upgrade issue ?
>>>>>>>
>>>>>>> Is there a way to generate or replace the certificate properly ?
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> Nicolas F.
>>>>>>> _______________________________________________
>>>>>>> ceph-users mailing list -- ceph-users@xxxxxxx
>>>>>>> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>>>>>>>
>>>>>>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
