Yeah... that's right, the way certificates are managed and there's no documentation on how to set the new ones mainly because it's not easy to do that manually. I'm working on some detailed instructions (hosted in the below repo) to help with that. I tested the script on my test cluster and it worked but I'd like to hear from other users to see if they find it easy or not. https://github.com/rkachach/utils PD: There's also some ongoing work to user friendly commands to set the certificates that should be part of the next release. Best, Redo. On Tue, Jan 28, 2025 at 8:01 AM Thorsten Fuchs <thorsten.fuchs@xxxxxxxx> wrote: > We recently migrated our cluster from 18.2.4 to 19.2.0 and started having > issues with Grafana. > > Ceph gives out the warning "CEPHADM_CERT_ERROR: Invalid grafana > certificate on > host cc-1: Invalid certificate key: [('PEM routines', '', 'no start > line')]. > > Looking at the certificates they contain a line '# generated by cephadm' > and > are not the certificates we stored in the config, e.g. > 'mgr/cephadm/cc-1/grafana_crt'. > > After some investigation we found that there was a change to how > certificates > are stored. Yet I could find no documentation on how to setup per hosts > certificates with the new way. > > The commit that changed the certificate store is > > https://github.com/ceph/ceph/commit/bb7e715320e41f5d6b6291769e2b6d230eec74cc > > Maybe anyone can point us in the right direction on how to get our own > certs > back into Grafana. > > -- > > Thorsten Fuchs > > abaut GmbH > Agnes-Pockels-Bogen 1, 80992 München > > > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |