dashboard: allow disabling grafana api ssl verify

When using an untrusted TLS certificate (like self-signed) on grafana
then the grafana dashboards update subcommand will fail.
One solution could be to trust the TLS certificate.
The other one is to disable the TLS verification on the grafana API.

Closes: #5324
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index 2459d37083672d9019a61a3e00c4ff960be7afec..58c7857245404ea7197669affa1d14c652c9e7bd 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -749,6 +749,7 @@ dummy:
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''
 #dashboard_rgw_api_no_ssl_verify: False

diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index eebd0396cc015c03781d0f21b1c1e2e71d2fc2fb..6d89766d3e321b5e3fccc72c736a32d96bbac4a5 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -749,6 +749,7 @@ ceph_docker_registry_auth: true
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''
 #dashboard_rgw_api_no_ssl_verify: False

diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml
index a3b294990e5471eb76a4ac1168ba94d1a3d9aba5..718412b3be11774ac5c1c13063760cff639ea915 100644 (file)
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -107,6 +107,15 @@
   run_once: true
   changed_when: false
 
+- name: disable ssl verification for grafana
+  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False"
+  delegate_to: "{{ groups[mon_group_name][0] }}"
+  run_once: true
+  changed_when: false
+  when:
+    - dashboard_protocol == "https"
+    - dashboard_grafana_api_no_ssl_verify | bool
+
 - name: set alertmanager host
   command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-alertmanager-api-host http://{{ grafana_server_addrs | first }}:{{ alertmanager_port }}"
   delegate_to: "{{ groups[mon_group_name][0] }}"

diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index 0c161b46860fbff88f3105c68ff5301f72033c99..4db0b65d667c6d0127b94e5780974eccf9130fab 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -741,6 +741,7 @@ dashboard_admin_user_ro: false
 # We only need this for SSL (https) connections
 dashboard_crt: ''
 dashboard_key: ''
+dashboard_grafana_api_no_ssl_verify: False
 dashboard_rgw_api_user_id: ceph-dashboard
 dashboard_rgw_api_admin_resource: ''
 dashboard_rgw_api_no_ssl_verify: False