from mgr_module import HandleCommandResult
from .service_registry import register_cephadm_service
from cephadm.services.service_registry import service_registry
+from cephadm.tlsobject_types import CertKeyPair
from orchestrator import DaemonDescription
from ceph.deployment.service_spec import AlertManagerSpec, GrafanaSpec, ServiceSpec, \
from cephadm.services.cephadmservice import CephadmService, CephadmDaemonDeploySpec, get_dashboard_urls
from mgr_util import build_url, password_hash
from ceph.deployment.utils import wrap_ipv6
+from cephadm.tlsobject_store import TLSObjectScope
from .. import utils
if TYPE_CHECKING:
TYPE = 'grafana'
DEFAULT_SERVICE_PORT = 3000
- def prepare_create(self, daemon_spec: CephadmDaemonDeploySpec) -> CephadmDaemonDeploySpec:
- assert self.TYPE == daemon_spec.daemon_type
- daemon_spec.final_config, daemon_spec.deps = self.generate_config(daemon_spec)
- return daemon_spec
-
def generate_data_sources(self, security_enabled: bool, mgmt_gw_enabled: bool, cert: str, pkey: str) -> str:
prometheus_user, prometheus_password = self.mgr._get_prometheus_credentials()
root_cert = self.mgr.cert_mgr.get_root_ca()
return ''
+ def get_grafana_certificates(self, daemon_spec: CephadmDaemonDeploySpec) -> CertKeyPair:
+ host_ips = [self.mgr.inventory.get_addr(daemon_spec.host)]
+ host_fqdns = [self.mgr.get_fqdn(daemon_spec.host), 'grafana_servers']
+ return self.get_certificates(daemon_spec, host_ips, host_fqdns)
+
def generate_config(self, daemon_spec: CephadmDaemonDeploySpec) -> Tuple[Dict[str, Any], List[str]]:
assert self.TYPE == daemon_spec.daemon_type
- host_fqdns = [socket.getfqdn(daemon_spec.host), 'grafana_servers']
- host_ips = self.mgr.inventory.get_addr(daemon_spec.host)
- cert, pkey = self.mgr.cert_mgr.prepare_certificate('grafana_cert', 'grafana_key', host_fqdns, host_ips, target_host=daemon_spec.host)
- if not cert or not pkey:
+ tls_pair = self.get_grafana_certificates(daemon_spec)
+ if not tls_pair.cert or not tls_pair.key:
+ # this will lead to an error in the daemon as certificates are needed
logger.error(f'Cannot generate the needed certificates to deploy Grafana on {daemon_spec.host}')
- cert, pkey = ('', '') # this will lead to an error in the daemon as certificates are needed
security_enabled, mgmt_gw_enabled, oauth2_enabled = self.mgr._get_security_config()
grafana_ini = self.generate_grafana_ini(daemon_spec, mgmt_gw_enabled, oauth2_enabled)
- grafana_data_sources = self.generate_data_sources(security_enabled, mgmt_gw_enabled, cert, pkey)
+ grafana_data_sources = self.generate_data_sources(security_enabled, mgmt_gw_enabled, tls_pair.cert, tls_pair.key)
# the path of the grafana dashboards are assumed from the providers.yml.j2 file by grafana
grafana_dashboards_path = self.mgr.grafana_dashboards_path or '/etc/grafana/dashboards/ceph-dashboard/'
'files': {
"grafana.ini": grafana_ini,
'provisioning/datasources/ceph-dashboard.yml': grafana_data_sources,
- 'certs/cert_file': '# generated by cephadm\n%s' % cert,
- 'certs/cert_key': '# generated by cephadm\n%s' % pkey,
+ 'certs/cert_file': '# generated by cephadm\n%s' % tls_pair.cert,
+ 'certs/cert_key': '# generated by cephadm\n%s' % tls_pair.key,
'provisioning/dashboards/default.yml': self.mgr.template.render(
'services/grafana/providers.yml.j2', {
'grafana_dashboards_path': grafana_dashboards_path
"""
Called before grafana daemon is removed.
"""
- if daemon.hostname is not None:
- # delete cert/key entires for this grafana daemon
- self.mgr.cert_mgr.rm_cert('grafana_cert', host=daemon.hostname)
- self.mgr.cert_mgr.rm_key('grafana_key', host=daemon.hostname)
self.reset_config(daemon)
def ok_to_stop(self,
projects / ceph-ci.git / commitdiff