mgr/dashboard: Display a warning message in Dashboard when debug mode is enabled

Set a health check warning if debug mode is enabled.

Fixes: https://tracker.ceph.com/issues/48475
Signed-off-by: Volker Theile <vtheile@suse.com>

diff --git a/doc/rados/operations/health-checks.rst b/doc/rados/operations/health-checks.rst
index a8085e92f798a4e24d344db40f03634181ff8ef1..c84efa155197c918db463e8d85de7300d3e25e88 100644 (file)
--- a/doc/rados/operations/health-checks.rst
+++ b/doc/rados/operations/health-checks.rst
@@ -1216,3 +1216,15 @@ This warning can silenced by setting the
 
   ceph config global mon mon_warn_on_osd_down_out_interval_zero false
 
+DASHBOARD_DEBUG
+_______________
+
+The Dashboard debug mode is enabled. This means, if there is an error
+while processing a REST API request, the HTTP error response contains
+a Python traceback. This behaviour should be disabled in production
+environments because such a traceback might contain and expose sensible
+information.
+
+The debug mode can be disabled with::
+
+  ceph dashboard debug disable

diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py
index e3f69664764447eb4167338ffaef3dc3528dfca3..1fac2b200045300b4ae74fc33aad477c99fad965 100644 (file)
--- a/src/pybind/mgr/dashboard/module.py
+++ b/src/pybind/mgr/dashboard/module.py
@@ -276,9 +276,9 @@ class Module(MgrModule, CherryPyConfig):
 
         self._stopping = threading.Event()
         self.shutdown_event = threading.Event()
-
         self.ACCESS_CTRL_DB = None
         self.SSO_DB = None
+        self.health_checks = {}
 
     @classmethod
     def can_run(cls):
@@ -424,6 +424,15 @@ class Module(MgrModule, CherryPyConfig):
 
         return self.__pool_stats
 
+    def config_notify(self):
+        """
+        This method is called whenever one of our config options is changed.
+        """
+        PLUGIN_MANAGER.hook.config_notify()
+
+    def refresh_health_checks(self):
+        self.set_health_checks(self.health_checks)
+
 
 class StandbyModule(MgrStandbyModule, CherryPyConfig):
     def __init__(self, *args, **kwargs):

diff --git a/src/pybind/mgr/dashboard/plugins/debug.py b/src/pybind/mgr/dashboard/plugins/debug.py
index bc386cc4451322bbe40712c44ba288d576489215..fb5fe5fb268c2ce8f3a3c69cc5a087d657782e9b 100644 (file)
--- a/src/pybind/mgr/dashboard/plugins/debug.py
+++ b/src/pybind/mgr/dashboard/plugins/debug.py
@@ -21,7 +21,8 @@ class Actions(Enum):
 
 
 @PM.add_plugin  # pylint: disable=too-many-ancestors
-class Debug(SP, I.CanCherrypy, I.ConfiguresCherryPy):  # pylint: disable=too-many-ancestors
+class Debug(SP, I.CanCherrypy, I.ConfiguresCherryPy,  # pylint: disable=too-many-ancestors
+            I.Setupable, I.ConfigNotify):
     NAME = 'debug'
 
     OPTIONS = [
@@ -33,6 +34,26 @@ class Debug(SP, I.CanCherrypy, I.ConfiguresCherryPy):  # pylint: disable=too-man
         )
     ]
 
+    @no_type_check  # https://github.com/python/mypy/issues/7806
+    def _refresh_health_checks(self):
+        debug = self.get_option(self.NAME)
+        if debug:
+            self.mgr.health_checks.update({'DASHBOARD_DEBUG': {
+                'severity': 'warning',
+                'summary': 'Dashboard debug mode is enabled',
+                'detail': [
+                    'Please disable debug mode in production environments using '
+                    '"ceph dashboard {} {}"'.format(self.NAME, Actions.DISABLE.value)
+                ]
+            }})
+        else:
+            self.mgr.health_checks.pop('DASHBOARD_DEBUG', None)
+        self.mgr.refresh_health_checks()
+
+    @PM.add_hook
+    def setup(self):
+        self._refresh_health_checks()
+
     @no_type_check
     def handler(self, action):
         ret = 0
@@ -40,10 +61,11 @@ class Debug(SP, I.CanCherrypy, I.ConfiguresCherryPy):  # pylint: disable=too-man
         if action in [Actions.ENABLE.value, Actions.DISABLE.value]:
             self.set_option(self.NAME, action == Actions.ENABLE.value)
             self.mgr.update_cherrypy_config({})
+            self._refresh_health_checks()
         else:
             debug = self.get_option(self.NAME)
             msg = "Debug: '{}'".format('enabled' if debug else 'disabled')
-        return (ret, msg, None)
+        return ret, msg, None
 
     COMMANDS = [
         SP.Command(
@@ -70,3 +92,7 @@ class Debug(SP, I.CanCherrypy, I.ConfiguresCherryPy):  # pylint: disable=too-man
             'environment': 'test_suite' if self.get_option(self.NAME) else 'production',
             'error_page.default': self.custom_error_response,
         })
+
+    @PM.add_hook
+    def config_notify(self):
+        self._refresh_health_checks()

diff --git a/src/pybind/mgr/dashboard/plugins/interfaces.py b/src/pybind/mgr/dashboard/plugins/interfaces.py
index f2693eb82e0b9208051fd57ab0a08d44fbc2e651..9c050074f7da87c7f26aa89abde2588afca6556e 100644 (file)
--- a/src/pybind/mgr/dashboard/plugins/interfaces.py
+++ b/src/pybind/mgr/dashboard/plugins/interfaces.py
@@ -69,3 +69,13 @@ class FilterRequest(object):
         @PM.add_abcspec
         def filter_request_before_handler(self, request):
             pass
+
+
+@PM.add_interface
+class ConfigNotify(Interface):
+    @PM.add_abcspec
+    def config_notify(self):
+        """
+        This method is called whenever a option of this mgr module has
+        been modified.
+        """