From: Patrick Seidensal <pseidensal@suse.com>
Date: Fri, 16 Oct 2020 12:19:53 +0000 (+0200)
Subject: doc/cepham: instructions for custom Grafana TLS certs
X-Git-Tag: v15.2.9~88^2~36
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=0d4d65f9f7084a5153df87764478d8a0fb9f84b2;p=ceph.git

doc/cepham: instructions for custom Grafana TLS certs

Signed-off-by: Patrick Seidensal <pseidensal@suse.com>
(cherry picked from commit 344c0a69b34013a92b4224325af1e4e71a9c8564)
---

diff --git a/doc/cephadm/monitoring.rst b/doc/cephadm/monitoring.rst
index b1a4157730c..6a4a06d1cd2 100644
--- a/doc/cephadm/monitoring.rst
+++ b/doc/cephadm/monitoring.rst
@@ -88,6 +88,37 @@ completed, you should see something like this from ``ceph orch ls``
   node-exporter      2/2  6s ago     docker.io/prom/node-exporter:latest             e5a616e4b9cf  present
   prometheus         1/1  6s ago     docker.io/prom/prometheus:latest                e935122ab143  present
 
+Configuring SSL/TLS for Grafana
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+``cephadm`` will deploy Grafana using the certificate defined in the ceph
+key/value store. If a certificate is not specified, ``cephadm`` will generate a
+self-signed certificate during deployment of the Grafana service.
+
+A custom certificate can be configured using the following commands.
+
+.. code-block:: bash
+
+  ceph config-key set mgr/cephadm/grafana_key -i $PWD/key.pem
+  ceph config-key set mgr/cephadm/grafana_crt -i $PWD/certificate.pem
+
+The ``cephadm`` manager module needs to be restarted to be able to read updates
+to these keys.
+
+.. code-block:: bash
+
+  ceph orch restart mgr
+
+If you already deployed Grafana, you need to redeploy the service for the
+configuration to be updated.
+
+.. code-block:: bash
+
+  ceph orch redeploy grafana
+
+The ``redeploy`` command also takes care of setting the right URL for Ceph
+Dashboard.
+
 Using custom images
 ~~~~~~~~~~~~~~~~~~~
 
@@ -120,7 +151,7 @@ For example
      you have set the custom image for automatically.  You will need to
      manually update the configuration (image name and tag) to be able to
      install updates.
-     
+
      If you choose to go with the recommendations instead, you can reset the
      custom image you have set before.  After that, the default value will be
      used again.  Use ``ceph config rm`` to reset the configuration option