From: Redouane Kachach Date: Tue, 6 Sep 2022 12:51:52 +0000 (+0200) Subject: using cephadm prefix to raise the health warning X-Git-Tag: v18.1.0~1067^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a7e61838ac9383b4d7887f24c8e10a9f50a288c2;p=ceph.git using cephadm prefix to raise the health warning Signed-off-by: Redouane Kachach --- diff --git a/src/pybind/mgr/cephadm/serve.py b/src/pybind/mgr/cephadm/serve.py index 56282902c69..89daba0f76c 100644 --- a/src/pybind/mgr/cephadm/serve.py +++ b/src/pybind/mgr/cephadm/serve.py @@ -125,7 +125,7 @@ class CephadmServe: try: get_cert_issuer_info(cert) verify_tls(cert, key) - self.mgr.remove_health_warning('GRAFANA_CERT_ERROR') + self.mgr.remove_health_warning('CEPHADM_CERT_ERROR') except ServerConfigException as e: err_msg = f""" Detected invalid grafana certificates. Please, use the following commands: @@ -142,7 +142,7 @@ class CephadmServe: """ self.log.error(f'Detected invalid grafana certificate on host {d.hostname}: {e}') - self.mgr.set_health_warning('GRAFANA_CERT_ERROR', + self.mgr.set_health_warning('CEPHADM_CERT_ERROR', f'Invalid grafana certificate on host {d.hostname}: {e}', 1, [err_msg]) break diff --git a/src/pybind/mgr/cephadm/services/monitoring.py b/src/pybind/mgr/cephadm/services/monitoring.py index 9cce1e1b3f8..be93c32b669 100644 --- a/src/pybind/mgr/cephadm/services/monitoring.py +++ b/src/pybind/mgr/cephadm/services/monitoring.py @@ -52,28 +52,7 @@ class GrafanaService(CephadmService): grafana_data_sources = self.mgr.template.render( 'services/grafana/ceph-dashboard.yml.j2', {'hosts': prom_services, 'loki_host': loki_host}) - cert_path = f'{daemon_spec.host}/grafana_crt' - key_path = f'{daemon_spec.host}/grafana_key' - cert = self.mgr.get_store(cert_path) - pkey = self.mgr.get_store(key_path) - if cert and pkey: - try: - verify_tls(cert, pkey) - except ServerConfigException as e: - logger.warning('Provided grafana TLS certificates invalid: %s', str(e)) - cert, pkey = None, None - if not (cert and pkey): - cert, pkey = create_self_signed_cert('Ceph', daemon_spec.host) - self.mgr.set_store(cert_path, cert) - self.mgr.set_store(key_path, pkey) - if 'dashboard' in self.mgr.get('mgr_map')['modules']: - self.mgr.check_mon_command({ - 'prefix': 'dashboard set-grafana-api-ssl-verify', - 'value': 'false', - }) - - spec: GrafanaSpec = cast( - GrafanaSpec, self.mgr.spec_store.active_specs[daemon_spec.service_name]) + spec: GrafanaSpec = cast(GrafanaSpec, self.mgr.spec_store.active_specs[daemon_spec.service_name]) grafana_ini = self.mgr.template.render( 'services/grafana/grafana.ini.j2', { 'initial_admin_password': spec.initial_admin_password, @@ -114,7 +93,7 @@ class GrafanaService(CephadmService): if is_valid_certificate: # let's clear health error just in case it was set - self.mgr.remove_health_warning('GRAFANA_CERT_ERROR') + self.mgr.remove_health_warning('CEPHADM_CERT_ERROR') return cert, pkey # certificate is not valid, to avoid overwriting user generated @@ -130,7 +109,7 @@ class GrafanaService(CephadmService): 'prefix': 'dashboard set-grafana-api-ssl-verify', 'value': 'false', }) - self.mgr.remove_health_warning('GRAFANA_CERT_ERROR') # clear if any + self.mgr.remove_health_warning('CEPHADM_CERT_ERROR') # clear if any else: # the certificate was not generated by cephadm, we cannot overwrite # it by new self-signed ones. Let's warn the user to fix the issue @@ -145,7 +124,7 @@ class GrafanaService(CephadmService): > ceph orch daemon reconfig """ - self.mgr.set_health_warning('GRAFANA_CERT_ERROR', 'Invalid grafana certificate: ', 1, [err_msg]) + self.mgr.set_health_warning('CEPHADM_CERT_ERROR', 'Invalid grafana certificate: ', 1, [err_msg]) return cert, pkey