From 344c0a69b34013a92b4224325af1e4e71a9c8564 Mon Sep 17 00:00:00 2001 From: Patrick Seidensal Date: Fri, 16 Oct 2020 14:19:53 +0200 Subject: [PATCH] doc/cepham: instructions for custom Grafana TLS certs Signed-off-by: Patrick Seidensal --- doc/cephadm/monitoring.rst | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/doc/cephadm/monitoring.rst b/doc/cephadm/monitoring.rst index 6d4f21da1aee7..042e0b280da38 100644 --- a/doc/cephadm/monitoring.rst +++ b/doc/cephadm/monitoring.rst @@ -15,7 +15,7 @@ metrics on cluster utilization and performance. Ceph users have three options: Ceph is running in Kubernetes with Rook). #. Skip the monitoring stack completely. Some Ceph dashboard graphs will not be available. - + The monitoring stack consists of `Prometheus `_, Prometheus exporters (:ref:`mgr-prometheus`, `Node exporter `_), `Prometheus Alert @@ -93,6 +93,37 @@ completed, you should see something like this from ``ceph orch ls`` node-exporter 2/2 6s ago docker.io/prom/node-exporter:latest e5a616e4b9cf present prometheus 1/1 6s ago docker.io/prom/prometheus:latest e935122ab143 present +Configuring SSL/TLS for Grafana +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +``cephadm`` will deploy Grafana using the certificate defined in the ceph +key/value store. If a certificate is not specified, ``cephadm`` will generate a +self-signed certificate during deployment of the Grafana service. + +A custom certificate can be configured using the following commands. + +.. code-block:: bash + + ceph config-key set mgr/cephadm/grafana_key -i $PWD/key.pem + ceph config-key set mgr/cephadm/grafana_crt -i $PWD/certificate.pem + +The ``cephadm`` manager module needs to be restarted to be able to read updates +to these keys. + +.. code-block:: bash + + ceph orch restart mgr + +If you already deployed Grafana, you need to redeploy the service for the +configuration to be updated. + +.. code-block:: bash + + ceph orch redeploy grafana + +The ``redeploy`` command also takes care of setting the right URL for Ceph +Dashboard. + Using custom images ~~~~~~~~~~~~~~~~~~~ @@ -125,7 +156,7 @@ For example you have set the custom image for automatically. You will need to manually update the configuration (image name and tag) to be able to install updates. - + If you choose to go with the recommendations instead, you can reset the custom image you have set before. After that, the default value will be used again. Use ``ceph config rm`` to reset the configuration option -- 2.39.5