From 56f304d31b154d87362620f08046720a3e0f3203 Mon Sep 17 00:00:00 2001
From: Patrick Seidensal <pseidensal@suse.com>
Date: Tue, 3 Nov 2020 13:47:23 +0100
Subject: [PATCH] mgr/dashboard: enable different URL for users of browser to
 Grafana

Fixes: https://tracker.ceph.com/issues/47386

Signed-off-by: Patrick Seidensal <pseidensal@suse.com>
(cherry picked from commit 676f82923d875cfe9528a401963c09f29a6de7f4)

Conflicts:
        doc/mgr/dashboard.rst
        src/pybind/mgr/dashboard/controllers/grafana.py

Resolved some trivial conflicts and replaced the heading of the newly
added section in the documentation to another level, as the
documentation between master and octopus differs quite much.
---
 doc/cephadm/monitoring.rst                    | 16 +++++++--
 doc/mgr/dashboard.rst                         | 35 ++++++++++++++++++-
 .../mgr/dashboard/controllers/grafana.py      | 13 +++++--
 src/pybind/mgr/dashboard/settings.py          |  1 +
 4 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/doc/cephadm/monitoring.rst b/doc/cephadm/monitoring.rst
index b1a4157730cb..fd3a4bbaf595 100644
--- a/doc/cephadm/monitoring.rst
+++ b/doc/cephadm/monitoring.rst
@@ -72,8 +72,20 @@ monitoring by following the steps below.
 
      ceph orch apply grafana 1
 
-Cephadm handles the prometheus, grafana, and alertmanager
-configurations automatically.
+Cephadm takes care of the configuration of Prometheus, Grafana, and Alertmanager
+automatically.
+
+However, there is one exception to this rule. In a some setups, the Dashboard
+user's browser might not be able to access the Grafana URL configured in Ceph
+Dashboard. One such scenario is when the cluster and the accessing user are each
+in a different DNS zone.
+
+For this case, there is an extra configuration option for Ceph Dashboard, which
+can be used to configure the URL for accessing Grafana by the user's browser.
+This value will never be altered by cephadm. To set this configuration option,
+issue the following command::
+
+  $ ceph dashboard set-grafana-frontend-api-url <grafana-server-api>
 
 It may take a minute or two for services to be deployed.  Once
 completed, you should see something like this from ``ceph orch ls``
diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst
index 7d815d8b92f7..6f90ea14e025 100644
--- a/doc/mgr/dashboard.rst
+++ b/doc/mgr/dashboard.rst
@@ -479,7 +479,8 @@ will not be visible in Prometheus.
 After you have set up Grafana and Prometheus, you will need to configure the
 connection information that the Ceph Dashboard will use to access Grafana.
 
-You need to tell the dashboard on which url Grafana instance is running/deployed::
+You need to tell the dashboard on which URL the Grafana instance is
+running/deployed::
 
   $ ceph dashboard set-grafana-api-url <grafana-server-url>  # default: ''
 
@@ -503,6 +504,38 @@ e.g. caused by certificates signed by unknown CA or not matching the host name::
 
 You can directly access Grafana Instance as well to monitor your cluster.
 
+Alternative URL for Browsers
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The Ceph Dashboard backend requires the Grafana URL to be able to verify the
+existence of Grafana Dashboards before the frontend even loads them. Due to the
+nature of how Grafana is implemented in Ceph Dashboard, this means that two
+working connections are required in order to be able to see Grafana graphs in
+Ceph Dashboard:
+
+- The backend (Ceph Mgr module) needs to verify the existence of the requested
+  graph. If this request succeeds, it lets the frontend know that it can safely
+  access Grafana.
+- The frontend then requests the Grafana graphs directly from the user's
+  browser using an iframe. The Grafana instance is accessed directly without any
+  detour through Ceph Dashboard.
+
+Now, it might be the case that your environment makes it difficult for the
+user's browser to directly access the URL configured in Ceph Dashboard. To solve
+this issue, a separate URL can be configured which will solely be used to tell
+the frontend (the user's browser) which URL it should use to access Grafana.
+This setting won't ever be changed automatically, unlike the GRAFANA_API_URL
+which is set by :ref:`cephadm` (only if cephadm is used to deploy monitoring
+services).
+
+To change the URL that is returned to the frontend issue the following command::
+
+  $ ceph dashboard set-grafana-frontend-api-url <grafana-server-url>
+
+If no value is set for that option, it will simply fall back to the value of the
+GRAFANA_API_URL option. If set, it will instruct the browser to use this URL to
+access Grafana.
+
 .. _dashboard-sso-support:
 
 Enabling Single Sign-On (SSO)
diff --git a/src/pybind/mgr/dashboard/controllers/grafana.py b/src/pybind/mgr/dashboard/controllers/grafana.py
index 0d4331ff2463..001367c7c291 100644
--- a/src/pybind/mgr/dashboard/controllers/grafana.py
+++ b/src/pybind/mgr/dashboard/controllers/grafana.py
@@ -3,6 +3,7 @@ from __future__ import absolute_import
 
 from . import (ApiController, BaseController, Endpoint, ReadPermission,
                UpdatePermission)
+from .. import mgr
 from ..exceptions import DashboardException
 from ..grafana import GrafanaRestClient, push_local_dashboards
 from ..security import Scope
@@ -11,11 +12,17 @@ from ..settings import Settings
 
 @ApiController('/grafana', Scope.GRAFANA)
 class Grafana(BaseController):
-
     @Endpoint()
     @ReadPermission
     def url(self):
-        response = {'instance': Settings.GRAFANA_API_URL}
+        grafana_url = mgr.get_module_option('GRAFANA_API_URL')
+        grafana_frontend_url = mgr.get_module_option('GRAFANA_FRONTEND_API_URL')
+        if grafana_frontend_url != '' and grafana_url == '':
+            url = ''
+        else:
+            url = (mgr.get_module_option('GRAFANA_FRONTEND_API_URL')
+                   or mgr.get_module_option('GRAFANA_API_URL')).rstrip('/')
+        response = {'instance': url}
         return response
 
     @Endpoint()
@@ -23,7 +30,7 @@ class Grafana(BaseController):
     def validation(self, params):
         grafana = GrafanaRestClient()
         method = 'GET'
-        url = Settings.GRAFANA_API_URL.rstrip('/') + \
+        url = str(Settings.GRAFANA_API_URL).rstrip('/') + \
             '/api/dashboards/uid/' + params
         response = grafana.url_validation(method, url)
         return response
diff --git a/src/pybind/mgr/dashboard/settings.py b/src/pybind/mgr/dashboard/settings.py
index 229f0c3d03dc..6f6c5a1313f5 100644
--- a/src/pybind/mgr/dashboard/settings.py
+++ b/src/pybind/mgr/dashboard/settings.py
@@ -37,6 +37,7 @@ class Options(object):
 
     # Grafana settings
     GRAFANA_API_URL = ('', str)
+    GRAFANA_FRONTEND_API_URL = ('', str)
     GRAFANA_API_USERNAME = ('admin', str)
     GRAFANA_API_PASSWORD = ('admin', str)
     GRAFANA_API_SSL_VERIFY = (True, bool)
-- 
2.47.3