dashboard: allow disabling grafana api ssl verify

When using an untrusted TLS certificate (like self-signed) on grafana then the grafana dashboards update subcommand will fail. One solution could be to trust the TLS certificate. The other one is to disable the TLS verification on the grafana API. Closes: #5324 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit b20519e)
ceph · Jun 15, 2020 · b30a943 · b30a943
1 parent 802efcb
commit b30a943
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 0 deletions.
diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
@@ -747,6 +747,7 @@ dummy:
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''
 #dashboard_rgw_api_no_ssl_verify: False

diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
@@ -747,6 +747,7 @@ ceph_docker_registry_auth: true
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''
 #dashboard_rgw_api_no_ssl_verify: False

diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -107,6 +107,15 @@
   run_once: true
   changed_when: false
 
+- name: disable ssl verification for grafana
+  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False"
+  delegate_to: "{{ groups[mon_group_name][0] }}"
+  run_once: true
+  changed_when: false
+  when:
+    - dashboard_protocol == "https"
+    - dashboard_grafana_api_no_ssl_verify | bool
+
 - name: set alertmanager host
   command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-alertmanager-api-host {{ dashboard_protocol }}://{{ grafana_server_addrs | first }}:{{ alertmanager_port }}"
   delegate_to: "{{ groups[mon_group_name][0] }}"

diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
@@ -739,6 +739,7 @@ dashboard_admin_user_ro: false
 # We only need this for SSL (https) connections
 dashboard_crt: ''
 dashboard_key: ''
+dashboard_grafana_api_no_ssl_verify: False
 dashboard_rgw_api_user_id: ceph-dashboard
 dashboard_rgw_api_admin_resource: ''
 dashboard_rgw_api_no_ssl_verify: False