Currently dashboard provides a Ceph command to specify location or
contents of SAML2 IdP XML (`idp_metadata` argument). This loose
interface is implemented by trying to:
- First, opens HTTPS connection to whatever that argument contains (it
might be a proper remote URL, a local file or XML contents).
- Then, tries to open the local file
- Finally, assumes the input argument is an XML and proceeds to parse
it.
However, as the XML can have an undefined length, when fed as a filename
it results in FreeBSD raising a OSError exception (`Max filename length
exceeded`, 1K). This essentially means that this handling results in
unexpected behaviour, as it pushes the validation & error handling to
the underlying methods.
In this fix, some preliminary validation is performed. Especifically:
- Is the input argument a potential filename?
- Is the input argument complying with URL syntax?
Only if the above checks fail, the input argument is fed into the XML
parser.
Additionally, previous syntax is deprecated, so now, `idp_metadata`
enforces 2 syntaxes:
- Raw XML contents
- URL specification (http, https, and file schemas accepted). For local
file, URL 'file://<path>' should be used instead.
Fixes: https://tracker.ceph.com/issues/41358
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
1. Disable redirection on standby managers. A HTTP error (500) will be returned instead of a redirection.
$ ceph config set mgr mgr/dashboard/standby_behaviour "error"
2. Configure the HTTP error status code.
$ ceph config set mgr mgr/dashboard/standby_error_status_code 503
Signed-off-by: Volker Theile <vtheile@suse.com>
Now you can silence alerts through the dashboard. You can now create,
recreate, edit and expire a silence. You can create a silence based on a
selected alert.
The silence form will help you create a silence that silences an alert.
It is provided with functionality to check if the silences, that
you are about to create, will or will not match an active alert or even
a rule.
It also provides help choosing the right values for the right chosen
matcher attribute name, through the use of type ahead values.
The dashboard will now use the Prometheus and the Alertmanager API
Fixes: https://tracker.ceph.com/issues/36722
Signed-off-by: Stephan Müller <smueller@suse.com>
Added paragraph that explains how standby dashboard instances perform
HTTP redirections to the currently active ceph-mgr node.
Added note about current limitations (see Bug#24662 for details).
Signed-off-by: Lenz Grimmer <lgrimmer@suse.com>
As discussed in BUG#39252, the dashboard currently does not
support all possible RGW configuration possibilities when trying
to obtain hostname and port number. Update the docs to better
reflect this.
Signed-off-by: Lenz Grimmer <lgrimmer@suse.com>
Added note about the requirement for the latest ceph-iscsi version
3 to the dashboard documentation. Added some doc references
and replaced some URLs in the iSCSI docs with reST labels instead.
Signed-off-by: Lenz Grimmer <lgrimmer@suse.com>
mgr/dashboard: Add separate option to config SSL port
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
Reviewed-by: Sebastian Wagner <swagner@suse.com>
Reviewed-by: Tatjana Dehler <tdehler@suse.com>
There is a need to introduce this new config option because the MgrModule::get_module_option() and MgrModule::get_localized_module_option() method will be refactored soon and will not support the default parameter anymore. Instead the default value must be configured in the MODULE_OPTIONS. Currently we misuse the server_port depending on if SSL is enabled or not.
Fixes: https://tracker.ceph.com/issues/38331
Signed-off-by: Volker Theile <vtheile@suse.com>
Renamed "Ceph Manager Dashboard" to "Ceph Dashboard" in
various locations, replaced "plugin" with "module".
Overhauled the feature list, added more references to configuration
instructions and related components.
Fixed capitalization of subchapters.
Added note about mixed content blocking to the Grafana section.
Removed duplicate content from the dashboard's `README.rst`,
moved some parts (supported browser list) into the documentation
instead.
Signed-off-by: Lenz Grimmer <lgrimmer@suse.com>
Add '*.inc.rst' to the list of excluded patterns from sphinx-build. This
allows for using '*.inc.rst' as includes, and avoids duplicates. The
benefit of keeping the trailing '.rst' extension is that most IDEs use
that to render reStructured Text files.
Fixes: http://tracker.ceph.com/issues/37530
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
The backend is now capable of receiving alert notifications from
the Prometheus alertmanager and it can get all alerts with all kinds of
parameters from the API of the same.
In the frontend Prometheus alerts can be found in "Cluster > Alerts". Incoming
notifications can be seen as usual in the notifications popover.
To clarify:
Prometheus alerts are received from the alertmanager API.
Prometheus alert notification are send from the alertmanager to the
backend receiver. An alert notification can have multiple alerts, but
these alerts differ from the prometheus alerts.
To clarify that, I've added some models and services.
If one of the methods to get alerts contains changes the user will be
notified.
The documentation explains how to configure the alertmanager to use the
dashboard receiver and how to connect the use of the alertmanager API.
Further it explains where to find the alerts and what happens if they
are configured and something is happening.
Fixes: https://tracker.ceph.com/issues/36721
Signed-off-by: Stephan Müller <smueller@suse.com>
Unlike `config set`, `config-key set` does not take the <who>
argument.
This change removes it from mgr ssl setup.
Signed-off-by: Mehdi Abaakouk <sileht@sileht.net>
Fixes: https://tracker.ceph.com/issues/36193
Enable API auditing with 'ceph dashboard set-audit-api-enabled true' (default is false). If you do not want to log the request payload, then disable it via 'set-audit-api-log-payload false' (default is true).
Example output:
2018-10-08 10:25:21.850994 mgr.x [INF] [DASHBOARD] from='https://[::1]:44410' path='/api/auth' method='POST' user='None' params='{"username": "admin", "password": "***", "stay_signed_in": false}'
Signed-off-by: Volker Theile <vtheile@suse.com>
Reworded the description of the user/role management feature, clarified
that it can be configured on both the CLI and the WebUI. Added labels for
referencing the user/role management and SSL configuration sections.
Signed-off-by: Lenz Grimmer <lgrimmer@suse.com>
Enables to change (set/unset) values of settings of the dashboard using
the REST API.
Fixes: https://tracker.ceph.com/issues/24273
Signed-off-by: Patrick Nawracay <pnawracay@suse.com>
Set a default timeout of 45 seconds to all REST client calls. This can be customized via 'ceph dashboard set-rest-requests-timeout <seconds>'. Currently the REST client is only used by the RGW controller.
Signed-off-by: Volker Theile <vtheile@suse.com>
Although is preferred and should be enabled by default users might
want to disable SSL as the dashboard might be running behind a proxy
which terminates the SSL.
Fixes: https://tracker.ceph.com/issues/24674
Signed-off-by: Wido den Hollander <wido@42on.com>
This setting tends to confuse people, as it's only respected
on the very first startup of the cluster. Instead, mention
it (with appropriate caveats) on the general mgr admin
page.
Signed-off-by: John Spray <john.spray@redhat.com>
