Skip to content

Commit

Permalink
mgr/dashboard: enable different URL for users of browser to Grafana
Browse files Browse the repository at this point in the history
Fixes: https://tracker.ceph.com/issues/47386

Signed-off-by: Patrick Seidensal <[email protected]>
  • Loading branch information
p-se authored and Patrick Seidensal committed Dec 4, 2020
1 parent 7cbb478 commit 676f829
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 9 deletions.
16 changes: 14 additions & 2 deletions doc/cephadm/monitoring.rst
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,20 @@ monitoring by following the steps below.
ceph orch apply grafana 1
Cephadm handles the prometheus, grafana, and alertmanager
configurations automatically.
Cephadm takes care of the configuration of Prometheus, Grafana, and Alertmanager
automatically.

However, there is one exception to this rule. In a some setups, the Dashboard
user's browser might not be able to access the Grafana URL configured in Ceph
Dashboard. One such scenario is when the cluster and the accessing user are each
in a different DNS zone.

For this case, there is an extra configuration option for Ceph Dashboard, which
can be used to configure the URL for accessing Grafana by the user's browser.
This value will never be altered by cephadm. To set this configuration option,
issue the following command::

$ ceph dashboard set-grafana-frontend-api-url <grafana-server-api>

It may take a minute or two for services to be deployed. Once
completed, you should see something like this from ``ceph orch ls``
Expand Down
37 changes: 35 additions & 2 deletions doc/mgr/dashboard.rst
Original file line number Diff line number Diff line change
Expand Up @@ -571,7 +571,8 @@ Configuring Dashboard
After you have set up Grafana and Prometheus, you will need to configure the
connection information that the Ceph Dashboard will use to access Grafana.

Tell the dashboard the URL for the deployed Grafana instance::
You need to tell the dashboard on which URL the Grafana instance is
running/deployed::

$ ceph dashboard set-grafana-api-url <grafana-server-url> # default: ''

Expand Down Expand Up @@ -603,6 +604,38 @@ You can also access Grafana directly to monitor your cluster.

$ ceph dashboard reset-grafana-api-url

Alternative URL for Browsers
""""""""""""""""""""""""""""

The Ceph Dashboard backend requires the Grafana URL to be able to verify the
existence of Grafana Dashboards before the frontend even loads them. Due to the
nature of how Grafana is implemented in Ceph Dashboard, this means that two
working connections are required in order to be able to see Grafana graphs in
Ceph Dashboard:

- The backend (Ceph Mgr module) needs to verify the existence of the requested
graph. If this request succeeds, it lets the frontend know that it can safely
access Grafana.
- The frontend then requests the Grafana graphs directly from the user's
browser using an iframe. The Grafana instance is accessed directly without any
detour through Ceph Dashboard.

Now, it might be the case that your environment makes it difficult for the
user's browser to directly access the URL configured in Ceph Dashboard. To solve
this issue, a separate URL can be configured which will solely be used to tell
the frontend (the user's browser) which URL it should use to access Grafana.
This setting won't ever be changed automatically, unlike the GRAFANA_API_URL
which is set by :ref:`cephadm` (only if cephadm is used to deploy monitoring
services).

To change the URL that is returned to the frontend issue the following command::

$ ceph dashboard set-grafana-frontend-api-url <grafana-server-url>

If no value is set for that option, it will simply fall back to the value of the
GRAFANA_API_URL option. If set, it will instruct the browser to use this URL to
access Grafana.

.. _dashboard-sso-support:

Enabling Single Sign-On (SSO)
Expand Down Expand Up @@ -1404,7 +1437,7 @@ or a week in the future to revert this temporary logging increase. This looks
something like this::

$ ceph config log
...
...
--- 11 --- 2020-11-07 11:11:11.960659 --- mgr.x/dashboard/log_level = debug ---
...
$ ceph config reset 11
Expand Down
16 changes: 11 additions & 5 deletions src/pybind/mgr/dashboard/controllers/grafana.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import

from .. import mgr
from ..exceptions import DashboardException
from ..grafana import GrafanaRestClient, push_local_dashboards
from ..security import Scope
Expand All @@ -16,21 +17,26 @@
@ApiController('/grafana', Scope.GRAFANA)
@ControllerDoc("Grafana Management API", "Grafana")
class Grafana(BaseController):

@Endpoint()
@ReadPermission
@EndpointDoc("List Grafana URL Instance",
responses={200: URL_SCHEMA})
@EndpointDoc("List Grafana URL Instance", responses={200: URL_SCHEMA})
def url(self):
response = {'instance': Settings.GRAFANA_API_URL}
grafana_url = mgr.get_module_option('GRAFANA_API_URL')
grafana_frontend_url = mgr.get_module_option('GRAFANA_FRONTEND_API_URL')
if grafana_frontend_url != '' and grafana_url == '':
url = ''
else:
url = (mgr.get_module_option('GRAFANA_FRONTEND_API_URL')
or mgr.get_module_option('GRAFANA_API_URL')).rstrip('/')
response = {'instance': url}
return response

@Endpoint()
@ReadPermission
def validation(self, params):
grafana = GrafanaRestClient()
method = 'GET'
url = Settings.GRAFANA_API_URL.rstrip('/') + \
url = str(Settings.GRAFANA_API_URL).rstrip('/') + \
'/api/dashboards/uid/' + params
response = grafana.url_validation(method, url)
return response
Expand Down
1 change: 1 addition & 0 deletions src/pybind/mgr/dashboard/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ class Options(object):

# Grafana settings
GRAFANA_API_URL = ('', str)
GRAFANA_FRONTEND_API_URL = ('', str)
GRAFANA_API_USERNAME = ('admin', str)
GRAFANA_API_PASSWORD = ('admin', str)
GRAFANA_API_SSL_VERIFY = (True, bool)
Expand Down

0 comments on commit 676f829

Please sign in to comment.