"No certificates found" after adding juju deploy ceph-dashboard

hikkart · 23 June 2023 03:16

Tried to install ceph-dashboard and got “No certificates found. Please add a certifcates relation or provide via charm config”.

please let me know how to add the locally generated certificate.

I presume “openstack-vault” can be configured to support it.

Any help would be much appreciated to find an appropriate way. Thank you.

#juju deploy --channel quincy/stable  ceph-dashboard
#juju add-relation ceph-dashboard:dashboard ceph-mon:dashboard
#ceph mgr module enable dashboard

I have juju ceph-base installed with three vms as below.

$ juju status
Model  Controller            Cloud/Region          Version  SLA          Timestamp
ceph   manual-cloud-default  manual-cloud/default  2.9.43   unsupported  22:55:07Z

App             Version  Status   Scale  Charm           Channel        Rev  Exposed  Message
ceph-dashboard           blocked      3  ceph-dashboard  quincy/stable   31  no       No certificates found. Please add a certifcates relation or provide via charm config
ceph-mon        17.2.5   active       3  ceph-mon        quincy/stable  167  no       Unit is ready and clustered
ceph-osd        17.2.5   active       3  ceph-osd        quincy/stable  559  no       Unit is ready (1 OSD)

Unit                 Workload  Agent  Machine  Public address  Ports  Message
ceph-mon/0           active    idle   1        10.x.x.175          Unit is ready and clustered
  ceph-dashboard/2*  blocked   idle            10.x.x.175          No certificates found. Please add a certifcates relation or provide via charm config
ceph-mon/1           active    idle   2        10.x.x.108          Unit is ready and clustered
  ceph-dashboard/1   blocked   idle            10.x.x.108          No certificates found. Please add a certifcates relation or provide via charm config
ceph-mon/2*          active    idle   3        10.x.x.251          Unit is ready and clustered
  ceph-dashboard/0   blocked   idle            10.x.x.251          No certificates found. Please add a certifcates relation or provide via charm config
ceph-osd/0           active    idle   1        10.x.x.175          Unit is ready (1 OSD)
ceph-osd/1           active    idle   2        10.x.x.108          Unit is ready (1 OSD)
ceph-osd/2*          active    idle   3        10.x.x.251          Unit is ready (1 OSD)

Machine  State    Address        Inst id               Series  AZ  Message
1        started  10.x.x.175  manual:10.x.x.175  jammy       Manually provisioned machine
2        started  10.x.x.108  manual:10.x.x.108  jammy       Manually provisioned machine
3        started  10.x.x.251  manual:10.x.x.251  jammy       Manually provisioned machine

hpidcock · 23 June 2023 03:47

@billy-olsen is this something your team would know?

billy-olsen · 23 June 2023 03:57

Thanks for the tag @hpidcock !

@hikkart You can definitely use the vault application to provide the certificates. There’s a bit of instructions for installing and configuring the ceph dashboard on the Ubuntu Ceph docs page: Ceph Dashboard install | Ubuntu. This should help get you straightened out for deploying the dashboard and getting setup. If you get stuck, feel free to ask for more help.

I do notice that the current docs loaded in the charmhub for the Ceph Dashboard are missing. Sorry about that, we’ll get those sorted out to help future travelers as that’s not a great experience. In the meantime, you can reference the Charmed Ceph docs pages at Charmed Ceph Documentation | Ubuntu to help. Don’t hesitate to give a shout out in this thread if you get stuck.

cc: @chrome0, @utkarshbhatthere, @lmlogiudice

hikkart · 26 June 2023 23:48

Thank you @billy-olsen @hpidcock for the response.

few questions to get clarified:

As mentioned above the link, are openstack-vault & openstack-loadbalancer mandatory to have ceph-dashboard? or any other option is available.
Getting below error after “juju deploy vault --channel 1.8/stable --to 1” with “juju status”

vault/2* blocked idle 1 10.x.x.175 8200/tcp Vault needs to be initialized

As mentioned in “https://opendev.org/openstack/charm-vault/src/branch/master/src/README.md#post-deployment-tasks”, do i need to follow post-deployment-tasks to fix point.2 ?
Does postgresql or any db require prior to Vault configuration?

Thank you for the support.

billy-olsen · 27 June 2023 00:05

Hi @hikkart,

Some responses inline below:

As mentioned above the link, are openstack-vault & openstack-loadbalancer mandatory to have ceph-dashboard? or any other option is available.

Yes, the two services are mandatory. We test and validate with these two options.

Getting below error after “juju deploy vault --channel 1.8/stable --to 1” with “juju status”

This is actually not an error, rather the charm is reporting blocked as it requires human intervention to proceed.

As mentioned in “https://opendev.org/openstack/charm-vault/src/branch/master/src/README.md#post-deployment-tasks”, do i need to follow post-deployment-tasks to fix point.2 ?

Yep! You got it, this is what you need to do!

Does postgresql or any db require prior to Vault configuration?

If you don’t supply a database for vault to use as the backend, it will be configured to use the raft backend - which is native to Vault itself.

Based on where you’re at, I think you can unseal vault and continue with the deployment. Make sure to save your vault keys!! Those are necessary to unseal vault units when services are restarted in the future.

hikkart · 27 June 2023 00:50

Thank you @billy-olsen for the prompt response. I will try and update you the status. Cheers.

hikkart · 28 June 2023 03:36

Hi @billy-olsen

Is there any other option to deploy ceph-dashboard without using vault?

Could you please enlighten me. Sorry to reiterate the same question again but I am curious to know other options as well. Thank you.

billy-olsen · 11 July 2023 19:51

The ceph-dashboard charm itself has configuration options for ssl_ca, ssl_cert and ssl_key for manually providing certificates.

hikkart · 18 July 2023 00:39

Thank you @billy-olsen. I have tried to use locally generated certificates and ended up with below error. Any help would be much appreciated. Thank you.

juju deploy --channel quincy/stable ceph-dashboard --config ssl_ca=./ca.pem --config ssl_cert=./cert.pem --config ssl_key=./cert-key.pem

juju add-relation ceph-dashboard:dashboard ceph-mon:dashboard

user1/certs$ juju status
Model  Controller            Cloud/Region          Version  SLA          Timestamp
ceph   manual-cloud-default  manual-cloud/default  2.9.43   unsupported  23:26:18Z

App             Version  Status  Scale  Charm           Channel        Rev  Exposed  Message
ceph-dashboard           error       0  ceph-dashboard  quincy/stable   35  no       hook failed: "install"
ceph-mon        17.2.5   active      3  ceph-mon        quincy/stable  167  no       Unit is ready and clustered
ceph-osd        17.2.5   active      3  ceph-osd        quincy/stable  559  no       Unit is ready (1 OSD)

Unit                 Workload  Agent  Machine  Public address  Ports  Message
ceph-mon/0           active    idle   1        10.x.x.175          Unit is ready and clustered
  ceph-dashboard/7   error     idle            10.x.x.175          hook failed: "install"
ceph-mon/1           active    idle   2        10.x.x.108          Unit is ready and clustered
  ceph-dashboard/6*  error     idle            10.x.x.108          hook failed: "install"
ceph-mon/2*          active    idle   3        10.x.x.251          Unit is ready and clustered
  ceph-dashboard/8   error     idle            10.x.x.251          hook failed: "install"
ceph-osd/0           active    idle   1        10.x.x.175          Unit is ready (1 OSD)
ceph-osd/1           active    idle   2        10.x.x.108          Unit is ready (1 OSD)
ceph-osd/2*          active    idle   3        10.x.x.251          Unit is ready (1 OSD)

user1/certs$ juju debug-log --include ceph-dashboard/3  #All 6,7,8 units showing same error
binascii.Error: Incorrect padding 
unit-ceph-dashboard-6: 00:11:33 ERROR juju.worker.uniter.operation hook "install" (via hook dispatching script: dispatch) failed: exit status 1
unit-ceph-dashboard-6: 00:11:33 INFO juju.worker.uniter awaiting error resolution for "install" hook
unit-ceph-dashboard-6: 00:11:43 INFO juju.worker.uniter awaiting error resolution for "install" hook
unit-ceph-dashboard-6: 00:11:43 INFO unit.ceph-dashboard/6.juju-log Running legacy hooks/install.
unit-ceph-dashboard-6: 00:11:43 INFO unit.ceph-dashboard/6.juju-log Installing packages
unit-ceph-dashboard-6: 00:11:45 INFO unit.ceph-dashboard/6.juju-log Installing ['ceph-mgr-dashboard', 'python3-onelogin-saml2'] with options: ['--option=Dpkg::Options::=--force-confold']
unit-ceph-dashboard-6: 00:11:45 INFO unit.ceph-dashboard/6.juju-log Updating status
unit-ceph-dashboard-6: 00:11:46 ERROR unit.ceph-dashboard/6.juju-log Uncaught exception while in charm code:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/./src/charm.py", line 632, in <module>
    main(CephDashboardCharm)
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/venv/ops/main.py", line 429, in main
    framework.reemit()
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/venv/ops/framework.py", line 794, in reemit
    self._reemit()
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/venv/ops/framework.py", line 857, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/venv/ops_openstack/core.py", line 113, in on_install
    self.install_pkgs()
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/venv/ops_openstack/core.py", line 110, in install_pkgs
    self.update_status()
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/venv/ops_openstack/core.py", line 152, in update_status
    _result = check()
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/./src/charm.py", line 363, in check_dashboard
    if not check_f():
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/./src/charm.py", line 319, in _check_for_certs
    key, cert, _ = self._get_tls_from_config()
  File "/var/lib/juju/agents/unit-ceph-dashboard-6/charm/./src/charm.py", line 478, in _get_tls_from_config
    key = base64.b64decode(raw_key)
  File "/usr/lib/python3.10/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

hikkart · 25 July 2023 20:27

Hi Team,

Any update would be really helpful to proceed. Thank you.

hikkart · 27 September 2023 04:57

@billy-olsen

Used self-signed certificate to deploy ceph dashboard (r41) successfully. Thank you for the support.