Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grafana Dashboards are not using SSL when SSL is configured for Tendrl #303

Closed
mbukatov opened this issue Sep 25, 2017 · 3 comments
Closed

Grafana Dashboards are not using SSL when SSL is configured for Tendrl #303

mbukatov opened this issue Sep 25, 2017 · 3 comments
Assignees
@brainfunked @nthomas-redhat
Labels
dashboard enhancement

Comments

@mbukatov
Copy link
Contributor

Description

When SSL is configured as described in #264, based on example /etc/httpd/conf.d/tendrl-ssl.conf.sample file, Grafana dashboards are still served via unencrypted http connection.

Version

Recent snapshot build from master branch:

tendrl-api-httpd-1.5.2-20170921T125939.61d8945.noarch

Versions of all related Tendrl packages for full reference:

# rpm -qa | grep tendrl | sort
tendrl-api-1.5.2-20170921T125939.61d8945.noarch
tendrl-api-httpd-1.5.2-20170921T125939.61d8945.noarch
tendrl-commons-1.5.2-20170921T220225.c77a8fc.noarch
tendrl-grafana-plugins-1.5.2-20170925T072405.6f3f855.noarch
tendrl-monitoring-integration-1.5.2-20170925T072405.6f3f855.noarch
tendrl-node-agent-1.5.2-20170922T094941.ced9876.noarch
tendrl-notifier-1.5.2-20170922T082559.b6a2768.noarch
tendrl-ui-1.5.2-20170921T165116.b85723e.noarch
# rpm -q grafana
grafana-4.5.2-1.x86_64

Steps to Reproduce

  1. Prepare machines with GlusterFS cluster, including gluster volume (I used nightly builds and volume_usmqe_alpha_distrep_4x2.create.conf)
  2. Install Tendrl via tendrl-ansible there, using snapshot builds and Tendrl/tendrl-ansible@57a4cfd from work in progress branch for work in progress: ssl configuration for Tendrl [blocked] tendrl-ansible#46
  3. Log into the Tendrl web interface as an admin user
  4. Import the cluster and wait for task to finish with success
  5. Go to Clusters page and click on Launch Dashboard button (of just imported cluster)
  6. See the dashboard page and it's url

Actual Results

The dashboard opens, but while the tendrl web ui is serverd over ssl (the url is https://10.34.108.90/#/clusters), the grafana dashboard is not encrypted via ssl (the url is http://10.34.108.90:3000/dashboard/db/tendrl-gluster-at-a-glance?var-cluster_id=9760f5a0-242f-41cd-b3a2-2422e6fd0d13&refresh=10s&orgId=1):

screenshot_20170925_153207

Expected Results

The dashboard opens and it's served via encrypted ssl connection (the url begins with https://).

Details

It seems that while tendrl api is routed via apache, grafana web with dashboards is not:

# lsof -i -Pn | grep LISTEN | grep grafana
grafana-s  9668 grafana    7u  IPv6   48852      0t0  TCP *:3000 (LISTEN)

Would it make sense to route it through apache as well?
@mbukatov mbukatov mentioned this issue Sep 25, 2017
Open
13 tasks
@anivargi anivargi mentioned this issue Sep 26, 2017
Open
@anivargi
Copy link
Contributor

moved to Tendrl/monitoring-integration#144

@mbukatov
Copy link
Contributor Author

@sidhax this seems like security related issue

@mbukatov
Copy link
Contributor Author

mbukatov commented Sep 27, 2017
edited
Loading

At first sight, the natural approach here seems to me to reconfigure apache to provide grafana (via reverse proxy). I could be wrong though.

That said, I would like to see list of pros and cons of each approach before settling with particular solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brainfunked brainfunked

@nthomas-redhat nthomas-redhat

Labels
dashboard enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brainfunked @mbukatov @nthomas-redhat @anivargi