Missing /var/snap/grafana/common/ssl causes breakage when adding certificates relation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Grafana Charm |
Won't Fix
|
Undecided
|
Martin Kalcok |
Bug Description
I recently tried to enable HTTPS on Grafana via vault-managed certificates.
This in theory should have been done via:
juju add-relation vault:certificates grafana:
However, the service did not switch over to HTTPS.
Juju logs showed the following snippet:
2022-03-21 19:32:27 INFO juju-log certificates:107: Invoking reactive handler: reactive/
2022-03-21 19:32:27 DEBUG jujuc server.go:211 running hook tool "juju-log"
2022-03-21 19:32:27 INFO juju-log certificates:107: Writing CA certificate to /usr/local/
2022-03-21 19:32:27 DEBUG certificates-
2022-03-21 19:32:29 DEBUG certificates-
2022-03-21 19:32:29 DEBUG certificates-
2022-03-21 19:32:29 WARNING certificates-
2022-03-21 19:32:29 WARNING certificates-
2022-03-21 19:32:29 DEBUG certificates-
2022-03-21 19:32:29 DEBUG certificates-
2022-03-21 19:32:29 DEBUG jujuc server.go:211 running hook tool "juju-log"
2022-03-21 19:32:29 INFO juju-log certificates:107: Generated ca-certificates.crt for grafana
2022-03-21 19:32:29 DEBUG jujuc server.go:211 running hook tool "juju-log"
2022-03-21 19:32:29 DEBUG juju-log certificates:107: tracer: set flag tls_client.
The /etc/ca-
tags: | added: bseng-112 |
Changed in charm-grafana: | |
assignee: | nobody → Martin Kalcok (martin-kalcok) |
status: | New → In Progress |
Changed in charm-grafana: | |
status: | In Progress → Incomplete |
Changed in charm-grafana: | |
status: | Incomplete → In Progress |
Changed in charm-grafana: | |
status: | In Progress → Won't Fix |
I was only partially able to reproduce this issue. I can see the warnings in the logs when I relate grafana with vault/easyrsa. However it appears to be only temporary issue because when I log into the unit, the directory (and certificates) are in place and service is running over HTTPS as expected.
I think we should add `mkdir -p` into the sync script to avoid those warnings but this might not be the true cause of your issues.
Could you please share more details about the affected environment (ubuntu series/grafana charm version)?