Grafana Charm

Enabling SSL by adding ssl_* doesn't work

Bug #1947076 reported by Chris Johnston
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Grafana Charm
Fix Released
Undecided
Chris Johnston
Grafana Charm 21.10

Bug Description

When enabling SSL on rev50 by providing a certificate, the charm fails:

juju config grafana ssl_key="$(base64 -w 0 < grafana.maas.com_server.key.insecure)"
juju config grafana ssl_cert="$(base64 -w 0 < grafana.maas.com_server.crt)"
juju config grafana ssl_ca="$(base64 -w 0 < grafana.maas.com_server.crt)"

Unit Workload Agent Machine Public address Ports Message
grafana/0* error idle 5 172.27.248.168 3000/tcp hook failed: "config-changed"

2021-10-14 02:46:37 WARNING config-changed Traceback (most recent call last):
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/charm/hooks/config-changed", line 22, in <module>
2021-10-14 02:46:37 WARNING config-changed main()
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 74, in main
2021-10-14 02:46:37 WARNING config-changed bus.dispatch(restricted=restricted_mode)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch
2021-10-14 02:46:37 WARNING config-changed _invoke(other_handlers)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke
2021-10-14 02:46:37 WARNING config-changed handler.invoke()
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke
2021-10-14 02:46:37 WARNING config-changed self._action(*args)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/charm/reactive/grafana.py", line 682, in configure_sources
2021-10-14 02:46:37 WARNING config-changed generate_prometheus_dashboards(gf_adminpasswd, ds)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/charm/reactive/grafana.py", line 988, in generate_prometheus_dashboards
2021-10-14 02:46:37 WARNING config-changed current_dashboards = get_current_dashboards(config["port"], gf_adminpasswd)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/charm/reactive/grafana.py", line 828, in get_current_dashboards
2021-10-14 02:46:37 WARNING config-changed verify=get_ca_cert_path(),
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/requests/api.py", line 76, in get
2021-10-14 02:46:37 WARNING config-changed return request('get', url, params=params, **kwargs)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/requests/api.py", line 61, in request
2021-10-14 02:46:37 WARNING config-changed return session.request(method=method, url=url, **kwargs)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/requests/sessions.py", line 530, in request
2021-10-14 02:46:37 WARNING config-changed resp = self.send(prep, **send_kwargs)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/requests/sessions.py", line 643, in send
2021-10-14 02:46:37 WARNING config-changed r = adapter.send(request, **kwargs)
2021-10-14 02:46:37 WARNING config-changed File "/var/lib/juju/agents/unit-grafana-0/.venv/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
2021-10-14 02:46:37 WARNING config-changed raise SSLError(e, request=request)
2021-10-14 02:46:37 WARNING config-changed requests.exceptions.SSLError: HTTPSConnectionPool(host='127.0.0.1', port=3000): Max retries exceeded with url: /api/search?type=dash-db (Caused by SSLError(CertificateError("hostname '127.0.0.1' doesn't match 'grafana.maas.com'",),))

get_current_dashboards (among others) hard code the address as 127.0.0.1 [1].

[1] https://git.launchpad.net/charm-grafana/tree/src/reactive/grafana.py#n820

Related branches

~cjohnston/charm-grafana:ssl-fixes
Celia Wang: Approve
BootStack Reviewers: Pending requested
Diff: 118 lines (+28/-10)
3 files modified
src/config.yaml (+8/-6)
src/lib/charms/layer/grafana.py (+9/-0)
src/reactive/grafana.py (+11/-4)
Chris Johnston (cjohnston)
Changed in charm-grafana:
assignee: nobody → Chris Johnston (cjohnston)
status: New → Fix Committed
Xav Paice (xavpaice)
Changed in charm-grafana:
status: Fix Committed → Fix Released
milestone: none → 21.10
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.