[TUTORIAL] [Nautilus] activating CEPH DASHBOARD

V

virttom

Member
Proxmox Subscriber
Mar 20, 2020
47
15
8
50
France
Hi all !

Even if I know that there is more than 1 way to do it, here is a way that worked for me. Please note that since it was on a POC I found it useful to use self signed certificate, don't do this on production cluster ;)

apt install ceph-mgr-dashboard (on all service manager nodes)

ceph mgr module enable dashboard

ceph dashboard ac-user-create cephdash [password] administrator

ceph config-key set mgr/dashboard/server_addr ::

ceph dashboard create-self-signed-cert

ceph mgr module disable dashboard

ceph mgr module enable dashboard

systemctl restart ceph-mgr@[servername].service

Then https://[IP or FQDN]:8443 or http://[IP or FQDN]:8080
 
  • Like
Reactions: kittiza, takeokun, elhashif and 4 others
Thanks for sharing your experience!
I marked the thread as TUTORIAL - thus others can spot it more easily :)
 
  • Like
Reactions: Tmanok and virttom
Indeed! An alternative for those who don't require/desire SSL would be:

Code: 
apt install ceph-mgr-dashboard

For each manager, listen only on a private IP/interface
Code: 
ceph config set mgr mgr/dashboard/<nodeN>/server_addr <private_IP_N>

For each manager, perhaps listen on a non-standard port
Code: 
ceph config set mgr mgr/dashboard/<nodeN>/server_port 8080

Enable without SSL and related certificate
Code: 
ceph mgr module enable dashboard

ceph config set mgr mgr/dashboard/ssl false

Create privileged and unprivileged accounts
Code: 
ceph dashboard ac-user-create myadmin <password> administrator

ceph dashboard ac-user-create myaudit <password> read-only

If you only use Ceph RBD, don't bother with other services
Code: 
ceph dashboard feature disable cephfs iscsi mirroring rgw

Verify some settings
Code: 
ceph dashboard ac-user-show

ceph dashboard ac-role-show

ceph dashboard feature status

It's a good tool in addition to the CLI and PVE Ceph monitoring tools. Enjoy!
 
  • Like
Reactions: wbedard, Darkk and Tmanok
If you get error : ceph dashboard ac-user-create input file not specified: please specify the file containing password/secret with "-i" option

use :
echo "mypasswordhere" > /root/cephdashpass.txt
ceph dashboard ac-user-create cephdash -i /root/cephdashpass.txt administrator
 
  • Like
Reactions: Drallas and jhamann
This worked for me on Proxmox 8.

Code: 
apt install ceph-mgr-dashboard (on all service manager nodes)

ceph mgr module enable dashboard
echo "thepassword" > /root/password
ceph dashboard ac-user-create cephdash -i ./password administrator --force
ceph config-key set mgr/dashboard/server_addr 127.0.0.1
ceph dashboard create-self-signed-cert
ceph mgr module disable dashboard
ceph mgr module enable dashboard
systemctl restart ceph-mgr@[hostname].service
systemctl status ceph-mgr@hostname.service
rm password

Dashboard is working.

Only seeing a "Module 'restful' has failed dependency: PyO3 modules may only be initialized once per interpreter process”

This seems Ceph / Python related.
 
a4ds5t said:
This worked for me on Proxmox 8.

Code: 
apt install ceph-mgr-dashboard (on all service manager nodes)

ceph mgr module enable dashboard
echo "thepassword" > /root/password
ceph dashboard ac-user-create cephdash -i ./password administrator --force
ceph config-key set mgr/dashboard/server_addr 127.0.0.1
ceph dashboard create-self-signed-cert
ceph mgr module disable dashboard
ceph mgr module enable dashboard
systemctl restart ceph-mgr@[hostname].service
systemctl status ceph-mgr@hostname.service
rm password

Dashboard is working.

Only seeing a "Module 'restful' has failed dependency: PyO3 modules may only be initialized once per interpreter process”

This seems Ceph / Python related.
Click to expand...
Does this use many additional resources?
 
itNGO said:
Does this use many additional resources?
Click to expand...
Not at all, only see the ceph-mgr 'wake-up' while using the dashboard; otherwise it's at 0.3% CPU (AMD Ryzen 5 5625U) and 1% memory (out of 32GB). You could disable the service, only starting it when you need the dashboard.
 
  • Like
Reactions: itNGO
Hi there,

I've got this:
root@pve00:~# ceph-mgr module enable dashboard
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 auth: unable to find a keyring on /var/lib/ceph/mgr/ceph-admin/keyring: (2) No such file or directory
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 AuthRegistry(0x555d41aa0a40) no keyring found at /var/lib/ceph/mgr/ceph-admin/keyring, disabling cephx
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 auth: unable to find a keyring on /var/lib/ceph/mgr/ceph-admin/keyring: (2) No such file or directory
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 AuthRegistry(0x7ffff2e5d8c0) no keyring found at /var/lib/ceph/mgr/ceph-admin/keyring, disabling cephx
failed to fetch mon config (--no-mon-config to skip)

What to do?

I have got keyring:

root@pve00:/var/lib/ceph/mgr/ceph-pve00#


Thanks
 
w00dmAn said:
root@pve00:~# ceph-mgr module enable dashboard
Click to expand...
the command ceph-mgr and ceph mgr are not the same thing - use ceph mgr

note that for many of us even ceph mgr with or without --force is not working, so YMMV
 
ym dashboard module seems enabled but server behave's like there is no ceph dashboard.. command.

it's actually not there. i appreciate any help ..


root@WIRO-PVE1:~# ceph dashboard ac-user-create cephdash password administrator
no valid command found; 10 closest matches:
pg stat
pg getmap
pg dump [<dumpcontents:all|summary|sum|delta|pools|osds|pgs|pgs_brief>...]
pg dump_json [<dumpcontents:all|summary|sum|pools|osds|pgs>...]
pg dump_pools_json
pg ls-by-pool <poolstr> [<states>...]
pg ls-by-primary <id|osd.id> [<pool:int>] [<states>...]
pg ls-by-osd <id|osd.id> [<pool:int>] [<states>...]
pg ls [<pool:int>] [<states>...]
pg dump_stuck [<stuckops:inactive|unclean|stale|undersized|degraded>...] [<threshold:int>]
Error EINVAL: invalid command
 
TL;DR: Before starting, make sure to apply this workaround on all cluster nodes:

Code: 
adduser ceph www-data
mkdir -p /var/lib/ceph/.ceph
install -o ceph -g root -m 0640 /etc/pve/ceph.conf /var/lib/ceph/.ceph/ceph.conf


I found that ceph-mgr is crashing on all nodes when it tries to reload its config, triggered by the first command ceph mgr module enable dashboard.

Journals logged these errors:

Code: 
did not load config file, using default settings.
ignoring --setuser ceph since I am not root
Errors while parsing config file!
can't open ceph.conf: (2) No such file or directory
ignoring --setgroup ceph since I am not root
unable to get monitor info from DNS SRV with service name: ceph-mon[..]
failed to fetch mon config (--no-mon-config to skip)

Ultimately it's a permission problem trying to read ceph.conf:

Code: 
openat(AT_FDCWD, "/etc/ceph/ceph.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/var/lib/ceph/.ceph/ceph.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "ceph.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
write(2, "did not load config file, using "..., 49) = 49

The ceph-mgr daemons run as user ceph, which indeed doesn't have access to ceph.conf, and this is a Proxmox issue.

Code: 
host:~# ls -ld /etc/ceph/ceph.conf /etc/pve/ceph.conf
lrwxrwxrwx 1 root root      18 Jun 22  2023 /etc/ceph/ceph.conf -> /etc/pve/ceph.conf
-rw-r----- 1 root www-data 718 Apr 30 20:34 /etc/pve/ceph.conf

While not being a proper solution, it is necessary to add the ceph user to group www-data:
Code: 
adduser ceph www-data

To have ceph-mgr actually inherit this new group, it would need to be restarted, but ...:
Code: 
systemctl restart ceph-mgr@`hostname`.service

... we can skip this restart by placing the /etc/ceph/ceph.conf content at /var/lib/ceph/.ceph/ceph.conf:

Code: 
mkdir -p /var/lib/ceph/.ceph
install -o ceph -g root -m 0640 /etc/pve/ceph.conf /var/lib/ceph/.ceph/ceph.conf

This file (/var/lib/ceph/.ceph/ceph.conf) should be eventually removed, as a failing service is easier to debug than a service that silently reverted to a legacy configuration.
 
Last edited:
  • Like
Reactions: herzkerl and XMarcR
Hi I needed to change some things to get this working on my node.

- proxmox version: 8.3.1

Code: 
apt install ceph-mgr-dashboard (on all service manager nodes)
ceph mgr module enable dashboard

# generate new pw and paste it in the dashboard-pw file
cd /etc/ceph
vim dashboard-pw
chmod 600 /etc/ceph/dashboard-pw

# ceph dashboard ac-user-create <user> -i <pw file> <role>
ceph dashboard ac-user-create admin -i /etc/ceph/dashboard-pw administrator
ceph config-key set mgr/dashboard/server_addr ::

# generate certificate
openssl req -newkey rsa:4096 -nodes -x509 \
-keyout /etc/ceph/dashboard-key.pem -out /etc/ceph/dashboard-crt.pem -sha512 \
-days 3650 -subj "/CN=IT/O=ceph-mgr-dashboard" -utf8

ceph config-key set mgr/dashboard/key -i /etc/ceph/dashboard-key.pem
ceph config-key set mgr/dashboard/crt -i /etc/ceph/dashboard-crt.pem

ceph mgr module disable dashboard
ceph mgr module enable dashboard
systemctl restart ceph-mgr@[servername].service

Afterwards, go to the dashboard URL: https://[IP or FQDN]:8443 or http://[IP or FQDN]:8080

Hope this helps someone

Regards atomique
 
  • Like
Reactions: henkesde92 and itNGO
You must log in or register to reply here.
Top Bottom