[TUTORIAL] [Nautilus] activating CEPH DASHBOARD

[virttom]

Hi all !

Even if I know that there is more than 1 way to do it, here is a way that worked for me. Please note that since it was on a POC I found it useful to use self signed certificate, don't do this on production cluster

apt install ceph-mgr-dashboard (on all service manager nodes)

ceph mgr module enable dashboard

ceph dashboard ac-user-create cephdash [password] administrator

ceph config-key set mgr/dashboard/server_addr ::

ceph dashboard create-self-signed-cert

ceph mgr module disable dashboard

ceph mgr module enable dashboard

systemctl restart ceph-mgr@[servername].service

Then https://[IP or FQDN]:8443 or http://[IP or FQDN]:8080

 

[Stoiko Ivanov]

Thanks for sharing your experience!
I marked the thread as TUTORIAL - thus others can spot it more easily

 

[Tmanok]

Awesome thank you so much for sharing!

 

[RokaKen]

Indeed! An alternative for those who don't require/desire SSL would be:

apt install ceph-mgr-dashboard

For each manager, listen only on a private IP/interface

ceph config set mgr mgr/dashboard/<nodeN>/server_addr <private_IP_N>

For each manager, perhaps listen on a non-standard port

ceph config set mgr mgr/dashboard/<nodeN>/server_port 8080

Enable without SSL and related certificate

ceph mgr module enable dashboard

ceph config set mgr mgr/dashboard/ssl false

Create privileged and unprivileged accounts

ceph dashboard ac-user-create myadmin <password> administrator

ceph dashboard ac-user-create myaudit <password> read-only

If you only use Ceph RBD, don't bother with other services

ceph dashboard feature disable cephfs iscsi mirroring rgw

Verify some settings

ceph dashboard ac-user-show

ceph dashboard ac-role-show

ceph dashboard feature status

It's a good tool in addition to the CLI and PVE Ceph monitoring tools. Enjoy!

 

[Deepen Dhulla]

If you get error : ceph dashboard ac-user-create input file not specified: please specify the file containing password/secret with "-i" option

use :
echo "mypasswordhere" > /root/cephdashpass.txt
ceph dashboard ac-user-create cephdash -i /root/cephdashpass.txt administrator

 

[Drallas]

This worked for me on Proxmox 8.

apt install ceph-mgr-dashboard (on all service manager nodes)

ceph mgr module enable dashboard
echo "thepassword" > /root/password
ceph dashboard ac-user-create cephdash -i ./password administrator --force
ceph config-key set mgr/dashboard/server_addr 127.0.0.1
ceph dashboard create-self-signed-cert
ceph mgr module disable dashboard
ceph mgr module enable dashboard
systemctl restart ceph-mgr@[hostname].service
systemctl status ceph-mgr@hostname.service
rm password

Dashboard is working.

Only seeing a "Module 'restful' has failed dependency: PyO3 modules may only be initialized once per interpreter process”

This seems Ceph / Python related.

 

[itNGO]

This worked for me on Proxmox 8.

apt install ceph-mgr-dashboard (on all service manager nodes)

ceph mgr module enable dashboard
echo "thepassword" > /root/password
ceph dashboard ac-user-create cephdash -i ./password administrator --force
ceph config-key set mgr/dashboard/server_addr 127.0.0.1
ceph dashboard create-self-signed-cert
ceph mgr module disable dashboard
ceph mgr module enable dashboard
systemctl restart ceph-mgr@[hostname].service
systemctl status ceph-mgr@hostname.service
rm password

Dashboard is working.

Only seeing a "Module 'restful' has failed dependency: PyO3 modules may only be initialized once per interpreter process”

This seems Ceph / Python related.

Does this use many additional resources?

 

[Drallas]

Does this use many additional resources?

Not at all, only see the ceph-mgr 'wake-up' while using the dashboard; otherwise it's at 0.3% CPU (AMD Ryzen 5 5625U) and 1% memory (out of 32GB). You could disable the service, only starting it when you need the dashboard.

 

[w00dmAn]

Hi there,

I've got this:
root@pve00:~# ceph-mgr module enable dashboard
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 auth: unable to find a keyring on /var/lib/ceph/mgr/ceph-admin/keyring: (2) No such file or directory
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 AuthRegistry(0x555d41aa0a40) no keyring found at /var/lib/ceph/mgr/ceph-admin/keyring, disabling cephx
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 auth: unable to find a keyring on /var/lib/ceph/mgr/ceph-admin/keyring: (2) No such file or directory
2023-09-17T17:02:08.870+1200 7fa59c70e000 -1 AuthRegistry(0x7ffff2e5d8c0) no keyring found at /var/lib/ceph/mgr/ceph-admin/keyring, disabling cephx
failed to fetch mon config (--no-mon-config to skip)

What to do?

I have got keyring:

root@pve00:/var/lib/ceph/mgr/ceph-pve00#


Thanks

 

[scyto]

root@pve00:~# ceph-mgr module enable dashboard

the command ceph-mgr and ceph mgr are not the same thing - use ceph mgr

note that for many of us even ceph mgr with or without --force is not working, so YMMV

 

[foxydosin]

ym dashboard module seems enabled but server behave's like there is no ceph dashboard.. command.

it's actually not there. i appreciate any help ..


root@WIRO-PVE1:~# ceph dashboard ac-user-create cephdash password administrator
no valid command found; 10 closest matches:
pg stat
pg getmap
pg dump [<dumpcontents:all|summary|sum|delta|pools|osds|pgs|pgs_brief>...]
pg dump_json [<dumpcontents:all|summary|sum|pools|osds|pgs>...]
pg dump_pools_json
pg ls-by-pool <poolstr> [<states>...]
pg ls-by-primary <id|osd.id> [<pool:int>] [<states>...]
pg ls-by-osd <id|osd.id> [<pool:int>] [<states>...]
pg ls [<pool:int>] [<states>...]
pg dump_stuck [<stuckops:inactive|unclean|stale|undersized|degraded>...] [<threshold:int>]
Error EINVAL: invalid command

 

[felipemiranda]

Does this still valid for Quincy 17.2?

 

[cluck]

TL;DR: Before starting, make sure to apply this workaround on all cluster nodes:

adduser ceph www-data
mkdir -p /var/lib/ceph/.ceph
install -o ceph -g root -m 0640 /etc/pve/ceph.conf /var/lib/ceph/.ceph/ceph.conf

---

I found that ceph-mgr is crashing on all nodes when it tries to reload its config, triggered by the first command ceph mgr module enable dashboard.

Journals logged these errors:

did not load config file, using default settings.
ignoring --setuser ceph since I am not root
Errors while parsing config file!
can't open ceph.conf: (2) No such file or directory
ignoring --setgroup ceph since I am not root
unable to get monitor info from DNS SRV with service name: ceph-mon[..]
failed to fetch mon config (--no-mon-config to skip)

Ultimately it's a permission problem trying to read ceph.conf:

openat(AT_FDCWD, "/etc/ceph/ceph.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "/var/lib/ceph/.ceph/ceph.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "ceph.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
write(2, "did not load config file, using "..., 49) = 49

The ceph-mgr daemons run as user ceph, which indeed doesn't have access to ceph.conf, and this is a Proxmox issue.

host:~# ls -ld /etc/ceph/ceph.conf /etc/pve/ceph.conf
lrwxrwxrwx 1 root root      18 Jun 22  2023 /etc/ceph/ceph.conf -> /etc/pve/ceph.conf
-rw-r----- 1 root www-data 718 Apr 30 20:34 /etc/pve/ceph.conf

While not being a proper solution, it is necessary to add the ceph user to group www-data:

adduser ceph www-data

To have ceph-mgr actually inherit this new group, it would need to be restarted, but ...:

systemctl restart ceph-mgr@`hostname`.service

... we can skip this restart by placing the /etc/ceph/ceph.conf content at /var/lib/ceph/.ceph/ceph.conf:

mkdir -p /var/lib/ceph/.ceph
install -o ceph -g root -m 0640 /etc/pve/ceph.conf /var/lib/ceph/.ceph/ceph.conf

This file (/var/lib/ceph/.ceph/ceph.conf) should be eventually removed, as a failing service is easier to debug than a service that silently reverted to a legacy configuration.