Chapter 8. Adding the Red Hat Ceph Storage Dashboard to an overcloud deployment

Red Hat Ceph Storage Dashboard is disabled by default but you can enable it in your overcloud with the Red Hat OpenStack Platform director. The Ceph Dashboard is a built-in, web-based Ceph management and monitoring application that administers various aspects and objects in your cluster. Red Hat Ceph Storage Dashboard comprises the following components:

  • The Ceph Dashboard manager module provides the user interface and embeds the platform front end, Grafana.
  • Prometheus, the monitoring plugin.
  • Alertmanager sends alerts to the Dashboard.
  • Node Exporters export cluster data to the Dashboard.
Note

This feature is supported with Ceph Storage 4.1 or later. For more information about how to determine the version of Ceph Storage installed on your system, see Red Hat Ceph Storage releases and corresponding Ceph package versions.

Note

The Red Hat Ceph Storage Dashboard is always colocated on the same nodes as the other Ceph manager components. [NOTE] If you want to add Ceph Dashboard during your initial overcloud deployment, complete the procedures in this chapter before you deploy your initial overcloud in Section 7.2, “Initiating overcloud deployment”.

The following diagram shows the architecture of Ceph Dashboard on Red Hat OpenStack Platform:

Ceph Dashboard on Red Hat OpenStack Platform

For more information about the Dashboard and its features and limitations, see Dashboard features in the Red Hat Ceph Storage Dashboard Guide.

TLS everywhere with Ceph Dashboard

The Dashboard front end is fully integrated with the TLS everywhere framework. You can enable TLS everywhere provided that you have the required environment files and they are included in the overcloud deploy command. This triggers the certificate request for both Grafana and the Ceph Dashboard and the generated certificate and key files are passed to ceph-ansible during the overcloud deployment. For instructions and more information about how to enable TLS for the Dashboard as well as for other openstack services, see the following locations in the Advanced Overcloud Customization guide:

Note

The port to reach the Ceph Dashboard remains the same even in the TLS-everywhere context.

8.1. Including the necessary containers for the Ceph Dashboard

Before you can add the Ceph Dashboard templates to your overcloud, you must include the necessary containers by using the containers-prepare-parameter.yaml file. To generate the containers-prepare-parameter.yaml file to prepare your container images, complete the following steps:

Procedure

  1. Log in to your undercloud host as the stack user.
  2. Generate the default container image preparation file:

    $ sudo openstack tripleo container image prepare default \
      --local-push-destination \
      --output-env-file containers-prepare-parameter.yaml
  3. Edit the containers-prepare-parameter.yaml file and make the modifications to suit your requirements. The following example containers-prepare-parameter.yaml file contains the image locations and tags related to the Dashboard services including Grafana, Prometheus, Alertmanager, and Node Exporter. Edit the values depending on your specific scenario:

    parameter_defaults:
        ContainerImagePrepare:
        - push_destination: true
            set:
                ceph_alertmanager_image: ose-prometheus-alertmanager
                ceph_alertmanager_namespace: registry.redhat.io/openshift4
                ceph_alertmanager_tag: v4.6
                ceph_grafana_image: rhceph-4-dashboard-rhel8
                ceph_grafana_namespace: registry.redhat.io/rhceph
                ceph_grafana_tag: 4
                ceph_image: rhceph-4-rhel8
                ceph_namespace: registry.redhat.io/rhceph
                ceph_node_exporter_image: ose-prometheus-node-exporter
                ceph_node_exporter_namespace: registry.redhat.io/openshift4
                ceph_node_exporter_tag: v4.6
                ceph_prometheus_image: ose-prometheus
                ceph_prometheus_namespace: registry.redhat.io/openshift4
                ceph_prometheus_tag: v4.6
                ceph_tag: latest

For more information about registry and image configuration with the containers-prepare-parameter.yaml file, see Container image preparation parameters in the Transitioning to Containerized Services guide.

8.2. Deploying Ceph Dashboard

Include the ceph-dashboard environment file to deploy the Ceph Dashboard.

Note

If you want to deploy Ceph Dashboard with a composable network, see Section 8.3, “Deploying Ceph Dashboard with a composable network”.

Note

The Ceph Dashboard admin user role is set to read-only mode by default. To change the Ceph Dashboard admin default mode, see Section 8.4, “Changing the default permissions”.

Procedure

  1. Log in to the undercloud node as the stack user.
  2. Optional: The Ceph Dashboard network is set by default to the provisioning network. If you want to deploy the Ceph Dashboard and access it through a different network, create an environment file, for example: ceph_dashboard_network_override.yaml. Set CephDashboardNetwork to one of the existing overcloud routed networks, for example external:

      parameter_defaults:
        ServiceNetMap:
          CephDashboardNetwork: external
    Important

    Changing the CephDashboardNetwork value to access the Ceph Dashboard from a different network is not supported after the initial deployment.

  3. Include the following environment files in the openstack overcloud deploy command. Include all environment files that are part of your deployment, and the ceph_dashboard_network_override.yaml file if you chose to change the default network:

    $ openstack overcloud deploy \
     --templates \
     -e <overcloud_environment_files> \
     -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \
     -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-dashboard.yaml \
     -e ceph_dashboard_network_override.yaml

    Replace <overcloud_environment_files> with the list of environment files that are part of your deployment.

    Result
    The resulting deployment comprises an external stack with the grafana, prometheus, alertmanager, and node-exporter containers. The Ceph Dashboard manager module is the back end for this stack, and it embeds the grafana layouts to provide ceph cluster specific metrics to the end users.

8.3. Deploying Ceph Dashboard with a composable network

You can deploy the Ceph Dashboard on a composable network instead of on the default Provisioning network. This eliminates the need to expose the Ceph Dashboard service on the Provisioning network. When you deploy the Dashboard on a composable network, you can also implement separate authorization profiles.

You must choose which network to use before you deploy because you can apply the Dashboard to a new network only when you first deploy the overcloud. Use the following procedure to choose a composable network before you deploy.

Procedure

  1. Log in to the undercloud as the stack user.
  2. Generate the Controller specific role to include the Dashboard composable network:

    $ openstack overcloud roles generate -o /home/stack/roles_data_dashboard.yaml ControllerStorageDashboard Compute BlockStorage ObjectStorage CephStorage
    Result
    • A new ControllerStorageDashboard role is generated inside the roles_data.yaml defined as the output of the command. You must include this file in the template list when you use the overcloud deploy command.

      NOTE: The ControllerStorageDashboard role does not contain CephNFS nor network_data_dashboard.yaml.

    • Director provides a network environment file where the composable network is defined. The default location of this file is /usr/share/openstack-tripleo-heat-templates/network_data_dashboard.yaml. You must include this file in the overcloud template list when you use the overcloud deploy command.
  3. Include the following environment files, with all environment files that are part of your deployment, in the openstack overcloud deploy command:

    $ openstack overcloud deploy \
      --templates \
      -r /home/stack/roles_data.yaml \
      -n /usr/share/openstack-tripleo-heat-templates/network_data_dashboard.yaml \
      -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \
      -e /usr/share/openstack-tripleo-heat-templates/environments/network-environment.yaml \
      -e <overcloud_environment_files> \
      -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \
      -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-dashboard.yaml

    Replace <overcloud_environment_files> with the list of environment files that are part of your deployment.

    Result
    The resulting deployment comprises an external stack with the grafana, prometheus, alertmanager, and node-exporter containers. The Ceph Dashboard manager module is the back end for this stack, and it embeds the grafana layouts to provide Ceph cluster-specific metrics to the end users.

8.4. Changing the default permissions

The Ceph Dashboard admin user role is set to read-only mode by default for safe monitoring of the Ceph cluster. To permit an admin user to have elevated privileges so that they can alter elements of the Ceph cluster with the Dashboard, you can use the CephDashboardAdminRO parameter to change the default admin permissions.

Warning
A user with full permissions might alter elements of your cluster that director configures. This can cause a conflict with director-configured options when you run a stack update. To avoid this problem, do not alter director-configured options with Ceph Dashboard, for example, Ceph OSP pools attributes.

Procedure

  1. Log in to the undercloud as the stack user.
  2. Create the following ceph_dashboard_admin.yaml environment file:

      parameter_defaults:
         CephDashboardAdminRO: false
  3. Run the overcloud deploy command to update the existing stack and include the environment file you created with all other environment files that are part of your existing deployment:

    $ openstack overcloud deploy \
    --templates \
    -e <existing_overcloud_environment_files> \
    -e ceph_dashboard_admin.yml

    Replace <existing_overcloud_environment_files> with the list of environment files that are part of your existing deployment.

8.5. Accessing Ceph Dashboard

To test that Ceph Dashboard is running correctly, complete the following verification steps to access it and check that the data it displays from the Ceph cluster is correct.

Procedure

  1. Log in to the undercloud node as the stack user.
  2. Retrieve the dashboard admin login credentials:

    [stack@undercloud ~]$ grep dashboard_admin_password /var/lib/mistral/overcloud/ceph-ansible/group_vars/all.yml
  3. Retrieve the VIP address to access the Ceph Dashboard:

    [stack@undercloud-0 ~]$ grep dashboard_frontend_vip /var/lib/mistral/overcloud/ceph-ansible/group_vars/all.yml
  4. Use a web browser to point to the front end VIP and access the Dashboard. Director configures and exposes the Dashboard on the provisioning network, so you can use the VIP that you retrieved to access the Dashboard directly on TCP port 8444. Ensure that the following conditions are met:

    • The Web client host is layer 2 connected to the provisioning network.
    • The provisioning network is properly routed or proxied, and it can be reached from the web client host. If these conditions are not met, you can still open a SSH tunnel to reach the Dashboard VIP on the overcloud:

      client_host$ ssh -L 8444:<dashboard_vip>:8444 stack@<your undercloud>

      Replace <dashboard_vip> with the IP address of the control plane VIP that you retrieved.

  5. To access the Dashboard, go to: http://localhost:8444 in a web browser and log in with the following details:

    • The default user that ceph-ansible creates: admin.
    • The password in /var/lib/mistral/overcloud/ceph-ansible/group_vars/all.yml.

      Results
    • You can access the Ceph Dashboard.
    • The numbers and graphs that the Dashboard displays reflect the same cluster status that the CLI command, ceph -s, returns.

For more information about the Red Hat Ceph Storage Dashboard, see the Red Hat Ceph Storage Administration Guide