kolla-ansible

prometheus openstack exporter with kolla_enable_tls_internal not working

Bug #2008208 reported by Markus Lindenblatt
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
kolla-ansible
In Progress
High
Unassigned

Bug Description

When deploying prometheus with enable_prometheus_openstack_exporter in a kolla_enable_tls_internal environment, the exporter can not be scraped because of missmatching TLS certificate which is of course not valid for an ip address:

Get "https://192.168.16.9:9198/metrics": x509: cannot validate certificate for 192.168.16.9 because it doesn't contain any IP SANs

Is it possible to use the real internal VIP Name but not VIP Address here: https://opendev.org/openstack/kolla-ansible/src/commit/c977c54738f12b613abdfee6256eadad12447372/ansible/roles/prometheus/templates/prometheus.yml.j2#L110 ?

Or can something like 'insecure_skip_verify: true' be added so that prometheus will scrape the openstack exporter even when the certifivate does not match?

Revision history for this message
Markus Lindenblatt (0-markus) wrote :
Dr. Jens Harbott (j-harbott)
Changed in kolla-ansible:
importance: Undecided → High
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/877483

Changed in kolla-ansible:
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.