Bug 51635 - Prometheus does not talk to servers with Let's Encrypt certificate - servers are missing in the Dashboard
Prometheus does not talk to servers with Let's Encrypt certificate - servers ...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UCS Dashboard
UCS 4.4
Other other
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Juan Carlos
Florian Best
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-07 15:28 CEST by Michael Grandjean
Modified: 2022-07-19 17:01 CEST (History)
7 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.051
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Grandjean univentionstaff 2020-07-07 15:28:03 CEST
UCS: 4.4-4 errata628
Installed: prometheus-node-exporter=1.1 4.3/admin-dashboard=1.2 4.3/prometheus=1.1

# ucr get server/role
domaincontroller_slave

Scenario: One of my servers uses a certificate provided by Let's Encrypt for the apache2 webserver.

Expected behaviour: This server is shown in the UCS Dashboard (Grafana) just as every other server.

Observed behavior: This server is missing in the UCS Dashboard (Grafana). Other servers are shown.

Problem: Looks like Prometheus (or the underlying docker container) does not trust the Let's Encrypt CA root certificate. Via https://dashboardserver.example.org/metrics-prometheus/targets I can obtain the following error message:

> Get https://portal.example.org:443/metrics-node/metrics/: x509: certificate signed by unknown authority

Possible solution: Add the Let's Encrypt CA as a trusted CA to the Prometheus docker container.
Comment 3 Ingo Steuwer univentionstaff 2020-07-16 17:50:04 CEST
We shoul make sure that the container / prometheus works with all root certificates accepted on the host system.
Comment 4 Nico Gulden univentionstaff 2020-12-01 12:45:58 CET
There has not been any recent activity on this bug. Has the problem been seen somewhere else as well in the meantime or has its assessment changed?
Comment 5 Ingo Steuwer univentionstaff 2020-12-28 15:25:25 CET
(In reply to Nico Gulden from comment #4)
> There has not been any recent activity on this bug. Has the problem been
> seen somewhere else as well in the meantime or has its assessment changed?

There has been no change, the bug report is still valid and needs to be addressed.
Comment 7 Florian Best univentionstaff 2022-07-18 19:49:55 CEST
OK: prometheus is using the certificates from the hosting system
OK: changelog entry
Comment 8 Florian Best univentionstaff 2022-07-19 17:01:37 CEST
Prometheus app 2.35.0-3 has been released.