ceph mgr/dashboard: add ssl to prometheus federation

Add basic(username/password) authentication and TLS authentication to the newly added federate job in the prometheus config. This PR exposes a new endpoint to get the prometheus access info of the target cluster and sets it in the prometheus.yml file.

Fixes: https://tracker.ceph.com/issues/65057

Signed-off-by: Aashish Sharma [email protected]

Contribution Guidelines

To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

Tracker (select at least one)
- [ ] References tracker ticket
- [ ] Very recent bug; references commit where it was introduced
- [ ] New feature (ticket optional)
- [ ] Doc update (no ticket needed)
- [ ] Code cleanup (no ticket needed)
Component impact
- [ ] Affects Dashboard, opened tracker ticket
- [ ] Affects Orchestrator, opened tracker ticket
- [ ] No impact that needs to be tracked
Documentation (select at least one)
- [ ] Updates relevant documentation
- [ ] No doc update is appropriate
Tests (select at least one)
- [ ] Includes unit test(s)
- [ ] Includes integration test(s)
- [ ] Includes bug reproducer
- [ ] No tests

Show available Jenkins commands

jenkins retest this please
jenkins test classic perf
jenkins test crimson perf
jenkins test signed
jenkins test make check
jenkins test make check arm64
jenkins test submodules
jenkins test dashboard
jenkins test dashboard cephadm
jenkins test api
jenkins test docs
jenkins render docs
jenkins test ceph-volume all
jenkins test ceph-volume tox
jenkins test windows
jenkins test rook e2e

Mar 22 '24 05:03 aaSharma14

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

Mar 29 '24 06:03 github-actions[bot]

jenkins test make check

Apr 15 '24 06:04 aaSharma14

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

Apr 16 '24 07:04 github-actions[bot]

1 commit is merged but looks like its PR is not rebased properly.

https://github.com/ceph/ceph/pull/56686

Apr 22 '24 09:04 cloudbehl

jenkins test make check

Apr 23 '24 04:04 aaSharma14

jenkins test api

Apr 23 '24 04:04 aaSharma14

jenkins test dashboard

Apr 23 '24 04:04 aaSharma14

jenkins test dashboard cephadm

Apr 23 '24 04:04 aaSharma14

jenkins test make check

Apr 23 '24 04:04 aaSharma14

jenkins test make check

Apr 23 '24 04:04 aaSharma14

jenkins test dashboard

Apr 23 '24 07:04 aaSharma14

jenkins test dashboard cephadm

Apr 23 '24 07:04 aaSharma14

jenkins test make check

Apr 23 '24 07:04 aaSharma14

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

Apr 30 '24 19:04 github-actions[bot]

jenkins test rook e2e

May 02 '24 11:05 aaSharma14

jenkins test rook e2e

May 02 '24 11:05 aaSharma14

jenkins test windows

May 03 '24 05:05 aaSharma14

jenkins test dashboard cephadm

May 03 '24 05:05 aaSharma14

jenkins test rook e2e

May 03 '24 05:05 aaSharma14

jenkins test make check

May 07 '24 06:05 aaSharma14

jenkins test rook e2e

May 07 '24 09:05 aaSharma14

https://pulpito.ceph.com/adking-2024-05-09_03:09:40-orch:cephadm-wip-adk-testing-2024-05-08-1927-distro-default-smithi/

failures:

21 in cluster log type failures that are still being cleaned up, known issue
3 mds_upgrade_sequence failures, known issue
1 test failed installing ceph-fuse Status code: 503 for https://mirrors.centos.org/metalink?repo=centos-baseos-9-stream&arch=x86_64&protocol=https,http, happens on occasion, nothing to block merging over

Overall, nothing unexpected in the run

May 10 '24 14:05 adk3798

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

May 17 '24 14:05 github-actions[bot]

@aaSharma14 can you rebase this?

@adk3798 Is it merge-able?

May 30 '24 05:05 cloudbehl

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

May 31 '24 05:05 github-actions[bot]

@aaSharma14 can you make sure tests are passing?

jenkins retest this please

Jun 21 '24 06:06 cloudbehl

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

Jul 02 '24 01:07 github-actions[bot]

In cephadm we already have a command to get the credentials + the prometheus certificate ceph orch prometheus get-credentials I see no need to add this new cmd to the interface.

@rkachach , the certificate we get with ceph orch prometheus get-crdentials is the root cert - 'certificate': self.http_server.service_discovery.ssl_certs.get_root_cert(). The one we want for the federation to work is the prometheus cert cert, key = self.mgr.http_server.service_discovery.ssl_certs.generate_cert(host_fqdn, node_ip) and we donot get this cert with any pre-existing command. https://github.com/ceph/ceph/blob/a23254d57fa8a2a6dbfda8b4ef1793996895ee5b/src/pybind/mgr/cephadm/services/monitoring.py#L519

Jul 23 '24 12:07 aaSharma14

jenkins test make check

Jul 24 '24 05:07 aaSharma14

jenkins test rook e2e

Jul 24 '24 05:07 aaSharma14