9 The Ceph Dashboard is a built-in web-based Ceph management and monitoring
10 application through which you can inspect and administer various aspects
11 and resources within the cluster. It is implemented as a :ref:`ceph-manager-daemon` module.
13 The original Ceph Dashboard that was shipped with Ceph Luminous started
14 out as a simple read-only view into run-time information and performance
15 data of Ceph clusters. It used a very simple architecture to achieve the
16 original goal. However, there was growing demand for richer web-based
17 management capabilities, to make it easier to administer Ceph for users that
18 prefer a WebUI over the CLI.
20 The new :term:`Ceph Dashboard` module adds web-based monitoring and
21 administration to the Ceph Manager. The architecture and functionality of this new
22 module are derived from
23 and inspired by the `openATTIC Ceph management and monitoring tool
24 <https://openattic.org/>`_. Development is actively driven by the
25 openATTIC team at `SUSE <https://www.suse.com/>`_, with support from
26 companies including `Red Hat <https://redhat.com/>`_ and members of the Ceph
29 The dashboard module's backend code uses the CherryPy framework and implements
30 a custom REST API. The WebUI implementation is based on
31 Angular/TypeScript and includes both functionality from the original dashboard
32 and new features originally developed for the standalone version
33 of openATTIC. The Ceph Dashboard module is implemented as an
34 application that provides a graphical representation of information and statistics
35 through a web server hosted by ``ceph-mgr``.
40 The dashboard provides the following features:
42 * **Multi-User and Role Management**: The dashboard supports multiple user
43 accounts with different permissions (roles). User accounts and roles
44 can be managed via both the command line and the WebUI. The dashboard
45 supports various methods to enhance password security. Password
46 complexity rules may be configured, requiring users to change their password
47 after the first login or after a configurable time period. See
48 :ref:`dashboard-user-role-management` for details.
49 * **Single Sign-On (SSO)**: The dashboard supports authentication
50 via an external identity provider using the SAML 2.0 protocol. See
51 :ref:`dashboard-sso-support` for details.
52 * **SSL/TLS support**: All HTTP communication between the web browser and the
53 dashboard is secured via SSL. A self-signed certificate can be created with
54 a built-in command, but it's also possible to import custom certificates
55 signed and issued by a CA. See :ref:`dashboard-ssl-tls-support` for details.
56 * **Auditing**: The dashboard backend can be configured to log all ``PUT``, ``POST``
57 and ``DELETE`` API requests in the Ceph audit log. See :ref:`dashboard-auditing`
58 for instructions on how to enable this feature.
59 * **Internationalization (I18N)**: The language used for dashboard text can be
62 The Ceph Dashboard offers the following monitoring and management capabilities:
64 * **Overall cluster health**: Display performance and capacity metrics as well
66 * **Embedded Grafana Dashboards**: Ceph Dashboard
67 `Grafana`_ dashboards may be embedded in external applications and web pages
68 to surface information and performance metrics gathered by
69 the :ref:`mgr-prometheus` module. See
70 :ref:`dashboard-grafana` for details on how to configure this functionality.
71 * **Cluster logs**: Display the latest updates to the cluster's event and
72 audit log files. Log entries can be filtered by priority, date or keyword.
73 * **Hosts**: Display a list of all cluster hosts along with their
74 storage drives, which services are running, and which version of Ceph is
76 * **Performance counters**: Display detailed service-specific statistics for
78 * **Monitors**: List all Mons, their quorum status, and open sessions.
79 * **Monitoring**: Enable creation, re-creation, editing, and expiration of
80 Prometheus' silences, list the alerting configuration and all
81 configured and firing alerts. Show notifications for firing alerts.
82 * **Configuration Editor**: Display all available configuration options,
83 their descriptions, types, default and currently set values. These may be edited as well.
84 * **Pools**: List Ceph pools and their details (e.g. applications,
85 pg-autoscaling, placement groups, replication size, EC profile, CRUSH
87 * **OSDs**: List OSDs, their status and usage statistics as well as
88 detailed information like attributes (OSD map), metadata, performance
89 counters and usage histograms for read/write operations. Mark OSDs
90 up/down/out, purge and reweight OSDs, perform scrub operations, modify
91 various scrub-related configuration options, select profiles to
92 adjust the level of backfilling activity. List all drives associated with an
93 OSD. Set and change the device class of an OSD, display and sort OSDs by
94 device class. Deploy OSDs on new drives and hosts.
95 * **Device management**: List all hosts known by the orchestrator. List all
96 drives attached to a host and their properties. Display drive
97 health predictions and SMART data. Blink enclosure LEDs.
98 * **iSCSI**: List all hosts that run the TCMU runner service, display all
99 images and their performance characteristics (read/write ops, traffic).
100 Create, modify, and delete iSCSI targets (via ``ceph-iscsi``). Display the
101 iSCSI gateway status and info about active initiators.
102 See :ref:`dashboard-iscsi-management` for instructions on how to configure
104 * **RBD**: List all RBD images and their properties (size, objects, features).
105 Create, copy, modify and delete RBD images (incl. snapshots) and manage RBD
106 namespaces. Define various I/O or bandwidth limitation settings on a global,
107 per-pool or per-image level. Create, delete and rollback snapshots of selected
108 images, protect/unprotect these snapshots against modification. Copy or clone
109 snapshots, flatten cloned images.
110 * **RBD mirroring**: Enable and configure RBD mirroring to a remote Ceph server.
111 List active daemons and their status, pools and RBD images including
113 * **CephFS**: List active file system clients and associated pools,
114 including usage statistics. Evict active CephFS clients. Manage CephFS
115 quotas and snapshots. Browse a CephFS directory structure.
116 * **Object Gateway**: List all active object gateways and their performance
117 counters. Display and manage (add/edit/delete) object gateway users and their
118 details (e.g. quotas) as well as the users' buckets and their details (e.g.
119 placement targets, owner, quotas, versioning, multi-factor authentication).
120 See :ref:`dashboard-enabling-object-gateway` for configuration instructions.
121 * **NFS**: Manage NFS exports of CephFS file systems and RGW S3 buckets via NFS
122 Ganesha. See :ref:`dashboard-nfs-ganesha-management` for details on how to
123 enable this functionality.
124 * **Ceph Manager Modules**: Enable and disable Ceph Manager modules, manage
125 module-specific configuration settings.
127 Overview of the Dashboard Landing Page
128 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
130 The landing page of Ceph Dashboard serves as the home page and features metrics
131 such as the overall cluster status, performance, and capacity. It provides real-time
132 updates on any changes in the cluster and allows quick access to other sections of the dashboard.
134 .. image:: dashboard-landing-page.png
138 You can change the landing page to the previous version from:
139 ``Cluster >> Manager Modules >> Dashboard >> Edit``.
140 Editing the ``FEATURE_TOGGLE_DASHBOARD`` option will change the landing page, from one view to another.
142 Note that the previous version of the landing page will be disabled in future releases.
144 .. _dashboard-landing-page-details:
148 Provides an overview of the cluster configuration, displaying various critical aspects of the cluster.
150 .. image:: details-card.png
152 .. _dashboard-landing-page-status:
156 Provides a visual indication of cluster health, and displays cluster alerts grouped by severity.
158 .. image:: status-card-open.png
160 .. _dashboard-landing-page-capacity:
164 * **Used**: Displays the used capacity out of the total physical capacity provided by storage nodes (OSDs)
165 * **Warning**: Displays the `nearfull` threshold of the OSDs
166 * **Danger**: Displays the `full` threshold of the OSDs
168 .. image:: capacity-card.png
170 .. _dashboard-landing-page-inventory:
174 An inventory for all assets within the cluster.
175 Provides direct access to subpages of the dashboard from each item of this card.
177 .. image:: inventory-card.png
179 .. _dashboard-landing-page-performance:
183 * **Used Capacity**: Total capacity used of the cluster. The maximum value of the chart is the maximum capacity of the cluster.
184 * **IOPS (Input/Output Operations Per Second)**: Number of read and write operations.
185 * **Latency**: Amount of time that it takes to process a read or a write request.
186 * **Client Throughput**: Amount of data that clients read or write to the cluster.
187 * **Recovery Throughput**: Amount of recovery data that clients read or write to the cluster.
190 .. image:: cluster-utilization-card.png
195 Ceph Dashboard is primarily tested and developed using the following web
198 +---------------------------------------------------------------+---------------------------------------+
199 | Browser | Versions |
200 +===============================================================+=======================================+
201 | `Chrome <https://www.google.com/chrome/>`_ and | latest 2 major versions |
202 | `Chromium <https://www.chromium.org/>`_ based browsers | |
203 +---------------------------------------------------------------+---------------------------------------+
204 | `Firefox <https://www.mozilla.org/firefox/>`_ | latest 2 major versions |
205 +---------------------------------------------------------------+---------------------------------------+
206 | `Firefox ESR <https://www.mozilla.org/firefox/enterprise/>`_ | latest major version |
207 +---------------------------------------------------------------+---------------------------------------+
209 While Ceph Dashboard might work in older browsers, we cannot guarantee compatibility and
210 recommend keeping your browser up to date.
215 If you have installed ``ceph-mgr-dashboard`` from distribution packages, the
216 package management system should take care of installing all required
219 If you're building Ceph from source and want to start the dashboard from your
220 development environment, please see the files ``README.rst`` and ``HACKING.rst``
221 in the source directory ``src/pybind/mgr/dashboard``.
223 Within a running Ceph cluster, the Ceph Dashboard is enabled with:
227 ceph mgr module enable dashboard
232 .. _dashboard-ssl-tls-support:
237 All HTTP connections to the dashboard are secured with SSL/TLS by default.
239 To get the dashboard up and running quickly, you can generate and install a
240 self-signed certificate:
244 ceph dashboard create-self-signed-cert
246 Note that most web browsers will complain about self-signed certificates
247 and require explicit confirmation before establishing a secure connection to the
250 To properly secure a deployment and to remove the warning, a
251 certificate that is issued by a certificate authority (CA) should be used.
253 For example, a key pair can be generated with a command similar to:
257 openssl req -new -nodes -x509 \
258 -subj "/O=IT/CN=ceph-mgr-dashboard" -days 3650 \
259 -keyout dashboard.key -out dashboard.crt -extensions v3_ca
261 The ``dashboard.crt`` file should then be signed by a CA. Once that is done, you
262 can enable it for Ceph manager instances by running the following commands:
266 ceph dashboard set-ssl-certificate -i dashboard.crt
267 ceph dashboard set-ssl-certificate-key -i dashboard.key
269 If unique certificates are desired for each manager instance,
270 the name of the instance can be included as follows (where ``$name`` is the name
271 of the ``ceph-mgr`` instance, usually the hostname):
275 ceph dashboard set-ssl-certificate $name -i dashboard.crt
276 ceph dashboard set-ssl-certificate-key $name -i dashboard.key
278 SSL can also be disabled by setting this configuration value:
282 ceph config set mgr mgr/dashboard/ssl false
284 This might be useful if the dashboard will be running behind a proxy which does
285 not support SSL for its upstream servers or other situations where SSL is not
286 wanted or required. See :ref:`dashboard-proxy-configuration` for more details.
290 Use caution when disabling SSL as usernames and passwords will be sent to the
291 dashboard unencrypted.
296 You must restart Ceph manager processes after changing the SSL
297 certificate and key. This can be accomplished by either running ``ceph mgr
298 fail mgr`` or by disabling and re-enabling the dashboard module (which also
299 triggers the manager to respawn itself):
303 ceph mgr module disable dashboard
304 ceph mgr module enable dashboard
306 .. _dashboard-host-name-and-port:
311 Like most web applications, the dashboard binds to a TCP/IP address and TCP port.
313 By default, the ``ceph-mgr`` daemon hosting the dashboard (i.e., the currently
314 active manager) will bind to TCP port 8443 or 8080 when SSL is disabled.
316 If no specific address has been configured, the web app will bind to ``::``,
317 which corresponds to all available IPv4 and IPv6 addresses.
319 These defaults can be changed via the configuration key facility on a
320 cluster-wide level (so they apply to all manager instances) as follows:
324 ceph config set mgr mgr/dashboard/server_addr $IP
325 ceph config set mgr mgr/dashboard/server_port $PORT
326 ceph config set mgr mgr/dashboard/ssl_server_port $PORT
328 Since each ``ceph-mgr`` hosts its own instance of the dashboard, it may be
329 necessary to configure them separately. The IP address and port for a specific
330 manager instance can be changed with the following commands:
334 ceph config set mgr mgr/dashboard/$name/server_addr $IP
335 ceph config set mgr mgr/dashboard/$name/server_port $PORT
336 ceph config set mgr mgr/dashboard/$name/ssl_server_port $PORT
338 Replace ``$name`` with the ID of the ceph-mgr instance hosting the dashboard.
342 The command ``ceph mgr services`` will show you all endpoints that are
343 currently configured. Look for the ``dashboard`` key to obtain the URL for
344 accessing the dashboard.
346 Username and Password
347 ^^^^^^^^^^^^^^^^^^^^^
349 In order to be able to log in, you need to create a user account and associate
350 it with at least one role. We provide a set of predefined *system roles* that
351 you can use. For more details please refer to the `User and Role Management`_
354 To create a user with the administrator role you can use the following
359 ceph dashboard ac-user-create <username> -i <file-containing-password> administrator
364 It disables a user account if a user repeatedly enters the wrong credentials
365 for multiple times. It is enabled by default to prevent brute-force or dictionary
366 attacks. The user can get or set the default number of lock-out attempts using
367 these commands respectively:
371 ceph dashboard get-account-lockout-attempts
372 ceph dashboard set-account-lockout-attempts <value:int>
376 This feature can be disabled by setting the default number of lock-out attempts to 0.
377 However, by disabling this feature, the account is more vulnerable to brute-force or
378 dictionary based attacks. This can be disabled by:
382 ceph dashboard set-account-lockout-attempts 0
387 If a user account is disabled as a result of multiple invalid login attempts, then
388 it needs to be manually enabled by the administrator. This can be done by the following
393 ceph dashboard ac-user-enable <username>
395 Accessing the Dashboard
396 ^^^^^^^^^^^^^^^^^^^^^^^
398 You can now access the dashboard using your (JavaScript-enabled) web browser, by
399 pointing it to any of the host names or IP addresses and the selected TCP port
400 where a manager instance is running: e.g., ``http(s)://<$IP>:<$PORT>/``.
402 The dashboard page displays and requests a previously defined username and
405 .. _dashboard-enabling-object-gateway:
407 Enabling the Object Gateway Management Frontend
408 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
410 When RGW is deployed with cephadm, the RGW credentials used by the
411 dashboard will be automatically configured. You can also manually force the
412 credentials to be set up with:
416 ceph dashboard set-rgw-credentials
418 This will create an RGW user with uid ``dashboard`` for each realm in
421 If you've configured a custom 'admin' resource in your RGW admin API, you should set it here also:
425 ceph dashboard set-rgw-api-admin-resource <admin_resource>
427 If you are using a self-signed certificate in your Object Gateway setup,
428 you should disable certificate verification in the dashboard to avoid refused
429 connections, e.g. caused by certificates signed by unknown CA or not matching
434 ceph dashboard set-rgw-api-ssl-verify False
436 If the Object Gateway takes too long to process requests and the dashboard runs
437 into timeouts, you can set the timeout value to your needs:
441 ceph dashboard set-rest-requests-timeout <seconds>
443 The default value is 45 seconds.
445 .. _dashboard-iscsi-management:
447 Enabling iSCSI Management
448 ^^^^^^^^^^^^^^^^^^^^^^^^^
450 The Ceph Dashboard can manage iSCSI targets using the REST API provided by the
451 ``rbd-target-api`` service of the :ref:`ceph-iscsi`. Please make sure that it is
452 installed and enabled on the iSCSI gateways.
456 The iSCSI management functionality of Ceph Dashboard depends on the latest
457 version 3 of the `ceph-iscsi <https://github.com/ceph/ceph-iscsi>`_ project.
458 Make sure that your operating system provides the correct version, otherwise
459 the dashboard will not enable the management features.
461 If the ``ceph-iscsi`` REST API is configured in HTTPS mode and its using a self-signed
462 certificate, you need to configure the dashboard to avoid SSL certificate
463 verification when accessing ceph-iscsi API.
465 To disable API SSL verification run the following command:
469 ceph dashboard set-iscsi-api-ssl-verification false
471 The available iSCSI gateways must be defined using the following commands:
475 ceph dashboard iscsi-gateway-list
476 # Gateway URL format for a new gateway: <scheme>://<username>:<password>@<host>[:port]
477 ceph dashboard iscsi-gateway-add -i <file-containing-gateway-url> [<gateway_name>]
478 ceph dashboard iscsi-gateway-rm <gateway_name>
481 .. _dashboard-grafana:
483 Enabling the Embedding of Grafana Dashboards
484 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
486 `Grafana`_ pulls data from `Prometheus <https://prometheus.io/>`_. Although
487 Grafana can use other data sources, the Grafana dashboards we provide contain
488 queries that are specific to Prometheus. Our Grafana dashboards therefore
489 require Prometheus as the data source. The Ceph :ref:`mgr-prometheus`
490 module exports its data in the Prometheus exposition format. These Grafana
491 dashboards rely on metric names from the Prometheus module and `Node exporter
492 <https://prometheus.io/docs/guides/node-exporter/>`_. The Node exporter is a
493 separate application that provides machine metrics.
497 Prometheus' security model presumes that untrusted users have access to the
498 Prometheus HTTP endpoint and logs. Untrusted users have access to all the
499 (meta)data Prometheus collects that is contained in the database, plus a
500 variety of operational and debugging information.
502 However, Prometheus' HTTP API is limited to read-only operations.
503 Configurations can *not* be changed using the API and secrets are not
504 exposed. Moreover, Prometheus has some built-in measures to mitigate the
505 impact of denial of service attacks.
507 Please see `Prometheus' Security model
508 <https://prometheus.io/docs/operating/security/>` for more detailed
511 Installation and Configuration using cephadm
512 """"""""""""""""""""""""""""""""""""""""""""
514 Grafana and Prometheus can be installed using :ref:`cephadm`. They will
515 automatically be configured by ``cephadm``. Please see
516 :ref:`mgr-cephadm-monitoring` documentation for more details on how to use
517 ``cephadm`` for installing and configuring Prometheus and Grafana.
519 Manual Installation and Configuration
520 """""""""""""""""""""""""""""""""""""
522 The following process describes how to configure Grafana and Prometheus
523 manually. After you have installed Prometheus, Grafana, and the Node exporter
524 on appropriate hosts, proceed with the following steps.
526 #. Enable the Ceph Exporter which comes as Ceph Manager module by running:
530 ceph mgr module enable prometheus
532 More details can be found in the documentation of the :ref:`mgr-prometheus`.
534 #. Add the corresponding scrape configuration to Prometheus. This may look
541 - job_name: 'prometheus'
543 - targets: ['localhost:9090']
546 - targets: ['localhost:9283']
547 - job_name: 'node-exporter'
549 - targets: ['localhost:9100']
553 Please note that in the above example, Prometheus is configured
554 to scrape data from itself (port 9090), the Ceph manager module
555 `prometheus` (port 9283), which exports Ceph internal data, and the Node
556 Exporter (port 9100), which provides OS and hardware metrics for each host.
558 Depending on your configuration, you may need to change the hostname in
559 or add additional configuration entries for the Node
560 Exporter. It is unlikely that you will need to change the default TCP ports.
562 Moreover, you don't *need* to have more than one target for Ceph specific
563 data, provided by the `prometheus` mgr module. But it is recommended to
564 configure Prometheus to scrape Ceph specific data from all existing Ceph
565 managers. This enables a built-in high availability mechanism, so that
566 services run on a manager host will be restarted automatically on a different
567 manager host if one Ceph Manager goes down.
569 #. Add Prometheus as data source to Grafana `using the Grafana Web UI <https://grafana.com/docs/grafana/latest/features/datasources/add-a-data-source/>`_.
572 The data source must be named "Dashboard1".
574 #. Install the `vonage-status-panel and grafana-piechart-panel` plugins using:
578 grafana-cli plugins install vonage-status-panel
579 grafana-cli plugins install grafana-piechart-panel
581 #. Add Dashboards to Grafana:
583 Dashboards can be added to Grafana by importing dashboard JSON files.
584 Use the following command to download the JSON files:
588 wget https://raw.githubusercontent.com/ceph/ceph/main/monitoring/ceph-mixin/dashboards_out/<Dashboard-name>.json
590 You can find various dashboard JSON files `here <https://github.com/ceph/ceph/tree/
591 main/monitoring/ceph-mixin/dashboards_out>`_.
593 For Example, for ceph-cluster overview you can use:
597 wget https://raw.githubusercontent.com/ceph/ceph/main/monitoring/ceph-mixin/dashboards_out/ceph-cluster.json
599 You may also author your own dashboards.
601 #. Configure anonymous mode in ``/etc/grafana/grafana.ini``::
608 In newer versions of Grafana (starting with 6.2.0-beta1) a new setting named
609 ``allow_embedding`` has been introduced. This setting must be explicitly
610 set to ``true`` for the Grafana integration in Ceph Dashboard to work, as the
611 default is ``false``.
616 allow_embedding = true
618 Enabling RBD-Image monitoring
619 """""""""""""""""""""""""""""
621 Monitoring of RBD images is disabled by default, as it can significantly impact
622 performance. For more information please see :ref:`prometheus-rbd-io-statistics`.
623 When disabled, the overview and details dashboards will be empty in Grafana and
624 metrics will not be visible in Prometheus.
626 Configuring Dashboard
627 """""""""""""""""""""
629 After you have set up Grafana and Prometheus, you will need to configure the
630 connection information that the Ceph Dashboard will use to access Grafana.
632 You need to tell the dashboard on which URL the Grafana instance is
637 ceph dashboard set-grafana-api-url <grafana-server-url> # default: ''
639 The format of url is : `<protocol>:<IP-address>:<port>`
643 The Ceph Dashboard embeds Grafana dashboards via ``iframe`` HTML elements.
644 If Grafana is configured without SSL/TLS support, most browsers will block the
645 embedding of insecure content if SSL support is
646 enabled for the dashboard (which is the default). If you
647 can't see the embedded Grafana dashboards after enabling them as outlined
648 above, check your browser's documentation on how to unblock mixed content.
649 Alternatively, consider enabling SSL/TLS support in Grafana.
651 If you are using a self-signed certificate for Grafana,
652 disable certificate verification in the dashboard to avoid refused connections,
653 which can be a result of certificates signed by an unknown CA or that do not
658 ceph dashboard set-grafana-api-ssl-verify False
660 You can also access Grafana directly to monitor your cluster.
664 Ceph Dashboard configuration information can also be unset. For example, to
665 clear the Grafana API URL we configured above:
669 ceph dashboard reset-grafana-api-url
671 Alternative URL for Browsers
672 """"""""""""""""""""""""""""
674 The Ceph Dashboard backend requires the Grafana URL to be able to verify the
675 existence of Grafana Dashboards before the frontend even loads them. Due to the
676 nature of how Grafana is implemented in Ceph Dashboard, this means that two
677 working connections are required in order to be able to see Grafana graphs in
680 - The backend (Ceph Mgr module) needs to verify the existence of the requested
681 graph. If this request succeeds, it lets the frontend know that it can safely
683 - The frontend then requests the Grafana graphs directly from the user's
684 browser using an iframe. The Grafana instance is accessed directly without any
685 detour through Ceph Dashboard.
687 Now, it might be the case that your environment makes it difficult for the
688 user's browser to directly access the URL configured in Ceph Dashboard. To solve
689 this issue, a separate URL can be configured which will solely be used to tell
690 the frontend (the user's browser) which URL it should use to access Grafana.
691 This setting won't ever be changed automatically, unlike the GRAFANA_API_URL
692 which is set by :ref:`cephadm` (only if cephadm is used to deploy monitoring
695 To change the URL that is returned to the frontend issue the following command:
699 ceph dashboard set-grafana-frontend-api-url <grafana-server-url>
701 If no value is set for that option, it will simply fall back to the value of the
702 GRAFANA_API_URL option. If set, it will instruct the browser to use this URL to
705 .. _dashboard-sso-support:
707 Enabling Single Sign-On (SSO)
708 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
710 The Ceph Dashboard supports external authentication of users via the
711 `SAML 2.0 <https://en.wikipedia.org/wiki/SAML_2.0>`_ protocol. You need to
712 first create user accounts and associate them with desired roles, as
713 authorization is performed by the Dashboard. However, the authentication
714 process can be performed by an existing Identity Provider (IdP).
718 Ceph Dashboard SSO support relies on onelogin's
719 `python-saml <https://pypi.org/project/python-saml/>`_ library.
720 Please ensure that this library is installed on your system, either by using
721 your distribution's package management or via Python's `pip` installer.
723 To configure SSO on Ceph Dashboard, you should use the following command:
727 ceph dashboard sso setup saml2 <ceph_dashboard_base_url> <idp_metadata> {<idp_username_attribute>} {<idp_entity_id>} {<sp_x_509_cert>} {<sp_private_key>}
731 * **<ceph_dashboard_base_url>**: Base URL where Ceph Dashboard is accessible (e.g., `https://cephdashboard.local`)
732 * **<idp_metadata>**: URL to remote (`http://`, `https://`) or local (`file://`) path or content of the IdP metadata XML (e.g., `https://myidp/metadata`, `file:///home/myuser/metadata.xml`).
733 * **<idp_username_attribute>** *(optional)*: Attribute that should be used to get the username from the authentication response. Defaults to `uid`.
734 * **<idp_entity_id>** *(optional)*: Use this when more than one entity id exists on the IdP metadata.
735 * **<sp_x_509_cert> / <sp_private_key>** *(optional)*: File path of the certificate that should be used by Ceph Dashboard (Service Provider) for signing and encryption (these file paths should be accessible from the active ceph-mgr instance).
739 The issuer value of SAML requests will follow this pattern: **<ceph_dashboard_base_url>**/auth/saml2/metadata
741 To display the current SAML 2.0 configuration, use the following command:
745 ceph dashboard sso show saml2
749 For more information about `onelogin_settings`, please check the `onelogin documentation <https://github.com/onelogin/python-saml>`_.
755 ceph dashboard sso disable
757 To check if SSO is enabled:
761 ceph dashboard sso status
767 ceph dashboard sso enable saml2
769 .. _dashboard-alerting:
771 Enabling Prometheus Alerting
772 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
774 To use Prometheus for alerting you must define `alerting rules
775 <https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules>`_.
776 These are managed by the `Alertmanager
777 <https://prometheus.io/docs/alerting/alertmanager>`_.
778 If you are not yet using the Alertmanager, `install it
779 <https://github.com/prometheus/alertmanager#install>`_ as it receives
780 and manages alerts from Prometheus.
782 Alertmanager capabilities can be consumed by the dashboard in three different
785 #. Use the notification receiver of the dashboard.
787 #. Use the Prometheus Alertmanager API.
789 #. Use both sources simultaneously.
791 All three methods notify you about alerts. You won't be notified
792 twice if you use both sources, but you need to consume at least the Alertmanager API
793 in order to manage silences.
795 1. Use the notification receiver of the dashboard
797 This allows you to get notifications as `configured
798 <https://prometheus.io/docs/alerting/configuration/>`_ from the Alertmanager.
799 You will get notified inside the dashboard once a notification is send out,
800 but you are not able to manage alerts.
802 Add the dashboard receiver and the new route to your Alertmanager
803 configuration. This should look like::
806 receiver: 'ceph-dashboard'
809 - name: 'ceph-dashboard'
811 - url: '<url-to-dashboard>/api/prometheus_receiver'
814 Ensure that the Alertmanager considers your SSL certificate in terms
815 of the dashboard as valid. For more information about the correct
816 configuration checkout the `<http_config> documentation
817 <https://prometheus.io/docs/alerting/configuration/#%3Chttp_config%3E>`_.
819 2. Use the API of Prometheus and the Alertmanager
821 This allows you to manage alerts and silences and will enable the "Active
822 Alerts", "All Alerts" as well as the "Silences" tabs in the "Monitoring"
823 section of the "Cluster" menu entry.
825 Alerts can be sorted by name, job, severity, state and start time.
826 Unfortunately it's not possible to know when an alert was sent out through a
827 notification by the Alertmanager based on your configuration, that's why the
828 dashboard will notify the user on any visible change to an alert and will
829 notify the changed alert.
831 Silences can be sorted by id, creator, status, start, updated and end time.
832 Silences can be created in various ways, it's also possible to expire them.
834 #. Create from scratch
836 #. Based on a selected alert
838 #. Recreate from expired silence
840 #. Update a silence (which will recreate and expire it (default Alertmanager behaviour))
842 To use it, specify the host and port of the Alertmanager server:
846 ceph dashboard set-alertmanager-api-host <alertmanager-host:port> # default: ''
852 ceph dashboard set-alertmanager-api-host 'http://localhost:9093'
854 To be able to see all configured alerts, you will need to configure the URL to
855 the Prometheus API. Using this API, the UI will also help you in verifying
856 that a new silence will match a corresponding alert.
861 ceph dashboard set-prometheus-api-host <prometheus-host:port> # default: ''
867 ceph dashboard set-prometheus-api-host 'http://localhost:9090'
869 After setting up the hosts, refresh your browser's dashboard window or tab.
873 The behaviors of both methods are configured in a way that they
874 should not disturb each other, through annoying duplicated notifications
877 If you are using a self-signed certificate in your Prometheus or your
878 Alertmanager setup, you should disable certificate verification in the
879 dashboard to avoid refused connections caused by certificates signed by
880 an unknown CA or that do not match the host name.
886 ceph dashboard set-prometheus-api-ssl-verify False
892 ceph dashboard set-alertmanager-api-ssl-verify False
894 .. _dashboard-user-role-management:
896 User and Role Management
897 ------------------------
902 By default the password policy feature is enabled, which includes the
905 - Is the password longer than N characters?
906 - Are the old and new password the same?
908 The password policy feature can be switched on or off completely:
912 ceph dashboard set-pwd-policy-enabled <true|false>
914 The following individual checks can also be switched on or off:
918 ceph dashboard set-pwd-policy-check-length-enabled <true|false>
919 ceph dashboard set-pwd-policy-check-oldpwd-enabled <true|false>
920 ceph dashboard set-pwd-policy-check-username-enabled <true|false>
921 ceph dashboard set-pwd-policy-check-exclusion-list-enabled <true|false>
922 ceph dashboard set-pwd-policy-check-complexity-enabled <true|false>
923 ceph dashboard set-pwd-policy-check-sequential-chars-enabled <true|false>
924 ceph dashboard set-pwd-policy-check-repetitive-chars-enabled <true|false>
926 Additionally the following options are available to configure password
929 - Minimum password length (defaults to 8):
933 ceph dashboard set-pwd-policy-min-length <N>
935 - Minimum password complexity (defaults to 10):
939 ceph dashboard set-pwd-policy-min-complexity <N>
941 Password complexity is calculated by classifying each character in
942 the password. The complexity count starts by 0. A character is rated by
943 the following rules in the given order.
945 - Increase by 1 if the character is a digit.
946 - Increase by 1 if the character is a lower case ASCII character.
947 - Increase by 2 if the character is an upper case ASCII character.
948 - Increase by 3 if the character is a special character like ``!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~``.
949 - Increase by 5 if the character has not been classified by one of the previous rules.
951 - A list of comma separated words that are not allowed to be used in a
956 ceph dashboard set-pwd-policy-exclusion-list <word>[,...]
962 The Ceph Dashboard supports multiple user accounts. Each user account
963 consists of a username, a password (stored in encrypted form using ``bcrypt``),
964 an optional name, and an optional email address.
966 If a new user is created via the Web UI, it is possible to set an option that the
967 user must assign a new password when they log in for the first time.
969 User accounts are stored in the monitors' configuration database, and are
970 available to all ``ceph-mgr`` instances.
972 We provide a set of CLI commands to manage user accounts:
978 ceph dashboard ac-user-show [<username>]
984 ceph dashboard ac-user-create [--enabled] [--force-password] [--pwd_update_required] <username> -i <file-containing-password> [<rolename>] [<name>] [<email>] [<pwd_expiration_date>]
986 To bypass password policy checks use the `force-password` option.
987 Add the option `pwd_update_required` so that a newly created user has
988 to change their password after the first login.
994 ceph dashboard ac-user-delete <username>
1000 ceph dashboard ac-user-set-password [--force-password] <username> -i <file-containing-password>
1002 - *Change Password Hash*:
1006 ceph dashboard ac-user-set-password-hash <username> -i <file-containing-password-hash>
1008 The hash must be a bcrypt hash and salt, e.g. ``$2b$12$Pt3Vq/rDt2y9glTPSV.VFegiLkQeIpddtkhoFetNApYmIJOY8gau2``.
1009 This can be used to import users from an external database.
1011 - *Modify User (name, and email)*:
1015 ceph dashboard ac-user-set-info <username> <name> <email>
1021 ceph dashboard ac-user-disable <username>
1027 ceph dashboard ac-user-enable <username>
1029 User Roles and Permissions
1030 ^^^^^^^^^^^^^^^^^^^^^^^^^^
1032 User accounts are associated with a set of roles that define which
1033 dashboard functionality can be accessed.
1035 The Dashboard functionality/modules are grouped within a *security scope*.
1036 Security scopes are predefined and static. The current available security
1039 - **hosts**: includes all features related to the ``Hosts`` menu
1041 - **config-opt**: includes all features related to management of Ceph
1042 configuration options.
1043 - **pool**: includes all features related to pool management.
1044 - **osd**: includes all features related to OSD management.
1045 - **monitor**: includes all features related to monitor management.
1046 - **rbd-image**: includes all features related to RBD image
1048 - **rbd-mirroring**: includes all features related to RBD mirroring
1050 - **iscsi**: includes all features related to iSCSI management.
1051 - **rgw**: includes all features related to RADOS Gateway (RGW) management.
1052 - **cephfs**: includes all features related to CephFS management.
1053 - **nfs-ganesha**: includes all features related to NFS Ganesha management.
1054 - **manager**: include all features related to Ceph Manager
1056 - **log**: include all features related to Ceph logs management.
1057 - **grafana**: include all features related to Grafana proxy.
1058 - **prometheus**: include all features related to Prometheus alert management.
1059 - **dashboard-settings**: allows to change dashboard settings.
1061 A *role* specifies a set of mappings between a *security scope* and a set of
1062 *permissions*. There are four types of permissions:
1069 See below for an example of a role specification, in the form of a Python dictionary::
1073 'role': 'my_new_role',
1074 'description': 'My new role',
1075 'scopes_permissions': {
1076 'pool': ['read', 'create'],
1077 'rbd-image': ['read', 'create', 'update', 'delete']
1081 The above role dictates that a user has *read* and *create* permissions for
1082 features related to pool management, and has full permissions for
1083 features related to RBD image management.
1085 The Dashboard provides a set of predefined roles that we call
1086 *system roles*, which can be used right away by a fresh Ceph Dashboard
1089 The list of system roles are:
1091 - **administrator**: allows full permissions for all security scopes.
1092 - **read-only**: allows *read* permission for all security scopes except
1094 - **block-manager**: allows full permissions for *rbd-image*,
1095 *rbd-mirroring*, and *iscsi* scopes.
1096 - **rgw-manager**: allows full permissions for the *rgw* scope
1097 - **cluster-manager**: allows full permissions for the *hosts*, *osd*,
1098 *monitor*, *manager*, and *config-opt* scopes.
1099 - **pool-manager**: allows full permissions for the *pool* scope.
1100 - **cephfs-manager**: allows full permissions for the *cephfs* scope.
1102 The list of available roles can be retrieved with the following command:
1106 ceph dashboard ac-role-show [<rolename>]
1108 You can also use the CLI to create new roles. The available commands are the
1115 ceph dashboard ac-role-create <rolename> [<description>]
1121 ceph dashboard ac-role-delete <rolename>
1123 - *Add Scope Permissions to Role*:
1127 ceph dashboard ac-role-add-scope-perms <rolename> <scopename> <permission> [<permission>...]
1129 - *Delete Scope Permission from Role*:
1133 ceph dashboard ac-role-del-scope-perms <rolename> <scopename>
1135 To assign roles to users, the following commands are available:
1141 ceph dashboard ac-user-set-roles <username> <rolename> [<rolename>...]
1143 - *Add Roles To User*:
1147 ceph dashboard ac-user-add-roles <username> <rolename> [<rolename>...]
1149 - *Delete Roles from User*:
1153 ceph dashboard ac-user-del-roles <username> <rolename> [<rolename>...]
1156 Example of User and Custom Role Creation
1157 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1159 In this section we show a complete example of the commands that
1160 create a user account that can manage RBD images, view and create Ceph pools,
1161 and has read-only access to other scopes.
1163 1. *Create the user*:
1167 ceph dashboard ac-user-create bob -i <file-containing-password>
1169 2. *Create role and specify scope permissions*:
1173 ceph dashboard ac-role-create rbd/pool-manager
1174 ceph dashboard ac-role-add-scope-perms rbd/pool-manager rbd-image read create update delete
1175 ceph dashboard ac-role-add-scope-perms rbd/pool-manager pool read create
1177 3. *Associate roles to user*:
1181 ceph dashboard ac-user-set-roles bob rbd/pool-manager read-only
1183 .. _dashboard-proxy-configuration:
1188 In a Ceph cluster with multiple ``ceph-mgr`` instances, only the dashboard
1189 running on the currently active ``ceph-mgr`` daemon will serve incoming requests.
1190 Connections to the dashboard's TCP port on standby ``ceph-mgr`` instances
1191 will receive an HTTP redirect (303) to the active manager's dashboard URL.
1192 This enables you to point your browser to any ``ceph-mgr`` instance in
1193 order to access the dashboard.
1195 If you want to establish a fixed URL to reach the dashboard or if you don't want
1196 to allow direct connections to the manager nodes, you could set up a proxy that
1197 automatically forwards incoming requests to the active ``ceph-mgr``
1200 Configuring a URL Prefix
1201 ^^^^^^^^^^^^^^^^^^^^^^^^
1203 If you are accessing the dashboard via a reverse proxy,
1204 you may wish to service it under a URL prefix. To get the dashboard
1205 to use hyperlinks that include your prefix, you can set the
1206 ``url_prefix`` setting:
1210 ceph config set mgr mgr/dashboard/url_prefix $PREFIX
1212 so you can access the dashboard at ``http://$IP:$PORT/$PREFIX/``.
1214 Disable the redirection
1215 ^^^^^^^^^^^^^^^^^^^^^^^
1217 If the dashboard is behind a load-balancing proxy like `HAProxy <https://www.haproxy.org/>`_
1218 you might want to disable redirection to prevent situations in which
1219 internal (unresolvable) URLs are published to the frontend client. Use the
1220 following command to get the dashboard to respond with an HTTP error (500 by default)
1221 instead of redirecting to the active dashboard:
1225 ceph config set mgr mgr/dashboard/standby_behaviour "error"
1227 To reset the setting to default redirection, use the following command:
1231 ceph config set mgr mgr/dashboard/standby_behaviour "redirect"
1233 Configure the error status code
1234 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1236 When redirection is disabled, you may want to customize the HTTP status
1237 code of standby dashboards. To do so you need to run the command:
1241 ceph config set mgr mgr/dashboard/standby_error_status_code 503
1243 Resolve IP address to hostname before redirect
1244 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1246 The redirect from a standby to the active dashboard is done via the IP
1247 address. This is done because resolving IP addresses to hostnames can be error
1248 prone in containerized environments. It is also the reason why the option is
1249 disabled by default.
1250 However, in some situations it might be helpful to redirect via the hostname.
1251 For example if the configured TLS certificate matches only the hostnames. To
1252 activate the redirection via the hostname run the following command::
1254 $ ceph config set mgr mgr/dashboard/redirect_resolve_ip_addr True
1256 You can disable it again by::
1258 $ ceph config set mgr mgr/dashboard/redirect_resolve_ip_addr False
1260 HAProxy example configuration
1261 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1263 Below you will find an example configuration for SSL/TLS passthrough using
1264 `HAProxy <https://www.haproxy.org/>`_.
1266 Please note that this configuration works under the following conditions.
1267 If the dashboard fails over, the front-end client might receive a HTTP redirect
1268 (303) response and will be redirected to an unresolvable host. This happens when
1269 failover occurs between two HAProxy health checks. In this situation the
1270 previously active dashboard node will now respond with a 303 which points to
1271 the new active node. To prevent that situation you should consider disabling
1272 redirection on standby nodes.
1278 option log-health-checks
1283 frontend dashboard_front
1287 redirect scheme https code 301 if !{ ssl_fc }
1289 frontend dashboard_front_ssl
1293 default_backend dashboard_back_ssl
1295 backend dashboard_back_ssl
1297 option httpchk GET /
1298 http-check expect status 200
1299 server x <HOST>:<PORT> ssl check verify none
1300 server y <HOST>:<PORT> ssl check verify none
1301 server z <HOST>:<PORT> ssl check verify none
1303 .. _dashboard-auditing:
1305 Auditing API Requests
1306 ---------------------
1308 The REST API can log PUT, POST and DELETE requests to the Ceph
1309 audit log. This feature is disabled by default, but can be enabled with the
1314 ceph dashboard set-audit-api-enabled <true|false>
1316 If enabled, the following parameters are logged per each request:
1318 * from - The origin of the request, e.g. https://[::1]:44410
1319 * path - The REST API path, e.g. /api/auth
1320 * method - e.g. PUT, POST or DELETE
1321 * user - The name of the user, otherwise 'None'
1323 The logging of the request payload (the arguments and their values) is enabled
1324 by default. Execute the following command to disable this behaviour:
1328 ceph dashboard set-audit-api-log-payload <true|false>
1330 A log entry may look like this::
1332 2018-10-22 15:27:01.302514 mgr.x [INF] [DASHBOARD] from='https://[::ffff:127.0.0.1]:37022' path='/api/rgw/user/klaus' method='PUT' user='admin' params='{"max_buckets": "1000", "display_name": "Klaus Mustermann", "uid": "klaus", "suspended": "0", "email": "klaus.mustermann@ceph.com"}'
1334 .. _dashboard-nfs-ganesha-management:
1336 NFS-Ganesha Management
1337 ----------------------
1339 The dashboard requires enabling the NFS module which will be used to manage
1340 NFS clusters and NFS exports. For more information check :ref:`mgr-nfs`.
1345 Plug-ins extend the functionality of the Ceph Dashboard in a modular
1346 and loosely coupled fashion.
1348 .. _Grafana: https://grafana.com/
1350 .. include:: dashboard_plugins/feature_toggles.inc.rst
1351 .. include:: dashboard_plugins/debug.inc.rst
1352 .. include:: dashboard_plugins/motd.inc.rst
1355 Troubleshooting the Dashboard
1356 -----------------------------
1358 Locating the Dashboard
1359 ^^^^^^^^^^^^^^^^^^^^^^
1361 If you are unsure of the location of the Ceph Dashboard, run the following command:
1365 ceph mgr services | jq .dashboard
1371 The command returns the URL where the Ceph Dashboard is located: ``https://<host>:<port>/``
1375 Many Ceph tools return results in JSON format. We suggest that
1376 you install the `jq <https://stedolan.github.io/jq>`_ command-line
1377 utility to facilitate working with JSON data.
1380 Accessing the Dashboard
1381 ^^^^^^^^^^^^^^^^^^^^^^^
1383 If you are unable to access the Ceph Dashboard, run the following
1386 #. Verify the Ceph Dashboard module is enabled:
1390 ceph mgr module ls | jq .enabled_modules
1392 Ensure the Ceph Dashboard module is listed in the return value of the
1393 command. Example snipped output from the command above::
1401 #. If it is not listed, activate the module with the following command:
1405 ceph mgr module enable dashboard
1407 #. Check the Ceph Dashboard and/or ``ceph-mgr`` log files for any errors.
1409 * Check if ``ceph-mgr`` log messages are written to a file by:
1413 ceph config get mgr log_to_file
1419 * Get the location of the log file (it's ``/var/log/ceph/<cluster-name>-<daemon-name>.log``
1424 ceph config get mgr log_file
1428 /var/log/ceph/$cluster-$name.log
1430 #. Ensure the SSL/TSL support is configured properly:
1432 * Check if the SSL/TSL support is enabled:
1436 ceph config get mgr mgr/dashboard/ssl
1438 * If the command returns ``true``, verify a certificate exists by:
1442 ceph config-key get mgr/dashboard/crt
1448 ceph config-key get mgr/dashboard/key
1450 * If it doesn't return ``true``, run the following command to generate a self-signed
1451 certificate or follow the instructions outlined in
1452 :ref:`dashboard-ssl-tls-support`:
1456 ceph dashboard create-self-signed-cert
1459 Trouble Logging into the Dashboard
1460 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1462 If you are unable to log into the Ceph Dashboard and you receive the following
1463 error, run through the procedural checks below:
1465 .. image:: ../images/dashboard/invalid-credentials.png
1468 #. Check that your user credentials are correct. If you are seeing the
1469 notification message above when trying to log into the Ceph Dashboard, it
1470 is likely you are using the wrong credentials. Double check your username
1471 and password, and ensure that your keyboard's caps lock is not enabled by accident.
1473 #. If your user credentials are correct, but you are experiencing the same
1474 error, check that the user account exists:
1478 ceph dashboard ac-user-show <username>
1480 This command returns your user data. If the user does not exist, it will
1483 Error ENOENT: User <username> does not exist
1485 #. Check if the user is enabled:
1489 ceph dashboard ac-user-show <username> | jq .enabled
1495 Check if ``enabled`` is set to ``true`` for your user. If not the user is
1500 ceph dashboard ac-user-enable <username>
1502 Please see :ref:`dashboard-user-role-management` for more information.
1505 A Dashboard Feature is Not Working
1506 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1508 When an error occurs on the backend, you will usually receive an error
1509 notification on the frontend. Run through the following scenarios to debug.
1511 #. Check the Ceph Dashboard and ``ceph-mgr`` logfile(s) for any errors. These can
1512 found by searching for keywords, such as *500 Internal Server Error*,
1513 followed by ``traceback``. The end of a traceback contains more details about
1514 what exact error occurred.
1515 #. Check your web browser's JavaScript Console for any errors.
1521 Dashboard Debug Flag
1522 """"""""""""""""""""
1524 With this flag enabled, error traceback is included in backend responses.
1526 To enable this flag via the Ceph Dashboard, navigate from *Cluster* to *Manager
1527 modules*. Select *Dashboard module* and click the edit button. Click the
1528 *debug* checkbox and update.
1530 To enable it via the CLI, run the following command:
1534 ceph dashboard debug enable
1537 Setting Logging Level of Dashboard Module
1538 """""""""""""""""""""""""""""""""""""""""
1540 Setting the logging level to debug makes the log more verbose and helpful for
1543 #. Increase the logging level of manager daemons:
1547 ceph tell mgr config set debug_mgr 20
1549 #. Adjust the logging level of the Ceph Dashboard module via the Dashboard or
1552 * Navigate from *Cluster* to *Manager modules*. Select *Dashboard module*
1553 and click the edit button. Modify the ``log_level`` configuration.
1554 * To adjust it via the CLI, run the following command:
1558 bin/ceph config set mgr mgr/dashboard/log_level debug
1560 3. High log levels can result in considerable log volume, which can
1561 easily fill up your filesystem. Set a calendar reminder for an hour, a day,
1562 or a week in the future to revert this temporary logging increase. This looks
1563 something like this:
1572 --- 11 --- 2020-11-07 11:11:11.960659 --- mgr.x/dashboard/log_level = debug ---
1577 ceph config reset 11
1579 .. _centralized-logging:
1581 Enable Centralized Logging in Dashboard
1582 """""""""""""""""""""""""""""""""""""""
1584 To learn more about centralized logging, see :ref:`cephadm-monitoring-centralized-logs`
1586 1. Create the Loki service on any particular host using "Create Services" option.
1588 2. Similarly create the Promtail service which will be by default deployed
1589 on all the running hosts.
1591 3. To see debug-level messages as well as info-level events, run the following command via CLI:
1595 ceph config set mgr mgr/cephadm/log_to_cluster_level debug
1597 4. To enable logging to files, run the following commands via CLI:
1601 ceph config set global log_to_file true
1602 ceph config set global mon_cluster_log_to_file true
1604 5. Click on the Daemon Logs tab under Cluster -> Logs.
1606 6. You can find some pre-defined labels there on clicking the Log browser button such as filename,
1607 job etc that can help you query the logs at one go.
1609 7. You can query the logs with LogQL for advanced search and perform some
1610 calculations as well - https://grafana.com/docs/loki/latest/logql/.
1613 Reporting issues from Dashboard
1614 """""""""""""""""""""""""""""""
1616 Ceph-Dashboard provides two ways to create an issue in the Ceph Issue Tracker,
1617 either using the Ceph command line interface or by using the Ceph Dashboard
1620 To create an issue in the Ceph Issue Tracker, a user needs to have an account
1621 on the issue tracker. Under the ``my account`` tab in the Ceph Issue Tracker,
1622 the user can see their API access key. This key is used for authentication
1623 when creating a new issue. To store the Ceph API access key, in the CLI run:
1627 ``ceph dashboard set-issue-tracker-api-key -i <file-containing-key>``
1629 Then on successful update, you can create an issue using:
1633 ``ceph dashboard create issue <project> <tracker_type> <subject> <description>``
1635 The available projects to create an issue on are:
1645 The available tracker types are:
1649 The subject and description are then set by the user.
1651 The user can also create an issue using the Dashboard user interface. The settings
1652 icon drop down menu on the top right of the navigation bar has the option to
1653 ``Raise an issue``. On clicking it, a modal dialog opens that has the option to
1654 select the project and tracker from their respective drop down menus. The subject
1655 and multiline description are added by the user. The user can then submit the issue.