alertmanager: allow disable dashboard tls verify

When using self-signed/untrusted CA certificates, alertmanager displays
an error in logs. With this commit this should make those messages
disappear.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1936299

Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com>

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 9f77b929d1)
pull/6756/head
Dimitri Savineau 2021-07-23 10:27:55 -04:00 committed by Dimitri Savineau
parent ebc961f7ff
commit d0a122e296
4 changed files with 8 additions and 0 deletions

View File

@ -722,6 +722,7 @@ dummy:
#alertmanager_port: 9093
#alertmanager_cluster_port: 9094
#alertmanager_conf_overrides: {}
#alertmanager_dashboard_api_no_ssl_verify: "{{ true if dashboard_protocol == 'https' and not dashboard_crt and not dashboard_key else false }}"
# igw
#
# `igw_network` variable is intended for allowing dashboard deployment with iSCSI node not residing in the same subnet than what is defined in `public_network`.

View File

@ -722,6 +722,7 @@ alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alert
#alertmanager_port: 9093
#alertmanager_cluster_port: 9094
#alertmanager_conf_overrides: {}
#alertmanager_dashboard_api_no_ssl_verify: "{{ true if dashboard_protocol == 'https' and not dashboard_crt and not dashboard_key else false }}"
# igw
#
# `igw_network` variable is intended for allowing dashboard deployment with iSCSI node not residing in the same subnet than what is defined in `public_network`.

View File

@ -714,6 +714,7 @@ alertmanager_conf_dir: /etc/alertmanager
alertmanager_port: 9093
alertmanager_cluster_port: 9094
alertmanager_conf_overrides: {}
alertmanager_dashboard_api_no_ssl_verify: "{{ true if dashboard_protocol == 'https' and not dashboard_crt and not dashboard_key else false }}"
# igw
#
# `igw_network` variable is intended for allowing dashboard deployment with iSCSI node not residing in the same subnet than what is defined in `public_network`.

View File

@ -12,4 +12,9 @@ receivers:
webhook_configs:
{% for host in groups['mgrs'] | default(groups['mons']) %}
- url: '{{ dashboard_protocol }}://{{ hostvars[host]['ansible_facts']['fqdn'] }}:{{ dashboard_port }}/api/prometheus_receiver'
{% if dashboard_protocol == 'https' and alertmanager_dashboard_api_no_ssl_verify | bool %}
http_config:
tls_config:
insecure_skip_verify: true
{% endif %}
{% endfor %}