Our CTO wants us to move to the latest version of Ceph (aka squid), but with the number of bugs around encryption and stability, it pretty much prevents us from moving forward as we rely at least 95% of it for our government business needs.
Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Sake Ceph <c...@paulusma.eu> Sent: Tuesday, May 6, 2025 5:10:24 AM To: Nizamudeen A <n...@redhat.com> Cc: ceph-users@ceph.io <ceph-users@ceph.io> Subject: [ceph-users] Re: Grafana vulnerability - cephadm deployment This is an external email. Please take care when clicking links or opening attachments. When in doubt, check with the Help Desk or Security. A little late response, I had some time off. Thank you for updating the monitoring stack. I understand you can't always backport everything, but good to hear you're considering it! > Op 29-04-2025 06:57 CEST schreef Nizamudeen A <n...@redhat.com>: > > > Good point, we are still on v2 of prometheus > (https://github.com/ceph/ceph/blob/main/src/python-common/ceph/cephadm/images.py#L27) > (2.51.0) and I see v3 (https://github.com/prometheus/prometheus/releases) is > there so a bump is needed there. We will take care of it along with the other > dependent ones. > > As for loki and promtail, we are moving away from promtail and going to use > alloy (https://github.com/ceph/ceph/pull/62960), since promtail is officially > deprecated by grafana. Once the migration is done we will bump loki and test > them together. > > I am not sure if we will backport the alloy thing to squid (could break > stuffs), but we can say more when we test it. > > And as for grafana it'll be 11.6.0 which is what we will use: > https://github.com/ceph/ceph/pull/62827 > > Regards, > Nizam > > > On Fri, Apr 25, 2025 at 8:37 PM Sake Ceph <c...@paulusma.eu> wrote: > > This thread is only about Grafana, but what about the other services like > > Prometheus, Loki, Promtail, alertmanager or node-exporter? > > > > > Op 19-04-2025 15:18 CEST schreef Daniel Brown > > <daniel.h.brown@thermify.cloud>: > > > > > > > > > FWIW - Grafana 12 is going to be GA soon. 11.6 or later is probably > > where you want to target for “stable” releases for the moment. > > > > > > > > > -- > > > Dan Brown > > > > > > > On Apr 18, 2025, at 10:47, Sake Ceph <c...@paulusma.eu> wrote: > > > > > > > > Really great you moved to the default grafana image and moving the > > customization to cephadm. This makes upgrading indeed easier. > > > > > > > > The problem is that Grafana has a stranger release cycle and therefor > > not really compatible with release cycle of Ceph. This would mean one or > > two update(s) of the supported Grafana minor version. And maybe with every > > Ceph release, update to the latest bugfix release? > > > > I guess a bugfix version should always work with the same minor > > version of Grafana. The user can configure this via the provided tools for > > setting custom images. > > > > > > > > We're only talking about Grafana, but this applicable for all the > > extra container images. > > > > > > > > Thank you for all the hard work you're doing for the project! These > > are just my 2 cents :D > > > > > > > > Kind regards, > > > > Sake > > > >> Op 17-04-2025 19:43 CEST schreef Nizamudeen A <n...@redhat.com>: > > > >> > > > >> > > > >> We deprecated [1] the use of quay.io/ceph/ (http://quay.io/ceph/) > > (http://quay.io/ceph/)ceph-grafana images from squid onwards due to the > > pain of building and maintaining those images by ourselves. The main reason > > > >> we were building a custom grafana image was to bundle the grafana > > dashboards and plugins inside the official grafana image. > > > >> > > > >> But with https://github.com/ceph/ceph/pull/55615, we offloaded that > > to cephadm at runtime which removed the burden of building and maintaining > > it which is why > > > >> we are using the quay.io/ceph/ (http://quay.io/ceph/) > > (http://quay.io/ceph/)grafanaimage and its simply a mirror from the docker > > registry. And we are upgrading the grafana to 11.x in tentacle which is in > > progress > > > >> by @Afreen Misbah here: https://github.com/ceph/ceph/pull/62827. > > > >> > > > >> We have two options for reef since we are still supporting reef > > actively. > > > >> 1. we can try and see if backporting that PR is possible, last time I > > couldn't because of cephadm binary differences but I could look again > > > >> 2. Just tag and continue to build a newer ceph-grafana:10.4.x image > > in quay. Once the image is there anyone can just go ahead and use it by > > updating the container image config. > > > >> > > > >> Will check both of them next week after the holidays. > > > >> > > > >> [1] https://docs.ceph.com/en/latest/releases/squid/#monitoring > > > >> > > > >> Regards, > > > >> Nizam > > > >> > > > >> > > > >>> On Thu, Apr 17, 2025 at 7:43 PM Sake Ceph <c...@paulusma.eu> wrote: > > > >>> Squid is already on 10.4.0 and it looks like it using the default > > grafana container images (correct?). > > > >>> > > https://github.com/ceph/ceph/blob/squid/src/cephadm/cephadmlib/constants.py > > > >>> > > > >>> I couldn't find any issues, but the company really doesn't like old > > software with know issues :) > > > >>> > > > > _______________________________________________ > > > > ceph-users mailing list -- ceph-users@ceph.io > > > > To unsubscribe send an email to ceph-users-le...@ceph.io > > > _______________________________________________ > > > ceph-users mailing list -- ceph-users@ceph.io > > > To unsubscribe send an email to ceph-users-le...@ceph.io > > _______________________________________________ > > ceph-users mailing list -- ceph-users@ceph.io > > To unsubscribe send an email to ceph-users-le...@ceph.io > > > > > -- > > Nizamudeen A > Sr. Software Engineer - IBM > Partner Engineer > > IBM and Red Hat Ceph Storage > Red Hat (https://www.redhat.com/) > > https://www.redhat.com/ _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io This message and its attachments are from Data Dimensions and are intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and permanently delete the original email and destroy any copies or printouts of this email as well as any attachments. _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
