Dear all,
It seems that by default the grafana web page embedded inside the ceph dashboard is
publicly available in read-only mode. More specifically the grafana configuration inside
the docker running the grafana instance has the following configuration file
(/usr/share/ceph/mgr/cephadm/templates/services/grafana/grafana.ini.j2)
[auth.anonymous]
enabled = true
org_name = 'Main Org.'
org_role = 'Viewer'
Do you think that this might be a security concern? Is there a way to enforce
authentication also for the read-only mode? I wasn't able to find any documentation on
how to configure grafana. The only thing I found which might be related to this issue is
the following:
https://tracker.ceph.com/issues/45372.
Regards,
Alessandro Piazza