Closed slapcat closed 5 months ago
At first glance this is odd, because the alertmanager rock has root certs.
After installing curl
in the alertmanager workload container, curl https://charmhub.io
(an https) works fine without --insecure
.
Also, both of the following pass verification too from within the workload container:
echo | openssl s_client -strict -verify_return_error -connect charmhub.io:443 || echo "failed"
echo | openssl s_client -strict -verify_return_error -connect app.datadoghq.eu:443 || echo "failed"
According to user accounts (1, 2), alertmanager should be able to talk over TLS.
@slapcat, would you be able to confirm that:
The image in use indeed has certs in place?
$ juju ssh --container alertmanager am/0 ls -1 /etc/ssl/certs/ | wc -l
275
Cert validation works from within the workload container?
$ juju ssh --container alertmanager am/0 bash -c "echo | openssl s_client -strict -verify_return_error -connect app.datadoghq.eu:443" | grep -i verif
verify return:1
verify return:1
verify return:1
Verification: OK
Verify return code: 0 (ok)
Which revision of alertmanager is in use? juju status --format=json | jq '.applications.am."charm-rev"'
Ok from you env I see alertmanager 0.25, charm-rev 96.
@slapcat would you be able to try with a newer revision? The current stable is rev106 and should include the certs fix.
@lucabello will soon start the charm promotion train so there should be an even newer stable
soon.
Closing for now. Feel free to reopen if this shows up in rev106 or newer!
That fixed it, thanks!
Bug Description
When using the datadog receiver, it returns an error about unrecognized certificate authority:
To Reproduce
juju deploy cos-lite --trust
juju config alertmanager config_file="@/home/ubuntu/alertmanager.yml"
kubectl logs -n cos alertmanager-0 -c alertmanager
Environment
Relevant log output
Additional context
No response