mrsiano / openshift-grafana Goto Github PK
View Code? Open in Web Editor NEWGrafana instance, which use OAuth token for OpenShift. :bar_chart: :bar_chart: :bar_chart:
Grafana instance, which use OAuth token for OpenShift. :bar_chart: :bar_chart: :bar_chart:
First of all I want to say thank you for nice blog https://blog.openshift.com/prometheus-alerts-on-openshift
I just followed above blog and deployed entire things successfully.
After that I created new "demouser" user in openshift and given permission (policy) as read only for grafana project for listing pod,svc,route.
Through console & CLI user able to do all activity as per policy and user can go to dashboard also.
But problem is that policy (read) is applied in openshift not in Grafana as a result user able to modify the dash board and others.
What I am looking user should NOT do any modification in grafana dashboard or anything on GUI.
So user should also be as read only similar like openshift.
If I create a pod/container based on the docker image "mrsiano/grafana-ocp" the log files grafana.log in the folder "/root/go/src/github.com/grafana/data/log" is empty. Do I look in the correct spot or is it possible to increase the log granularity?
In order extend grafana's base setup, it would be great to be able to add plugins in buildtime and runtime using grafana-cli
.
[1] http://docs.grafana.org/plugins/installation/#grafana-cli-commands
Following this...
https://blog.openshift.com/prometheus-alerts-on-openshift/
Ran into this...
[chernand@chernand grafana-ocp]$ ./setup-grafana.sh prometheus-ocp openshift-metrics true
USAGE
setup-grafana.sh -n <datasource_name> -a [optional: -p <prometheus_namespace> -s <prometheus_serviceaccount> -g <graph_granularity> -y <yaml> -e]
switches:
-n: grafana datasource name
-s: prometheus serviceaccount name
-p: existing prometheus name e.g openshift-metrics
-g: specifiy granularity
-y: specifies the grafana yaml
-a: deploy oauth proxy for grafana - otherwise skip it (for preconfigured deployment)
-e: deploy node exporter
note:
- the project must have view permissions for kube-system
- the script allow to use high granularity by adding '30s' arg, but it needs tuned scrape prometheus
Is there a way to update grafana version on grafana-ocp? The current version is v4.7.0-pre1. I would like to use 5.2.1.
i use ansible-playbook deploy the prometheus from https://github.com/openshift/openshift-ansible/tree/release-3.7/roles/openshift_prometheus , and i use yours dashboard template, there just Display partial data???
Setting
[external_image_storage]
provider = local
Resulting in Phantomjs exiting with exitcode 127
t=2018-07-05T10:50:10+0000 lvl=info msg=Rendering logger=rendering path="d-solo/000000006/monitoring?panelId=11"
t=2018-07-05T10:50:10+0000 lvl=eror msg="Phantomjs exited with non zero exit code" logger=rendering error="exit status 127"
t=2018-07-05T10:50:10+0000 lvl=eror msg="Failed to upload alert panel image." logger=alerting.notifier error="exit status 127"
According to this:
ariya/phantomjs#13597
The build might be missing libfreetype6 and libfontconfig
It will be go if you provide install document for openshift 3.11.
hello.
have you tried to configure Grafana Oauth to work with OpenShift as an Oauth provider, essentially removing the need for the oauth-proxy?
It would be useful to enable the oauth pass through feature for the Prometheus data source.
Hi,
now we use a custom docker image with grafana (now 5.2.1 version) rhel 7 based.
For access to a Openshift Prometheus (rel 3.9) we use a simple ambassador container written in go and inserted into grafana pod.
it expose a 9090 port and forward autenticate call to real a Prometheus.
Have you plan to create a separate ds_plugin for prometheus with OAuth ?
hi @mrsiano this seems like a really great tool and I would be interested in trying it out. is it possible for you to attach a license (eg. Apache 2 or MIT) to this repo/project?
It seems that provisioning is not working in this Grafana version.
I tried the latest Grafana version; which shows in the log: lvl=info msg="Path Provisioning" logger=settings path=/root/go/src/github.com/grafana/grafana/provisioning
This ini setting is not recognised in the 4.7pre1 version you built.
Can you update the forked grafana repo of help me in modifying the newest version to use OAuth?
Warning: Couldn't read data from file "./node-exporter-full-dashboard.json",
Hi,
I'm using the latest version of your Grafana image in my OpenShift cluster. Some of Grafana HTTP API endpoints requires basic auth enabled in Grafana configuration - f.e. GET /api/users. After enabling it I'm not able to log in into Grafana using web browser anymore - after Oauth Proxy authentication page I'm getting:
"{"message":"Invalid username or password"}"
on Grafana side. However, both basic and bearer authentication is working using curl:
curl -H "Authorization: Basic YWRtaW46YjdBR1VCNndqQm5E" https://grafana-grafana-test.apps.cluster.com/api/users -k
[{"id":1,"name":"","login":"admin","email":"admin@localhost","avatarUrl":"/public/img/user_profile.png","isAdmin":true,"lastSeenAt":"2018-08-07T09:09:29Z","lastSeenAtAge":"\u003c 1m"},{"id":2,"name":"","login":"test","email":"[email protected]","avatarUrl":"/public/img/user_profile.png","isAdmin":false,"lastSeenAt":"2018-08-03T14:15:39Z","lastSeenAtAge":"3d"}]
curl -H "Authorization: Bearer eyJrIjoic3JJVlpUdWhDVk1QMmtkc3FUeGs0YXJOT0hTbjRvcXkiLCJuIjoicmFkZWsiLCJpZCI6MX0=" https://grafana-grafana-test.apps.cluster.com/api/dashboards/home -k
{"meta":{"isHome":true,"canSave":false,"canEdit":false,"canAdmin":false,"canStar":false,"slug":"","url":"","expires":"0001-01-01T00:00:00Z","created":"0001-01-01T00:00:00Z","updated":"0001-01-01T00:00:00Z","updatedBy":"","createdBy":"","version":0,"hasAcl":false,"isFolder":false,"folderId":0,"folderTitle":"General","folderUrl":"","provisioned":false},"dashboard":{"annotations":{"list":[]},"editable":true,"folderId":null,"gnetId":null,"graphTooltip":0,"hideControls":true,"id":null,"links":[],"panels":[{"content":"\u003cdiv class=\"text-center dashboard-header\"\u003e\n \u003cspan\u003eHome Dashboard\u003c/span\u003e\n\u003c/div\u003e","editable":true,"gridPos":{"h":3,"w":24,"x":0,"y":0},"id":1,"links":[],"mode":"html","style":{},"title":"","transparent":true,"type":"text"},{"folderId":0,"gridPos":{"h":17,"w":12,"x":0,"y":6},"headings":true,"id":3,"limit":4,"links":[],"query":"","recent":true,"search":false,"starred":true,"tags":[],"title":"","transparent":false,"type":"dashlist"},{"editable":true,"error":false,"gridPos":{"h":17,"w":12,"x":12,"y":6},"id":4,"links":[],"title":"","transparent":false,"type":"pluginlist"}],"rows":[],"schemaVersion":16,"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":"now-6h","to":"now"},"timepicker":{"hidden":true,"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"],"type":"timepicker"},"timezone":"browser","title":"Home","version":0}}
Do you know where is the issue? I've been testing it with OAuth Proxy v3.7 and v3.10 but with no luck. Is there something misconfigured in my setup? Below is my Grafana auth and OAuth Proxy configuration:
- '-https-address=:8443'
- '-http-address='
- '-email-domain=*'
- '-client-id=system:serviceaccount:grafana-test:grafana'
- '-upstream=http://localhost:3000'
- '-tls-cert=/etc/tls/private/tls.crt'
- '-tls-key=/etc/tls/private/tls.key'
- >-
-client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- '-cookie-secret-file=/etc/proxy/secrets/session_secret'
- '-skip-auth-regex=^/(metrics|api)'
- '-pass-user-bearer-token'
- '-pass-basic-auth'
image: 'openshift3/oauth-proxy:v3.10'
#################################### Users ####################################
[users]
# disable user signup / registration
allow_sign_up = false
# Allow non admin users to create organizations
allow_org_create = false
# Set to true to automatically assign new users to the default organization (id 1)
auto_assign_org = true
# Default role new users will be automatically assigned (if auto_assign_org above is set to true)
auto_assign_org_role = Viewer
# Require email validation before sign up completes
verify_email_enabled = false
# Background text for the user field on the login page
login_hint = email or username
# Default UI theme ("dark" or "light")
default_theme = dark
# External user management
external_manage_link_url =
external_manage_link_name =
external_manage_info =
[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth
disable_login_form = false
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy
disable_signout_menu = false
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
enabled = false
# specify organization name that should be used for unauthenticated users
org_name = Org
# specify role for unauthenticated users
org_role = Viewer
#################################### Basic Auth ##########################
[auth.basic]
enabled = true
#################################### Auth Proxy ##########################
[auth.proxy]
enabled = true
header_name = X-Forwarded-User
header_property = username
auto_sign_up = true
ldap_sync_ttl = 60
whitelist =
#################################### Auth LDAP ###########################
[auth.ldap]
enabled = false
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
Your help is greatly appreciated :)
Hello,
Before anything thanks for making this grafana build for openshift.
My problem is that I can't connect the newest grafana image to openshift prometheus for the moment.
Prom-proxy container in prometheus keeps spaming the following logs
2018/05/31 13:14:21 oauthproxy.go:657: 10.129.0.1:51024 Cookie "_oauth_proxy" not present
2018/05/31 13:14:21 provider.go:345: authorizer reason: User "system:anonymous" cannot get namespaces in project "openshift-metrics"
In the previous version with image ocp-mrsiano I connect it via token, but now that token is missing.
I tried using tls-client auth with prometheus-tls key and cert but I didn't solve the problem.
I tried clear installation with the following ansible variables. But The prometheus couldn't connect again.
openshift_grafana_pvc_pv_selector=None
openshift_grafana_storage_type=pvc
openshift_grafana_sc_name=glusterfs-storage
openshift_grafana_pvc_size=2Gi
openshift_grafana_node_selector={'region':'infra'}
openshift_grafana_image=mrsiano/openshift-grafana:5.2.0
openshift_grafana_proxy_image=openshift/oauth-proxy:v1.0.0
I've tried many combinations with secrets in openshift-metrics namespaces and username and password and it won't work.
Any help will be appreciated.
Thanks,
Best Regards,
Martin
in ````setup-grafana.sh, it creates the application and then checks the status of the pod. However it is expecting to be in the grafana project namespace. This is not the case since it uses
create namespace``` instead ```create project```. As a result, the script waits forever unless you manually intervene with ```oc project grafana```.
Maybe change create namespace
to create project
?
I'm testing with minishift on 3.6
grafana-ocp.yaml fails to deploy the container in OpenShift, as it fails on pulling the image from DockerHub.
Seems that the template is configured to pull this image "mrsiano/openshift-grafana:latest", but the "latest" tag seems to be missing in DockerHub: https://hub.docker.com/r/mrsiano/openshift-grafana/tags/
Changing the version to 5.2.0 fixed the problem.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.