-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change user org in Grafana #4
Change user org in Grafana #4
Conversation
Please add |
I could not create default database and dashboard for user who is configured by
As far as I checked the log, 'if block' in here (https://github.com/matrixik/monasca-docker/blob/fed1abee6e5be296f260970aad18864ede33a7e6/grafana-init/grafana.py#L181) is not executed because |
In You can get more logs from |
One more question: did you rebuild |
|
What you mean by |
It must be fixed on master first. |
I also would like to add default datasource for |
Oh... I forgot to create image.
|
Looks good for me. |
I assumed that
And assumed that But |
Done |
Are you sure that
is admin user with all privileges? When you login with this credentials in browser are you able to manage other users? |
@haruki-yamanashi I uploaded new change that will use proper Grafana admin user now. I found out that when user configured in Grafana and Keystone have same names they will clash and this user is loosing admin rights. |
docker-compose-metric.yml
Outdated
@@ -217,8 +217,8 @@ services: | |||
hostname: docker-host | |||
image: fest/grafana-init:${MON_GRAFANA_INIT_VERSION} | |||
environment: | |||
GRAFANA_ADMIN_USERNAME: ${MON_KEYSTONE_ADMIN_USER} | |||
GRAFANA_ADMIN_PASSWORD: ${MON_KEYSTONE_ADMIN_PASSWORD} | |||
GRAFANA_ADMIN_USERNAME: ${MON_GRAFANA_ADMIN_USER} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it necessary to login as grafana-admin
in here? (https://github.com/matrixik/monasca-docker/blob/fix/grafana-org/grafana-init/grafana.py#L164)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, to change user organisation Grafana need to use user with admin privileges, not Keystone admin user.
Yes, Grafana admin user, |
I checked default dashboard and datasource is created for |
grafana-init/grafana.py
Outdated
GRAFANA_USERS = [{'user': GRAFANA_USERNAME, 'password': GRAFANA_PASSWORD, 'email': ''}] | ||
GRAFANA_ADMIN_USERNAME = os.environ.get('GRAFANA_ADMIN_USERNAME', 'admin') | ||
GRAFANA_ADMIN_PASSWORD = os.environ.get('GRAFANA_ADMIN_PASSWORD', 'password') | ||
GRAFANA_USERS = [{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If GRAFANA_USERS
is not set as environment variable, this is used for creating default dashboard and datasource for one user (on the other hand, if GRAFANA_USERS
is set as environment variable, this variable can be used for multiple users). Now we can create default dashboard and datasource for user belongs to only mini-mon
project by change GRAFANA_USERNAME
and GRAFANA_PASSWORD
. So I think it's better that project
and domain
are configurable by environment variable.
Means my idea is change as below.
- in
grafana.py
GRAFANA_PROJECT = os.environ.get('GRAFANA_PROJECT', 'mini-mon')
GRAFANA_DOMAIN = os.environ.get('GRAFANA_DOMAIN', 'Default')
GRAFANA_USERS = [{
'user': GRAFANA_USERNAME,
'password': GRAFANA_PASSWORD,
'email': '',
'project': 'GRAFANA_PROJECT',
'domain': 'GRAFANA_DOMAIN',
}]
- in Dokerfile
GRAFANA_PROJECT=mini-mon \
GRAFANA_DOMAIN=Default
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure how to name this two because they are actually not Grafana project and domain but Keystone project and domain. And we create Grafana org name in https://github.com/Brandstetter/monasca-docker/pull/4/files#diff-b01ee5885d0570af470948405281ad37R177
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh. exactly it's difficult to name these...
How about GRAFANA_KEYSTONE_PROJECT
or like that?
Or, how about remove GRAFANA_ADMIN_USERNAME
and GRAFANA_ADMIN_PASSWORD
because now we can configure user by using GRAFANA_USERS
as environment variable for single or multiple user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately GRAFANA_ADMIN_USERNAME
and GRAFANA_ADMIN_PASSWORD
are needed because we need to know exactly what Grafana user have admin privileges, without it we are unable to change organization with API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, above my comment is incorrect.
Or, how about remove GRAFANA_USERNAME
and GRAFANA_PASSWORD
because now we can configure user by using GRAFANA_USERS as environment variable for single or multiple user.
And change GRAFANA_USERS
as below.
GRAFANA_USERS = [{
'user': mini-mon,
'password': password,
'email': '',
'project': 'mini-mon',
'domain': 'Default',
}]
This is configured by environment variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, removed GRAFANA_USERNAME
and GRAFANA_PASSWORD
grafana-init/README.md
Outdated
Default data source and dashboard are created for multiple | ||
users if this variable is set as proper JSON format. e.g. | ||
`'[{"user": "mini-mon", "password": "password", "email": "", "project": "mini-mon", "domain": "Default"}, {"user": "other-user", "password": "password", "email": "", "project": "monasca", "domain": "Default"}]'`. | ||
Default value is overwritten by `GRAFANA_USERNAME` and `GRAFANA_PASSWORD`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When we would like to create for multiple users, can't be overwritten by GRAFANA_USERNAME
and GRAFANA_PASSWORD
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I changed this description.
grafana-init/grafana.py
Outdated
@@ -127,6 +160,9 @@ def create_dashboard_payload(json_path): | |||
|
|||
|
|||
def main(): | |||
admin_session = Session() | |||
login(admin_session, create_admin_login_payload()) | |||
|
|||
for user in create_login_payload(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't create default dashboard and datasource properly in following status. (means created for only admin
user belongs to monasca
project).
- in
.env
MON_GRAFANA_USERS=[{"user": "admin", "password": "<admin_password>", "email": "", "project": "monasca", "domain": "Default"}, {"user": "admin", "password": "<admin_password>", "email": "", "project": "admin", "domain": "Default"}]
As far as I checked the log, this issue is caused by this method (https://github.com/matrixik/monasca-docker/blob/fix/grafana-org/grafana-init/grafana.py#L171)
- logs
# docker-compose logs grafana-init
Attaching to monascadocker_grafana-init_1
grafana-init_1 | INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): grafana
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /login HTTP/1.1" 200 23
grafana-init_1 | INFO:root:Opening a Grafana session...
grafana-init_1 | INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): grafana
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /login HTTP/1.1" 200 23
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /api/datasources HTTP/1.1" 200 2
grafana-init_1 | DEBUG:root:existing datasources = []
grafana-init_1 | INFO:root:Setting user "admin" organisation to "monasca@Default"
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /api/orgs/name/monasca%40Default HTTP/1.1" 200 120
grafana-init_1 | DEBUG:root:Organisation "monasca@Default" id = 3
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/user/using/3 HTTP/1.1" 200 41
grafana-init_1 | INFO:root:Attempting to add configured datasource...
grafana-init_1 | DEBUG:root:payload = {'access': 'proxy', 'name': 'monasca', 'jsonData': {'keystoneAuth': True}, 'url': 'http://monasca:8070/', 'type': 'monasca-datasource', 'isDefault': True}
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/datasources HTTP/1.1" 200 37
grafana-init_1 | DEBUG:root:Response: {u'message': u'Datasource added', u'id': 1}
grafana-init_1 | INFO:root:Creating dashboard from file: /dashboards.d/07-nodes.json
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/dashboards/db HTTP/1.1" 200 56
grafana-init_1 | DEBUG:root:Response: {u'status': u'success', u'version': 0, u'slug': u'node-dashboard'}
grafana-init_1 | INFO:root:Creating dashboard from file: /dashboards.d/08-openstack.json
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/dashboards/db HTTP/1.1" 200 61
grafana-init_1 | DEBUG:root:Response: {u'status': u'success', u'version': 0, u'slug': u'openstack-dashboard'}
grafana-init_1 | INFO:root:Ending u'admin' session...
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /logout HTTP/1.1" 302 29
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /login HTTP/1.1" 200 None
grafana-init_1 | INFO:root:Opening a Grafana session...
grafana-init_1 | INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): grafana
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /login HTTP/1.1" 200 23
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /api/datasources HTTP/1.1" 200 461
grafana-init_1 | DEBUG:root:existing datasources = [{u'encryptedFields': None, u'name': u'monasca', u'database': u'', u'url': u'http://monasca:8070/', u'basicAuth': False, u'jsonData': {u'keystoneAuth': True}, u'access': u'proxy', u'isDefault': True, u'typeLogoUrl': u'public/plugins/monasca-datasource/img/openstack_logo.png', u'orgId': 3, u'user': u'', u'tlsAuth': {u'tlsClientKeySet': False, u'tlsClientCertSet': False, u'tlsCACertSet': False}, u'basicAuthUser': u'', u'password': u'', u'type': u'monasca-datasource', u'id': 1, u'basicAuthPassword': u'', u'withCredentials': False}]
grafana-init_1 | INFO:root:Grafana has already been initialized, skipping!
I think this is solved by change line (location) of check_initialized
method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, so you want to upload dashboards to two organizations of one user, I need to think a little more how to handle this properly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At this moment, to upload dashboards to two organizations of one user is not necessary.
So it's OK for me that let this upstream.
grafana-init/grafana.py
Outdated
@@ -127,6 +160,9 @@ def create_dashboard_payload(json_path): | |||
|
|||
|
|||
def main(): | |||
admin_session = Session() | |||
login(admin_session, create_admin_login_payload()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's necessary to end session also for GRANANA_ADMIN
(e.g. grafana-admin
) user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
GRAFANA_USERS = [{'user': GRAFANA_USERNAME, 'password': GRAFANA_PASSWORD, 'email': ''}] | ||
GRAFANA_ADMIN_USERNAME = os.environ.get('GRAFANA_ADMIN_USERNAME', 'admin') | ||
GRAFANA_ADMIN_PASSWORD = os.environ.get('GRAFANA_ADMIN_PASSWORD', 'password') | ||
GRAFANA_USERS = [{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be set from environment variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is set from env variable, check def create_login_payload():
in lines 70:80
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, thanks, haven't seen that.
@matrixik @Brandstetter |
When Grafana and Keystone have configured user with same name they will clash and user in Grafana is loosing admin rights.
Update `grafana-init` README details about default grafana user env variables.
Signed-off-by: Dobroslaw Zybort <[email protected]>
78803ac
to
3497559
Compare
Looking into Travis problem now. |
Travis in PR will most likely fail in this fork with timeout when running tempest test, code is merged now into |
Fix for monasca#374