Change user org in Grafana #4
Conversation
|
Please add |
|
I could not create default database and dashboard for user who is configured by
As far as I checked the log, 'if block' in here (https://github.com/matrixik/monasca-docker/blob/fed1abee6e5be296f260970aad18864ede33a7e6/grafana-init/grafana.py#L181) is not executed because |
|
In You can get more logs from |
|
One more question: did you rebuild |
|
|
|
What you mean by |
|
It must be fixed on master first. |
I also would like to add default datasource for |
Oh... I forgot to create image.
|
Looks good for me. |
I assumed that And assumed that But |
Done |
|
Are you sure that is admin user with all privileges? When you login with this credentials in browser are you able to manage other users? |
|
@haruki-yamanashi I uploaded new change that will use proper Grafana admin user now. I found out that when user configured in Grafana and Keystone have same names they will clash and this user is loosing admin rights. |
docker-compose-metric.yml
Outdated
| @@ -217,8 +217,8 @@ services: | |||
| hostname: docker-host | |||
| image: fest/grafana-init:${MON_GRAFANA_INIT_VERSION} | |||
| environment: | |||
| GRAFANA_ADMIN_USERNAME: ${MON_KEYSTONE_ADMIN_USER} | |||
| GRAFANA_ADMIN_PASSWORD: ${MON_KEYSTONE_ADMIN_PASSWORD} | |||
| GRAFANA_ADMIN_USERNAME: ${MON_GRAFANA_ADMIN_USER} | |||
There was a problem hiding this comment.
Is it necessary to login as grafana-admin in here? (https://github.com/matrixik/monasca-docker/blob/fix/grafana-org/grafana-init/grafana.py#L164)
There was a problem hiding this comment.
Yes, to change user organisation Grafana need to use user with admin privileges, not Keystone admin user.
Yes, Grafana admin user, |
|
I checked default dashboard and datasource is created for |
grafana-init/grafana.py
Outdated
| GRAFANA_USERS = [{'user': GRAFANA_USERNAME, 'password': GRAFANA_PASSWORD, 'email': ''}] | ||
| GRAFANA_ADMIN_USERNAME = os.environ.get('GRAFANA_ADMIN_USERNAME', 'admin') | ||
| GRAFANA_ADMIN_PASSWORD = os.environ.get('GRAFANA_ADMIN_PASSWORD', 'password') | ||
| GRAFANA_USERS = [{ |
There was a problem hiding this comment.
If GRAFANA_USERS is not set as environment variable, this is used for creating default dashboard and datasource for one user (on the other hand, if GRAFANA_USERS is set as environment variable, this variable can be used for multiple users). Now we can create default dashboard and datasource for user belongs to only mini-mon project by change GRAFANA_USERNAME and GRAFANA_PASSWORD. So I think it's better that project and domain are configurable by environment variable.
Means my idea is change as below.
- in
grafana.py
GRAFANA_PROJECT = os.environ.get('GRAFANA_PROJECT', 'mini-mon')
GRAFANA_DOMAIN = os.environ.get('GRAFANA_DOMAIN', 'Default')
GRAFANA_USERS = [{
'user': GRAFANA_USERNAME,
'password': GRAFANA_PASSWORD,
'email': '',
'project': 'GRAFANA_PROJECT',
'domain': 'GRAFANA_DOMAIN',
}]
- in Dokerfile
GRAFANA_PROJECT=mini-mon \
GRAFANA_DOMAIN=Default
There was a problem hiding this comment.
I'm not sure how to name this two because they are actually not Grafana project and domain but Keystone project and domain. And we create Grafana org name in https://github.com/Brandstetter/monasca-docker/pull/4/files#diff-b01ee5885d0570af470948405281ad37R177
There was a problem hiding this comment.
Oh. exactly it's difficult to name these...
How about GRAFANA_KEYSTONE_PROJECT or like that?
Or, how about remove GRAFANA_ADMIN_USERNAME and GRAFANA_ADMIN_PASSWORD because now we can configure user by using GRAFANA_USERS as environment variable for single or multiple user.
There was a problem hiding this comment.
Unfortunately GRAFANA_ADMIN_USERNAME and GRAFANA_ADMIN_PASSWORD are needed because we need to know exactly what Grafana user have admin privileges, without it we are unable to change organization with API.
There was a problem hiding this comment.
Sorry, above my comment is incorrect.
Or, how about remove GRAFANA_USERNAME and GRAFANA_PASSWORD because now we can configure user by using GRAFANA_USERS as environment variable for single or multiple user.
And change GRAFANA_USERS as below.
GRAFANA_USERS = [{
'user': mini-mon,
'password': password,
'email': '',
'project': 'mini-mon',
'domain': 'Default',
}]
This is configured by environment variable.
There was a problem hiding this comment.
Done, removed GRAFANA_USERNAME and GRAFANA_PASSWORD
grafana-init/README.md
Outdated
| Default data source and dashboard are created for multiple | ||
| users if this variable is set as proper JSON format. e.g. | ||
| `'[{"user": "mini-mon", "password": "password", "email": "", "project": "mini-mon", "domain": "Default"}, {"user": "other-user", "password": "password", "email": "", "project": "monasca", "domain": "Default"}]'`. | ||
| Default value is overwritten by `GRAFANA_USERNAME` and `GRAFANA_PASSWORD`. |
There was a problem hiding this comment.
When we would like to create for multiple users, can't be overwritten by GRAFANA_USERNAME and GRAFANA_PASSWORD.
There was a problem hiding this comment.
Done. I changed this description.
grafana-init/grafana.py
Outdated
| @@ -127,6 +160,9 @@ def create_dashboard_payload(json_path): | |||
|
|
|||
|
|
|||
| def main(): | |||
| admin_session = Session() | |||
| login(admin_session, create_admin_login_payload()) | |||
|
|
|||
| for user in create_login_payload(): | |||
There was a problem hiding this comment.
I can't create default dashboard and datasource properly in following status. (means created for only admin user belongs to monasca project).
- in
.env
MON_GRAFANA_USERS=[{"user": "admin", "password": "<admin_password>", "email": "", "project": "monasca", "domain": "Default"}, {"user": "admin", "password": "<admin_password>", "email": "", "project": "admin", "domain": "Default"}]
As far as I checked the log, this issue is caused by this method (https://github.com/matrixik/monasca-docker/blob/fix/grafana-org/grafana-init/grafana.py#L171)
- logs
# docker-compose logs grafana-init
Attaching to monascadocker_grafana-init_1
grafana-init_1 | INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): grafana
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /login HTTP/1.1" 200 23
grafana-init_1 | INFO:root:Opening a Grafana session...
grafana-init_1 | INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): grafana
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /login HTTP/1.1" 200 23
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /api/datasources HTTP/1.1" 200 2
grafana-init_1 | DEBUG:root:existing datasources = []
grafana-init_1 | INFO:root:Setting user "admin" organisation to "monasca@Default"
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /api/orgs/name/monasca%40Default HTTP/1.1" 200 120
grafana-init_1 | DEBUG:root:Organisation "monasca@Default" id = 3
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/user/using/3 HTTP/1.1" 200 41
grafana-init_1 | INFO:root:Attempting to add configured datasource...
grafana-init_1 | DEBUG:root:payload = {'access': 'proxy', 'name': 'monasca', 'jsonData': {'keystoneAuth': True}, 'url': 'http://monasca:8070/', 'type': 'monasca-datasource', 'isDefault': True}
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/datasources HTTP/1.1" 200 37
grafana-init_1 | DEBUG:root:Response: {u'message': u'Datasource added', u'id': 1}
grafana-init_1 | INFO:root:Creating dashboard from file: /dashboards.d/07-nodes.json
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/dashboards/db HTTP/1.1" 200 56
grafana-init_1 | DEBUG:root:Response: {u'status': u'success', u'version': 0, u'slug': u'node-dashboard'}
grafana-init_1 | INFO:root:Creating dashboard from file: /dashboards.d/08-openstack.json
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /api/dashboards/db HTTP/1.1" 200 61
grafana-init_1 | DEBUG:root:Response: {u'status': u'success', u'version': 0, u'slug': u'openstack-dashboard'}
grafana-init_1 | INFO:root:Ending u'admin' session...
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /logout HTTP/1.1" 302 29
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /login HTTP/1.1" 200 None
grafana-init_1 | INFO:root:Opening a Grafana session...
grafana-init_1 | INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): grafana
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"POST /login HTTP/1.1" 200 23
grafana-init_1 | DEBUG:requests.packages.urllib3.connectionpool:"GET /api/datasources HTTP/1.1" 200 461
grafana-init_1 | DEBUG:root:existing datasources = [{u'encryptedFields': None, u'name': u'monasca', u'database': u'', u'url': u'http://monasca:8070/', u'basicAuth': False, u'jsonData': {u'keystoneAuth': True}, u'access': u'proxy', u'isDefault': True, u'typeLogoUrl': u'public/plugins/monasca-datasource/img/openstack_logo.png', u'orgId': 3, u'user': u'', u'tlsAuth': {u'tlsClientKeySet': False, u'tlsClientCertSet': False, u'tlsCACertSet': False}, u'basicAuthUser': u'', u'password': u'', u'type': u'monasca-datasource', u'id': 1, u'basicAuthPassword': u'', u'withCredentials': False}]
grafana-init_1 | INFO:root:Grafana has already been initialized, skipping!
I think this is solved by change line (location) of check_initialized method.
There was a problem hiding this comment.
Oh, so you want to upload dashboards to two organizations of one user, I need to think a little more how to handle this properly.
There was a problem hiding this comment.
At this moment, to upload dashboards to two organizations of one user is not necessary.
So it's OK for me that let this upstream.
grafana-init/grafana.py
Outdated
| @@ -127,6 +160,9 @@ def create_dashboard_payload(json_path): | |||
|
|
|||
|
|
|||
| def main(): | |||
| admin_session = Session() | |||
| login(admin_session, create_admin_login_payload()) | |||
There was a problem hiding this comment.
I think it's necessary to end session also for GRANANA_ADMIN (e.g. grafana-admin) user.
| GRAFANA_USERS = [{'user': GRAFANA_USERNAME, 'password': GRAFANA_PASSWORD, 'email': ''}] | ||
| GRAFANA_ADMIN_USERNAME = os.environ.get('GRAFANA_ADMIN_USERNAME', 'admin') | ||
| GRAFANA_ADMIN_PASSWORD = os.environ.get('GRAFANA_ADMIN_PASSWORD', 'password') | ||
| GRAFANA_USERS = [{ |
There was a problem hiding this comment.
This should be set from environment variable.
There was a problem hiding this comment.
It is set from env variable, check def create_login_payload(): in lines 70:80
|
@matrixik @Brandstetter |
When Grafana and Keystone have configured user with same name they will clash and user in Grafana is loosing admin rights.
Update `grafana-init` README details about default grafana user env variables.
Signed-off-by: Dobroslaw Zybort <[email protected]>
matrixik
force-pushed
the
fix/grafana-org
branch
from
78803ac
to
3497559
Compare
|
Looking into Travis problem now. |
|
Travis in PR will most likely fail in this fork with timeout when running tempest test, code is merged now into |
Fix for monasca#374