hi @mrsiano this seems like a really great tool and I would be interested in trying it out. is it possible for you to attach a license (eg. Apache 2 or MIT) to this repo/project?

hello.
have you tried to configure Grafana Oauth to work with OpenShift as an Oauth provider, essentially removing the need for the oauth-proxy?

It would be useful to enable the oauth pass through feature for the Prometheus data source.

If I create a pod/container based on the docker image "mrsiano/grafana-ocp" the log files grafana.log in the folder "/root/go/src/github.com/grafana/data/log" is empty. Do I look in the correct spot or is it possible to increase the log granularity?

Hi,

I'm using the latest version of your Grafana image in my OpenShift cluster. Some of Grafana HTTP API endpoints requires basic auth enabled in Grafana configuration - f.e. GET /api/users. After enabling it I'm not able to log in into Grafana using web browser anymore - after Oauth Proxy authentication page I'm getting:

"{"message":"Invalid username or password"}" 

on Grafana side. However, both basic and bearer authentication is working using curl:

curl -H "Authorization: Basic YWRtaW46YjdBR1VCNndqQm5E" https://grafana-grafana-test.apps.cluster.com/api/users -k
[{"id":1,"name":"","login":"admin","email":"admin@localhost","avatarUrl":"/public/img/user_profile.png","isAdmin":true,"lastSeenAt":"2018-08-07T09:09:29Z","lastSeenAtAge":"\u003c 1m"},{"id":2,"name":"","login":"test","email":"[email protected]","avatarUrl":"/public/img/user_profile.png","isAdmin":false,"lastSeenAt":"2018-08-03T14:15:39Z","lastSeenAtAge":"3d"}]

 curl -H "Authorization: Bearer eyJrIjoic3JJVlpUdWhDVk1QMmtkc3FUeGs0YXJOT0hTbjRvcXkiLCJuIjoicmFkZWsiLCJpZCI6MX0=" https://grafana-grafana-test.apps.cluster.com/api/dashboards/home -k
{"meta":{"isHome":true,"canSave":false,"canEdit":false,"canAdmin":false,"canStar":false,"slug":"","url":"","expires":"0001-01-01T00:00:00Z","created":"0001-01-01T00:00:00Z","updated":"0001-01-01T00:00:00Z","updatedBy":"","createdBy":"","version":0,"hasAcl":false,"isFolder":false,"folderId":0,"folderTitle":"General","folderUrl":"","provisioned":false},"dashboard":{"annotations":{"list":[]},"editable":true,"folderId":null,"gnetId":null,"graphTooltip":0,"hideControls":true,"id":null,"links":[],"panels":[{"content":"\u003cdiv class=\"text-center dashboard-header\"\u003e\n  \u003cspan\u003eHome Dashboard\u003c/span\u003e\n\u003c/div\u003e","editable":true,"gridPos":{"h":3,"w":24,"x":0,"y":0},"id":1,"links":[],"mode":"html","style":{},"title":"","transparent":true,"type":"text"},{"folderId":0,"gridPos":{"h":17,"w":12,"x":0,"y":6},"headings":true,"id":3,"limit":4,"links":[],"query":"","recent":true,"search":false,"starred":true,"tags":[],"title":"","transparent":false,"type":"dashlist"},{"editable":true,"error":false,"gridPos":{"h":17,"w":12,"x":12,"y":6},"id":4,"links":[],"title":"","transparent":false,"type":"pluginlist"}],"rows":[],"schemaVersion":16,"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":"now-6h","to":"now"},"timepicker":{"hidden":true,"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"],"type":"timepicker"},"timezone":"browser","title":"Home","version":0}}

Do you know where is the issue? I've been testing it with OAuth Proxy v3.7 and v3.10 but with no luck. Is there something misconfigured in my setup? Below is my Grafana auth and OAuth Proxy configuration:

            - '-https-address=:8443'
            - '-http-address='
            - '-email-domain=*'
            - '-client-id=system:serviceaccount:grafana-test:grafana'
            - '-upstream=http://localhost:3000'
            - '-tls-cert=/etc/tls/private/tls.crt'
            - '-tls-key=/etc/tls/private/tls.key'
            - >-
              -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
            - '-cookie-secret-file=/etc/proxy/secrets/session_secret'
            - '-skip-auth-regex=^/(metrics|api)'
            - '-pass-user-bearer-token'
            - '-pass-basic-auth'
          image: 'openshift3/oauth-proxy:v3.10'

#################################### Users ####################################
[users]
# disable user signup / registration
allow_sign_up = false

# Allow non admin users to create organizations
allow_org_create = false

# Set to true to automatically assign new users to the default organization (id 1)
auto_assign_org = true

# Default role new users will be automatically assigned (if auto_assign_org above is set to true)
auto_assign_org_role = Viewer

# Require email validation before sign up completes
verify_email_enabled = false

# Background text for the user field on the login page
login_hint = email or username

# Default UI theme ("dark" or "light")
default_theme = dark

# External user management
external_manage_link_url =
external_manage_link_name =
external_manage_info =

[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth
disable_login_form = false

# Set to true to disable the signout link in the side menu. useful if you use auth.proxy
disable_signout_menu = false

#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
enabled = false

# specify organization name that should be used for unauthenticated users
org_name = Org

# specify role for unauthenticated users
org_role = Viewer

#################################### Basic Auth ##########################
[auth.basic]
enabled = true

#################################### Auth Proxy ##########################
[auth.proxy]
enabled = true
header_name = X-Forwarded-User
header_property = username
auto_sign_up = true
ldap_sync_ttl = 60
whitelist =

#################################### Auth LDAP ###########################
[auth.ldap]
enabled = false
config_file = /etc/grafana/ldap.toml
allow_sign_up = true

Your help is greatly appreciated :)

It will be go if you provide install document for openshift 3.11.

Hello,

Before anything thanks for making this grafana build for openshift.
My problem is that I can't connect the newest grafana image to openshift prometheus for the moment.

Prom-proxy container in prometheus keeps spaming the following logs

2018/05/31 13:14:21 oauthproxy.go:657: 10.129.0.1:51024 Cookie "_oauth_proxy" not present
2018/05/31 13:14:21 provider.go:345: authorizer reason: User "system:anonymous" cannot get namespaces in project "openshift-metrics"

In the previous version with image ocp-mrsiano I connect it via token, but now that token is missing.
I tried using tls-client auth with prometheus-tls key and cert but I didn't solve the problem.

I tried clear installation with the following ansible variables. But The prometheus couldn't connect again.

Grafana

openshift_grafana_pvc_pv_selector=None
openshift_grafana_storage_type=pvc
openshift_grafana_sc_name=glusterfs-storage
openshift_grafana_pvc_size=2Gi
openshift_grafana_node_selector={'region':'infra'}
openshift_grafana_image=mrsiano/openshift-grafana:5.2.0
openshift_grafana_proxy_image=openshift/oauth-proxy:v1.0.0

I've tried many combinations with secrets in openshift-metrics namespaces and username and password and it won't work.

Any help will be appreciated.

Thanks,

Best Regards,

Martin

grafana-ocp.yaml fails to deploy the container in OpenShift, as it fails on pulling the image from DockerHub.

Seems that the template is configured to pull this image "mrsiano/openshift-grafana:latest", but the "latest" tag seems to be missing in DockerHub: https://hub.docker.com/r/mrsiano/openshift-grafana/tags/

Changing the version to 5.2.0 fixed the problem.

Warning: Couldn't read data from file "./node-exporter-full-dashboard.json",

Following this...

https://blog.openshift.com/prometheus-alerts-on-openshift/

Ran into this...

[chernand@chernand grafana-ocp]$ ./setup-grafana.sh prometheus-ocp openshift-metrics true

USAGE
 setup-grafana.sh -n <datasource_name> -a [optional: -p <prometheus_namespace> -s <prometheus_serviceaccount> -g <graph_granularity> -y <yaml> -e]

 switches:
   -n: grafana datasource name
   -s: prometheus serviceaccount name
   -p: existing prometheus name e.g openshift-metrics
   -g: specifiy granularity
   -y: specifies the grafana yaml
   -a: deploy oauth proxy for grafana - otherwise skip it (for preconfigured deployment)
   -e: deploy node exporter

 note:
    - the project must have view permissions for kube-system
    - the script allow to use high granularity by adding '30s' arg, but it needs tuned scrape prometheus

Is there a way to update grafana version on grafana-ocp? The current version is v4.7.0-pre1. I would like to use 5.2.1.

In order extend grafana's base setup, it would be great to be able to add plugins in buildtime and runtime using grafana-cli.

[1] http://docs.grafana.org/plugins/installation/#grafana-cli-commands

i use ansible-playbook deploy the prometheus from https://github.com/openshift/openshift-ansible/tree/release-3.7/roles/openshift_prometheus , and i use yours dashboard template, there just Display partial data???

in ````setup-grafana.sh, it creates the application and then checks the status of the pod. However it is expecting to be in the grafana project namespace. This is not the case since it uses create namespace``` instead ```create project```. As a result, the script waits forever unless you manually intervene with ```oc project grafana```.

Maybe change create namespace to create project?

I'm testing with minishift on 3.6

Hi,
now we use a custom docker image with grafana (now 5.2.1 version) rhel 7 based.

For access to a Openshift Prometheus (rel 3.9) we use a simple ambassador container written in go and inserted into grafana pod.
it expose a 9090 port and forward autenticate call to real a Prometheus.

Have you plan to create a separate ds_plugin for prometheus with OAuth ?

It seems that provisioning is not working in this Grafana version.
I tried the latest Grafana version; which shows in the log: lvl=info msg="Path Provisioning" logger=settings path=/root/go/src/github.com/grafana/grafana/provisioning

This ini setting is not recognised in the 4.7pre1 version you built.

Can you update the forked grafana repo of help me in modifying the newest version to use OAuth?

Setting

[external_image_storage]
provider = local

Resulting in Phantomjs exiting with exitcode 127

t=2018-07-05T10:50:10+0000 lvl=info msg=Rendering logger=rendering path="d-solo/000000006/monitoring?panelId=11"
t=2018-07-05T10:50:10+0000 lvl=eror msg="Phantomjs exited with non zero exit code" logger=rendering error="exit status 127"
t=2018-07-05T10:50:10+0000 lvl=eror msg="Failed to upload alert panel image." logger=alerting.notifier error="exit status 127"

According to this:
ariya/phantomjs#13597

The build might be missing libfreetype6 and libfontconfig

First of all I want to say thank you for nice blog https://blog.openshift.com/prometheus-alerts-on-openshift

I just followed above blog and deployed entire things successfully.

After that I created new "demouser" user in openshift and given permission (policy) as read only for grafana project for listing pod,svc,route.
Through console & CLI user able to do all activity as per policy and user can go to dashboard also.

But problem is that policy (read) is applied in openshift not in Grafana as a result user able to modify the dash board and others.

What I am looking user should NOT do any modification in grafana dashboard or anything on GUI.
So user should also be as read only similar like openshift.