grafana使用配置

     |   0 评论   |   0 浏览

修改默认端口(3000):
grafana 配置样例:/etc/grafana/grafana.ini
grafana 中默认生效的配置:/usr/share/grafana/conf/defaults.ini
创建本地证书命令:

1openssl req -x509 -out localhost.crt -keyout localhost.key \
2 -newkey rsa:2048 -nodes -sha256
3-days 10000
4-subj '/CN=localhost' -extensions EXT -config <(
5printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

执行后生成:localhost.crt 和 localhost.key,放到/usr/share/grafana/conf/目录下;
/usr/share/grafana/conf/defaults.ini 中 server 默认配置:

 1[server]
 2# Protocol (http, https, h2, socket)
 3protocol = http
 4 
 5# The ip address to bind to, empty will bind to all interfaces
 6http_addr =
 7 
 8# The http port to use
 9http_port = 3000
10 
11# The public facing domain name used to access grafana from a browser
12domain = localhost
13 
14# Redirect to correct domain if host header does not match domain
15# Prevents DNS rebinding attacks
16enforce_domain = false
17 
18# The full public facing url
19root_url = %(protocol)s://%(domain)s:%(http_port)s/
20 
21# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
22serve_from_sub_path = false
23 
24# Log web requests
25router_logging = false
26 
27# the path relative working path
28static_root_path = public
29 
30# enable gzip
31enable_gzip = false
32 
33# https certs & key file
34cert_file =
35cert_key =

修改为:

 1[server]
 2# Protocol (http, https, h2, socket)
 3protocol = https
 4 
 5# The ip address to bind to, empty will bind to all interfaces
 6http_addr =
 7 
 8# The http port to use
 9http_port = 443
10 
11# The public facing domain name used to access grafana from a browser
12domain = localhost
13 
14# Redirect to correct domain if host header does not match domain
15# Prevents DNS rebinding attacks
16enforce_domain = false
17 
18# The full public facing url
19root_url = %(protocol)s://%(domain)s:%(http_port)s/
20 
21# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for
22 compatibility reasons.
23serve_from_sub_path = false
24 
25# Log web requests
26router_logging = false
27 
28# the path relative working path
29static_root_path = public
30 
31# enable gzip
32enable_gzip = false
33 
34# https certs & key file
35cert_file = /usr/share/grafana/conf/localhost.crt
36cert_key = /usr/share/grafana/conf/localhost.key
  • 最后 systemctl restart grafana-server
  • 重启失败,查看/var/log/grafana/grafana.log 错误信息:

t=2021-04-12T14:42:44+0800 lvl=eror msg="Stopped HTTPServer" logger=server reason="failed to open listener on address 0.0.0.0:443: listen tcp 0.0.0.0:443: bind: permission denied"

  • 命令行执行下面命令,即可解决问题:
1sudo setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server

grafana 数据迁移

  • 把需要迁移的数据源:/var/lib/grafana/grafana.db 拷贝到新环境中进行覆盖操作,重启生效;
  • 数据迁移 grafana.db 包括:帐号信息, 图表信息,变量信息等;
  • 数据移植后 grafana 启动报错:
 1root@A01-R06-I30-17-1Z54352:~# systemctl status grafana-server
 2● grafana-server.service - Grafana instance
 3   Loaded: loaded (/usr/lib/systemd/system/grafana-server.service; disabled; vendor preset: enabled)
 4   Active: failed (Result: start-limit-hit) since Mon 2021-04-12 15:23:32 CST; 4min 14s ago
 5     Docs: http://docs.grafana.org
 6  Process: 98921 ExecStart=/usr/sbin/grafana-server --config=${CONF_FILE} --pidfile=${PID_FILE_DIR}/grafana-server.pid --packaging=deb cfg:default.path
 7 Main PID: 98921 (code=exited, status=1/FAILURE)
 8 
 9Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: grafana-server.service: Unit entered failed state.
10Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: grafana-server.service: Failed with result 'exit-code'.
11Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: grafana-server.service: Service hold-off time over, scheduling restart.
12Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: Stopped Grafana instance.
13Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: grafana-server.service: Start request repeated too quickly.
14Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: Failed to start Grafana instance.
15Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: grafana-server.service: Unit entered failed state.
16Apr 12 15:23:32 A01-R06-I30-17-1Z54352.JD.LOCAL systemd[1]: grafana-server.service: Failed with result 'start-limit-hit'.
  • /var/log/grafana/grafana.log 中正常,/var/log/syslog 中出现报错:
1Apr 12 15:52:52 A01-R06-I30-17-1Z54352 grafana-server[136658]: t=2021-04-12T15:52:52+0800 lvl=info msg="Starting DB migrations" logger=migrator
2Apr 12 15:52:52 A01-R06-I30-17-1Z54352 grafana-server[136658]: service init failed: failed to check table existence: unable to open database file: permission denied
3Apr 12 15:52:52 A01-R06-I30-17-1Z54352 systemd[1]: grafana-server.service: Main process exited, code=exited, status=1/FAILURE
  • grafana.db 的权限修改为(777),忽略下述警告:

t=2021-04-12T15:20:50+0800 lvl=warn msg="SQLite database file has broader permissions than it should" logger=sqlstore path=/var/lib/grafana/grafana.db mode=-rw-r--r-- expected=-rw-r-----

grafana 支持免密登录

  • VIM /usr/share/grafana/conf/defaults.ini 开启匿名登录:
    image.png
  • 并在 grafana 配置页面上将 user 添加到新创建的组织中即可。