動作
工作單 #73
已結束工作單 #62: 報表重整
Grafana 建置
是由 marlboro chu 於 約 1 年 前加入. 於 6 個月 前更新.
狀態:
Close
優先權:
LOW
被分派者:
marlboro chu
開始日期:
2025-02-03
完成日期:
2025-02-07
完成百分比:
100%
概述
重新建置 grafana 環境,並將其 database 改連接至 mysql
檔案
| clipboard-202506301024-raxhm.png (14.8 KB) clipboard-202506301024-raxhm.png | marlboro chu, 2025-06-30 02:24 | ||
| clipboard-202506301025-4gzrk.png (6.91 KB) clipboard-202506301025-4gzrk.png | marlboro chu, 2025-06-30 02:25 |
是由 marlboro chu 於 約 1 年 前更新
- Database 建立
登入 192.168.10.209, 並切換 root 使用者後執行
mysql -h 127.0.0.1 -u veriid -p
- 進入 mysql 後再執行
CREATE DATABASE dev_grafana DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
CREATE USER 'grafana'@'%' IDENTIFIED BY 'grafana16313302';
GRANT ALL PRIVILEGES ON dev_grafana.* TO 'grafana'@'%';
FLUSH PRIVILEGES;
EXIT;
- 複製原 grafana 至新目錄
cp -r ./grafana ./grafana-new
- 調整目錄權限
sudo chown -R 1001:1001 /home/ai/it-system-docker-compose/grafana-new/9/debian-11/volumes
- 調整 grafana.ini
[database]
type = mysql
host = 192.168.10.209:3306
name = dev_grafana
user = grafana
password = grafana16313302
- 調整 docker-compose.yml
version: '3'
services:
grafana-new:
image: docker.io/bitnami/grafana:9
restart: always
ports:
- '3001:3000'
environment:
- 'GF_SECURITY_ADMIN_PASSWORD=admin16313302'
- 'GF_SERVER_ROOT_URL=https://gfn-new.veri-id-dev.com/'
volumes:
- /home/ai/it-system-docker-compose/grafana-new/9/debian-11/volumes:/opt/bitnami/grafana/data
- /home/ai/it-system-docker-compose/grafana-new/9/debian-11/conf:/opt/bitnami/grafana/conf
volumes:
grafana_data:
driver: local
- 啟動 grafana
docker compose -f docker-compose.yml up -d
是由 marlboro chu 於 約 1 年 前更新
新增 team
INSERT INTO dev_grafana.team
(id, name, org_id, created, updated, email)
VALUES(100, 'ACQFD', 1, '2024-12-26 17:47:36', '2024-12-26 17:47:36', 'acqfd@hitrust.com');
INSERT INTO dev_grafana.team
(id, name, org_id, created, updated, email)
VALUES(101, 'ISRFD', 1, '2024-12-26 17:47:36', '2024-12-26 17:47:36', 'isrfd@hitrust.com');
INSERT INTO dev_grafana.team
(id, name, org_id, created, updated, email)
VALUES(102, 'IBFD', 1, '2024-12-26 17:47:36', '2024-12-26 17:47:36', 'ibfd@hitrust.com');
INSERT INTO dev_grafana.team
(id, name, org_id, created, updated, email)
VALUES(103, 'DIIA', 1, '2024-12-26 17:47:36', '2024-12-26 17:47:36', 'diia@hitrust.com');
是由 marlboro chu 於 約 1 年 前更新
- grafana 9 jwt 設定
#################################### Auth JWT ##########################
[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
email_claim = email
username_claim = sub
;jwk_set_url = https://foo.bar/.well-known/jwks.json
jwk_set_file = /opt/bitnami/grafana/conf/jwks.json
;cache_ttl = 60m
;expect_claims = {"aud": ["foo", "bar"]}
;key_file = /path/to/key/file
;role_attribute_path =
;role_attribute_strict = false
auto_sign_up = true
url_login = true
;allow_assign_grafana_admin = false
enable_login_token = true
;username_attribute_path = veriid.username
;email_attribute_path = veriid.email
;name_attribute_path = veriid.name
;role_attribute_path = contains(veriid.roles[*], 'admin') && 'Admin' || contains(veriid.roles[*], 'editor') && 'Editor' || 'Viewer'
;org_attribute_path = to_number(veriid.orgId)
- grafana 11 jkt 設定
[auth.jwt]
enabled = true
;enable_login_token = false
header_name = X-JWT-Assertion
;email_claim = sub
;username_claim = sub
;email_attribute_path = jmespath.email
username_attribute_path = veriid.username
email_attribute_path = veriid.email
name_attribute_path = $.veriid.name
role_attribute_path = contains(veriid.roles[*], 'admin') && 'Admin' || contains(veriid.roles[*], 'editor') && 'Editor' || 'Viewer'
org_attribute_path = to_number(veriid.orgId)
;jwk_set_url = https://foo.bar/.well-known/jwks.json
jwk_set_file = /etc/grafana/jwks.json
;cache_ttl = 60m
;expect_claims = {"aud": ["foo", "bar"]}
;key_file = /etc/grafana/grafana.key.pub
# Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field
;key_id = some-key-id
;role_attribute_strict = false
;groups_attribute_path = hitrust.term
;auto_assign_org = true
auto_sign_up = true
url_login = true
allow_assign_grafana_admin = true
auto_assign_org_role = Viewer
;skip_org_role_sync = true
;signout_redirect_url =
enable_login_token = true
是由 marlboro chu 於 8 個月 前更新 · 已被編輯
- 檔案 clipboard-202506301024-raxhm.png clipboard-202506301024-raxhm.png 已新增
- 檔案 clipboard-202506301025-4gzrk.png clipboard-202506301025-4gzrk.png 已新增
備註:
WSL firewall & portproxy
netsh advfirewall firewall add rule name="Allow Grafana 3000" dir=in action=allow protocol=TCP localport=3000
netsh interface portproxy delete v4tov4 listenaddress=192.168.10.106 listenport=3000
netsh interface portproxy add v4tov4 listenaddress=192.168.10.106 listenport=3000 connectaddress=172.26.75.244 connectport=3000
動作