Python 3 - Fun with Python String
This post some useful tips of using strings, and some issues while dealing with…
October 09, 2019
In this post, we will see:
Grafana is an excellent tool to visualize your data. Although SAML consumption is not supported by free version of Grafana. But, we can use Okta oAuth configuration.
You have to configure your app in Okta and take the credentials like secret key, client id.
Goto: https://hub.docker.com/r/grafana/grafana/, to check official images of Grafana.
In this configuration, we are going to expose grafana on 8080 internally. And, we have a pre-built dashboard json. We will directly import from the Dockerfile itself.
Grafana has support for running on Https/SSL. You need to take a certificate, and configure grafana.
You need to either copy the certificates in the image, or mount the certificate while running this docker image. In this example, I’m copying the ssl certificate in the image.
Lets look at complete Dockerfile:
FROM grafana/grafana:5.4.3
ENV GF_SERVER_HTTP_PORT=443
# ENV GF_PATHS_PROVISIONING=/etc/grafana/provisioning
ENV GF_AUTH_ANONYMOUS_ENABLED=false
ENV GF_SERVER_ROOT_URL=https://<your hostname>
ENV GF_AUTH_GENERIC_OAUTH_NAME=Okta
ENV GF_AUTH_GENERIC_OAUTH_ENABLED=true
ENV GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
ENV GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://<xyz>.okta.com/oauth2/v1/authorize
ENV GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://<xyz>.okta.com/oauth2/v1/token
ENV GF_AUTH_GENERIC_OAUTH_API_URL=https://<xyz>.okta.com/oauth2/v1/userinfo
ENV GF_USERS_ALLOW_SIGN_UP=false
ENV GF_AUTH_DISABLE_LOGIN_FORM=true
ENV GF_AUTH_OAUTH_AUTO_LOGIN=true
ENV GF_SERVER_PROTOCOL=https
ENV GF_SERVER_CERT_FILE=/etc/grafana/cert/cert.cert
ENV GF_SERVER_CERT_KEY=/etc/grafana/cert/cert.key
USER root
RUN mkdir -p /var/lib/grafana/dashboards
ADD grafana_dashboards/belts-dashboard.json /var/lib/grafana/dashboards/belts-dashboard.json
ADD grafana_dashboards/dashboards.yaml /etc/grafana/provisioning/dashboards/dashboards.yaml
ADD grafana_dashboards/elastic_datasource.yaml /etc/grafana/provisioning/datasources/elastic_datasource.yaml
EXPOSE 443
If you see this file, we have now exposed port 443, and setup the certificates. Now, when you run it. You will be able to access it on https.
docker run -it
-e GF_AUTH_GENERIC_OAUTH_CLIENT_ID=<your client id>
-e GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=<your secret>
-v $PWD/certificate/cert.key /etc/grafana/cert/cert.key
-V $PWD/certificate/cert.cert /etc/grafana/cert/cert.cert
-p 443:443 -d my_dashboard
Please make sure to replace everything in brackets: <> above. In above file, we have used an official image of Grafana 5.4.3, and setup various configurations. We have also saved our dashbaord json, and copying that straight to image. This will save us to create or load dashboards manually each time.
Note: For simplicity, I have mentioned all environment variables in Dockerfile. You should put these in some environment file, and provide that file at runtime.
When you run it. Your grafana is live on host: https://
You can run the Grafana on some port like 8080, without certificate, and can run nginx which is excellent in handling proxy requests.
Have a folder: conf.d/app.conf
app.conf
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
}
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server {
listen 80;
keepalive_timeout 70;
listen 443 ssl;
ssl_certificate /etc/nginx/cert/cert.cert;
ssl_certificate_key /etc/nginx/cert/cert.key;
location / {
# where your grafana is running
proxy_pass http://<your hostname>:8080;
}
}
Dockerfile for nginx
FROM nginx:mainline-alpine
COPY ./conf.d /etc/nginx/conf.d
COPY ./certificate/cert.key /etc/nginx/cert/cert.key
COPY ./certificate/cert.cert /etc/nginx/cert/cert.cert
EXPOSE 443
Now build this image. And following is Dockerfile for Grafana:
FROM grafana/grafana:5.4.3
ENV GF_SERVER_HTTP_PORT=8080
# ENV GF_PATHS_PROVISIONING=/etc/grafana/provisioning
ENV GF_AUTH_ANONYMOUS_ENABLED=false
ENV GF_SERVER_ROOT_URL=https://<your server name>
ENV GF_AUTH_GENERIC_OAUTH_NAME=Okta
ENV GF_AUTH_GENERIC_OAUTH_ENABLED=true
ENV GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
ENV GF_AUTH_GENERIC_OAUTH_CLIENT_ID=<id>
ENV GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=<secret>
ENV GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://<xyz>.okta.com/oauth2/v1/authorize
ENV GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://<xyz>.okta.com/oauth2/v1/token
ENV GF_AUTH_GENERIC_OAUTH_API_URL=https://<xyz>.okta.com/oauth2/v1/userinfo
ENV GF_USERS_ALLOW_SIGN_UP=false
ENV GF_AUTH_DISABLE_LOGIN_FORM=true
ENV GF_AUTH_OAUTH_AUTO_LOGIN=true
USER root
RUN mkdir -p /var/lib/grafana/dashboards
ADD grafana_dashboards/belts-dashboard.json /var/lib/grafana/dashboards/belts-dashboard.json
ADD grafana_dashboards/dashboards.yaml /etc/grafana/provisioning/dashboards/dashboards.yaml
ADD grafana_dashboards/elastic_datasource.yaml /etc/grafana/provisioning/datasources/elastic_datasource.yaml
EXPOSE 8080
Note that grafana is running on http://
First login to your grafana app. Assumming you have imported or created the dashboard. You need to star it. i.e. there is a star icon on front of it. Or, when you open the dashboard. On right top, there is an option to star it.
Now,
You need to be admin to do this. Assumming you have imported or created the dashboard. You need to star it. i.e. there is a star icon on front of it. Or, when you open the dashboard. On right top, there is an option to star it.
Now,
I’ve also written a post about running Grafana dashboard on Kubernetes.
Hope it is useful to you.
This post some useful tips of using strings, and some issues while dealing with…
You have drupal 7 image from docker hub, and want to connect tomongo db via php…
Introduction In this post, we will see Python 3.9.x patch for FIPS enabled…
In previous post (Trigger Email on Blob Trigger), we saw how we can create such…
Introduction We will see how we can install Python from command line using pyenv…
Introduction You have a view with 4-5 fields to display. Suppose, there are two…
Introduction Strapi is a backend system provides basic crud operations with…
Introduction I had to create many repositories in an Github organization. I…
Introduction I was trying to download some youtube videos for my kids. As I have…
Introduction In this post, we will explore some useful command line options for…
Introduction In this post, we will see how we can apply a patch to Python and…
Introduction We will introduce a Package Manager for Windows: . In automations…