The author selected Dev Color to receive a donation as part of the Write for DOnations program.
作者选择Dev Color接受捐赠,这是Write for DOnations计划的一部分。
介绍 (Introduction)
Grafana is an open-source data visualization and monitoring tool that integrates with complex data from sources like Prometheus, InfluxDB, Graphite, and ElasticSearch. Grafana lets you create alerts, notifications, and ad-hoc filters for your data while also making collaboration with your teammates easier through built-in sharing features.
Grafana是一个开源数据可视化和监视工具,可与Prometheus , InfluxDB , Graphite和ElasticSearch等来源的复杂数据集成。 Grafana使您可以为数据创建警报,通知和临时过滤器,同时还可以通过内置的共享功能更轻松地与队友进行协作。
In this tutorial, you will install Grafana and secure it with an SSL certificate and an Nginx reverse proxy. Once you have set up Grafana, you’ll have the option to configure user authentication through GitHub, allowing you to better organize your team permissions.
在本教程中,您将安装Grafana并使用SSL证书和Nginx反向代理对其进行保护 。 设置Grafana后,您将可以选择通过GitHub配置用户身份验证,从而可以更好地组织团队权限。
先决条件 (Prerequisites)
To follow this tutorial, you will need:
要遵循本教程,您将需要:
One Ubuntu 18.04 server set up by following the Initial Server Setup Guide for Ubuntu 18.04, including a non-root user with
sudoprivileges and a firewall configured withufw.遵循《 Ubuntu 18.04初始服务器设置指南》设置一台Ubuntu 18.04服务器,其中包括具有
sudo特权的非root用户和配置了ufw的防火墙。A fully registered domain name. This tutorial uses
your_domainthroughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.完全注册的域名。 本教程通篇使用
your_domain。 你可以购买一个域名Namecheap ,免费获得一个在Freenom ,或使用你选择的域名注册商。The following DNS records set up for your server. You can follow How To Set Up a Host Name with DigitalOcean for details on how to add them.
为您的服务器设置了以下DNS记录。 您可以按照如何使用DigitalOcean设置主机名了解如何添加主机名的详细信息。
An A record with
your_domainpointing to your server’s public IP address.A记录,其中
your_domain指向服务器的公共IP地址。An A record with
www.your_domainpointing to your server’s public IP address.与
www. your_domain的A记录www. your_domainwww. your_domain指向服务器的公共IP地址。
Nginx set up by following the How To Install Nginx on Ubuntu 18.04 tutorial, including a server block for your domain.
通过遵循如何在Ubuntu 18.04上安装Nginx教程(包括您所在域的服务器块)来设置Nginx 。
An Nginx server block with Let’s Encrypt configured, which you can set up by following How To Secure Nginx with Let’s Encrypt on Ubuntu 18.04.
一个配置了Let's Encrypt的Nginx服务器块,您可以按照在Ubuntu 18.04上如何通过Let's Encrypt保护Nginx进行设置。
Optionally, to set up GitHub authentication, you’ll need a GitHub account associated with an organization.
第1步-安装Grafana (Step 1 — Installing Grafana)
In this first step, you will install Grafana onto your Ubuntu 18.04 server. You can install Grafana either by downloading it directly from its official website or by going through an APT repository. Because an APT repository makes it easier to install and manage Grafana’s updates, you’ll use that method in this tutorial.
在第一步中,您将把Grafana安装到Ubuntu 18.04服务器上。 您可以通过直接从 Grafana 的官方网站下载或通过APT存储库安装Grafana。 由于APT存储库使安装和管理Grafana的更新更加容易,因此在本教程中将使用该方法。
Although Grafana is available in the official Ubuntu 18.04 packages repository, the version of Grafana there may not be the latest, so use Grafana’s official repository.
尽管Grafana在官方的Ubuntu 18.04软件包存储库中可用,但Grafana的版本可能不是最新的,因此请使用Grafana的官方存储库。
Download the Grafana GPG key with wget, then pipe the output to apt-key. This will add the key to your APT installation’s list of trusted keys, which will allow you to download and verify the GPG-signed Grafana package.
使用wget下载Grafana GPG密钥 ,然后将输出传递给apt-key 。 这会将密钥添加到APT安装的受信任密钥列表中,使您可以下载和验证GPG签名的Grafana软件包。
- wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add - wget -q -O-https://packages.grafana.com/gpg.key | sudo apt键添加-
In this command, the option -q turns off the status update message for wget, and -O outputs the file that you downloaded to the terminal. These two options ensure that only the contents of the downloaded file are pipelined to apt-key.
在此命令中,选项-q关闭wget的状态更新消息,而-O将下载的文件输出到终端。 这两个选项可确保仅将下载文件的内容通过管道传递给apt-key 。
Next, add the Grafana repository to your APT sources:
接下来,将Grafana存储库添加到您的APT源中:
- sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" sudo add-apt-repository“ deb https://packages.grafana.com/oss/deb稳定主程序”
Refresh your APT cache to update your package lists:
刷新您的APT缓存以更新软件包列表:
- sudo apt update sudo apt更新
Next, make sure Grafana will be installed from the Grafana repository:
接下来,确保将从Grafana存储库中安装Grafana:
- apt-cache policy grafana apt-cache策略grafana
The output of the previous command tells you the version of Grafana that you are about to install, and where you will retrieve the package from. Verify that the installation candidate at the top of the list will come from the official Grafana repository at https://packages.grafana.com/oss/deb.
上一个命令的输出告诉您将要安装的Grafana的版本,以及从中检索软件包的位置。 验证列表顶部的候选安装者是否来自https://packages.grafana.com/oss/deb的官方Grafana存储库。
Output of apt-cache policy grafana
grafana:
Installed: (none)
Candidate: 6.3.3
Version table:
6.3.3 500
500 https://packages.grafana.com/oss/deb stable/main amd64 Packages
...
You can now proceed with the installation:
现在,您可以继续安装:
- sudo apt install grafana sudo apt安装grafana
Once Grafana is installed, use systemctl to start the Grafana server:
一旦安装了Grafana,请使用systemctl启动Grafana服务器:
- sudo systemctl start grafana-server sudo systemctl启动grafana服务器
Next, verify that Grafana is running by checking the service’s status:
接下来,通过检查服务的状态来验证Grafana是否正在运行:
- sudo systemctl status grafana-server sudo systemctl状态grafana服务器
You will receive output similar to this:
您将收到类似于以下的输出:
Output of grafana-server status
● grafana-server.service - Grafana instance
Loaded: loaded (/usr/lib/systemd/system/grafana-server.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2019-08-13 08:22:30 UTC; 11s ago
Docs: http://docs.grafana.org
Main PID: 13630 (grafana-server)
Tasks: 7 (limit: 1152)
...
This output contains information about Grafana’s process, including its status, Main Process Identifier (PID), and more. active (running) shows that the process is running correctly.
此输出包含有关Grafana流程的信息,包括其状态,主流程标识符(PID)等。 active (running)表明进程正在正确运行。
Lastly, enable the service to automatically start Grafana on boot:
最后,启用服务以在启动时自动启动Grafana:
- sudo systemctl enable grafana-server sudo systemctl启用grafana服务器
You will receive the following output:
您将收到以下输出:
Output of systemctl enable grafana-server
Synchronizing state of grafana-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable grafana-server
Created symlink /etc/systemd/system/multi-user.target.wants/grafana-server.service → /usr/lib/systemd/system/grafana-server.service.
This confirms that systemd has created the necessary symbolic links to autostart Grafana.
这确认systemd已经创建了必要的符号链接来自动启动Grafana。
Grafana is now installed and ready for use. Next, you wil secure your connection to Grafana with a reverse proxy and SSL certificate.
Grafana现在已安装并可以使用。 接下来,您将使用反向代理和SSL证书来保护与Grafana的连接。
步骤2 —设置反向代理 (Step 2 — Setting Up the Reverse Proxy)
Using an SSL certificate will ensure that your data is secure by encrypting the connection to and from Grafana. But, to make use of this connection, you’ll first need to reconfigure Nginx as a reverse proxy for Grafana.
使用SSL证书将通过加密与Grafana之间的连接来确保您的数据安全。 但是,要利用此连接,您首先需要将Nginx重新配置为Grafana的反向代理。
Open the Nginx configuration file you created when you set up the Nginx server block with Let’s Encrypt in the Prerequisites. You can use any text editor, but for this tutorial we’ll use nano:
使用“ 先决条件 ”中的“让我们加密”来设置Nginx服务器块时,打开您创建的Nginx配置文件。 您可以使用任何文本编辑器,但是在本教程中,我们将使用nano :
sudo nano /etc/nginx/sites-available/your_domain
须藤纳米/ etc / nginx / sites-available / your_domain
Locate the following block:
找到以下块:
...
location / {
try_files $uri $uri/ =404;
}
...Because you already configured Nginx to communicate over SSL and because all web traffic to your server already passes through Nginx, you just need to tell Nginx to forward all requests to Grafana, which runs on port 3000 by default.
因为您已经配置了Nginx通过SSL进行通信,并且到服务器的所有网络流量都已经通过Nginx传递,所以您只需要告诉Nginx将所有请求转发到Grafana(默认情况下在端口3000上运行)即可。
Delete the existing try_files line in this location block and replace it with the following proxy_pass option.
删除此location block现有的try_files行,并将其替换为以下proxy_pass选项。
...
location / {
proxy_pass http://localhost:3000;
}
...This will map the proxy to the appropriate port. Once you’re done, save and close the file by pressing CTRL+X, followed by Y and then ENTER if you’re using nano.
这会将代理映射到适当的端口。 完成后,如果要使用nano ,请按CTRL+X ,然后按Y ,然后按ENTER保存并关闭文件。
Now, test the new settings to make sure everything is configured correctly:
现在,测试新设置以确保所有配置均正确:
- sudo nginx -t 须藤Nginx -t
You will receive the following output:
您将收到以下输出:
Output
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, activate the changes by reloading Nginx:
最后,通过重新加载Nginx激活更改:
- sudo systemctl reload nginx 须藤systemctl重新加载nginx
You can now access the default Grafana login screen by pointing your web browser to https://your_domain. If you’re unable to reach Grafana, verify that your firewall is set to allow traffic on port 443 and then re-trace the previous instructions.
现在,您可以通过将Web浏览器指向https:// your_domain来访问默认的Grafana登录屏幕。 如果您无法访问Grafana,请验证防火墙是否设置为允许端口443上的流量,然后重新跟踪前面的说明。
With the connection to Grafana encrypted, you can now implement additional security measures, starting with changing Grafana’s default administrative credentials.
通过加密与Grafana的连接,您现在可以实施其他安全措施,从更改Grafana的默认管理凭据开始。
第3步-更新凭据 (Step 3 — Updating Credentials)
Because every Grafana installation uses the same administrative credentials by default, it is best practice to change your login information as soon as possible. In this step, you’ll update the credentials to improve security.
由于默认情况下每个Grafana安装都使用相同的管理凭据,因此,最佳实践是尽快更改您的登录信息。 在此步骤中,您将更新凭据以提高安全性。
Start by navigating to https://your_domain from your web browser. This will bring up the default login screen where you’ll see the Grafana logo, a form asking you to enter an email or username and password, a Log in button, and a Forgot your password? link.
首先从Web浏览器导航到https:// your_domain 。 这将显示默认的登录屏幕,您将在其中看到Grafana徽标,要求您输入电子邮件或用户名和密码的表单,“ 登录”按钮以及“ 忘记密码”? 链接。
Enter admin into both the User and Password fields and then click on the Log in button.
在“ 用户”和“ 密码”字段中输入“ admin ,然后单击“ 登录”按钮。
On the next screen, you’ll be asked to make your account more secure by changing the default password:
在下一个屏幕上,系统将要求您通过更改默认密码来提高帐户的安全性:
Enter the password you’d like to start using into the New password and Confirm new password fields.
在新密码和确认新密码字段中输入您要开始使用的密码 。
From here, you can click Save to save the new information or press Skip to skip this step. If you skip, you will be prompted to change the password next time you login.
在这里,您可以单击“ 保存”以保存新信息,或按“ 跳过”以跳过此步骤。 如果您跳过,则下次登录时将提示您更改密码。
In order to increase the security of your Grafana setup, click Save. You’ll return to the Home Dashboard page:
为了提高Grafana设置的安全性,请点击保存 。 您将返回“ 主页仪表板”页面:
You’ve now secured your account by changing the default credentials. Next, you will make changes to your Grafana configuration so that nobody can create a new Grafana account without your permission.
现在,您已通过更改默认凭据来保护自己的帐户。 接下来,您将对Grafana配置进行更改,以便没有您的允许,任何人都不能创建新的Grafana帐户。
步骤4 —禁用Grafana注册和匿名访问 (Step 4 — Disabling Grafana Registrations and Anonymous Access)
Grafana provides options that allow visitors to create user accounts for themselves and preview dashboards without registering. When Grafana isn’t accessible via the internet or when it’s working with publicly available data like service statuses, you may want to allow these features. However, when using Grafana online to work with sensitive data, anonymous access could be a security problem. To fix this problem, make some changes to your Grafana configuration.
Grafana提供的选项允许访问者自行创建用户帐户并预览仪表板而无需注册。 当无法通过Internet访问Grafana或使用服务状态等公共可用数据时,您可能希望允许使用这些功能。 但是,当使用Grafana在线处理敏感数据时,匿名访问可能是一个安全问题。 要解决此问题,请对您的Grafana配置进行一些更改。
Start by opening Grafana’s main configuration file for editing:
首先打开Grafana的主要配置文件进行编辑:
- sudo nano /etc/grafana/grafana.ini 须藤纳米/etc/grafana/grafana.ini
Locate the following allow_sign_up directive under the [users] heading:
在[users]标题下找到以下allow_sign_up指令:
...
[users]
# disable user signup / registration
;allow_sign_up = true
...Enabling this directive with true adds a Sign Up button to the login screen, allowing users to register themselves and access Grafana.
启用此指令为true会将“ 注册”按钮添加到登录屏幕,从而允许用户注册自己并访问Grafana。
Disabling this directive with false removes the Sign Up button and strengthens Grafana’s security and privacy.
禁用此指令为false将删除“ 注册”按钮,并增强Grafana的安全性和隐私性。
Uncomment this directive by removing the ; at the beginning of the line and then setting the option to false:
通过删除;取消注释此指令; 在该行的开头,然后将选项设置为false :
...
[users]
# disable user signup / registration
allow_sign_up = false
...Next, locate the following enabled directive under the [auth.anonymous] heading:
接下来,在[auth.anonymous]标题下找到以下enabled伪指令:
...
[auth.anonymous]
# enable anonymous access
;enabled = false
...Setting enabled to true gives non-registered users access to your dashboards; setting this option to false limits dashboard access to registered users only.
设置enabled以true给非注册用户访问您的仪表板; 将此选项设置为false将仪表板访问权限仅限制为注册用户。
Uncomment this directive by removing the ; at the beginning of the line and then setting the option to false.
通过删除;取消注释此指令; 在该行的开头,然后将选项设置为false 。
...
[auth.anonymous]
enabled = false
...Save the file and exit your text editor.
保存文件并退出文本编辑器。
To activate the changes, restart Grafana:
要激活更改,请重新启动Grafana:
- sudo systemctl restart grafana-server sudo systemctl重新启动grafana-server
Verify that everything is working by checking Grafana’s service status:
通过检查Grafana的服务状态来验证一切是否正常:
- sudo systemctl status grafana-server sudo systemctl状态grafana服务器
Like before, the output will report that Grafana is active (running).
像以前一样,输出将报告Grafana active (running) 。
Now, point your web browser to https://your_domain. To return to the Sign Up screen, bring your cursor to your avatar in the lower left of the screen and click on the Sign out option that appears.
现在,将您的Web浏览器指向https:// your_domain 。 要返回“ 注册”屏幕,请将光标移至屏幕左下方的头像,然后单击出现的“ 注销”选项。
Once you have signed out, verify that there is no Sign Up button and that you can’t sign in without entering login credentials.
退出后,请确认没有“ 注册”按钮,并且如果没有输入登录凭据就无法登录。
At this point, Grafana is fully configured and ready for use. Next, you can simplify the login process for your organization by authenticating through GitHub.
至此,Grafana已完全配置并可以使用。 接下来,您可以通过GitHub进行身份验证,从而简化组织的登录过程。
(可选)步骤5 —设置GitHub OAuth应用 ((Optional) Step 5 — Setting Up a GitHub OAuth App)
For an alternative approach to signing in, you can configure Grafana to authenticate through GitHub, which provides login access to all members of authorized GitHub organizations. This can be particularly useful when you want to allow multiple developers to collaborate and access metrics without having to create Grafana-specific credentials.
对于登录的另一种方法,您可以配置Grafana通过GitHub进行身份验证,从而提供对授权GitHub组织的所有成员的登录访问权限。 当您要允许多个开发人员进行协作并访问指标而不必创建特定于Grafana的凭据时,这特别有用。
Start by logging into a GitHub account associated with your organization and then navigate to your GitHub profile page at https://github.com/settings/profile.
首先登录到与您的组织关联的GitHub帐户,然后浏览到https://github.com/settings/profile GitHub个人资料页面。
Click on your organization’s name under Organization settings in the navigation menu on the left-hand side of the screen.
在屏幕左侧的导航菜单中,在组织设置下单击您的组织名称。
On the next screen, you’ll see your Organization profile where you can change settings like your Organization display name, organization Email, and organization URL.
在下一个屏幕上,您将看到组织配置文件 ,您可以在其中更改设置,例如组织显示名称 ,组织电子邮件和组织URL 。
Because Grafana uses OAuth — an open standard for granting remote third parties access to local resources — to authenticate users through GitHub, you’ll need to create a new OAuth application within GitHub.
由于Grafana使用OAuth (一种用于授予远程第三方访问本地资源的开放标准)来通过GitHub验证用户身份,因此您需要在GitHub中创建一个新的OAuth应用程序 。
Click the OAuth Apps link under Developer settings on the lower left-hand side of the screen.
点击屏幕左下角“ 开发者设置 ”下的OAuth应用链接。
If you don’t already have any OAuth applications associated with your organization on GitHub, you’ll be told there are No Organization Owned Applications. Otherwise, you’ll see a list of the OAuth applications already connected to your account.
如果您在GitHub上还没有与您的组织相关联的OAuth应用程序,则会提示您没有组织拥有的应用程序 。 否则,您将看到已经连接到您的帐户的OAuth应用程序列表。
Click the Register an application button to continue.
单击注册应用程序按钮继续。
On the next screen, fill in the following details about your Grafana installation:
在下一个屏幕上,填写有关Grafana安装的以下详细信息:
Application name - This helps you distinguish your different OAuth applications from one another.
应用程序名称 -这有助于您将不同的OAuth应用程序彼此区分开。
Homepage URL - This tells GitHub where to find Grafana. Type
https://your_domaininto this field, replacingyour_domainwith your domain.主页URL-告诉GitHub在哪里可以找到Grafana。 在此字段中输入
https:// your_domain,用您的域替换your_domain。Application Description - This provides a description of your OAuth application’s purpose.
应用程序描述 -提供OAuth应用程序用途的描述。
Application callback URL - This is the address where users will be sent once successfully authenticated. For Grafana, this field must be set to
https://your_domain/login/github.应用程序回调URL-这是成功验证身份后将发送用户的地址。 对于Grafana,此字段必须设置为
https:// your_domain /login/github。
Keep in mind that Grafana users logging in through GitHub will see the values you entered in the first three preceding fields, so be sure to enter something meaningful and appropriate.
请记住,通过GitHub登录的Grafana用户将看到您在前三个字段中输入的值,因此请确保输入有意义且适当的内容。
When completed, the form will look something like:
完成后,该表单将类似于:
Click the green, Register application button.
单击绿色的注册应用程序按钮。
You will now be redirected to a page containing the Client ID and Client Secret associated with your new OAuth application. Make note of both values, because you will need to add them to Grafana’s main configuration file to complete the setup.
现在,您将被重定向到包含与新OAuth应用程序关联的客户端ID和客户端密钥的页面。 记下这两个值,因为您需要将它们添加到Grafana的主配置文件中以完成设置。
Warning: Make sure to keep your Client ID and Client Secret in a secure and non-public location, because they could be used as the basis of an attack.
警告:确保将您的客户ID和客户机密保存在安全且非公开的位置,因为它们可能被用作攻击的基础。
With your GitHub OAuth application created, you’re now ready to reconfigure Grafana to use GitHub for authentication.
创建了GitHub OAuth应用程序后,您现在就可以重新配置Grafana以使用GitHub进行身份验证了。
(可选)步骤6 —将Grafana配置为GitHub OAuth应用 ((Optional) Step 6 — Configuring Grafana as a GitHub OAuth App)
To complete GitHub authentication for your Grafana setup, you will now make some changes to your Grafana configuration files.
为了完成Grafana设置的GitHub身份验证,您现在将对Grafana配置文件进行一些更改。
To begin, open the main Grafana configuration file.
首先,打开Grafana主配置文件。
- sudo nano /etc/grafana/grafana.ini 须藤纳米/etc/grafana/grafana.ini
Locate the [auth.github] heading, and uncomment this section by removing the ; at the beginning of every line except ;team_ids=, which will not be changed in this tutorial.
找到[auth.github]标题,并通过删除;取消注释本节; 在除;team_ids=之外的每一行的开头,在本教程中不会更改。
Next, configure Grafana to use GitHub with your OAuth application’s client_id and client_secret values.
接下来,将Grafana配置为将GitHub与OAuth应用程序的client_id和client_secret值一起使用。
Set
enabledandallow_sign_uptotrue. This will enable GitHub Authentication and permit members of the allowed organization to create accounts themselves. Note that this setting is different than theallow_sign_upproperty under[users]that you changed in Step 4.设置
enabled并将allow_sign_up设置为true。 这将启用GitHub身份验证,并允许所允许组织的成员自己创建帐户。 请注意,此设置与您在步骤4中更改的[users]下的allow_sign_up属性不同。Set
client_idandclient_secretto the values you got while creating your GitHub OAuth application.将
client_id和client_secret设置为创建GitHub OAuth应用程序时获得的值。Set
allowed_organizationsto the name of your organization to ensure that only members of your organization can sign up and log into Grafana.将
allowed_organizations设置为组织的名称,以确保只有组织的成员才能注册并登录Grafana。
The complete configuration will look like:
完整的配置如下所示:
...
[auth.github]
enabled = true
allow_sign_up = true
client_id = your_client_id_from_github
client_secret = your_client_secret_from_github
scopes = user:email,read:org
auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token
api_url = https://api.github.com/user
;team_ids =
allowed_organizations = your_organization_name
...You’ve now told Grafana everything it needs to know about GitHub. To complete the setup, you’ll need to enable redirects behind a reverse proxy. This is done by setting a root_url value under the [server] heading.
现在,您已经告诉Grafana它需要了解的有关GitHub的所有信息。 要完成设置,您需要在反向代理后面启用重定向。 这是通过在[server]标题下设置root_url值来完成的。
...
[server]
root_url = https://your_domain
...Save your configuration and close the file.
保存配置并关闭文件。
Then, restart Grafana to activate the changes:
然后,重新启动Grafana以激活更改:
- sudo systemctl restart grafana-server sudo systemctl重新启动grafana-server
Lastly, verify that the service is up and running.
最后,确认服务已启动并正在运行。
- sudo systemctl status grafana-server sudo systemctl状态grafana服务器
The output will indicate that the service is active (running).
输出将指示该服务active (running) 。
Now, test your new authentication system by navigating to https://your_domain. If you are already logged into Grafana, hover your mouse over the avatar log in the lower left-hand corner of the screen, and click on Sign out in the secondary menu that appears next to your name.
现在,通过导航到https:// your_domain来测试新的身份验证系统。 如果您已经登录Grafana,请将鼠标悬停在屏幕左下角的头像日志上,然后在您名称旁边显示的辅助菜单中单击“ 注销” 。
On the login page, you’ll see a new section under the original Log in button that includes a Sign in with GitHub button with the GitHub logo.
在登录页面上,您将在原始“ 登录”按钮下看到一个新部分,其中包括带有GitHub标志的“ 使用GitHub登录”按钮。
Click on the Sign in with GitHub button to be redirected to GitHub, where you’ll sign into your GitHub account and confirm your intention to Authorize Grafana.
单击“ 使用GitHub登录”按钮以重定向到GitHub,您将在此登录GitHub帐户并确认打算授权Grafana 。
Click the green, Authorize your_github_organization button.
单击绿色的“ 授权your_github_organization”按钮。
Note: Make sure your GitHub account is a member of your approved organization and your Grafana email address matches your GitHub email address. If you try to authenticate with a GitHub account that isn’t a member of your approved organization, you’ll get a Login Failed message telling you, User not a member of one of the required organizations.
注意:确保您的GitHub帐户是您批准的组织的成员,并且您的Grafana电子邮件地址与您的GitHub电子邮件地址匹配。 如果您尝试使用不是您批准的组织成员的GitHub帐户进行身份验证,则会收到“ 登录失败”消息,告诉您, 用户不是所需组织之一的成员 。
You will now be logged in with your existing Grafana account. If a Grafana account doesn’t already exist for the user you logged in as, Grafana will create a new user account with Viewer permissions, ensuring that new users can only use existing dashboards.
现在,您将使用现有的Grafana帐户登录。 如果您以其身份登录的用户尚不存在Grafana帐户,则Grafana将创建具有查看者权限的新用户帐户,以确保新用户只能使用现有的仪表板。
To change the default permissions for new users, open the main Grafana configuration file for editing.
要更改新用户的默认权限,请打开主Grafana配置文件进行编辑。
- sudo nano /etc/grafana/grafana.ini 须藤纳米/etc/grafana/grafana.ini
Locate the auto_assign_org_role directive under the [users] heading, and uncomment the setting by removing the ; at the beginning of the line.
在[users]标题下找到auto_assign_org_role指令,并通过删除;取消注释设置; 在该行的开头。
Set the directive to one of the following values:
将指令设置为以下值之一:
Viewer— can only use existing dashboardsViewer-只能使用现有的仪表板Editor— can change use, modify, and add dashboardsEditor-可以更改使用,修改和添加仪表板Admin— has permission to do everythingAdmin-有权执行所有操作
This tutorial will set the auto-assign to Viewer:
本教程将自动分配给Viewer :
...
[users]
...
auto_assign_org_role = Viewer
...Once you’ve saved your changes, close the file and restart Grafana:
保存更改后,关闭文件并重新启动Grafana:
- sudo systemctl restart grafana-server sudo systemctl重新启动grafana-server
Check the service’s status:
检查服务状态:
- sudo systemctl status grafana-server sudo systemctl状态grafana服务器
Like before, the status will read active (running).
像以前一样,状态将显示为active (running) 。
At this point, you have fully configured Grafana to allow members of your GitHub organization to register and use your Grafana installation.
至此,您已经对Grafana进行了完整配置,以允许GitHub组织的成员注册并使用Grafana安装。
结论 (Conclusion)
In this tutorial you installed, configured, and secured Grafana, and you also learned how to permit members of your organization to authenticate through GitHub.
在本教程中,您安装,配置和保护了Grafana,还学习了如何允许组织成员通过GitHub进行身份验证。
To extend your current Grafana installation, see the list of official and community-built dashboards. To learn more about using Grafana in general, see the official Grafana documentation, or check out our other monitoring tutorials.
要扩展您当前的Grafana安装,请参阅官方和社区构建的仪表板列表 。 要了解有关一般使用Grafana的更多信息,请参阅Grafana官方文档 ,或查看我们的其他监控教程 。
翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-grafana-on-ubuntu-18-04
455
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
