简单个人网站,网站推广工作如何做,环境文化建设方案网站,wordpress xiu主题5.2上一篇文章利用Docker快速部署了Grafana用来展示Zabbix得监控数据#xff0c;但还需要给用户去创建账号允许他们登录后才能看展示得数据#xff0c;那有什么办法让非管理员更方便得去访问Grafana呢#xff1f;下面介绍两个比较方便实现的#xff1a; 在开始设置前#xff…上一篇文章利用Docker快速部署了Grafana用来展示Zabbix得监控数据但还需要给用户去创建账号允许他们登录后才能看展示得数据那有什么办法让非管理员更方便得去访问Grafana呢下面介绍两个比较方便实现的 在开始设置前为了数据持久化需要对上一篇中的Docker启动中加入配置文件的持久化配置具体如下
# create a persistent volume for data
docker volume create grafana-data# create a persistent volume for log
docker volume create grafana-log# create a persistent volume for config
docker volume create grafana-config# start grafana by using the above persistent storage and defining environment variables
docker run -d -p 3000:3000 --namegrafana --volume grafana-storage:/var/lib/grafana --volume grafana-log:/var/log/grafana --volume grafana-config:/etc/grafana -e GF_INSTALL_PLUGINSalexanderzobnin-zabbix-app grafana/grafana-oss:latest然后通过以下找到配置文件的具体位置
docker volume inspect grafana-config
[{CreatedAt: 2023-12-22T03:25:15Z,Driver: local,Labels: null,Mountpoint: /var/lib/docker/volumes/grafana-config/_data,Name: grafana-config,Options: null,Scope: local}
]
cd /var/lib/docker/volumes/grafana-config/_data文件夹内的grafana.ini, ldap.toml是下面配置的重点。
匿名访问 通过在配置文件中启用匿名访问来使 Grafana 可以在无需登录的情况下访问。在grafana.ini中找到以下部分并修改
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access (default: false)
enabled true# Organization name that should be used for unauthenticated users (default: Main Org.)
org_name Main Org.# Role for unauthenticated users, other valid values are Editor and Admin (default: Viewer)
org_role Viewer# Hide the Grafana version text from the footer and help tooltip for unauthenticated users (default: false)
hide_version true保存配置文件后重启docker。
docker restart grafana在浏览器中直接访问http://IP:3000/即可以得到以下显示了。普通用户就不用登录即可查看dashboard了。
与LDAPWindows AD连接统一认证登录 要使用 LDAP 集成首先需要在主配置文件中启用 LDAP并指定 LDAP 特定配置文件的路径默认为 /etc/grafana/ldap.toml。 启用 LDAP 后默认行为是在成功进行 LDAP 身份验证后自动创建 Grafana 用户。如果希望只允许现有的 Grafana 用户登录您可以在 [auth.ldap]部分将 allow_sign_up 更改为 false。如果希望手动分配组织和角色可以使用 skip_org_role_sync 配置选项。
#################################### Auth LDAP ##########################
[auth.ldap]
# Set to true to enable LDAP integration (default: false)
enabled true# Path to the LDAP specific configuration file (default: /etc/grafana/ldap.toml)
config_file /etc/grafana/ldap.toml# Allow sign-up should be true (default) to allow Grafana to create users on successful LDAP authentication.
# If set to false only already existing Grafana users will be able to login. (default: true)
allow_sign_up true# Prevent synchronizing ldap users organization roles (default: false)
skip_org_role_sync false修改完grafana.ini后然后修改ldap.toml文件需要注意的是如下配置适用于Windows AD提供的LDAP设置。
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters ldap:debug[[servers]]
# Ldap server host (specify multiple hosts space separated)
host ldap.my_secure_remote_server.org
# Default port is 389 or 636 if use_ssl true
port 389
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl false
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls false
# The value of an accepted TLS cipher. By default, this value is empty. Example value: [TLS_AES_256_GCM_SHA384])
# For a complete list of supported ciphers and TLS versions, refer to: https://go.dev/src/crypto/tls/cipher_suites.go
tls_ciphers []
# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.1, TLS1.2, TLS1.3.
min_tls_version
# set to true if you want to skip ssl cert validation
ssl_skip_verify false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert /path/to/certificate.crt
# Authentication against LDAP servers requiring client certificates
# client_cert /path/to/client.crt
# client_key /path/to/client.key# Search user bind dn
bind_dn cnadmin,dcgrafana,dcorg
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex #password;
bind_password grafana
# We recommend using variable expansion for the bind_password, for more info https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion
# bind_password $__env{LDAP_BIND_PASSWORD}# Timeout in seconds (applies to each host specified in the host entry (space separated))
timeout 10# User search filter, for example (cn%s) or (sAMAccountName%s) or (uid%s)
search_filter (sAMAccountName%s)# An array of base dns to search through
search_base_dns [dcgrafana,dcorg]## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
# group_search_filter ((objectClassposixGroup)(memberUid%s))
# group_search_base_dns [ougroups,dcgrafana,dcorg]
# group_search_filter_user_attribute uid# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name givenName
surname sn
username sAMAccountName
member_of memberOf
email email# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn cnadmins,ougroups,dcgrafana,dcorg
org_role Admin
# To make user an instance admin (Grafana Admin) uncomment line below
# grafana_admin true
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id 1[[servers.group_mappings]]
group_dn cneditors,ougroups,dcgrafana,dcorg
org_role Editor[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn *
org_role Viewer更多配置可以参考Grafana官方说明。保存配置文件后重启docker。
docker restart grafana用AD账号登录后可以看到个人资料里面很多信息就是从AD同步过来的。
