I have installed a Ceph cluster V15 (Octopus). Following the general setup guide a Grafana Dashboard is installed during bootstrapping the cluster. This is a nice feature.
But the dashboard can be access on port :3000 from anonymous without authentication.
I guess this is because of the configuration of the anonymous mode in /etc/grafana/grafana.ini:
[auth.anonymous]
enabled = true
How can I disable this mode?
There are several 'ceph dashboard' commands available but I can't figure out how to tweek the default grafana.ini file
There's an instance of the grafana.ini file on the grafana host:
/var/lib/ceph/<UUID>/grafana.host1/etc/grafana/grafana.ini
You can edit that file and set the option auth.anonymous.enabled to 'false'
...
[auth.anonymous]
enabled = false
org_name = 'My Org.'
org_role = 'Viewer'
...
restart the container with
# ceph orch restart grafana
now your changes should be applied. You can login now with the default user/password 'admin' / 'admin'
Related
I am having keycloak installed and working in Prod and we are currently migrating to Kubernetes(EKS) so I used Bitnami chart and used the same config as in Prod but admin console not working internally I tried version 19.0.0 and 20.0.0
here is the keycloak config
KC_HTTPS_KEY_STORE_FILE: **
KC_PROXY: edge
KC_DB: postgres
KC_DB_URL_HOST: **
KC_DB_USERNAME: ***
KC_HOSTNAME: public_url
KEYCLOAK_ADMIN: admin
KEYCLOAK_HOSTNAME: public_url
PROXY_ADDRESS_FORWARDING: true
KK_TO_RMQ_URL: **
KK_TO_RMQ_USERNAME: **
KK_TO_RMQ_PASSWORD: **
KEYCLOAK_IDENTITY_URL: **
KC_HOSTNAME_STRICT: true
KC_HOSTNAME_ADMIN: internal_url
in the Docker file I give start --proxy edge
here is the error that comes in the browser
Timeout when waiting for 3rd party check iframe message.
Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received
I am trying to get keycloak admin console to work internally but it keeps loading forever without opening the admin dashboard
I also tried the fix on the thread Keycloak admin console loading indefinitely
but it didn't help
I am able to fix the issue, and here is the solution explained:
I removed the admin console internal connection configuration to dig more
I was using Bitnami chart for keycloak in the Bitnami chart there is a config like that
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: false
as keycloak needs to create tmp folder for caching the css and js files it was not able to create it
KC-SERVICES0075: Failed to get theme request: java.lang.RuntimeException: Temporary directory /opt/keycloak/bin/../data/tmp does not exist and it was not possible to create it
so I disabled this feature in bitnami
containerSecurityContext:
enabled: false
set the user in the image as keycloak or any other privileged user
and that's it, now working as a charm.
Since AWS has replaced ElasticSearch with OpenSearch, some clients have issues connecting to the OpenSearch Service.
To avoid that, we can enable compatibility mode during the cluster creation.
Certain Elasticsearch OSS clients, such as Logstash, check the cluster
version before connecting. Compatibility mode sets OpenSearch to
report its version as 7.10 so that these clients continue to work with
the service.
I'm trying to use CloudFormation to create a cluster using AWS::OpenSearchService::Domain instead of AWS::Elasticsearch::Domain but I can't see a way to enable compatibility mode.
To do this in terraform use the config
resource "aws_elasticsearch_domain" "search" {
domain_name = "search"
advanced_options = {
"override_main_response_version" = "true"
}
}
docs can be found can be found here https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain
The AWS::OpenSearchService::Domain CloudFormation resource has a property called AdvancedOptions.
As per documentation, you should pass override_main_response_version to the advanced options to enable compatibility mode.
Example:
Resources:
OpenSearchServiceDomain:
Type: AWS::OpenSearchService::Domain
Properties:
DomainName: 'test'
EngineVersion: 'OpenSearch_1.0'
AdvancedOptions:
override_main_response_version: true
You can add this in the advanced section tab AdvancedOptions.
Example:
Resources:
OpenSearchServiceDomain:
Type: AWS::OpenSearchService::Domain
Properties:
AdvancedOptions:
override_main_response_version: true
I'm creating a new user. Still, Grafana gives me an error
pi#raspberrypi:~ $ influx
Connected to http://localhost:8086 version 1.8.0
InfluxDB shell version: 1.8.0
> CREATE USER "todd" WITH PASSWORD '123456'
> CREATE DATABASE toddDb
> quit
pi#raspberrypi:~ $ hostname -I
192.168.0.14
How do I get the frafana connection to InfluxDB working?
EDIT
my conf file /etc/influxdb/influxdb.conf is configured as following:
[http]
# Determines whether HTTP endpoint is enabled.
enabled = true
# The bind address used by the HTTP service.
bind-address = ":8086"
# Determines whether user authentication is enabled over HTTP/HTTPS.
auth-enabled = true
# Determines whether the pprof endpoint is enabled. This endpoint is used for
# troubleshooting and monitoring.
pprof-enabled = true
# Enables authentication on pprof endpoints. Users will need admin permissions
# to access the pprof endpoints when this setting is enabled. This setting has
# no effect if either auth-enabled or pprof-enabled are set to false.
pprof-auth-enabled = true
# Enables authentication on the /ping, /metrics, and deprecated /status
# endpoints. This setting has no effect if auth-enabled is set to false.
ping-auth-enabled = true
Oh that was a ridiculous problem.
In the URL field, the address needs to be prefixed with http://
Either http://192.168.0.14:8086 or http://localhost:8086 worked
I am using kubespray for the deployment of a kubernetes cluster and
want to set some API Server parameters for the deployment. In specific I want to configure the authentication via OpenID Connect (e.g set the oidc-issuer-url parameter). I saw that kubespray has some vars to set (https://github.com/kubernetes-sigs/kubespray/blob/master/docs/vars.md), but not the ones I am looking for.
Is there a way to set these parameters via kubespray? I don't want to configure each master manually (e.g by editing the /etc/kubernetes/manifests/kube-apiserver.yaml files).
Thanks for your help
On the bottom of the page you are referring to there is description how to define custom flags for various components of k8s:
kubelet_custom_flags:
- "--eviction-hard=memory.available<100Mi"
- "--eviction-soft-grace-period=memory.available=30s"
- "--eviction-soft=memory.available<300Mi"
The possible vars are:
apiserver_custom_flags
controller_mgr_custom_flags
scheduler_custom_flags
kubelet_custom_flags
kubelet_node_custom_flags
The k8s-cluster.yml file has some parameters which allow to set the OID configuration:
kube_oidc_auth: true
...
kube_oidc_url: https:// ...
kube_oidc_client_id: kubernetes
kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
kube_oidc_username_claim: sub
kube_oidc_username_prefix: oidc:
kube_oidc_groups_claim: groups
kube_oidc_groups_prefix: oidc:
These parameters are the counter parts to the oidc api server parameters
I have a QNAP TS453a NAS. In the Container Station I installed sameersbn's Docker Gitlab 10.4.2. But I couldn't find any manual how to configure an email server so that Gitlab can send emails when someone forgets his password for example. Can anyone help me?
I installed the Sameersbn version of Gitlab in Container Station as well and I found it quite restrictive. My personal recommendation would be to just use the standard CE version that Gitlab provide.
However at the time I used Sameersbn version of Gitlab there was no way that I could find to successfully configure the email server (Not saying there isn't I just couldn't figure it out). However it doesn't mean you can't do it yourself manually.
I would recommend that you mount your volumes to somewhere on disk instead of within the Container Station so it makes it easier to reconfigure any settings manually.
Here is what my docker-compose file looks like. Very simple and really the only things you need to care about are the volumes and where you are mounting them too.
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: <HOTST_NAME>
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url <EXTERNAL_URL>
ports:
- '10080:80' // Insecure port
- '10443:443' // Secure port
- '10020:22' // SSH port
volumes:
- '/share/Gitlab/config:/etc/gitlab' // To configure the Email Server we care about this one.
- '/share/Gitlab/logs:/var/log/gitlab'
- '/share/Gitlab/data:/var/opt/gitlab'
The one we care about is '/share/Gitlab/config:/etc/gitlab'. If you don't know much about volumes and mounting them it is pretty much like this '<your_local_location>:<container_location>'. So if I navigate to /share/Gitlab/config on my QNAP NAS I will find all the configuration for my GitLab instance.
In /share/Gitlab/config you should see a file called gitlab.rb, this is a ruby file that contains all the configuration for your GitLab instance. If you search in this file you will find the configuration below:
### GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**
# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.server"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
All you need to do is uncomment (# means comment so just remove) and fill in your SMTP details.
This will require you to reconfigure your Gitlab instance. So you will need to ssh into your GitLab Container and just run reconfigure command.
Essentially you need to find away of getting to the gitlab.rb file so you can amend the SMTP Email Server Settings.
Some good reading material for installing GitLab via Docker are:
https://docs.gitlab.com/omnibus/docker/
https://docs.gitlab.com/ee/install/docker.html
https://developer.ibm.com/code/2017/07/13/step-step-guide-running-gitlab-ce-docker/
https://www.digitalocean.com/community/tutorials/how-to-build-docker-images-and-host-a-docker-image-repository-with-gitlab
(Please note that there could be some additional configuration to allow your system to write to /share/Gitlab/config you can do this with chmod command via ssh)