# Prometheus user 생성
useradd haedong
# prometheus Log 디렉토리 생성 및 권한 부여
mkdir -p /var/log/grafana
chown -R haedong /var/log/grafana
# TSDB 디렉토리 생성 및 권한 부여
mkdir -p /xvdb/grafana/data
chown -R haedong /xvdb/grafana
# prometheus user 환셩 변수
sudo -i -u grafana
cat <<EOF | sudo tee /home/haedong/.bash_profile
export HOME=/home/haedong
export GRAFANA_HOME=$HOME/grafana
export PATH=$PATH:$GRAFANA_HOME/bin
EOF
source ~/.bash_profile
wget hhttps://dl.grafana.com/oss/release/grafana-11.3.2.linux-amd64.tar.gz
tar -xvzf https://dl.grafana.com/oss/release/grafana-11.3.2.linux-amd64.tar.gz
mkdir -p $HOME/apps
mv grafana-v11.3.2 $HOME/apps/
ln -s /home/haedong/apps/grafana-v11.3.2 $HOME/grafana
app_mode = production
instance_name = ${HOSTNAME}
[paths]
# temp file directory
data = /xvdb/grafana/data
# Temp file delete period
temp_data_lifetime = 24h
# Grafana Log DIR
logs = /var/log/grafana
# Grafana plugin DIR
plugins = /home/haedong/grafana/plugins
[server]
# Protocol (http, https, h2, socket), TLS 미적용 시 http로 변경
protocol = https
# Grafana Lsten Port
http_port = 8443
domain = grafana.haedongg.net
cert_file = /home/haedong/certs/haedongg.crt
cert_key = /home/haedong/certs/haedongg.key
# Key file password, key파일이 암호화 돼있을 경우 passphrase 입력
;cert_pass =
[server.custom_response_headers]
[environment]
[database]
# Grafana Config, Metadata. 메타데이터 저장소로 RDBMS를 사용하지 않을 경우 주석처리한다.
# "mysql", "postgres", "sqlite3"
type = postgres
host = 192.168.254.1:5432
name = grafana
user = grafana
password = Hadoop1!
# Example: mysql://user:secret@host:port/database
;url =
[auth.ldap]
# Ldap authentication. LDAP 인증을 사용하지 않는 경우 enable=false로 변경하고 나머지는 주석처리 한다.
enabled = true
config_file = /home/haedong/grafana/conf/ldap.toml
allow_sign_up = true
# LDAP background sync (Enterprise only)
# At 1 am every day
;sync_cron = "0 1 * * *"
;active_sync_enabled = true
[rbac]
[smtp]
;enabled = false
;host = localhost:25
;user =
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
;password =
;cert_file =
;key_file =
;skip_verify = false
;from_address = admin@grafana.localhost
;from_name = Grafana
# EHLO identity in SMTP dialog (defaults to instance_name)
;ehlo_identity = dashboard.example.com
# SMTP startTLS policy (defaults to 'OpportunisticStartTLS')
;startTLS_policy = NoStartTLS
# Enable trace propagation in e-mail headers, using the 'traceparent', 'tracestate' and (optionally) 'baggage' fields (defaults to false)
;enable_tracing = false
[smtp.static_headers]
# Include custom static headers in all outgoing emails
;Foo-Header = bar
;Foo = bar
[emails]
;welcome_email_on_sign_up = false
;templates_pattern = emails/*.html, emails/*.txt
;content_types = text/html
#################################### Logging ##########################
[log]
# Either "console", "file", "syslog". Default is console and file
# Use space to separate multiple modes, e.g. "console file"
;mode = console file
# Either "debug", "info", "warn", "error", "critical", default is "info"
;level = info
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
;filters =
# Set the default error message shown to users. This message is displayed instead of sensitive backend errors which should be obfuscated. Default is the same as the sample value.
;user_facing_default_error = "please inspect Grafana server log for details"
# For "console" mode only
[log.console]
;level =
# log line format, valid options are text, console and json
;format = console
# For "file" mode only
[log.file]
;level =
# log line format, valid options are text, console and json
;format = text
# This enables automated log rotate(switch of following options), default is true
;log_rotate = true
# Max line number of single file, default is 1000000
;max_lines = 1000000
# Max size shift of single file, default is 28 means 1 << 28, 256MB
;max_size_shift = 28
# Segment log daily, default is true
;daily_rotate = true
# Expired days of log file(delete after max days), default is 7
;max_days = 7
[log.syslog]
;level =
# log line format, valid options are text, console and json
;format = text
# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
;network =
;address =
# Syslog facility. user, daemon and local0 through local7 are valid.
;facility =
# Syslog tag. By default, the process' argv[0] is used.
;tag =
[unified_alerting.reserved_labels]
disabled_labels =
[unified_alerting.state_history.annotations]
max_age =
max_annotations_to_keep =
[recording_rules]
enabled = false
url =
basic_auth_username =
basic_auth_password =
timeout = 30s
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "ad.haedongg.net"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = false
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = false
# Starting with Grafana v11.0 only ciphers with ECDHE support are accepted for TLS 1.2 connections.
tls_ciphers = []
# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.1 (only for Grafana v10.4 or older), TLS1.2, TLS1.3.
min_tls_version = ""
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# Ldaps 사용 시 인증서 설정이 필요할 때
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "cn=grafana,ou=grafana,dc=ad,dc=haedongg,dc=net"
# Search user bind password
# 비밀번호에 # 이나 ; 가 포함될 경우 """ 로 묶어준다. Ex """#password;"""
bind_password = 'P@ssW0rd'
# We recommend using variable expansion for the bind_password, for more info https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion
# bind_password = '$__env{LDAP_BIND_PASSWORD}'
# Timeout in seconds (applies to each host specified in the 'host' entry (space separated))
timeout = 10
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(sAMAccountName=%s)"
# An array of base dns to search through
search_base_dns = ["dc=ad,dc=haedongg,dc=net"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=group)(member=%s))"
group_search_base_dns = ["ou=grafana,dc=ad,dc=haedongg,dc=net"]
# group_search_filter_user_attribute = "uid"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "sAMAccountName"
email = "mail"
# Grafana 권한 그룹 지정
# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "cn=GrafanaAdmins,ou=grafana,dc=ad,dc=haedongg,dc=net"
org_role = "Admin"
# To make user an instance admin (Grafana Admin) uncomment line below
# grafana_admin = true
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id = 1
[[servers.group_mappings]]
group_dn = "cn=GrafanaUsers,ou=grafana,dc=ad,dc=haedongg,dc=net"
org_role = "Editor"
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"
#!/bin/bash
HOME=/home/haedong
GRAFANA_HOME=$HOME/grafana
GRAFANA_BIN="$GRAFANA_HOME/bin/grafana-server"
GRAFANA_CONF="$GRAFANA_HOME/conf/grafana.ini"
GRAFANA_LOG="/var/log/grafana/grafana.log"
GRAFANA_PID="$GRAFANA_HOME/grafana.pid"
case "$1" in
start)
if [ -f "$GRAFANA_PID" ] && kill -0 $(cat "$GRAFANA_PID") > /dev/null 2>&1; then
echo "Grafana is already running."
else
echo "Starting Grafana..."
nohup $GRAFANA_BIN --config="$GRAFANA_CONF" >> "$GRAFANA_LOG" 2>&1 &
echo $! > "$GRAFANA_PID"
echo "Grafana started with PID $(cat "$GRAFANA_PID")."
fi
;;
stop)
if [ -f "$GRAFANA_PID" ] && kill -0 $(cat "$GRAFANA_PID") > /dev/null 2>&1; then
echo "Stopping Grafana..."
kill $(cat "$GRAFANA_PID")
rm -f "$GRAFANA_PID"
echo "Grafana stopped."
else
echo "Grafana is not running."
fi
;;
restart)
echo "Restarting Grafana..."
$0 stop
$0 start
;;
status)
if [ -f "$GRAFANA_PID" ] && kill -0 $(cat "$GRAFANA_PID") > /dev/null 2>&1; then
echo "Grafana is running with PID $(cat "$GRAFANA_PID")."
else
echo "Grafana is not running."
fi
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
OSS(AGPL 라이선스)와 Enterprise 버전이 존재한다. 기능의 차이가 있다. ↩︎