Grafana是一款用Go语言开发的开源数据可视化工具,可以做数据监控和数据统计,带有告警功能,本文简要说明如何将基于docker安装的GrafanaLDAP集成实现快捷登录。

  1. 创建一个名为grafana的文件夹,在其下建立一个名为docker-compose.yml的文件,输入如下内容

    version: "3"
    services:
      grafana:
        image: grafana/grafana
        container_name: "grafana"
    	privileged: true
        ports:
          - "3000:3000"
        restart: always
        volumes:
          - "$PWD/grafana_data:/var/lib/grafana"
        environment:
          - GF_SECURITY_ADMIN_USER=admin
          - GF_SECURITY_ADMIN_PASSWORD=Pass@word
    
  2. 输入下述命令创建相关的挂载目录

    mkdir grafana_data && chmod 777 grafana_data
    
  3. 输入docker-compose up -d启动容器,等待2-3分钟后利用docker logs grafana查看其日志,若日志中出现类似如下信息,则表示SonarQube初步安装成功

    docker中启动grafana成功

  4. 输入http://ip:3000可打开如下图所示的登录界面,采用前述设置的账号密码可正常登录

    grafana登录页

  5. $PWD/grafana目录下建立一个名为ldap.toml的文件,写入类似如下内容

    [[servers]]
    host = "10.xxx.xx.xx"
    port = 389
    use_ssl = false
    start_tls = false
    ssl_skip_verify = false
    bind_dn = "cn=xxx,dc=xxx,dc=com"
    bind_password = 'xxx'
    search_filter = "(uid=%s)"
    search_base_dns = ["dc=xxx,dc=com"]
    
    [servers.attributes]
    name = "givenName"
    surname = "displayName"
    username = "uid"
    #member_of = "cn"
    email =  "mail"
    
    [[servers.group_mappings]]
    group_dn = "grafana-admins"
    org_role = "Admin"
    
    [[servers.group_mappings]]
    group_dn = "grafana-editors"
    org_role = "Editor"
    
    [[servers.group_mappings]]
    group_dn = "*"
    org_role = "Viewer"
    

    同时将docker-compose.yml修改如下

    version: "3"
    services:
      grafana:
        image: grafana/grafana
        container_name: "grafana"
    	privileged: true
        ports:
          - "3000:3000"
        restart: always
        volumes:
          - "$PWD/grafana_data:/var/lib/grafana"
    	  - "$PWD/ldap.toml:/etc/grafana/ldap.toml"
        environment:
          - GF_SECURITY_ADMIN_USER=admin
          - GF_SECURITY_ADMIN_PASSWORD=Pass@word
    	  - GF_AUTH_LDAP_ENABLED=true
    
  6. 输入docker-compose restart重启之后即可采用LDAP账户登录。

  7. 若需要同时安装Prometheus,则可将docker-compose.yml修改为类似如下:

    version: "3"
    services:
      prometheus:
        image: prom/prometheus:latest
        container_name: "prometheus"
        restart: always
        ports:
          - "9090:9090"
        volumes:
          - "./prometheus.yml:/etc/prometheus/prometheus.yml"
          - "./prometheus_data:/prometheus"
      grafana:
        image: grafana/grafana
        container_name: "grafana"
        ports:
          - "3000:3000"
        restart: always
        volumes:
          - "./grafana_data:/var/lib/grafana"
          - "./ldap.toml:/etc/grafana/ldap.toml"
        environment:
          - GF_SECURITY_ADMIN_USER=admin
          - GF_SECURITY_ADMIN_PASSWORD=Pass@word
          - GF_AUTH_LDAP_ENABLED=true