- Enable login using username and password
- Specifying an admin password
- Disabling Grafana
- Authentication
- Dashboards
- Grafana metrics
Grafana Dashboard Service
Introduced in GitLab 11.9.
Grafana is a powerful dashboard building system that you can use to visualize performance metrics from the embedded Prometheus monitoring system.
Starting with GitLab 12.0, Grafana is enabled by default and SSO with GitLab is
automatically configured. Grafana will be available on https://gitlab.example.com/-/grafana.
Enable login using username and password
Logging in to Grafana using username/password combo is disabled , and only
GitLab SSO is available by default. However, to access the admin account, you
need to enable login using username/password. For that, add the following line
to /etc/gitlab/gitlab.rb file and reconfigure:
grafana['disable_login_form'] = false
Specifying an admin password
admin_password setting doesn’t have any effect,
and you’ll have to reset the password manually.
Also, to access the admin account, you have to enable login using username and password.To specify an admin password, add the following line to /etc/gitlab/gitlab.rb
file and reconfigure:
grafana['admin_password'] = 'foobar'
If no admin password is provided, Omnibus GitLab will automatically generate a random password for the admin user as a security measure. However, in that case you will have to reset the password manually to access the admin user.
Disabling Grafana
-
Edit
/etc/gitlab/gitlab.rband add/edit the following lines:## Set to true/false to enable/disable respectively grafana['enable'] = false -
Save the file and reconfigure GitLab for the changes to take effect.
Authentication
If you want to give a user access to Grafana, you have two options.
Using Grafana’s authentication system
To allow users to create their own accounts in Grafana:
-
Edit
/etc/gitlab/gitlab.rband add the following lines:grafana['allow_user_sign_up'] = true -
Save the file and reconfigure GitLab for the changes to take effect.
Using GitLab as an OAuth provider
To use GitLab as an OAuth provider so that users of your GitLab instance have access to Grafana:
-
Set the callback URL based on your
external_url. For examplehttps://gitlab.example.com/-/grafana/login/gitlab. -
Then, edit
/etc/gitlab/gitlab.rband add the following lines:grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID' grafana['gitlab_secret'] = 'GITLAB_SECRET'Where
GITLAB_APPLICATION_IDandGITLAB_SECRETthe application ID and its secret that you created in the previous step. -
Optionally, you can select a list of GitLab groups allowed to login:
grafana['allowed_groups'] = [my_group, group_one/group_two] -
Save the file and reconfigure GitLab for the changes to take effect.
Resetting the admin password
After the first startup, the admin password is stored in the Grafana datastore
and you cannot change it via gitlab.rb.
To update it, you can use the following command:
gitlab-ctl set-grafana-password
See the Grafana CLI documentation for more information.
Dashboards
Starting with GitLab 11.10, dashboards for monitoring Omnibus GitLab will be pre-loaded and available on initial login.
For earlier versions of GitLab, you can manually import the pre-built dashboards that are tailored for Omnibus installations.
Grafana metrics
Grafana can provide metrics to be scraped by Prometheus.
By default, the metrics API is disabled in the bundled Grafana instance.
Enabling Grafana’s metrics API
To enable Grafana’s metrics API with basic authentication:
-
Edit
/etc/gitlab/gitlab.rband add/edit the following lines:grafana['metrics_enabled'] = true grafana['metrics_basic_auth_username'] = 'grafana_metrics' grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' -
Save the file and reconfigure GitLab for the changes to take effect.
-
The metrics will be available at
https://gitlab.example.com/-/grafana/metricswith basic authentication. The username and password for basic authentication will be themetrics_basic_auth_usernameandmetrics_basic_auth_passwordthat was set in/etc/gitlab/gitlab.rb.
