securing grafana, adding more fixes
This commit is contained in:
parent
0d34d60b40
commit
b6bc290f99
@ -20,11 +20,28 @@ else
|
||||
fi
|
||||
|
||||
# START docker-compose
|
||||
docker-compose up -d
|
||||
docker-compose up -d --remove-orphans
|
||||
|
||||
# ADD DATASOURCES AND DASHBOARDS
|
||||
echo "adding datasources..."
|
||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_datasources.sh
|
||||
|
||||
echo "adding dashboards..."
|
||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
||||
|
||||
echo "adding datasources..."
|
||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_datasources.sh
|
||||
|
||||
## NOW LET'S SECURE GRAFANA
|
||||
# CHECKING OUT ORIGINAL FILE
|
||||
#echo -e "checking out original docker-compose.yml"
|
||||
#git checkout docker-compose.yml
|
||||
|
||||
## STOPPING and REMOVING GRAFANA CONTAINER
|
||||
echo -e "stopping & removing grafana container"
|
||||
container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||
docker stop $container_id
|
||||
docker rm $container_id
|
||||
|
||||
# REPLACING HTTP with HTTPS
|
||||
echo -e "changing http to https"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||
docker-compose up -d grafana
|
||||
|
@ -23,7 +23,7 @@ services:
|
||||
INFLUXDB_REPORTING_DISABLED: "true"
|
||||
INFLUXDB_DB: telegraf
|
||||
INFLUXDB_USER: telegraf
|
||||
INFLUXDB_USER_PASSWORD: nimda
|
||||
INFLUXDB_USER_PASSWORD: nimda321
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana:5.1.3
|
||||
@ -35,15 +35,23 @@ services:
|
||||
- private
|
||||
volumes:
|
||||
- grafana_lib:/var/lib/grafana
|
||||
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
||||
environment:
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "true"
|
||||
GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
|
||||
GF_SECURITY_ADMIN_USER: "admin"
|
||||
GF_SERVER_PROTOCOL: "http"
|
||||
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
GF_SERVER_METRICS_ENABLED: "true"
|
||||
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
||||
INFLUXDB_URI: "http://influxdb:8086"
|
||||
INFLUXDB_DB: telegraf
|
||||
INFLUXDB_USER: telegraf
|
||||
INFLUXDB_USER_PASSWORD: nimda
|
||||
command: ["bash", "/var/lib/grafana/ds/add_datasources.sh"]
|
||||
INFLUXDB_USER_PASSWORD: nimda321
|
||||
|
||||
telegraf:
|
||||
image: telegraf:latest
|
||||
@ -64,7 +72,7 @@ services:
|
||||
- private
|
||||
command: "--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus"
|
||||
ports:
|
||||
- 9090:9090
|
||||
- 9091:9090
|
||||
depends_on:
|
||||
- node_exporter
|
||||
|
||||
@ -80,12 +88,24 @@ services:
|
||||
- public
|
||||
- private
|
||||
environment:
|
||||
DOGSNAME: "Gula&Bodka"
|
||||
DOGSNAME: "GULA,BODKA"
|
||||
command:
|
||||
- "--collector.textfile"
|
||||
- "--collectors.enabled=textfile"
|
||||
- "--collector.textfile.directory=/var/lib/node_exporter/textfile_collector/"
|
||||
expose:
|
||||
- 9100
|
||||
ports:
|
||||
- 9100:9100
|
||||
|
||||
- 9101:9100
|
||||
cadvisor:
|
||||
image: google/cadvisor
|
||||
volumes:
|
||||
- /:/rootfs:ro
|
||||
- /var/run:/var/run:rw
|
||||
- /sys:/sys:ro
|
||||
- /var/lib/docker/:/var/lib/docker:ro
|
||||
ports:
|
||||
- 18080:8080
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
restart: unless-stopped
|
||||
|
@ -19,7 +19,7 @@ LPURPLE='\033[01;35m'
|
||||
LCYAN='\033[01;36m'
|
||||
WHITE='\033[01;37m'
|
||||
|
||||
GRAFANA_URL=http://admin:admin@localhost:3000
|
||||
GRAFANA_URL=http://admin:nimda321@localhost:3000
|
||||
|
||||
|
||||
grafana_api() {
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
# ADD INFLUXDB DATASOURCE
|
||||
curl -s -H "Content-Type: application/json" \
|
||||
-XPOST http://admin:admin@localhost:3000/api/datasources \
|
||||
-XPOST http://admin:nimda321@localhost:3000/api/datasources \
|
||||
-d @- <<EOF
|
||||
{
|
||||
"name": "influxdb",
|
||||
@ -12,14 +12,14 @@ curl -s -H "Content-Type: application/json" \
|
||||
"url": "http://influxdb:8086",
|
||||
"database": "telegraf",
|
||||
"user":"telegraf",
|
||||
"password":"nimda",
|
||||
"password":"nimda321",
|
||||
"basicAuth":false
|
||||
}
|
||||
EOF
|
||||
|
||||
## ADD PROMETHEUS DATASOURCE
|
||||
curl -s -H "Content-Type: application/json" \
|
||||
-XPOST http://admin:admin@localhost:3000/api/datasources \
|
||||
-XPOST http://admin:nimda321@localhost:3000/api/datasources \
|
||||
-d @- <<EOF
|
||||
{
|
||||
"name": "prometheus",
|
||||
|
2175
grafana/dashboards/docker_and_system_monitoring.json
Normal file
2175
grafana/dashboards/docker_and_system_monitoring.json
Normal file
File diff suppressed because it is too large
Load Diff
@ -32,3 +32,7 @@ scrape_configs:
|
||||
scrape_interval: "15s"
|
||||
static_configs:
|
||||
- targets: ['node_exporter:9100']
|
||||
- job_name: 'cadvisor'
|
||||
scrape_interval: "15s"
|
||||
static_configs:
|
||||
- targets: ['cadvisor:8080']
|
||||
|
@ -62,7 +62,7 @@ write_consistency = "any"
|
||||
## If not provided, will default to 5s. 0s means no timeout (not recommended).
|
||||
timeout = "5s"
|
||||
username = "telegraf"
|
||||
password = "nimda"
|
||||
password = "nimda321"
|
||||
## Set the user agent for HTTP POSTs (can be useful for log differentiation)
|
||||
user_agent = "telegraf-agent"
|
||||
## Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes)
|
||||
|
@ -13,16 +13,16 @@ do_cleanup () {
|
||||
fi
|
||||
|
||||
|
||||
read -r -p "Do you want to delete all docker \"bridge\" networks? [y/N] " response
|
||||
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
||||
then
|
||||
for n in $(docker network ls | grep "bridge" | awk '/ / { print $1 }'); do
|
||||
echo -e "attempting to delete network: $n"
|
||||
docker network rm $n || echo "cannot remove: $n"
|
||||
done
|
||||
else
|
||||
echo -e "'no' chosen"
|
||||
fi
|
||||
# read -r -p "Do you want to delete all docker \"bridge\" networks? [y/N] " response
|
||||
# if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
||||
# then
|
||||
# for n in $(docker network ls | grep "bridge" | awk '/ / { print $1 }'); do
|
||||
# echo -e "attempting to delete network: $n"
|
||||
# docker network rm $n || echo "cannot remove: $n"
|
||||
# done
|
||||
# else
|
||||
# echo -e "'no' chosen"
|
||||
# fi
|
||||
|
||||
read -r -p "Do you want to delete all docker dangling images? [y/N] " response
|
||||
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
||||
|
Loading…
Reference in New Issue
Block a user