securing grafana, adding more fixes
This commit is contained in:
parent
0d34d60b40
commit
b6bc290f99
@ -20,11 +20,28 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# START docker-compose
|
# START docker-compose
|
||||||
docker-compose up -d
|
docker-compose up -d --remove-orphans
|
||||||
|
|
||||||
# ADD DATASOURCES AND DASHBOARDS
|
# ADD DATASOURCES AND DASHBOARDS
|
||||||
|
echo "adding datasources..."
|
||||||
|
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_datasources.sh
|
||||||
|
|
||||||
echo "adding dashboards..."
|
echo "adding dashboards..."
|
||||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
||||||
|
|
||||||
echo "adding datasources..."
|
|
||||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_datasources.sh
|
## NOW LET'S SECURE GRAFANA
|
||||||
|
# CHECKING OUT ORIGINAL FILE
|
||||||
|
#echo -e "checking out original docker-compose.yml"
|
||||||
|
#git checkout docker-compose.yml
|
||||||
|
|
||||||
|
## STOPPING and REMOVING GRAFANA CONTAINER
|
||||||
|
echo -e "stopping & removing grafana container"
|
||||||
|
container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||||
|
docker stop $container_id
|
||||||
|
docker rm $container_id
|
||||||
|
|
||||||
|
# REPLACING HTTP with HTTPS
|
||||||
|
echo -e "changing http to https"
|
||||||
|
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||||
|
docker-compose up -d grafana
|
||||||
|
@ -23,7 +23,7 @@ services:
|
|||||||
INFLUXDB_REPORTING_DISABLED: "true"
|
INFLUXDB_REPORTING_DISABLED: "true"
|
||||||
INFLUXDB_DB: telegraf
|
INFLUXDB_DB: telegraf
|
||||||
INFLUXDB_USER: telegraf
|
INFLUXDB_USER: telegraf
|
||||||
INFLUXDB_USER_PASSWORD: nimda
|
INFLUXDB_USER_PASSWORD: nimda321
|
||||||
|
|
||||||
grafana:
|
grafana:
|
||||||
image: grafana/grafana:5.1.3
|
image: grafana/grafana:5.1.3
|
||||||
@ -35,15 +35,23 @@ services:
|
|||||||
- private
|
- private
|
||||||
volumes:
|
volumes:
|
||||||
- grafana_lib:/var/lib/grafana
|
- grafana_lib:/var/lib/grafana
|
||||||
|
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||||
|
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||||
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
||||||
environment:
|
environment:
|
||||||
GF_AUTH_ANONYMOUS_ENABLED: "true"
|
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||||
GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
|
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
|
||||||
|
GF_SECURITY_ADMIN_USER: "admin"
|
||||||
|
GF_SERVER_PROTOCOL: "http"
|
||||||
|
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
||||||
|
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||||
|
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||||
|
GF_SERVER_METRICS_ENABLED: "true"
|
||||||
|
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
||||||
INFLUXDB_URI: "http://influxdb:8086"
|
INFLUXDB_URI: "http://influxdb:8086"
|
||||||
INFLUXDB_DB: telegraf
|
INFLUXDB_DB: telegraf
|
||||||
INFLUXDB_USER: telegraf
|
INFLUXDB_USER: telegraf
|
||||||
INFLUXDB_USER_PASSWORD: nimda
|
INFLUXDB_USER_PASSWORD: nimda321
|
||||||
command: ["bash", "/var/lib/grafana/ds/add_datasources.sh"]
|
|
||||||
|
|
||||||
telegraf:
|
telegraf:
|
||||||
image: telegraf:latest
|
image: telegraf:latest
|
||||||
@ -64,7 +72,7 @@ services:
|
|||||||
- private
|
- private
|
||||||
command: "--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus"
|
command: "--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus"
|
||||||
ports:
|
ports:
|
||||||
- 9090:9090
|
- 9091:9090
|
||||||
depends_on:
|
depends_on:
|
||||||
- node_exporter
|
- node_exporter
|
||||||
|
|
||||||
@ -80,12 +88,24 @@ services:
|
|||||||
- public
|
- public
|
||||||
- private
|
- private
|
||||||
environment:
|
environment:
|
||||||
DOGSNAME: "Gula&Bodka"
|
DOGSNAME: "GULA,BODKA"
|
||||||
command:
|
command:
|
||||||
- "--collector.textfile"
|
- "--collectors.enabled=textfile"
|
||||||
- "--collector.textfile.directory=/var/lib/node_exporter/textfile_collector/"
|
- "--collector.textfile.directory=/var/lib/node_exporter/textfile_collector/"
|
||||||
expose:
|
expose:
|
||||||
- 9100
|
- 9100
|
||||||
ports:
|
ports:
|
||||||
- 9100:9100
|
- 9101:9100
|
||||||
|
cadvisor:
|
||||||
|
image: google/cadvisor
|
||||||
|
volumes:
|
||||||
|
- /:/rootfs:ro
|
||||||
|
- /var/run:/var/run:rw
|
||||||
|
- /sys:/sys:ro
|
||||||
|
- /var/lib/docker/:/var/lib/docker:ro
|
||||||
|
ports:
|
||||||
|
- 18080:8080
|
||||||
|
networks:
|
||||||
|
- private
|
||||||
|
- public
|
||||||
|
restart: unless-stopped
|
||||||
|
@ -19,7 +19,7 @@ LPURPLE='\033[01;35m'
|
|||||||
LCYAN='\033[01;36m'
|
LCYAN='\033[01;36m'
|
||||||
WHITE='\033[01;37m'
|
WHITE='\033[01;37m'
|
||||||
|
|
||||||
GRAFANA_URL=http://admin:admin@localhost:3000
|
GRAFANA_URL=http://admin:nimda321@localhost:3000
|
||||||
|
|
||||||
|
|
||||||
grafana_api() {
|
grafana_api() {
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# ADD INFLUXDB DATASOURCE
|
# ADD INFLUXDB DATASOURCE
|
||||||
curl -s -H "Content-Type: application/json" \
|
curl -s -H "Content-Type: application/json" \
|
||||||
-XPOST http://admin:admin@localhost:3000/api/datasources \
|
-XPOST http://admin:nimda321@localhost:3000/api/datasources \
|
||||||
-d @- <<EOF
|
-d @- <<EOF
|
||||||
{
|
{
|
||||||
"name": "influxdb",
|
"name": "influxdb",
|
||||||
@ -12,14 +12,14 @@ curl -s -H "Content-Type: application/json" \
|
|||||||
"url": "http://influxdb:8086",
|
"url": "http://influxdb:8086",
|
||||||
"database": "telegraf",
|
"database": "telegraf",
|
||||||
"user":"telegraf",
|
"user":"telegraf",
|
||||||
"password":"nimda",
|
"password":"nimda321",
|
||||||
"basicAuth":false
|
"basicAuth":false
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
## ADD PROMETHEUS DATASOURCE
|
## ADD PROMETHEUS DATASOURCE
|
||||||
curl -s -H "Content-Type: application/json" \
|
curl -s -H "Content-Type: application/json" \
|
||||||
-XPOST http://admin:admin@localhost:3000/api/datasources \
|
-XPOST http://admin:nimda321@localhost:3000/api/datasources \
|
||||||
-d @- <<EOF
|
-d @- <<EOF
|
||||||
{
|
{
|
||||||
"name": "prometheus",
|
"name": "prometheus",
|
||||||
|
2175
grafana/dashboards/docker_and_system_monitoring.json
Normal file
2175
grafana/dashboards/docker_and_system_monitoring.json
Normal file
File diff suppressed because it is too large
Load Diff
@ -32,3 +32,7 @@ scrape_configs:
|
|||||||
scrape_interval: "15s"
|
scrape_interval: "15s"
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets: ['node_exporter:9100']
|
- targets: ['node_exporter:9100']
|
||||||
|
- job_name: 'cadvisor'
|
||||||
|
scrape_interval: "15s"
|
||||||
|
static_configs:
|
||||||
|
- targets: ['cadvisor:8080']
|
||||||
|
@ -62,7 +62,7 @@ write_consistency = "any"
|
|||||||
## If not provided, will default to 5s. 0s means no timeout (not recommended).
|
## If not provided, will default to 5s. 0s means no timeout (not recommended).
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
username = "telegraf"
|
username = "telegraf"
|
||||||
password = "nimda"
|
password = "nimda321"
|
||||||
## Set the user agent for HTTP POSTs (can be useful for log differentiation)
|
## Set the user agent for HTTP POSTs (can be useful for log differentiation)
|
||||||
user_agent = "telegraf-agent"
|
user_agent = "telegraf-agent"
|
||||||
## Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes)
|
## Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes)
|
||||||
|
@ -13,16 +13,16 @@ do_cleanup () {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
read -r -p "Do you want to delete all docker \"bridge\" networks? [y/N] " response
|
# read -r -p "Do you want to delete all docker \"bridge\" networks? [y/N] " response
|
||||||
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
# if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
||||||
then
|
# then
|
||||||
for n in $(docker network ls | grep "bridge" | awk '/ / { print $1 }'); do
|
# for n in $(docker network ls | grep "bridge" | awk '/ / { print $1 }'); do
|
||||||
echo -e "attempting to delete network: $n"
|
# echo -e "attempting to delete network: $n"
|
||||||
docker network rm $n || echo "cannot remove: $n"
|
# docker network rm $n || echo "cannot remove: $n"
|
||||||
done
|
# done
|
||||||
else
|
# else
|
||||||
echo -e "'no' chosen"
|
# echo -e "'no' chosen"
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
read -r -p "Do you want to delete all docker dangling images? [y/N] " response
|
read -r -p "Do you want to delete all docker dangling images? [y/N] " response
|
||||||
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
|
||||||
|
Loading…
Reference in New Issue
Block a user