给Grafana软件集成LDAP实现单点登录
Grafana是一款用Go
语言开发的开源数据可视化工具,可以做数据监控和数据统计,带有告警功能,本文简要说明如何将基于docker
安装的Grafana
与LDAP
集成实现快捷登录。
-
创建一个名为grafana的文件夹,在其下建立一个名为
docker-compose.yml
的文件,输入如下内容1 2 3 4 5 6 7 8 9 10 11 12 13 14
version: "3" services: grafana: image: grafana/grafana container_name: "grafana" privileged: true ports: - "3000:3000" restart: always volumes: - "$PWD/grafana_data:/var/lib/grafana" environment: - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_ADMIN_PASSWORD=Pass@word
-
输入下述命令创建相关的挂载目录
1
mkdir grafana_data && chmod 777 grafana_data
-
输入
docker-compose up -d
启动容器,等待2-3分钟后利用docker logs grafana
查看其日志,若日志中出现类似如下信息,则表示SonarQube
初步安装成功 -
输入
http://ip:3000
可打开如下图所示的登录界面,采用前述设置的账号密码可正常登录 -
在
$PWD/grafana
目录下建立一个名为ldap.toml
的文件,写入类似如下内容1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
[[servers]] host = "10.xxx.xx.xx" port = 389 use_ssl = false start_tls = false ssl_skip_verify = false bind_dn = "cn=xxx,dc=xxx,dc=com" bind_password = 'xxx' search_filter = "(uid=%s)" search_base_dns = ["dc=xxx,dc=com"] [servers.attributes] name = "givenName" surname = "displayName" username = "uid" #member_of = "cn" email = "mail" [[servers.group_mappings]] group_dn = "grafana-admins" org_role = "Admin" [[servers.group_mappings]] group_dn = "grafana-editors" org_role = "Editor" [[servers.group_mappings]] group_dn = "*" org_role = "Viewer"
同时将
docker-compose.yml
修改如下1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
version: "3" services: grafana: image: grafana/grafana container_name: "grafana" privileged: true ports: - "3000:3000" restart: always volumes: - "$PWD/grafana_data:/var/lib/grafana" - "$PWD/ldap.toml:/etc/grafana/ldap.toml" environment: - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_ADMIN_PASSWORD=Pass@word - GF_AUTH_LDAP_ENABLED=true
-
输入
docker-compose restart
重启之后即可采用LDAP
账户登录。 -
若需要同时安装
Prometheus
,则可将docker-compose.yml
修改为类似如下:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
version: "3" services: prometheus: image: prom/prometheus:latest container_name: "prometheus" restart: always ports: - "9090:9090" volumes: - "./prometheus.yml:/etc/prometheus/prometheus.yml" - "./prometheus_data:/prometheus" grafana: image: grafana/grafana container_name: "grafana" ports: - "3000:3000" restart: always volumes: - "./grafana_data:/var/lib/grafana" - "./ldap.toml:/etc/grafana/ldap.toml" environment: - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_ADMIN_PASSWORD=Pass@word - GF_AUTH_LDAP_ENABLED=true