|
|
@ -10,6 +10,7 @@
|
|
|
|
;instance_name = ${HOSTNAME}
|
|
|
|
;instance_name = ${HOSTNAME}
|
|
|
|
|
|
|
|
|
|
|
|
# force migration will run migrations that might cause dataloss
|
|
|
|
# force migration will run migrations that might cause dataloss
|
|
|
|
|
|
|
|
# Deprecated, use clean_upgrade option in [unified_alerting.upgrade] instead.
|
|
|
|
;force_migration = false
|
|
|
|
;force_migration = false
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Paths ####################################
|
|
|
|
#################################### Paths ####################################
|
|
|
@ -34,6 +35,9 @@
|
|
|
|
# Protocol (http, https, h2, socket)
|
|
|
|
# Protocol (http, https, h2, socket)
|
|
|
|
;protocol = http
|
|
|
|
;protocol = http
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken
|
|
|
|
|
|
|
|
;min_tls_version = ""
|
|
|
|
|
|
|
|
|
|
|
|
# The ip address to bind to, empty will bind to all interfaces
|
|
|
|
# The ip address to bind to, empty will bind to all interfaces
|
|
|
|
;http_addr =
|
|
|
|
;http_addr =
|
|
|
|
|
|
|
|
|
|
|
@ -86,6 +90,19 @@
|
|
|
|
# `0` means there is no timeout for reading the request.
|
|
|
|
# `0` means there is no timeout for reading the request.
|
|
|
|
;read_timeout = 0
|
|
|
|
;read_timeout = 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# This setting enables you to specify additional headers that the server adds to HTTP(S) responses.
|
|
|
|
|
|
|
|
[server.custom_response_headers]
|
|
|
|
|
|
|
|
#exampleHeader1 = exampleValue1
|
|
|
|
|
|
|
|
#exampleHeader2 = exampleValue2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################### GRPC Server #########################
|
|
|
|
|
|
|
|
;[grpc_server]
|
|
|
|
|
|
|
|
;network = "tcp"
|
|
|
|
|
|
|
|
;address = "127.0.0.1:10000"
|
|
|
|
|
|
|
|
;use_tls = false
|
|
|
|
|
|
|
|
;cert_file =
|
|
|
|
|
|
|
|
;key_file =
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Database ####################################
|
|
|
|
#################################### Database ####################################
|
|
|
|
[database]
|
|
|
|
[database]
|
|
|
|
# You can configure the database connection by specifying type, host, name, user and password
|
|
|
|
# You can configure the database connection by specifying type, host, name, user and password
|
|
|
@ -107,6 +124,9 @@ password = 123qwe$%&RTY
|
|
|
|
# For "mysql", use either "true", "false", or "skip-verify".
|
|
|
|
# For "mysql", use either "true", "false", or "skip-verify".
|
|
|
|
;ssl_mode = disable
|
|
|
|
;ssl_mode = disable
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "postregs", use either "1" to enable or "0" to disable SNI
|
|
|
|
|
|
|
|
;ssl_sni =
|
|
|
|
|
|
|
|
|
|
|
|
# Database drivers may support different transaction isolation levels.
|
|
|
|
# Database drivers may support different transaction isolation levels.
|
|
|
|
# Currently, only "mysql" driver supports isolation levels.
|
|
|
|
# Currently, only "mysql" driver supports isolation levels.
|
|
|
|
# If the value is empty - driver's default isolation level is applied.
|
|
|
|
# If the value is empty - driver's default isolation level is applied.
|
|
|
@ -136,6 +156,9 @@ password = 123qwe$%&RTY
|
|
|
|
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
|
|
|
|
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
|
|
|
|
;cache_mode = private
|
|
|
|
;cache_mode = private
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "sqlite3" only. Enable/disable Write-Ahead Logging, https://sqlite.org/wal.html. Default is false.
|
|
|
|
|
|
|
|
;wal = false
|
|
|
|
|
|
|
|
|
|
|
|
# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
|
|
|
|
# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
|
|
|
|
;locking_attempt_timeout_sec = 0
|
|
|
|
;locking_attempt_timeout_sec = 0
|
|
|
|
|
|
|
|
|
|
|
@ -145,6 +168,9 @@ password = 123qwe$%&RTY
|
|
|
|
# For "sqlite" only. How many times to retry transaction in case of database is locked failures. Default is 5.
|
|
|
|
# For "sqlite" only. How many times to retry transaction in case of database is locked failures. Default is 5.
|
|
|
|
;transaction_retries = 5
|
|
|
|
;transaction_retries = 5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set to true to add metrics and tracing for database queries.
|
|
|
|
|
|
|
|
;instrument_queries = false
|
|
|
|
|
|
|
|
|
|
|
|
################################### Data sources #########################
|
|
|
|
################################### Data sources #########################
|
|
|
|
[datasources]
|
|
|
|
[datasources]
|
|
|
|
# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
|
|
|
|
# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
|
|
|
@ -161,6 +187,12 @@ password = 123qwe$%&RTY
|
|
|
|
# memcache: 127.0.0.1:11211
|
|
|
|
# memcache: 127.0.0.1:11211
|
|
|
|
;connstr =
|
|
|
|
;connstr =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# prefix prepended to all the keys in the remote cache
|
|
|
|
|
|
|
|
; prefix =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# This enables encryption of values stored in the remote cache
|
|
|
|
|
|
|
|
;encryption =
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Data proxy ###########################
|
|
|
|
#################################### Data proxy ###########################
|
|
|
|
[dataproxy]
|
|
|
|
[dataproxy]
|
|
|
|
|
|
|
|
|
|
|
@ -206,6 +238,9 @@ password = 123qwe$%&RTY
|
|
|
|
# Limits the number of rows that Grafana will process from SQL data sources.
|
|
|
|
# Limits the number of rows that Grafana will process from SQL data sources.
|
|
|
|
;row_limit = 1000000
|
|
|
|
;row_limit = 1000000
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Sets a custom value for the `User-Agent` header for outgoing data proxy requests. If empty, the default value is `Grafana/<BuildVersion>` (for example `Grafana/9.0.0`).
|
|
|
|
|
|
|
|
;user_agent =
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Analytics ####################################
|
|
|
|
#################################### Analytics ####################################
|
|
|
|
[analytics]
|
|
|
|
[analytics]
|
|
|
|
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
|
|
|
|
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
|
|
|
@ -221,7 +256,7 @@ password = 123qwe$%&RTY
|
|
|
|
# for new versions of grafana. The check is used
|
|
|
|
# for new versions of grafana. The check is used
|
|
|
|
# in some UI views to notify that a grafana update exists.
|
|
|
|
# in some UI views to notify that a grafana update exists.
|
|
|
|
# This option does not cause any auto updates, nor send any information
|
|
|
|
# This option does not cause any auto updates, nor send any information
|
|
|
|
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
|
|
|
|
# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version.
|
|
|
|
;check_for_updates = true
|
|
|
|
;check_for_updates = true
|
|
|
|
|
|
|
|
|
|
|
|
# Set to false to disable all checks to https://grafana.com
|
|
|
|
# Set to false to disable all checks to https://grafana.com
|
|
|
@ -255,6 +290,12 @@ password = 123qwe$%&RTY
|
|
|
|
# Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config
|
|
|
|
# Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config
|
|
|
|
;rudderstack_config_url =
|
|
|
|
;rudderstack_config_url =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Rudderstack Integrations URL, optional. Only valid if you pass the SDK version 1.1 or higher
|
|
|
|
|
|
|
|
;rudderstack_integrations_url =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Intercom secret, optional, used to hash user_id before passing to Intercom via Rudderstack
|
|
|
|
|
|
|
|
;intercom_secret =
|
|
|
|
|
|
|
|
|
|
|
|
# Controls if the UI contains any links to user feedback forms
|
|
|
|
# Controls if the UI contains any links to user feedback forms
|
|
|
|
;feedback_links_enabled = true
|
|
|
|
;feedback_links_enabled = true
|
|
|
|
|
|
|
|
|
|
|
@ -330,6 +371,14 @@ password = 123qwe$%&RTY
|
|
|
|
# $ROOT_PATH is server.root_url without the protocol.
|
|
|
|
# $ROOT_PATH is server.root_url without the protocol.
|
|
|
|
;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
|
|
|
|
;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable adding the Content-Security-Policy-Report-Only header to your requests.
|
|
|
|
|
|
|
|
# Allows you to monitor the effects of a policy without enforcing it.
|
|
|
|
|
|
|
|
;content_security_policy_report_only = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set Content Security Policy Report Only template used when adding the Content-Security-Policy-Report-Only header to your requests.
|
|
|
|
|
|
|
|
# $NONCE in the template includes a random nonce.
|
|
|
|
|
|
|
|
# $ROOT_PATH is server.root_url without the protocol.
|
|
|
|
|
|
|
|
;content_security_policy_report_only_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
|
|
|
|
# Controls if old angular plugins are supported or not. This will be disabled by default in future release
|
|
|
|
# Controls if old angular plugins are supported or not. This will be disabled by default in future release
|
|
|
|
;angular_support_enabled = true
|
|
|
|
;angular_support_enabled = true
|
|
|
|
|
|
|
|
|
|
|
@ -339,6 +388,12 @@ password = 123qwe$%&RTY
|
|
|
|
# List of allowed headers to be set by the user, separated by spaces. Suggested to use for if authentication lives behind reverse proxies.
|
|
|
|
# List of allowed headers to be set by the user, separated by spaces. Suggested to use for if authentication lives behind reverse proxies.
|
|
|
|
;csrf_additional_headers =
|
|
|
|
;csrf_additional_headers =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The CSRF check will be executed even if the request has no login cookie.
|
|
|
|
|
|
|
|
;csrf_always_check = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox
|
|
|
|
|
|
|
|
;disable_frontend_sandbox_for_plugins =
|
|
|
|
|
|
|
|
|
|
|
|
[security.encryption]
|
|
|
|
[security.encryption]
|
|
|
|
# Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache).
|
|
|
|
# Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache).
|
|
|
|
# Please note that small values may cause performance issues due to a high frequency decryption operations.
|
|
|
|
# Please note that small values may cause performance issues due to a high frequency decryption operations.
|
|
|
@ -350,6 +405,9 @@ password = 123qwe$%&RTY
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Snapshots ###########################
|
|
|
|
#################################### Snapshots ###########################
|
|
|
|
[snapshots]
|
|
|
|
[snapshots]
|
|
|
|
|
|
|
|
# set to false to remove snapshot functionality
|
|
|
|
|
|
|
|
;enabled = true
|
|
|
|
|
|
|
|
|
|
|
|
# snapshot sharing options
|
|
|
|
# snapshot sharing options
|
|
|
|
;external_enabled = true
|
|
|
|
;external_enabled = true
|
|
|
|
;external_snapshot_url = https://snapshots.raintank.io
|
|
|
|
;external_snapshot_url = https://snapshots.raintank.io
|
|
|
@ -388,7 +446,7 @@ password = 123qwe$%&RTY
|
|
|
|
# Set this value to automatically add new users to the provided organization (if auto_assign_org above is set to true)
|
|
|
|
# Set this value to automatically add new users to the provided organization (if auto_assign_org above is set to true)
|
|
|
|
;auto_assign_org_id = 1
|
|
|
|
;auto_assign_org_id = 1
|
|
|
|
|
|
|
|
|
|
|
|
# Default role new users will be automatically assigned (if disabled above is set to true)
|
|
|
|
# Default role new users will be automatically assigned
|
|
|
|
;auto_assign_org_role = Viewer
|
|
|
|
;auto_assign_org_role = Viewer
|
|
|
|
|
|
|
|
|
|
|
|
# Require email validation before sign up completes
|
|
|
|
# Require email validation before sign up completes
|
|
|
@ -401,8 +459,8 @@ password = 123qwe$%&RTY
|
|
|
|
# Default UI theme ("dark" or "light")
|
|
|
|
# Default UI theme ("dark" or "light")
|
|
|
|
;default_theme = dark
|
|
|
|
;default_theme = dark
|
|
|
|
|
|
|
|
|
|
|
|
# Default locale (supported IETF language tag, such as en-US)
|
|
|
|
# Default UI language (supported IETF language tag, such as en-US)
|
|
|
|
;default_locale = en-US
|
|
|
|
;default_language = en-US
|
|
|
|
|
|
|
|
|
|
|
|
# Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash.
|
|
|
|
# Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash.
|
|
|
|
;home_page =
|
|
|
|
;home_page =
|
|
|
@ -424,6 +482,27 @@ password = 123qwe$%&RTY
|
|
|
|
# Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves.
|
|
|
|
# Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves.
|
|
|
|
; hidden_users =
|
|
|
|
; hidden_users =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[secretscan]
|
|
|
|
|
|
|
|
# Enable secretscan feature
|
|
|
|
|
|
|
|
;enabled = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Interval to check for token leaks
|
|
|
|
|
|
|
|
;interval = 5m
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# base URL of the grafana token leak check service
|
|
|
|
|
|
|
|
;base_url = https://secret-scanning.grafana.net
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# URL to send outgoing webhooks to in case of detection
|
|
|
|
|
|
|
|
;oncall_url =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Whether to revoke the token if a leak is detected or just send a notification
|
|
|
|
|
|
|
|
;revoke = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[service_accounts]
|
|
|
|
|
|
|
|
# Service account maximum expiration date in days.
|
|
|
|
|
|
|
|
# When set, Grafana will not allow the creation of tokens with expiry greater than this setting.
|
|
|
|
|
|
|
|
; token_expiration_day_limit =
|
|
|
|
|
|
|
|
|
|
|
|
[auth]
|
|
|
|
[auth]
|
|
|
|
# Login cookie name
|
|
|
|
# Login cookie name
|
|
|
|
;login_cookie_name = grafana_session
|
|
|
|
;login_cookie_name = grafana_session
|
|
|
@ -451,12 +530,14 @@ password = 123qwe$%&RTY
|
|
|
|
|
|
|
|
|
|
|
|
# Set to true to attempt login with OAuth automatically, skipping the login screen.
|
|
|
|
# Set to true to attempt login with OAuth automatically, skipping the login screen.
|
|
|
|
# This setting is ignored if multiple OAuth providers are configured.
|
|
|
|
# This setting is ignored if multiple OAuth providers are configured.
|
|
|
|
|
|
|
|
# Deprecated, use auto_login option for specific provider instead.
|
|
|
|
;oauth_auto_login = false
|
|
|
|
;oauth_auto_login = false
|
|
|
|
|
|
|
|
|
|
|
|
# OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
|
|
|
|
# OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
|
|
|
|
;oauth_state_cookie_max_age = 600
|
|
|
|
;oauth_state_cookie_max_age = 600
|
|
|
|
|
|
|
|
|
|
|
|
# Skip forced assignment of OrgID 1 or 'auto_assign_org_id' for social logins
|
|
|
|
# Skip forced assignment of OrgID 1 or 'auto_assign_org_id' for social logins
|
|
|
|
|
|
|
|
# Deprecated, use skip_org_role_sync option for specific provider instead.
|
|
|
|
;oauth_skip_org_role_update_sync = false
|
|
|
|
;oauth_skip_org_role_update_sync = false
|
|
|
|
|
|
|
|
|
|
|
|
# limit of api_key seconds to live before expiration
|
|
|
|
# limit of api_key seconds to live before expiration
|
|
|
@ -471,6 +552,23 @@ password = 123qwe$%&RTY
|
|
|
|
# Set to true to enable Azure authentication option for HTTP-based datasources.
|
|
|
|
# Set to true to enable Azure authentication option for HTTP-based datasources.
|
|
|
|
;azure_auth_enabled = false
|
|
|
|
;azure_auth_enabled = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set to skip the organization role from JWT login and use system's role assignment instead.
|
|
|
|
|
|
|
|
; skip_org_role_sync = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Use email lookup in addition to the unique ID provided by the IdP
|
|
|
|
|
|
|
|
;oauth_allow_insecure_email_lookup = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set to true to include id of identity as a response header
|
|
|
|
|
|
|
|
;id_response_header_enabled = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Prefix used for the id response header, X-Grafana-Identity-Id
|
|
|
|
|
|
|
|
;id_response_header_prefix = X-Grafana
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# List of identity namespaces to add id response headers for, separated by space.
|
|
|
|
|
|
|
|
# Available namespaces are user, api-key and service-account.
|
|
|
|
|
|
|
|
# The header value will encode the namespace ("user:<id>", "api-key:<id>", "service-account:<id>")
|
|
|
|
|
|
|
|
;id_response_header_namespaces = user api-key service-account
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Anonymous Auth ######################
|
|
|
|
#################################### Anonymous Auth ######################
|
|
|
|
[auth.anonymous]
|
|
|
|
[auth.anonymous]
|
|
|
|
# enable anonymous access
|
|
|
|
# enable anonymous access
|
|
|
@ -487,96 +585,138 @@ password = 123qwe$%&RTY
|
|
|
|
|
|
|
|
|
|
|
|
#################################### GitHub Auth ##########################
|
|
|
|
#################################### GitHub Auth ##########################
|
|
|
|
[auth.github]
|
|
|
|
[auth.github]
|
|
|
|
|
|
|
|
;name = GitHub
|
|
|
|
|
|
|
|
;icon = github
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_id
|
|
|
|
;client_id = some_id
|
|
|
|
;client_secret = some_secret
|
|
|
|
;client_secret = some_secret
|
|
|
|
;scopes = user:email,read:org
|
|
|
|
;scopes = user:email,read:org
|
|
|
|
;auth_url = https://github.com/login/oauth/authorize
|
|
|
|
;auth_url = https://github.com/login/oauth/authorize
|
|
|
|
;token_url = https://github.com/login/oauth/access_token
|
|
|
|
;token_url = https://github.com/login/oauth/access_token
|
|
|
|
;api_url = https://api.github.com/user
|
|
|
|
;api_url = https://api.github.com/user
|
|
|
|
|
|
|
|
;signout_redirect_url =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_domains =
|
|
|
|
;team_ids =
|
|
|
|
;team_ids =
|
|
|
|
;allowed_organizations =
|
|
|
|
;allowed_organizations =
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
|
|
|
|
;skip_org_role_sync = false
|
|
|
|
|
|
|
|
|
|
|
|
#################################### GitLab Auth #########################
|
|
|
|
#################################### GitLab Auth #########################
|
|
|
|
[auth.gitlab]
|
|
|
|
[auth.gitlab]
|
|
|
|
|
|
|
|
;name = GitLab
|
|
|
|
|
|
|
|
;icon = gitlab
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_id
|
|
|
|
;client_id = some_id
|
|
|
|
;client_secret = some_secret
|
|
|
|
;client_secret = some_secret
|
|
|
|
;scopes = api
|
|
|
|
;scopes = openid email profile
|
|
|
|
;auth_url = https://gitlab.com/oauth/authorize
|
|
|
|
;auth_url = https://gitlab.com/oauth/authorize
|
|
|
|
;token_url = https://gitlab.com/oauth/token
|
|
|
|
;token_url = https://gitlab.com/oauth/token
|
|
|
|
;api_url = https://gitlab.com/api/v4
|
|
|
|
;api_url = https://gitlab.com/api/v4
|
|
|
|
|
|
|
|
;signout_redirect_url =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_groups =
|
|
|
|
;allowed_groups =
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
|
|
|
|
;skip_org_role_sync = false
|
|
|
|
|
|
|
|
;tls_skip_verify_insecure = false
|
|
|
|
|
|
|
|
;tls_client_cert =
|
|
|
|
|
|
|
|
;tls_client_key =
|
|
|
|
|
|
|
|
;tls_client_ca =
|
|
|
|
|
|
|
|
;use_pkce = true
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Google Auth ##########################
|
|
|
|
#################################### Google Auth ##########################
|
|
|
|
[auth.google]
|
|
|
|
[auth.google]
|
|
|
|
|
|
|
|
;name = Google
|
|
|
|
|
|
|
|
;icon = google
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_client_id
|
|
|
|
;client_id = some_client_id
|
|
|
|
;client_secret = some_client_secret
|
|
|
|
;client_secret = some_client_secret
|
|
|
|
;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
|
|
|
|
;scopes = openid email profile
|
|
|
|
;auth_url = https://accounts.google.com/o/oauth2/auth
|
|
|
|
;auth_url = https://accounts.google.com/o/oauth2/v2/auth
|
|
|
|
;token_url = https://accounts.google.com/o/oauth2/token
|
|
|
|
;token_url = https://oauth2.googleapis.com/token
|
|
|
|
;api_url = https://www.googleapis.com/oauth2/v1/userinfo
|
|
|
|
;api_url = https://openidconnect.googleapis.com/v1/userinfo
|
|
|
|
|
|
|
|
;signout_redirect_url =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_domains =
|
|
|
|
|
|
|
|
;validate_hd =
|
|
|
|
;hosted_domain =
|
|
|
|
;hosted_domain =
|
|
|
|
|
|
|
|
;allowed_groups =
|
|
|
|
|
|
|
|
;role_attribute_path =
|
|
|
|
|
|
|
|
;role_attribute_strict = false
|
|
|
|
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
|
|
|
|
;skip_org_role_sync = false
|
|
|
|
|
|
|
|
;use_pkce = true
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Grafana.com Auth ####################
|
|
|
|
#################################### Grafana.com Auth ####################
|
|
|
|
[auth.grafana_com]
|
|
|
|
[auth.grafana_com]
|
|
|
|
|
|
|
|
;name = Grafana.com
|
|
|
|
|
|
|
|
;icon = grafana
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_id
|
|
|
|
;client_id = some_id
|
|
|
|
;client_secret = some_secret
|
|
|
|
;client_secret = some_secret
|
|
|
|
;scopes = user:email
|
|
|
|
;scopes = user:email
|
|
|
|
;allowed_organizations =
|
|
|
|
;allowed_organizations =
|
|
|
|
|
|
|
|
;skip_org_role_sync = false
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Azure AD OAuth #######################
|
|
|
|
#################################### Azure AD OAuth #######################
|
|
|
|
[auth.azuread]
|
|
|
|
[auth.azuread]
|
|
|
|
;name = Azure AD
|
|
|
|
;name = Microsoft
|
|
|
|
|
|
|
|
;icon = microsoft
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_client_id
|
|
|
|
;client_id = some_client_id
|
|
|
|
;client_secret = some_client_secret
|
|
|
|
;client_secret = some_client_secret
|
|
|
|
;scopes = openid email profile
|
|
|
|
;scopes = openid email profile
|
|
|
|
;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
|
|
|
|
;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
|
|
|
|
;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
|
|
|
|
;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
|
|
|
|
|
|
|
|
;signout_redirect_url =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_groups =
|
|
|
|
;allowed_groups =
|
|
|
|
|
|
|
|
;allowed_organizations =
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
|
|
|
|
;use_pkce = true
|
|
|
|
|
|
|
|
# prevent synchronizing users organization roles
|
|
|
|
|
|
|
|
;skip_org_role_sync = false
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Okta OAuth #######################
|
|
|
|
#################################### Okta OAuth #######################
|
|
|
|
[auth.okta]
|
|
|
|
[auth.okta]
|
|
|
|
;name = Okta
|
|
|
|
;name = Okta
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_id
|
|
|
|
;client_id = some_id
|
|
|
|
;client_secret = some_secret
|
|
|
|
;client_secret = some_secret
|
|
|
|
;scopes = openid profile email groups
|
|
|
|
;scopes = openid profile email groups
|
|
|
|
;auth_url = https://<tenant-id>.okta.com/oauth2/v1/authorize
|
|
|
|
;auth_url = https://<tenant-id>.okta.com/oauth2/v1/authorize
|
|
|
|
;token_url = https://<tenant-id>.okta.com/oauth2/v1/token
|
|
|
|
;token_url = https://<tenant-id>.okta.com/oauth2/v1/token
|
|
|
|
;api_url = https://<tenant-id>.okta.com/oauth2/v1/userinfo
|
|
|
|
;api_url = https://<tenant-id>.okta.com/oauth2/v1/userinfo
|
|
|
|
|
|
|
|
;signout_redirect_url =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_groups =
|
|
|
|
;allowed_groups =
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
;allow_assign_grafana_admin = false
|
|
|
|
|
|
|
|
;skip_org_role_sync = false
|
|
|
|
|
|
|
|
;use_pkce = true
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Generic OAuth ##########################
|
|
|
|
#################################### Generic OAuth ##########################
|
|
|
|
[auth.generic_oauth]
|
|
|
|
[auth.generic_oauth]
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
;name = OAuth
|
|
|
|
;name = OAuth
|
|
|
|
;allow_sign_up = true
|
|
|
|
;allow_sign_up = true
|
|
|
|
|
|
|
|
;auto_login = false
|
|
|
|
;client_id = some_id
|
|
|
|
;client_id = some_id
|
|
|
|
;client_secret = some_secret
|
|
|
|
;client_secret = some_secret
|
|
|
|
;scopes = user:email,read:org
|
|
|
|
;scopes = user:email,read:org
|
|
|
@ -589,6 +729,7 @@ password = 123qwe$%&RTY
|
|
|
|
;auth_url = https://foo.bar/login/oauth/authorize
|
|
|
|
;auth_url = https://foo.bar/login/oauth/authorize
|
|
|
|
;token_url = https://foo.bar/login/oauth/access_token
|
|
|
|
;token_url = https://foo.bar/login/oauth/access_token
|
|
|
|
;api_url = https://foo.bar/user
|
|
|
|
;api_url = https://foo.bar/user
|
|
|
|
|
|
|
|
;signout_redirect_url =
|
|
|
|
;teams_url =
|
|
|
|
;teams_url =
|
|
|
|
;allowed_domains =
|
|
|
|
;allowed_domains =
|
|
|
|
;team_ids =
|
|
|
|
;team_ids =
|
|
|
@ -608,6 +749,7 @@ password = 123qwe$%&RTY
|
|
|
|
#################################### Basic Auth ##########################
|
|
|
|
#################################### Basic Auth ##########################
|
|
|
|
[auth.basic]
|
|
|
|
[auth.basic]
|
|
|
|
;enabled = true
|
|
|
|
;enabled = true
|
|
|
|
|
|
|
|
;password_policy = false
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Auth Proxy ##########################
|
|
|
|
#################################### Auth Proxy ##########################
|
|
|
|
[auth.proxy]
|
|
|
|
[auth.proxy]
|
|
|
@ -634,7 +776,10 @@ password = 123qwe$%&RTY
|
|
|
|
;cache_ttl = 60m
|
|
|
|
;cache_ttl = 60m
|
|
|
|
;expect_claims = {"aud": ["foo", "bar"]}
|
|
|
|
;expect_claims = {"aud": ["foo", "bar"]}
|
|
|
|
;key_file = /path/to/key/file
|
|
|
|
;key_file = /path/to/key/file
|
|
|
|
|
|
|
|
# Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field
|
|
|
|
|
|
|
|
;key_id = some-key-id
|
|
|
|
;role_attribute_path =
|
|
|
|
;role_attribute_path =
|
|
|
|
|
|
|
|
;groups_attribute_path =
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;role_attribute_strict = false
|
|
|
|
;auto_sign_up = false
|
|
|
|
;auto_sign_up = false
|
|
|
|
;url_login = false
|
|
|
|
;url_login = false
|
|
|
@ -663,6 +808,20 @@ password = 123qwe$%&RTY
|
|
|
|
# If true, assume role will be enabled for all AWS authentication providers that are specified in aws_auth_providers
|
|
|
|
# If true, assume role will be enabled for all AWS authentication providers that are specified in aws_auth_providers
|
|
|
|
; assume_role_enabled = true
|
|
|
|
; assume_role_enabled = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Specify max no of pages to be returned by the ListMetricPages API
|
|
|
|
|
|
|
|
; list_metrics_page_limit = 500
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Experimental, for use in Grafana Cloud only. Please do not set.
|
|
|
|
|
|
|
|
; external_id =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Sets the expiry duration of an assumed role.
|
|
|
|
|
|
|
|
# This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month).
|
|
|
|
|
|
|
|
; session_duration = "15m"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set the plugins that will receive AWS settings for each request (via plugin context)
|
|
|
|
|
|
|
|
# By default this will include all Grafana Labs owned AWS plugins, or those that make use of AWS settings (ElasticSearch, Prometheus).
|
|
|
|
|
|
|
|
; forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-redshift-datasource, grafana-x-ray-datasource, grafana-timestream-datasource, grafana-iot-sitewise-datasource, grafana-iot-twinmaker-app, grafana-opensearch-datasource, aws-datasource-provisioner, elasticsearch, prometheus
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Azure ###############################
|
|
|
|
#################################### Azure ###############################
|
|
|
|
[azure]
|
|
|
|
[azure]
|
|
|
|
# Azure cloud environment where Grafana is hosted
|
|
|
|
# Azure cloud environment where Grafana is hosted
|
|
|
@ -679,9 +838,56 @@ password = 123qwe$%&RTY
|
|
|
|
# Should be set for user-assigned identity and should be empty for system-assigned identity
|
|
|
|
# Should be set for user-assigned identity and should be empty for system-assigned identity
|
|
|
|
;managed_identity_client_id =
|
|
|
|
;managed_identity_client_id =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it
|
|
|
|
|
|
|
|
# For more documentation on Azure AD Workload Identity, review this documentation:
|
|
|
|
|
|
|
|
# https://azure.github.io/azure-workload-identity/docs/
|
|
|
|
|
|
|
|
# Disabled by default, needs to be explicitly enabled
|
|
|
|
|
|
|
|
;workload_identity_enabled = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Tenant ID of the Azure AD Workload Identity
|
|
|
|
|
|
|
|
# Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account
|
|
|
|
|
|
|
|
;workload_identity_tenant_id =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Client ID of the Azure AD Workload Identity
|
|
|
|
|
|
|
|
# Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account
|
|
|
|
|
|
|
|
;workload_identity_client_id =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Custom path to token file for the Azure AD Workload Identity
|
|
|
|
|
|
|
|
# Allows to set a custom path to the projected service account token file
|
|
|
|
|
|
|
|
;workload_identity_token_file =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Specifies whether user identity authentication (on behalf of currently signed-in user) should be enabled in datasources
|
|
|
|
|
|
|
|
# that support it (requires AAD authentication)
|
|
|
|
|
|
|
|
# Disabled by default, needs to be explicitly enabled
|
|
|
|
|
|
|
|
;user_identity_enabled = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Override token URL for Azure Active Directory
|
|
|
|
|
|
|
|
# By default is the same as token URL configured for AAD authentication settings
|
|
|
|
|
|
|
|
;user_identity_token_url =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Override ADD application ID which would be used to exchange users token to an access token for the datasource
|
|
|
|
|
|
|
|
# By default is the same as used in AAD authentication or can be set to another application (for OBO flow)
|
|
|
|
|
|
|
|
;user_identity_client_id =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Override the AAD application client secret
|
|
|
|
|
|
|
|
# By default is the same as used in AAD authentication or can be set to another application (for OBO flow)
|
|
|
|
|
|
|
|
;user_identity_client_secret =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set the plugins that will receive Azure settings for each request (via plugin context)
|
|
|
|
|
|
|
|
# By default this will include all Grafana Labs owned Azure plugins, or those that make use of Azure settings (Azure Monitor, Azure Data Explorer, Prometheus, MSSQL).
|
|
|
|
|
|
|
|
;forward_settings_to_plugins = grafana-azure-monitor-datasource, prometheus, grafana-azure-data-explorer-datasource, mssql
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Role-based Access Control ###########
|
|
|
|
#################################### Role-based Access Control ###########
|
|
|
|
[rbac]
|
|
|
|
[rbac]
|
|
|
|
;permission_cache = true
|
|
|
|
;permission_cache = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Reset basic roles permissions on boot
|
|
|
|
|
|
|
|
# Warning left to true, basic roles permissions will be reset on every boot
|
|
|
|
|
|
|
|
#reset_basic_roles = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Validate permissions' action and scope on role creation and update
|
|
|
|
|
|
|
|
; permission_validation_enabled = true
|
|
|
|
|
|
|
|
|
|
|
|
#################################### SMTP / Emailing ##########################
|
|
|
|
#################################### SMTP / Emailing ##########################
|
|
|
|
[smtp]
|
|
|
|
[smtp]
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
@ -698,6 +904,13 @@ password = 123qwe$%&RTY
|
|
|
|
;ehlo_identity = dashboard.example.com
|
|
|
|
;ehlo_identity = dashboard.example.com
|
|
|
|
# SMTP startTLS policy (defaults to 'OpportunisticStartTLS')
|
|
|
|
# SMTP startTLS policy (defaults to 'OpportunisticStartTLS')
|
|
|
|
;startTLS_policy = NoStartTLS
|
|
|
|
;startTLS_policy = NoStartTLS
|
|
|
|
|
|
|
|
# Enable trace propagation in e-mail headers, using the 'traceparent', 'tracestate' and (optionally) 'baggage' fields (defaults to false)
|
|
|
|
|
|
|
|
;enable_tracing = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[smtp.static_headers]
|
|
|
|
|
|
|
|
# Include custom static headers in all outgoing emails
|
|
|
|
|
|
|
|
;Foo-Header = bar
|
|
|
|
|
|
|
|
;Foo = bar
|
|
|
|
|
|
|
|
|
|
|
|
[emails]
|
|
|
|
[emails]
|
|
|
|
;welcome_email_on_sign_up = false
|
|
|
|
;welcome_email_on_sign_up = false
|
|
|
@ -716,6 +929,9 @@ password = 123qwe$%&RTY
|
|
|
|
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
|
|
|
|
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
|
|
|
|
;filters =
|
|
|
|
;filters =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set the default error message shown to users. This message is displayed instead of sensitive backend errors which should be obfuscated. Default is the same as the sample value.
|
|
|
|
|
|
|
|
;user_facing_default_error = "please inspect Grafana server log for details"
|
|
|
|
|
|
|
|
|
|
|
|
# For "console" mode only
|
|
|
|
# For "console" mode only
|
|
|
|
[log.console]
|
|
|
|
[log.console]
|
|
|
|
;level =
|
|
|
|
;level =
|
|
|
@ -762,20 +978,11 @@ password = 123qwe$%&RTY
|
|
|
|
;tag =
|
|
|
|
;tag =
|
|
|
|
|
|
|
|
|
|
|
|
[log.frontend]
|
|
|
|
[log.frontend]
|
|
|
|
# Should Sentry javascript agent be initialized
|
|
|
|
# Should Faro javascript agent be initialized
|
|
|
|
;enabled = false
|
|
|
|
;enabled = false
|
|
|
|
|
|
|
|
|
|
|
|
# Defines which provider to use, default is Sentry
|
|
|
|
# Custom HTTP endpoint to send events to. Default will log the events to stdout.
|
|
|
|
;provider = sentry
|
|
|
|
;custom_endpoint = /log-grafana-javascript-agent
|
|
|
|
|
|
|
|
|
|
|
|
# Sentry DSN if you want to send events to Sentry.
|
|
|
|
|
|
|
|
;sentry_dsn =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Custom HTTP endpoint to send events captured by the Sentry agent to. Default will log the events to stdout.
|
|
|
|
|
|
|
|
;custom_endpoint = /log
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Rate of events to be reported between 0 (none) and 1 (all), float
|
|
|
|
|
|
|
|
;sample_rate = 1.0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Requests per second limit enforced an extended period, for Grafana backend log ingestion endpoint (/log).
|
|
|
|
# Requests per second limit enforced an extended period, for Grafana backend log ingestion endpoint (/log).
|
|
|
|
;log_endpoint_requests_per_second_limit = 3
|
|
|
|
;log_endpoint_requests_per_second_limit = 3
|
|
|
@ -836,6 +1043,13 @@ password = 123qwe$%&RTY
|
|
|
|
# global limit of alerts
|
|
|
|
# global limit of alerts
|
|
|
|
;global_alert_rule = -1
|
|
|
|
;global_alert_rule = -1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# global limit of correlations
|
|
|
|
|
|
|
|
; global_correlations = -1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Limit of the number of alert rules per rule group.
|
|
|
|
|
|
|
|
# This is not strictly enforced yet, but will be enforced over time.
|
|
|
|
|
|
|
|
;alerting_rule_group_rules = 100
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Unified Alerting ####################
|
|
|
|
#################################### Unified Alerting ####################
|
|
|
|
[unified_alerting]
|
|
|
|
[unified_alerting]
|
|
|
|
#Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.```
|
|
|
|
#Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.```
|
|
|
@ -852,6 +1066,26 @@ password = 123qwe$%&RTY
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
;alertmanager_config_poll_interval = 60s
|
|
|
|
;alertmanager_config_poll_interval = 60s
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The redis server address that should be connected to.
|
|
|
|
|
|
|
|
;ha_redis_address =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The username that should be used to authenticate with the redis server.
|
|
|
|
|
|
|
|
;ha_redis_username =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The password that should be used to authenticate with the redis server.
|
|
|
|
|
|
|
|
;ha_redis_password =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The redis database, by default it's 0.
|
|
|
|
|
|
|
|
;ha_redis_db =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# A prefix that is used for every key or channel that is created on the redis server
|
|
|
|
|
|
|
|
# as part of HA for alerting.
|
|
|
|
|
|
|
|
;ha_redis_prefix =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The name of the cluster peer that will be used as identifier. If none is
|
|
|
|
|
|
|
|
# provided, a random one will be generated.
|
|
|
|
|
|
|
|
;ha_redis_peer_name =
|
|
|
|
|
|
|
|
|
|
|
|
# Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`.
|
|
|
|
# Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`.
|
|
|
|
;ha_listen_address = "0.0.0.0:9094"
|
|
|
|
;ha_listen_address = "0.0.0.0:9094"
|
|
|
|
|
|
|
|
|
|
|
@ -867,6 +1101,11 @@ password = 123qwe$%&RTY
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
;ha_peer_timeout = "15s"
|
|
|
|
;ha_peer_timeout = "15s"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The label is an optional string to include on each packet and stream.
|
|
|
|
|
|
|
|
# It uniquely identifies the cluster and prevents cross-communication
|
|
|
|
|
|
|
|
# issues when sending gossip messages in an enviromenet with multiple clusters.
|
|
|
|
|
|
|
|
;ha_label =
|
|
|
|
|
|
|
|
|
|
|
|
# The interval between sending gossip messages. By lowering this value (more frequent) gossip messages are propagated
|
|
|
|
# The interval between sending gossip messages. By lowering this value (more frequent) gossip messages are propagated
|
|
|
|
# across cluster more quickly at the expense of increased bandwidth usage.
|
|
|
|
# across cluster more quickly at the expense of increased bandwidth usage.
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
@ -884,18 +1123,88 @@ password = 123qwe$%&RTY
|
|
|
|
# The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
# The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
;evaluation_timeout = 30s
|
|
|
|
;evaluation_timeout = 30s
|
|
|
|
|
|
|
|
|
|
|
|
# Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. This option has a legacy version in the `[alerting]` section that takes precedence.
|
|
|
|
# Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. The default value is 1.
|
|
|
|
;max_attempts = 3
|
|
|
|
;max_attempts = 1
|
|
|
|
|
|
|
|
|
|
|
|
# Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time. This option has a legacy version in the `[alerting]` section that takes precedence.
|
|
|
|
# Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time. This option has a legacy version in the `[alerting]` section that takes precedence.
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
;min_interval = 10s
|
|
|
|
;min_interval = 10s
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# This is an experimental option to add parallelization to saving alert states in the database.
|
|
|
|
|
|
|
|
# It configures the maximum number of concurrent queries per rule evaluated. The default value is 1
|
|
|
|
|
|
|
|
# (concurrent queries per rule disabled).
|
|
|
|
|
|
|
|
;max_state_save_concurrency = 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# If the feature flag 'alertingSaveStatePeriodic' is enabled, this is the interval that is used to persist the alerting instances to the database.
|
|
|
|
|
|
|
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
|
|
|
|
|
|
|
;state_periodic_save_interval = 5m
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Disables the smoothing of alert evaluations across their evaluation window.
|
|
|
|
|
|
|
|
# Rules will evaluate in sync.
|
|
|
|
|
|
|
|
;disable_jitter = false
|
|
|
|
|
|
|
|
|
|
|
|
[unified_alerting.reserved_labels]
|
|
|
|
[unified_alerting.reserved_labels]
|
|
|
|
# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
|
|
|
|
# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
|
|
|
|
# For example: `disabled_labels=grafana_folder`
|
|
|
|
# For example: `disabled_labels=grafana_folder`
|
|
|
|
;disabled_labels =
|
|
|
|
;disabled_labels =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[unified_alerting.state_history]
|
|
|
|
|
|
|
|
# Enable the state history functionality in Unified Alerting. The previous states of alert rules will be visible in panels and in the UI.
|
|
|
|
|
|
|
|
; enabled = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Select which pluggable state history backend to use. Either "annotations", "loki", or "multiple"
|
|
|
|
|
|
|
|
# "loki" writes state history to an external Loki instance. "multiple" allows history to be written to multiple backends at once.
|
|
|
|
|
|
|
|
# Defaults to "annotations".
|
|
|
|
|
|
|
|
; backend = "multiple"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "multiple" only.
|
|
|
|
|
|
|
|
# Indicates the main backend used to serve state history queries.
|
|
|
|
|
|
|
|
# Either "annotations" or "loki"
|
|
|
|
|
|
|
|
; primary = "loki"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "multiple" only.
|
|
|
|
|
|
|
|
# Comma-separated list of additional backends to write state history data to.
|
|
|
|
|
|
|
|
; secondaries = "annotations"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "loki" only.
|
|
|
|
|
|
|
|
# URL of the external Loki instance.
|
|
|
|
|
|
|
|
# Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend.
|
|
|
|
|
|
|
|
; loki_remote_url = "http://loki:3100"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "loki" only.
|
|
|
|
|
|
|
|
# URL of the external Loki's read path. To be used in configurations where Loki has separated read and write URLs.
|
|
|
|
|
|
|
|
# Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend.
|
|
|
|
|
|
|
|
; loki_remote_read_url = "http://loki-querier:3100"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "loki" only.
|
|
|
|
|
|
|
|
# URL of the external Loki's write path. To be used in configurations where Loki has separated read and write URLs.
|
|
|
|
|
|
|
|
# Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend.
|
|
|
|
|
|
|
|
; loki_remote_write_url = "http://loki-distributor:3100"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "loki" only.
|
|
|
|
|
|
|
|
# Optional tenant ID to attach to requests sent to Loki.
|
|
|
|
|
|
|
|
; loki_tenant_id = 123
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "loki" only.
|
|
|
|
|
|
|
|
# Optional username for basic authentication on requests sent to Loki. Can be left blank to disable basic auth.
|
|
|
|
|
|
|
|
; loki_basic_auth_username = "myuser"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# For "loki" only.
|
|
|
|
|
|
|
|
# Optional password for basic authentication on requests sent to Loki. Can be left blank.
|
|
|
|
|
|
|
|
; loki_basic_auth_password = "mypass"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[unified_alerting.state_history.external_labels]
|
|
|
|
|
|
|
|
# Optional extra labels to attach to outbound state history records or log streams.
|
|
|
|
|
|
|
|
# Any number of label key-value-pairs can be provided.
|
|
|
|
|
|
|
|
; mylabelkey = mylabelvalue
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[unified_alerting.upgrade]
|
|
|
|
|
|
|
|
# If set to true when upgrading from legacy alerting to Unified Alerting, grafana will first delete all existing
|
|
|
|
|
|
|
|
# Unified Alerting resources, thus re-upgrading all organizations from scratch. If false or unset, organizations that
|
|
|
|
|
|
|
|
# have previously upgraded will not lose their existing Unified Alerting data when switching between legacy and
|
|
|
|
|
|
|
|
# Unified Alerting. Should be kept false when not needed as it may cause unintended data-loss if left enabled.
|
|
|
|
|
|
|
|
;clean_upgrade = false
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Alerting ############################
|
|
|
|
#################################### Alerting ############################
|
|
|
|
[alerting]
|
|
|
|
[alerting]
|
|
|
|
# Disable legacy alerting engine & UI features
|
|
|
|
# Disable legacy alerting engine & UI features
|
|
|
@ -978,6 +1287,16 @@ password = 123qwe$%&RTY
|
|
|
|
# Enable the Profile section
|
|
|
|
# Enable the Profile section
|
|
|
|
;enabled = true
|
|
|
|
;enabled = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################### News #############################
|
|
|
|
|
|
|
|
[news]
|
|
|
|
|
|
|
|
# Enable the news feed section
|
|
|
|
|
|
|
|
; news_feed_enabled = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Query #############################
|
|
|
|
|
|
|
|
[query]
|
|
|
|
|
|
|
|
# Set the number of data source queries that can be executed concurrently in mixed queries. Default is the number of CPUs.
|
|
|
|
|
|
|
|
;concurrent_query_limit =
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Query History #############################
|
|
|
|
#################################### Query History #############################
|
|
|
|
[query_history]
|
|
|
|
[query_history]
|
|
|
|
# Enable the Query history
|
|
|
|
# Enable the Query history
|
|
|
@ -992,6 +1311,8 @@ password = 123qwe$%&RTY
|
|
|
|
;interval_seconds = 10
|
|
|
|
;interval_seconds = 10
|
|
|
|
# Disable total stats (stat_totals_*) metrics to be generated
|
|
|
|
# Disable total stats (stat_totals_*) metrics to be generated
|
|
|
|
;disable_total_stats = false
|
|
|
|
;disable_total_stats = false
|
|
|
|
|
|
|
|
# The interval at which the total stats collector will update the stats. Default is 1800 seconds.
|
|
|
|
|
|
|
|
;total_stats_collector_interval_seconds = 1800
|
|
|
|
|
|
|
|
|
|
|
|
#If both are set, basic auth will be required for the metrics endpoints.
|
|
|
|
#If both are set, basic auth will be required for the metrics endpoints.
|
|
|
|
; basic_auth_username =
|
|
|
|
; basic_auth_username =
|
|
|
@ -1013,6 +1334,7 @@ password = 123qwe$%&RTY
|
|
|
|
# Url used to import dashboards directly from Grafana.com
|
|
|
|
# Url used to import dashboards directly from Grafana.com
|
|
|
|
[grafana_com]
|
|
|
|
[grafana_com]
|
|
|
|
;url = https://grafana.com
|
|
|
|
;url = https://grafana.com
|
|
|
|
|
|
|
|
;api_url = https://grafana.com/api
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Distributed tracing ############
|
|
|
|
#################################### Distributed tracing ############
|
|
|
|
# Opentracing is deprecated use opentelemetry instead
|
|
|
|
# Opentracing is deprecated use opentelemetry instead
|
|
|
@ -1042,6 +1364,18 @@ password = 123qwe$%&RTY
|
|
|
|
[tracing.opentelemetry]
|
|
|
|
[tracing.opentelemetry]
|
|
|
|
# attributes that will always be included in when creating new spans. ex (key1:value1,key2:value2)
|
|
|
|
# attributes that will always be included in when creating new spans. ex (key1:value1,key2:value2)
|
|
|
|
;custom_attributes = key1:value1,key2:value2
|
|
|
|
;custom_attributes = key1:value1,key2:value2
|
|
|
|
|
|
|
|
# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
|
|
|
|
|
|
|
|
; sampler_type = remote
|
|
|
|
|
|
|
|
# Sampler configuration parameter
|
|
|
|
|
|
|
|
# for "const" sampler, 0 or 1 for always false/true respectively
|
|
|
|
|
|
|
|
# for "probabilistic" sampler, a probability between 0.0 and 1.0
|
|
|
|
|
|
|
|
# for "rateLimiting" sampler, the number of spans per second
|
|
|
|
|
|
|
|
# for "remote" sampler, param is the same as for "probabilistic"
|
|
|
|
|
|
|
|
# and indicates the initial sampling rate before the actual one
|
|
|
|
|
|
|
|
# is received from the sampling server (set at sampling_server_url)
|
|
|
|
|
|
|
|
; sampler_param = 0.5
|
|
|
|
|
|
|
|
# specifies the URL of the sampling server when sampler_type is remote
|
|
|
|
|
|
|
|
; sampling_server_url = http://localhost:5778/sampling
|
|
|
|
|
|
|
|
|
|
|
|
[tracing.opentelemetry.jaeger]
|
|
|
|
[tracing.opentelemetry.jaeger]
|
|
|
|
# jaeger destination (ex http://localhost:14268/api/traces)
|
|
|
|
# jaeger destination (ex http://localhost:14268/api/traces)
|
|
|
@ -1123,6 +1457,15 @@ password = 123qwe$%&RTY
|
|
|
|
;plugin_catalog_url = https://grafana.com/grafana/plugins/
|
|
|
|
;plugin_catalog_url = https://grafana.com/grafana/plugins/
|
|
|
|
# Enter a comma-separated list of plugin identifiers to hide in the plugin catalog.
|
|
|
|
# Enter a comma-separated list of plugin identifiers to hide in the plugin catalog.
|
|
|
|
;plugin_catalog_hidden_plugins =
|
|
|
|
;plugin_catalog_hidden_plugins =
|
|
|
|
|
|
|
|
# Log all backend requests for core and external plugins.
|
|
|
|
|
|
|
|
;log_backend_requests = false
|
|
|
|
|
|
|
|
# Disable download of the public key for verifying plugin signature.
|
|
|
|
|
|
|
|
; public_key_retrieval_disabled = false
|
|
|
|
|
|
|
|
# Force download of the public key for verifying plugin signature on startup. If disabled, the public key will be retrieved every 10 days.
|
|
|
|
|
|
|
|
# Requires public_key_retrieval_disabled to be false to have any effect.
|
|
|
|
|
|
|
|
; public_key_retrieval_on_startup = false
|
|
|
|
|
|
|
|
# Enter a comma-separated list of plugin identifiers to avoid loading (including core plugins). These plugins will be hidden in the catalog.
|
|
|
|
|
|
|
|
; disable_plugins =
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Grafana Live ##########################################
|
|
|
|
#################################### Grafana Live ##########################################
|
|
|
|
[live]
|
|
|
|
[live]
|
|
|
@ -1145,6 +1488,9 @@ password = 123qwe$%&RTY
|
|
|
|
# This option is EXPERIMENTAL.
|
|
|
|
# This option is EXPERIMENTAL.
|
|
|
|
;ha_engine_address = "127.0.0.1:6379"
|
|
|
|
;ha_engine_address = "127.0.0.1:6379"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ha_engine_password allows setting an optional password to authenticate with the engine
|
|
|
|
|
|
|
|
;ha_engine_password = ""
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Grafana Image Renderer Plugin ##########################
|
|
|
|
#################################### Grafana Image Renderer Plugin ##########################
|
|
|
|
[plugin.grafana-image-renderer]
|
|
|
|
[plugin.grafana-image-renderer]
|
|
|
|
# Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
|
|
|
|
# Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
|
|
|
@ -1207,6 +1553,14 @@ password = 123qwe$%&RTY
|
|
|
|
;grpc_host =
|
|
|
|
;grpc_host =
|
|
|
|
;grpc_port =
|
|
|
|
;grpc_port =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[support_bundles]
|
|
|
|
|
|
|
|
# Enable support bundle creation (default: true)
|
|
|
|
|
|
|
|
#enabled = true
|
|
|
|
|
|
|
|
# Only server admins can generate and view support bundles (default: true)
|
|
|
|
|
|
|
|
#server_admin_only = true
|
|
|
|
|
|
|
|
# If set, bundles will be encrypted with the provided public keys separated by whitespace
|
|
|
|
|
|
|
|
#public_keys = ""
|
|
|
|
|
|
|
|
|
|
|
|
[enterprise]
|
|
|
|
[enterprise]
|
|
|
|
# Path to a valid Grafana Enterprise license.jwt file
|
|
|
|
# Path to a valid Grafana Enterprise license.jwt file
|
|
|
|
;license_path =
|
|
|
|
;license_path =
|
|
|
@ -1260,12 +1614,42 @@ password = 123qwe$%&RTY
|
|
|
|
;enable_custom_baselayers = true
|
|
|
|
;enable_custom_baselayers = true
|
|
|
|
|
|
|
|
|
|
|
|
# Move an app plugin referenced by its id (including all its pages) to a specific navigation section
|
|
|
|
# Move an app plugin referenced by its id (including all its pages) to a specific navigation section
|
|
|
|
# Dependencies: needs the `topnav` feature to be enabled
|
|
|
|
|
|
|
|
[navigation.app_sections]
|
|
|
|
[navigation.app_sections]
|
|
|
|
# The following will move an app plugin with the id of `my-app-id` under the `starred` section
|
|
|
|
# The following will move an app plugin with the id of `my-app-id` under the `cfg` section
|
|
|
|
# my-app-id = admin
|
|
|
|
# my-app-id = cfg
|
|
|
|
|
|
|
|
|
|
|
|
# Move a specific app plugin page (referenced by its `path` field) to a specific navigation section
|
|
|
|
# Move a specific app plugin page (referenced by its `path` field) to a specific navigation section
|
|
|
|
[navigation.app_standalone_pages]
|
|
|
|
[navigation.app_standalone_pages]
|
|
|
|
# The following will move the page with the path "/a/my-app-id/starred-content" from `my-app-id` to the `starred` section
|
|
|
|
# The following will move the page with the path "/a/my-app-id/my-page" from `my-app-id` to the `cfg` section
|
|
|
|
# /a/my-app-id/starred-content = starred
|
|
|
|
# /a/my-app-id/my-page = cfg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Secure Socks5 Datasource Proxy #####################################
|
|
|
|
|
|
|
|
[secure_socks_datasource_proxy]
|
|
|
|
|
|
|
|
; enabled = false
|
|
|
|
|
|
|
|
; root_ca_cert =
|
|
|
|
|
|
|
|
; client_key =
|
|
|
|
|
|
|
|
; client_cert =
|
|
|
|
|
|
|
|
; server_name =
|
|
|
|
|
|
|
|
# The address of the socks5 proxy datasources should connect to
|
|
|
|
|
|
|
|
; proxy_address =
|
|
|
|
|
|
|
|
; show_ui = true
|
|
|
|
|
|
|
|
; allow_insecure = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################## Feature Management ##############################################
|
|
|
|
|
|
|
|
[feature_management]
|
|
|
|
|
|
|
|
# Options to configure the experimental Feature Toggle Admin Page feature, which is behind the `featureToggleAdminPage` feature toggle. Use at your own risk.
|
|
|
|
|
|
|
|
# Allow editing of feature toggles in the feature management page
|
|
|
|
|
|
|
|
;allow_editing = false
|
|
|
|
|
|
|
|
# Allow customization of URL for the controller that manages feature toggles
|
|
|
|
|
|
|
|
;update_webhook =
|
|
|
|
|
|
|
|
# Allow configuring an auth token for feature management update requests
|
|
|
|
|
|
|
|
;update_webhook_token =
|
|
|
|
|
|
|
|
# Hide specific feature toggles from the feature management page
|
|
|
|
|
|
|
|
;hidden_toggles =
|
|
|
|
|
|
|
|
# Disable updating specific feature toggles in the feature management page
|
|
|
|
|
|
|
|
;read_only_toggles =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#################################### Public Dashboards #####################################
|
|
|
|
|
|
|
|
[public_dashboards]
|
|
|
|
|
|
|
|
# Set to false to disable public dashboards
|
|
|
|
|
|
|
|
;enabled = true
|
|
|
|