grafana 使用gitLab 的OAuth2认证服务登陆
grafana 配置
[auth.gitlab]
enabled = true
allow_sign_up = true
client_id =f8d7d37a0d5bbe13e6832d878bedddeafde511ed1465bb042d2467978e797e01
client_secret =1e72599e0a006a69060758d38e8bf3a91b6e760bb64b62c7de4403aa67f092e1
scopes = api
uth_url = http://192.168.222.205/oauth/authorize
token_url = http://192.168.222.205/oauth/token
api_url = http://192.168.222.205/api/v4
allowed_groups =
[server]
protocol = http
http_port = 3000
root_url = http://192.168.222.205:3000/
重启grafana 看到gitlab登陆了 systemctl restart grafana-server
- 注意三个参数
auth.gitlab中的
allow_sign_up = true
scopes = api
server中的
root_url = http://192.168.222.205:3000/ 不设置root_url gitlab将无法跳转,跳转失败
gitlab配置
以管理员root登陆,进入 admin area , 左侧选择 applications,
单击 "new applications" 新建一个 applicastion
- 注意选择的参数选择
- Redirect URI http://grafana-cn.intranet.local/login/gitlab
这个参数是callback地址,不要写错, grafana 的 ip 加上 /login/gitlab http://xxxxxx:3000/login/gitlab - 保险起见 Scopes 都勾选上. "api" ,"read_user"," sudo","read_repository","openid"
- Trusted 控制是否需要再一次确认.勾选则不需要二次确认了, automatically authorize
登陆测试
grafana登陆点击gitlab登陆后跳转到gitlab登陆
输入用户名密码后登陆成功后跳转到grafana界面
出错点
- scopes = api 只需要填写 api 就可以了.
- root_url 没写导致无法跳转到grafana
- 配置gitlab application 时 callback地址 Redirect URI 填错了.
- allow_sign_up = true ,如果是 false ,恰巧 grafana 和 gitlab中都有的用户可以登陆, gitalab有grafana原来中没有的用户不能登陆
allow_sign_up = true 可以理解为i在使用gitlab账号登陆grafana时,如果grafana中没有同名用户顺势注册一个 - lvl=eror msg=login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error="oauth2: cannot fetch token: 401 Unauthorized\nResponse: {"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}"
说明 client_id 和client_secret 填写错了 .
来源:oschina
链接:https://my.oschina.net/u/4072296/blog/3207123