From f99b597e477594cd83615225006071341241b87b Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Tue, 20 Mar 2018 13:08:12 +0100 Subject: [PATCH 01/15] First stab at a new docker image for Grafana. - chown removed - based on tar.gz instead of deb pkg - volumes for logs and config removed - gosu removed Related to #141 --- Dockerfile | 28 +++++++++++++++++----------- build.sh | 8 +++----- run.sh | 22 ++++++++++------------ 3 files changed, 30 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 660d199f..8b996986 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,28 @@ FROM debian:jessie -ARG DOWNLOAD_URL="https://s3-us-west-2.amazonaws.com/grafana-releases/master/grafana_latest_amd64.deb" +ARG GRAFANA_VERSION="latest" +ARG GF_HOME="/usr/share/grafana" -RUN apt-get update && \ - apt-get -y --no-install-recommends install libfontconfig curl ca-certificates && \ - apt-get clean && \ - curl ${DOWNLOAD_URL} > /tmp/grafana.deb && \ - dpkg -i /tmp/grafana.deb && \ - rm /tmp/grafana.deb && \ - curl -L https://github.com/tianon/gosu/releases/download/1.10/gosu-amd64 > /usr/sbin/gosu && \ - chmod +x /usr/sbin/gosu && \ +RUN apt-get update && apt-get install -qq -y wget tar sqlite libfontconfig curl ca-certificates && \ + wget -O /tmp/grafana.tar.gz https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz && \ + tar -zxvf /tmp/grafana.tar.gz -C /tmp && rm /tmp/grafana.tar.gz && \ + mv /tmp/grafana-* $GF_HOME && \ apt-get autoremove -y && \ rm -rf /var/lib/apt/lists/* + +RUN mkdir -p /etc/grafana/provisioning/datasources && \ + mkdir -p /etc/grafana/provisioning/dashboards && \ + mkdir -p /var/lib/grafana/plugins && \ + mkdir -p /var/log/grafana && \ + cp $GF_HOME/conf/sample.ini /etc/grafana/grafana.ini && \ + cp $GF_HOME/conf/ldap.toml /etc/grafana/ldap.toml && \ + cp $GF_HOME/bin/grafana-server /usr/sbin/grafana-server && \ + cp $GF_HOME/bin/grafana-cli /usr/sbin/grafana-cli -VOLUME ["/var/lib/grafana", "/var/log/grafana", "/etc/grafana"] +VOLUME ["/var/lib/grafana"] EXPOSE 3000 COPY ./run.sh /run.sh -ENTRYPOINT ["/run.sh"] +ENTRYPOINT [ "/run.sh" ] \ No newline at end of file diff --git a/build.sh b/build.sh index ea29f4da..c8257469 100755 --- a/build.sh +++ b/build.sh @@ -1,13 +1,11 @@ #!/bin/bash -_grafana_tag=$1 -_grafana_version=${_grafana_tag:1} +_grafana_version=$1 if [ "$_grafana_version" != "" ]; then echo "Building version ${_grafana_version}" - echo "Download url: https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana_${_grafana_version}_amd64.deb" docker build \ - --build-arg DOWNLOAD_URL=https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana_${_grafana_version}_amd64.deb \ + --build-arg GRAFANA_VERSION=${_grafana_version} \ --tag "grafana/grafana:${_grafana_version}" \ --no-cache=true . docker tag grafana/grafana:${_grafana_version} grafana/grafana:latest @@ -16,5 +14,5 @@ else echo "Building latest for master" docker build \ --tag "grafana/grafana:master" \ - --no-cache=true . + . fi diff --git a/run.sh b/run.sh index 42f60322..ea556c24 100755 --- a/run.sh +++ b/run.sh @@ -6,11 +6,9 @@ : "${GF_PATHS_PLUGINS:=/var/lib/grafana/plugins}" : "${GF_PATHS_PROVISIONING:=/etc/grafana/provisioning}" -chown -R grafana:grafana "$GF_PATHS_DATA" "$GF_PATHS_LOGS" - if [ ! -z ${GF_AWS_PROFILES+x} ]; then - mkdir -p ~grafana/.aws/ - > ~grafana/.aws/credentials + mkdir -p /usr/share/grafana/.aws/ + > /usr/share/grafana/.aws/credentials for profile in ${GF_AWS_PROFILES}; do access_key_varname="GF_AWS_${profile}_ACCESS_KEY_ID" @@ -18,17 +16,17 @@ if [ ! -z ${GF_AWS_PROFILES+x} ]; then region_varname="GF_AWS_${profile}_REGION" if [ ! -z "${!access_key_varname}" -a ! -z "${!secret_key_varname}" ]; then - echo "[${profile}]" >> ~grafana/.aws/credentials - echo "aws_access_key_id = ${!access_key_varname}" >> ~grafana/.aws/credentials - echo "aws_secret_access_key = ${!secret_key_varname}" >> ~grafana/.aws/credentials + echo "[${profile}]" >> /usr/share/grafana/.aws/credentials + echo "aws_access_key_id = ${!access_key_varname}" >> /usr/share/grafana/.aws/credentials + echo "aws_secret_access_key = ${!secret_key_varname}" >> /usr/share/grafana/.aws/credentials if [ ! -z "${!region_varname}" ]; then - echo "region = ${!region_varname}" >> ~grafana/.aws/credentials + echo "region = ${!region_varname}" >> /usr/share/grafana/.aws/credentials fi fi done - chown grafana:grafana -R ~grafana/.aws - chmod 600 ~grafana/.aws/credentials +# chown grafana:grafana -R ~grafana/.aws +# chmod 600 ~grafana/.aws/credentials fi if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then @@ -36,11 +34,11 @@ if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then IFS=',' for plugin in ${GF_INSTALL_PLUGINS}; do IFS=$OLDIFS - gosu grafana grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} done fi -exec gosu grafana /usr/sbin/grafana-server \ +exec /usr/sbin/grafana-server \ --homepath=/usr/share/grafana \ --config="$GF_PATHS_CONFIG" \ cfg:default.log.mode="console" \ From 62edf507e473eaa6b55e51fcc174030f7357f87d Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Tue, 20 Mar 2018 14:56:42 +0100 Subject: [PATCH 02/15] Runs Grafana as the nobody user by default. --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8b996986..f47e3164 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,9 @@ RUN mkdir -p /etc/grafana/provisioning/datasources && \ cp $GF_HOME/conf/sample.ini /etc/grafana/grafana.ini && \ cp $GF_HOME/conf/ldap.toml /etc/grafana/ldap.toml && \ cp $GF_HOME/bin/grafana-server /usr/sbin/grafana-server && \ - cp $GF_HOME/bin/grafana-cli /usr/sbin/grafana-cli + cp $GF_HOME/bin/grafana-cli /usr/sbin/grafana-cli && \ + chown -R nobody:nogroup /var/lib/grafana && \ + chown -R nobody:nogroup $GF_HOME VOLUME ["/var/lib/grafana"] @@ -25,4 +27,6 @@ EXPOSE 3000 COPY ./run.sh /run.sh +USER nobody + ENTRYPOINT [ "/run.sh" ] \ No newline at end of file From 7ac9c658e31138e64a15ae351c27da10d9b3f0fc Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Wed, 21 Mar 2018 11:32:46 +0100 Subject: [PATCH 03/15] Log folder is owned by the default user. We don't write logs to disk by default, but for user that wish to do so it needs to be possible. --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f47e3164..457fa3fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,8 @@ RUN mkdir -p /etc/grafana/provisioning/datasources && \ cp $GF_HOME/bin/grafana-server /usr/sbin/grafana-server && \ cp $GF_HOME/bin/grafana-cli /usr/sbin/grafana-cli && \ chown -R nobody:nogroup /var/lib/grafana && \ - chown -R nobody:nogroup $GF_HOME + chown -R nobody:nogroup $GF_HOME && \ + chown -R nobody:nogroup /var/log/grafana VOLUME ["/var/lib/grafana"] From fbdd3cdec6387da0fed7016da5da591f97ad425b Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Wed, 21 Mar 2018 16:56:29 +0100 Subject: [PATCH 04/15] Updates docs. --- README.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index fbaf92d4..cc35b4ee 100644 --- a/README.md +++ b/README.md @@ -43,18 +43,21 @@ More information in the grafana configuration documentation: http://docs.grafana ## Grafana container with persistent storage (recommended) ``` -# create /var/lib/grafana as persistent volume storage -docker run -d -v /var/lib/grafana --name grafana-storage busybox:latest +# create a persistent volume for your data in /var/lib/grafana (database and plugins) +docker volume create grafana-storage # start grafana docker run \ -d \ -p 3000:3000 \ --name=grafana \ - --volumes-from grafana-storage \ + -v grafana-storage:/var/lib/grafana \ grafana/grafana ``` +Note: An unnamed volume will be created for you when you boot Grafana, +using `docker volume create grafana-storage` just makes it easer to find. + ## Installing plugins for Grafana 3 Pass the plugins you want installed to docker with the `GF_INSTALL_PLUGINS` environment variable as a comma seperated list. This will pass each plugin name to `grafana-cli plugins install ${plugin}`. @@ -72,22 +75,25 @@ docker run \ Dockerfile: ```Dockerfile -FROM grafana/grafana:5.0.0 +FROM grafana/grafana:master ENV GF_PATHS_PLUGINS=/opt/grafana-plugins -RUN mkdir -p $GF_PATHS_PLUGINS -RUN grafana-cli --pluginsDir $GF_PATHS_PLUGINS plugins install grafana-clock-panel +USER root +RUN mkdir -p $GF_PATHS_PLUGINS && chown nobody:nogroup $GF_PATHS_PLUGINS +USER nobody +RUN grafana-cli --pluginsDir $GF_PATHS_PLUGINS plugins install grafana-clock-panel && \ + grafana-cli --pluginsDir $GF_PATHS_PLUGINS plugins install grafana-simple-json-datasource ``` -Add lines with `RUN grafana-cli ...` for each plugin you wish to install in your custom image. Don't forget to specify what version of Grafana you wish to build from (replace 5.0.0 in the example). +Add lines with `grafana-cli ...` for each plugin you wish to install in your custom image. Don't forget to specify what version of Grafana you wish to build from (replace master in the example). Example of how to build and run: ```bash -docker build -t grafana:5.0.0-custom . +docker build -t grafana:master-with-plugins . docker run \ -d \ -p 3000:3000 \ --name=grafana \ - grafana:5.0.0-custom + grafana:master-with-plugins ``` ## Running specific version of Grafana From 1b7cf82ff3210188b5cfbdea8c5cc36bd2428123 Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Thu, 22 Mar 2018 14:42:52 +0100 Subject: [PATCH 05/15] Only the user running grafana can read aws credentials. --- README.md | 3 ++- run.sh | 32 ++++++++++++++++---------------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index cc35b4ee..7ad55329 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,8 @@ docker run \ ``` Note: An unnamed volume will be created for you when you boot Grafana, -using `docker volume create grafana-storage` just makes it easer to find. +using `docker volume create grafana-storage` just makes it easier to find +by giving it a name. ## Installing plugins for Grafana 3 diff --git a/run.sh b/run.sh index ea556c24..02701930 100755 --- a/run.sh +++ b/run.sh @@ -2,13 +2,14 @@ : "${GF_PATHS_CONFIG:=/etc/grafana/grafana.ini}" : "${GF_PATHS_DATA:=/var/lib/grafana}" +: "${GF_PATHS_HOME:=/usr/share/grafana}" : "${GF_PATHS_LOGS:=/var/log/grafana}" : "${GF_PATHS_PLUGINS:=/var/lib/grafana/plugins}" : "${GF_PATHS_PROVISIONING:=/etc/grafana/provisioning}" if [ ! -z ${GF_AWS_PROFILES+x} ]; then - mkdir -p /usr/share/grafana/.aws/ - > /usr/share/grafana/.aws/credentials + mkdir -p "$GF_PATHS_HOME/.aws/" + > "$GF_PATHS_HOME/.aws/credentials" for profile in ${GF_AWS_PROFILES}; do access_key_varname="GF_AWS_${profile}_ACCESS_KEY_ID" @@ -16,17 +17,16 @@ if [ ! -z ${GF_AWS_PROFILES+x} ]; then region_varname="GF_AWS_${profile}_REGION" if [ ! -z "${!access_key_varname}" -a ! -z "${!secret_key_varname}" ]; then - echo "[${profile}]" >> /usr/share/grafana/.aws/credentials - echo "aws_access_key_id = ${!access_key_varname}" >> /usr/share/grafana/.aws/credentials - echo "aws_secret_access_key = ${!secret_key_varname}" >> /usr/share/grafana/.aws/credentials + echo "[${profile}]" >> "$GF_PATHS_HOME/.aws/credentials" + echo "aws_access_key_id = ${!access_key_varname}" >> "$GF_PATHS_HOME/.aws/credentials" + echo "aws_secret_access_key = ${!secret_key_varname}" >> "$GF_PATHS_HOME/.aws/credentials" if [ ! -z "${!region_varname}" ]; then - echo "region = ${!region_varname}" >> /usr/share/grafana/.aws/credentials + echo "region = ${!region_varname}" >> "$GF_PATHS_HOME/.aws/credentials" fi fi done -# chown grafana:grafana -R ~grafana/.aws -# chmod 600 ~grafana/.aws/credentials + chmod 600 "$GF_PATHS_HOME/.aws/credentials" fi if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then @@ -38,12 +38,12 @@ if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then done fi -exec /usr/sbin/grafana-server \ - --homepath=/usr/share/grafana \ - --config="$GF_PATHS_CONFIG" \ - cfg:default.log.mode="console" \ - cfg:default.paths.data="$GF_PATHS_DATA" \ - cfg:default.paths.logs="$GF_PATHS_LOGS" \ - cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ - cfg:default.paths.provisioning=$GF_PATHS_PROVISIONING \ +exec /usr/sbin/grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" \ "$@" From b42f62f98f91fa2600da6d05980e5742c344393b Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Thu, 22 Mar 2018 16:53:45 +0100 Subject: [PATCH 06/15] Adds permission check when starting Grafana. --- run.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/run.sh b/run.sh index 02701930..c91bd263 100755 --- a/run.sh +++ b/run.sh @@ -7,6 +7,29 @@ : "${GF_PATHS_PLUGINS:=/var/lib/grafana/plugins}" : "${GF_PATHS_PROVISIONING:=/etc/grafana/provisioning}" +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/" +fi + + if [ ! -z ${GF_AWS_PROFILES+x} ]; then mkdir -p "$GF_PATHS_HOME/.aws/" > "$GF_PATHS_HOME/.aws/credentials" From 3dd301d3940369591f37a85709de9d6a7dcf1e0e Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Fri, 23 Mar 2018 10:46:33 +0100 Subject: [PATCH 07/15] Updated link to migration docs. --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index c91bd263..b0905723 100755 --- a/run.sh +++ b/run.sh @@ -26,7 +26,7 @@ fi if [ $PERMISSIONS_OK -eq 1 ]; then - echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/" + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later" fi From e2872ea0deac347fd0a9d25baf7c70683aa94a5a Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Fri, 23 Mar 2018 17:42:12 -0400 Subject: [PATCH 08/15] Switches back to running as grafana:grafana with a pinned id. Adds functionality to easily pre-bake with custom plugins. --- Dockerfile | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 457fa3fc..be55b560 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,20 @@ -FROM debian:jessie +FROM debian:stretch-slim ARG GRAFANA_VERSION="latest" ARG GF_HOME="/usr/share/grafana" +ARG GF_UID="472" +ARG GF_GID="472" -RUN apt-get update && apt-get install -qq -y wget tar sqlite libfontconfig curl ca-certificates && \ - wget -O /tmp/grafana.tar.gz https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz && \ +RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-certificates && \ + curl -o /tmp/grafana.tar.gz https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz && \ tar -zxvf /tmp/grafana.tar.gz -C /tmp && rm /tmp/grafana.tar.gz && \ mv /tmp/grafana-* $GF_HOME && \ apt-get autoremove -y && \ rm -rf /var/lib/apt/lists/* - -RUN mkdir -p /etc/grafana/provisioning/datasources && \ + +RUN groupadd -r -g $GF_GID grafana && \ + useradd -r -u $GF_UID -g grafana grafana && \ + mkdir -p /etc/grafana/provisioning/datasources && \ mkdir -p /etc/grafana/provisioning/dashboards && \ mkdir -p /var/lib/grafana/plugins && \ mkdir -p /var/log/grafana && \ @@ -18,9 +22,20 @@ RUN mkdir -p /etc/grafana/provisioning/datasources && \ cp $GF_HOME/conf/ldap.toml /etc/grafana/ldap.toml && \ cp $GF_HOME/bin/grafana-server /usr/sbin/grafana-server && \ cp $GF_HOME/bin/grafana-cli /usr/sbin/grafana-cli && \ - chown -R nobody:nogroup /var/lib/grafana && \ - chown -R nobody:nogroup $GF_HOME && \ - chown -R nobody:nogroup /var/log/grafana + chown -R grafana:grafana /var/lib/grafana && \ + chown -R grafana:grafana $GF_HOME && \ + chown -R grafana:grafana /var/log/grafana + +ARG GF_INSTALL_PLUGINS="" + +RUN if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then \ + OLDIFS=$IFS; \ + IFS=','; \ + for plugin in ${GF_INSTALL_PLUGINS}; do \ + IFS=$OLDIFS; \ + grafana-cli --pluginsDir "/var/lib/grafana/plugins" plugins install ${plugin}; \ + done; \ + fi VOLUME ["/var/lib/grafana"] @@ -28,6 +43,6 @@ EXPOSE 3000 COPY ./run.sh /run.sh -USER nobody +USER grafana -ENTRYPOINT [ "/run.sh" ] \ No newline at end of file +ENTRYPOINT [ "/run.sh" ] From bdfc434d90882d6246b0f789a3e918c69d77228a Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Sun, 25 Mar 2018 17:31:13 +0200 Subject: [PATCH 09/15] Changes in response to reviews. - cleanup of mkdir - oneliner for downloading and extracting Grafana - envs moved from run.sh to Dockerfile --- Dockerfile | 39 ++++++++++++++++++++++----------------- run.sh | 7 ------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/Dockerfile b/Dockerfile index be55b560..908fbc68 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,35 @@ FROM debian:stretch-slim ARG GRAFANA_VERSION="latest" -ARG GF_HOME="/usr/share/grafana" ARG GF_UID="472" ARG GF_GID="472" +ENV GF_PATHS_CONFIG="/etc/grafana/grafana.ini" +ENV GF_PATHS_DATA="/var/lib/grafana" +ENV GF_PATHS_HOME="/usr/share/grafana" +ENV GF_PATHS_LOGS="/var/log/grafana" +ENV GF_PATHS_PLUGINS="/var/lib/grafana/plugins" +ENV GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-certificates && \ - curl -o /tmp/grafana.tar.gz https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz && \ - tar -zxvf /tmp/grafana.tar.gz -C /tmp && rm /tmp/grafana.tar.gz && \ - mv /tmp/grafana-* $GF_HOME && \ + mkdir -p "$GF_PATHS_HOME" && \ + curl https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz | tar xfvz - --strip-components=1 -C "$GF_PATHS_HOME" && \ apt-get autoremove -y && \ rm -rf /var/lib/apt/lists/* RUN groupadd -r -g $GF_GID grafana && \ useradd -r -u $GF_UID -g grafana grafana && \ - mkdir -p /etc/grafana/provisioning/datasources && \ - mkdir -p /etc/grafana/provisioning/dashboards && \ - mkdir -p /var/lib/grafana/plugins && \ - mkdir -p /var/log/grafana && \ - cp $GF_HOME/conf/sample.ini /etc/grafana/grafana.ini && \ - cp $GF_HOME/conf/ldap.toml /etc/grafana/ldap.toml && \ - cp $GF_HOME/bin/grafana-server /usr/sbin/grafana-server && \ - cp $GF_HOME/bin/grafana-cli /usr/sbin/grafana-cli && \ - chown -R grafana:grafana /var/lib/grafana && \ - chown -R grafana:grafana $GF_HOME && \ - chown -R grafana:grafana /var/log/grafana + mkdir -p "$GF_PATHS_PROVISIONING/datasources" \ + "$GF_PATHS_PROVISIONING/dashboards" \ + "$GF_PATHS_PLUGINS" \ + "$GF_PATHS_LOGS" && \ + cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \ + cp "$GF_PATHS_HOME/conf/ldap.toml" /etc/grafana/ldap.toml && \ + cp "$GF_PATHS_HOME/bin/grafana-server" /usr/sbin/grafana-server && \ + cp "$GF_PATHS_HOME/bin/grafana-cli" /usr/sbin/grafana-cli && \ + chown -R grafana:grafana "$GF_PATHS_DATA" && \ + chown -R grafana:grafana "$GF_PATHS_HOME" && \ + chown -R grafana:grafana "$GF_PATHS_LOGS" ARG GF_INSTALL_PLUGINS="" @@ -33,11 +38,11 @@ RUN if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then \ IFS=','; \ for plugin in ${GF_INSTALL_PLUGINS}; do \ IFS=$OLDIFS; \ - grafana-cli --pluginsDir "/var/lib/grafana/plugins" plugins install ${plugin}; \ + grafana-cli --pluginsDir "$GF_PATHS_PLUGINS" plugins install ${plugin}; \ done; \ fi -VOLUME ["/var/lib/grafana"] +VOLUME [$GF_PATHS_DATA] EXPOSE 3000 diff --git a/run.sh b/run.sh index 5dafe959..d03ed855 100755 --- a/run.sh +++ b/run.sh @@ -1,12 +1,5 @@ #!/bin/bash -e -: "${GF_PATHS_CONFIG:=/etc/grafana/grafana.ini}" -: "${GF_PATHS_DATA:=/var/lib/grafana}" -: "${GF_PATHS_HOME:=/usr/share/grafana}" -: "${GF_PATHS_LOGS:=/var/log/grafana}" -: "${GF_PATHS_PLUGINS:=/var/lib/grafana/plugins}" -: "${GF_PATHS_PROVISIONING:=/etc/grafana/provisioning}" - PERMISSIONS_OK=0 if [ ! -r "$GF_PATHS_CONFIG" ]; then From 3796995360fe420127d25cfcbd068bc7bd6e8740 Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Mon, 26 Mar 2018 11:21:35 +0200 Subject: [PATCH 10/15] Limitied the amount of image layers. --- Dockerfile | 20 +++++++++----------- run.sh | 2 +- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 908fbc68..af1174cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,20 +4,20 @@ ARG GRAFANA_VERSION="latest" ARG GF_UID="472" ARG GF_GID="472" -ENV GF_PATHS_CONFIG="/etc/grafana/grafana.ini" -ENV GF_PATHS_DATA="/var/lib/grafana" -ENV GF_PATHS_HOME="/usr/share/grafana" -ENV GF_PATHS_LOGS="/var/log/grafana" -ENV GF_PATHS_PLUGINS="/var/lib/grafana/plugins" -ENV GF_PATHS_PROVISIONING="/etc/grafana/provisioning" +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-certificates && \ mkdir -p "$GF_PATHS_HOME" && \ curl https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz | tar xfvz - --strip-components=1 -C "$GF_PATHS_HOME" && \ apt-get autoremove -y && \ - rm -rf /var/lib/apt/lists/* - -RUN groupadd -r -g $GF_GID grafana && \ + rm -rf /var/lib/apt/lists/* && \ + groupadd -r -g $GF_GID grafana && \ useradd -r -u $GF_UID -g grafana grafana && \ mkdir -p "$GF_PATHS_PROVISIONING/datasources" \ "$GF_PATHS_PROVISIONING/dashboards" \ @@ -25,8 +25,6 @@ RUN groupadd -r -g $GF_GID grafana && \ "$GF_PATHS_LOGS" && \ cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \ cp "$GF_PATHS_HOME/conf/ldap.toml" /etc/grafana/ldap.toml && \ - cp "$GF_PATHS_HOME/bin/grafana-server" /usr/sbin/grafana-server && \ - cp "$GF_PATHS_HOME/bin/grafana-cli" /usr/sbin/grafana-cli && \ chown -R grafana:grafana "$GF_PATHS_DATA" && \ chown -R grafana:grafana "$GF_PATHS_HOME" && \ chown -R grafana:grafana "$GF_PATHS_LOGS" diff --git a/run.sh b/run.sh index d03ed855..f5866c8c 100755 --- a/run.sh +++ b/run.sh @@ -53,7 +53,7 @@ if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then done fi -exec /usr/sbin/grafana-server \ +exec grafana-server \ --homepath="$GF_PATHS_HOME" \ --config="$GF_PATHS_CONFIG" \ cfg:default.log.mode="console" \ From 515cc79e72915b6158bf8f577bb88088c872d831 Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Mon, 26 Mar 2018 12:48:00 +0200 Subject: [PATCH 11/15] Removes the last volume. Users should create their own volumes when they need to. --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index af1174cd..72ab4730 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,8 +40,6 @@ RUN if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then \ done; \ fi -VOLUME [$GF_PATHS_DATA] - EXPOSE 3000 COPY ./run.sh /run.sh From db076d7c2b54c4d2163ea6559763ef1c0c6a2ddb Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Tue, 27 Mar 2018 11:14:57 +0200 Subject: [PATCH 12/15] Supports running as any user. --- Dockerfile | 24 +++++++----------------- run.sh | 7 +++++-- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 72ab4730..10e1175b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bi GF_PATHS_PROVISIONING="/etc/grafana/provisioning" RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-certificates && \ - mkdir -p "$GF_PATHS_HOME" && \ + mkdir -p "$GF_PATHS_HOME/.aws" && \ curl https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz | tar xfvz - --strip-components=1 -C "$GF_PATHS_HOME" && \ apt-get autoremove -y && \ rm -rf /var/lib/apt/lists/* && \ @@ -21,24 +21,14 @@ RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-ce useradd -r -u $GF_UID -g grafana grafana && \ mkdir -p "$GF_PATHS_PROVISIONING/datasources" \ "$GF_PATHS_PROVISIONING/dashboards" \ - "$GF_PATHS_PLUGINS" \ - "$GF_PATHS_LOGS" && \ + "$GF_PATHS_LOGS" \ + "$GF_PATHS_DATA" && \ cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \ cp "$GF_PATHS_HOME/conf/ldap.toml" /etc/grafana/ldap.toml && \ chown -R grafana:grafana "$GF_PATHS_DATA" && \ - chown -R grafana:grafana "$GF_PATHS_HOME" && \ - chown -R grafana:grafana "$GF_PATHS_LOGS" - -ARG GF_INSTALL_PLUGINS="" - -RUN if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then \ - OLDIFS=$IFS; \ - IFS=','; \ - for plugin in ${GF_INSTALL_PLUGINS}; do \ - IFS=$OLDIFS; \ - grafana-cli --pluginsDir "$GF_PATHS_PLUGINS" plugins install ${plugin}; \ - done; \ - fi + chown -R grafana:grafana "$GF_PATHS_HOME/.aws" && \ + chown -R grafana:grafana "$GF_PATHS_LOGS" && \ + chmod 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" EXPOSE 3000 @@ -46,4 +36,4 @@ COPY ./run.sh /run.sh USER grafana -ENTRYPOINT [ "/run.sh" ] +ENTRYPOINT [ "/run.sh" ] \ No newline at end of file diff --git a/run.sh b/run.sh index f5866c8c..3bc36564 100755 --- a/run.sh +++ b/run.sh @@ -20,10 +20,13 @@ fi if [ $PERMISSIONS_OK -eq 1 ]; then echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later" fi - + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + if [ ! -z ${GF_AWS_PROFILES+x} ]; then - mkdir -p "$GF_PATHS_HOME/.aws/" > "$GF_PATHS_HOME/.aws/credentials" for profile in ${GF_AWS_PROFILES}; do From 61f378236434fca515248c4012bb1414cc77386c Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Thu, 29 Mar 2018 11:31:48 -0400 Subject: [PATCH 13/15] Dockerfile for building custom images --- Dockerfile | 12 ++++++------ README.md | 29 ++++++++++++----------------- custom/Dockerfile | 16 ++++++++++++++++ 3 files changed, 34 insertions(+), 23 deletions(-) create mode 100644 custom/Dockerfile diff --git a/Dockerfile b/Dockerfile index 10e1175b..18d38258 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,7 @@ FROM debian:stretch-slim ARG GRAFANA_VERSION="latest" +ARG GRAFANA_URL="https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz" ARG GF_UID="472" ARG GF_GID="472" @@ -14,7 +15,7 @@ ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bi RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-certificates && \ mkdir -p "$GF_PATHS_HOME/.aws" && \ - curl https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz | tar xfvz - --strip-components=1 -C "$GF_PATHS_HOME" && \ + curl "$GRAFANA_URL" | tar xfvz - --strip-components=1 -C "$GF_PATHS_HOME" && \ apt-get autoremove -y && \ rm -rf /var/lib/apt/lists/* && \ groupadd -r -g $GF_GID grafana && \ @@ -22,13 +23,12 @@ RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-ce mkdir -p "$GF_PATHS_PROVISIONING/datasources" \ "$GF_PATHS_PROVISIONING/dashboards" \ "$GF_PATHS_LOGS" \ + "$GF_PATHS_PLUGINS" \ "$GF_PATHS_DATA" && \ cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \ cp "$GF_PATHS_HOME/conf/ldap.toml" /etc/grafana/ldap.toml && \ - chown -R grafana:grafana "$GF_PATHS_DATA" && \ - chown -R grafana:grafana "$GF_PATHS_HOME/.aws" && \ - chown -R grafana:grafana "$GF_PATHS_LOGS" && \ - chmod 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" + chown -R grafana:grafana "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" && \ + chmod 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" EXPOSE 3000 @@ -36,4 +36,4 @@ COPY ./run.sh /run.sh USER grafana -ENTRYPOINT [ "/run.sh" ] \ No newline at end of file +ENTRYPOINT [ "/run.sh" ] diff --git a/README.md b/README.md index 7ad55329..1119e945 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![CircleCI](https://circleci.com/gh/grafana/grafana-docker.svg?style=svg)](https://circleci.com/gh/grafana/grafana-docker) -This project builds a Docker image with the latest master build of Grafana. +This project builds a Docker image for Grafana. ## Running your Grafana container @@ -14,7 +14,7 @@ docker run -d --name=grafana -p 3000:3000 grafana/grafana Try it out, default admin user is admin/admin. -In case port 3000 is closed for external clients or you there is no access +In case port 3000 is closed for external clients or there is no access to the browser - you may test it by issuing: curl -i localhost:3000/login Make sure that you are getting "...200 OK" in response. @@ -59,7 +59,7 @@ Note: An unnamed volume will be created for you when you boot Grafana, using `docker volume create grafana-storage` just makes it easier to find by giving it a name. -## Installing plugins for Grafana 3 +## Installing plugins for Grafana Pass the plugins you want installed to docker with the `GF_INSTALL_PLUGINS` environment variable as a comma seperated list. This will pass each plugin name to `grafana-cli plugins install ${plugin}`. @@ -74,27 +74,19 @@ docker run \ ## Building a custom Grafana image with pre-installed plugins -Dockerfile: -```Dockerfile -FROM grafana/grafana:master -ENV GF_PATHS_PLUGINS=/opt/grafana-plugins -USER root -RUN mkdir -p $GF_PATHS_PLUGINS && chown nobody:nogroup $GF_PATHS_PLUGINS -USER nobody -RUN grafana-cli --pluginsDir $GF_PATHS_PLUGINS plugins install grafana-clock-panel && \ - grafana-cli --pluginsDir $GF_PATHS_PLUGINS plugins install grafana-simple-json-datasource -``` - -Add lines with `grafana-cli ...` for each plugin you wish to install in your custom image. Don't forget to specify what version of Grafana you wish to build from (replace master in the example). +The `custom/` folder includes a `Dockerfile` that can be used to build a custom Grafana image. It accepts `GRAFANA_VERSION` and `GF_INSTALL_PLUGINS` as build arguments. Example of how to build and run: ```bash -docker build -t grafana:master-with-plugins . +cd custom +docker build -t grafana:latest-with-plugins \ + --build-arg "GRAFANA_VERSION=latest" \ + --build-arg "GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource" . docker run \ -d \ -p 3000:3000 \ --name=grafana \ - grafana:master-with-plugins + grafana:latest-with-plugins ``` ## Running specific version of Grafana @@ -133,6 +125,9 @@ Supported variables: ## Changelog +### v5.1.0 +* Complete overhaul + ### v4.2.0 * Plugins are now installed into ${GF_PATHS_PLUGINS} * Building the container now requires a full url to the deb package instead of just version diff --git a/custom/Dockerfile b/custom/Dockerfile new file mode 100644 index 00000000..79eba5f2 --- /dev/null +++ b/custom/Dockerfile @@ -0,0 +1,16 @@ +ARG GRAFANA_VERSION="latest" + +FROM grafana/grafana:${GRAFANA_VERSION} + +USER grafana + +ARG GF_INSTALL_PLUGINS="" + +RUN if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then \ + OLDIFS=$IFS; \ + IFS=','; \ + for plugin in ${GF_INSTALL_PLUGINS}; do \ + IFS=$OLDIFS; \ + grafana-cli --pluginsDir "$GF_PATHS_PLUGINS" plugins install ${plugin}; \ + done; \ +fi From 766ad7d0bcc094687a85447d7f8ad08b966ad919 Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Wed, 4 Apr 2018 10:35:00 +0200 Subject: [PATCH 14/15] Removes sqlite that was added by mistake. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3ce9c709..100e1e20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bi GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ GF_PATHS_PROVISIONING="/etc/grafana/provisioning" -RUN apt-get update && apt-get install -qq -y tar sqlite libfontconfig curl ca-certificates && \ +RUN apt-get update && apt-get install -qq -y tar libfontconfig curl ca-certificates && \ mkdir -p "$GF_PATHS_HOME/.aws" && \ curl "$GRAFANA_URL" | tar xfvz - --strip-components=1 -C "$GF_PATHS_HOME" && \ apt-get autoremove -y && \ From 1710405158f2f46ac0897d13908383d23f3cb995 Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Fri, 13 Apr 2018 15:07:38 +0200 Subject: [PATCH 15/15] No args to build.sh builds latest Grafana master. --- Dockerfile | 3 +-- build.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 100e1e20..6e4a5896 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ FROM debian:stretch-slim -ARG GRAFANA_VERSION="latest" -ARG GRAFANA_URL="https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-$GRAFANA_VERSION.linux-x64.tar.gz" +ARG GRAFANA_URL="https://s3-us-west-2.amazonaws.com/grafana-releases/master/grafana-latest.linux-x64.tar.gz" ARG GF_UID="472" ARG GF_GID="472" diff --git a/build.sh b/build.sh index 13391d07..9fc54743 100755 --- a/build.sh +++ b/build.sh @@ -7,7 +7,7 @@ _docker_repo=${2:-grafana/grafana} if [ "$_grafana_version" != "" ]; then echo "Building version ${_grafana_version}" docker build \ - --build-arg GRAFANA_VERSION=${_grafana_version} \ + --build-arg GRAFANA_URL="https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-${_grafana_version}.linux-x64.tar.gz" \ --tag "${_docker_repo}:${_grafana_version}" \ --no-cache=true . docker tag ${_docker_repo}:${_grafana_version} ${_docker_repo}:latest