Generate random passwords and keep them out of the environment/program args
This commit is contained in:
parent
e3f895d7d4
commit
1cd8c1865e
|
@ -1,6 +1,22 @@
|
|||
# |source| this file to enable metrics in the current shell
|
||||
|
||||
export SOLANA_METRICS_CONFIG="host=http://localhost:8086,db=testnet,u=write,p=write"
|
||||
echoSolanaMetricsConfig() {
|
||||
declare metrics_config_sh
|
||||
metrics_config_sh="$(dirname "${BASH_SOURCE[0]}")"/lib/config.sh
|
||||
if [[ ! -f "$metrics_config_sh" ]]; then
|
||||
echo "Run start.sh first" >&2
|
||||
return 1
|
||||
fi
|
||||
(
|
||||
# shellcheck source=/dev/null
|
||||
source "$metrics_config_sh"
|
||||
echo "host=http://localhost:8086,db=testnet,u=$INFLUXDB_WRITE_USER,p=$INFLUXDB_WRITE_PASSWORD"
|
||||
)
|
||||
}
|
||||
|
||||
SOLANA_METRICS_CONFIG=$(echoSolanaMetricsConfig)
|
||||
export SOLANA_METRICS_CONFIG
|
||||
unset -f echoSolanaMetricsConfig
|
||||
|
||||
__configure_metrics_sh="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. || true; pwd)"/scripts/configure-metrics.sh
|
||||
if [[ -f $__configure_metrics_sh ]]; then
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
# config file version
|
||||
apiVersion: 1
|
||||
|
||||
datasources:
|
||||
- name: local-influxdb
|
||||
type: influxdb
|
||||
isDefault: true
|
||||
access: proxy
|
||||
database: testnet
|
||||
user: admin
|
||||
password: admin
|
||||
basicAuth: true
|
||||
basicAuthUser: admin
|
||||
basicAuthPassword: admin
|
||||
url: http://influxdb:8086
|
||||
editable: true
|
|
@ -9,10 +9,51 @@ cd "$(dirname "$0")"
|
|||
# Stop if already running
|
||||
./stop.sh
|
||||
|
||||
set -x
|
||||
randomPassword() {
|
||||
declare p=
|
||||
for _ in $(seq 0 16); do
|
||||
p+="$((RANDOM % 10))"
|
||||
done
|
||||
echo $p
|
||||
}
|
||||
|
||||
./adjust-dashboard-for-channel.py \
|
||||
grafana-provisioning/dashboards/testnet-monitor.json local
|
||||
mkdir -p lib
|
||||
if [[ ! -f lib/config.sh ]]; then
|
||||
cat > lib/config.sh <<EOF
|
||||
INFLUXDB_ADMIN_USER=admin
|
||||
INFLUXDB_ADMIN_PASSWORD=$(randomPassword)
|
||||
INFLUXDB_WRITE_USER=write
|
||||
INFLUXDB_WRITE_PASSWORD=$(randomPassword)
|
||||
INFLUXDB_READ_USER=read
|
||||
INFLUXDB_READ_PASSWORD=read
|
||||
EOF
|
||||
fi
|
||||
# shellcheck source=/dev/null
|
||||
source lib/config.sh
|
||||
|
||||
if [[ ! -f lib/grafana-provisioning ]]; then
|
||||
cp -va grafana-provisioning lib
|
||||
./adjust-dashboard-for-channel.py \
|
||||
lib/grafana-provisioning/dashboards/testnet-monitor.json local
|
||||
|
||||
mkdir -p lib/grafana-provisioning/datasources
|
||||
cat > lib/grafana-provisioning/datasources/datasource.yml <<EOF
|
||||
apiVersion: 1
|
||||
|
||||
datasources:
|
||||
- name: local-influxdb
|
||||
type: influxdb
|
||||
isDefault: true
|
||||
access: proxy
|
||||
database: testnet
|
||||
user: $INFLUXDB_READ_USER
|
||||
password: $INFLUXDB_READ_PASSWORD
|
||||
url: http://influxdb:8086
|
||||
editable: true
|
||||
EOF
|
||||
fi
|
||||
|
||||
set -x
|
||||
|
||||
: "${INFLUXDB_IMAGE:=influxdb:1.6}"
|
||||
: "${GRAFANA_IMAGE:=solanalabs/grafana:stable}"
|
||||
|
@ -24,6 +65,16 @@ docker pull $GRAFANA_IMAGE
|
|||
docker network remove influxdb || true
|
||||
docker network create influxdb
|
||||
|
||||
cat > "$PWD"/lib/influx-env-file <<EOF
|
||||
INFLUXDB_ADMIN_USER=$INFLUXDB_ADMIN_USER
|
||||
INFLUXDB_ADMIN_PASSWORD=$INFLUXDB_ADMIN_PASSWORD
|
||||
INFLUXDB_READ_USER=$INFLUXDB_READ_USER
|
||||
INFLUXDB_READ_PASSWORD=$INFLUXDB_READ_PASSWORD
|
||||
INFLUXDB_WRITE_USER=$INFLUXDB_WRITE_USER
|
||||
INFLUXDB_WRITE_PASSWORD=$INFLUXDB_WRITE_PASSWORD
|
||||
INFLUXDB_DB=testnet
|
||||
EOF
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name=influxdb \
|
||||
|
@ -32,25 +83,25 @@ docker run \
|
|||
--user "$(id -u):$(id -g)" \
|
||||
--volume "$PWD"/influxdb.conf:/etc/influxdb/influxdb.conf:ro \
|
||||
--volume "$PWD"/lib/influxdb:/var/lib/influxdb \
|
||||
--env INFLUXDB_DB=testnet \
|
||||
--env INFLUXDB_ADMIN_USER=admin \
|
||||
--env INFLUXDB_ADMIN_PASSWORD=admin \
|
||||
--env INFLUXDB_READ_USER=read \
|
||||
--env INFLUXDB_READ_PASSWORD=read \
|
||||
--env INFLUXDB_WRITE_USER=write \
|
||||
--env INFLUXDB_WRITE_PASSWORD=write \
|
||||
--env-file "$PWD"/lib/influx-env-file \
|
||||
$INFLUXDB_IMAGE -config /etc/influxdb/influxdb.conf /init-influxdb.sh
|
||||
|
||||
cat > "$PWD"/lib/grafana-env-file <<EOF
|
||||
GF_PATHS_CONFIG=/grafana.ini
|
||||
GF_SECURITY_ADMIN_USER=$INFLUXDB_ADMIN_USER
|
||||
GF_SECURITY_ADMIN_PASSWORD=$INFLUXDB_ADMIN_PASSWORD
|
||||
EOF
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name=grafana \
|
||||
--net=influxdb \
|
||||
--publish 3000:3000 \
|
||||
--user "$(id -u):$(id -g)" \
|
||||
--env GF_PATHS_CONFIG=/grafana.ini \
|
||||
--env-file "$PWD"/lib/grafana-env-file \
|
||||
--volume "$PWD"/grafana.ini:/grafana.ini:ro \
|
||||
--volume "$PWD"/lib/grafana:/var/lib/grafana \
|
||||
--volume "$PWD"/grafana-provisioning/:/etc/grafana/provisioning \
|
||||
--volume "$PWD"/lib/grafana-provisioning/:/etc/grafana/provisioning:ro \
|
||||
$GRAFANA_IMAGE
|
||||
|
||||
sleep 5
|
||||
|
|
|
@ -6,6 +6,18 @@
|
|||
set -e
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
if [[ ! -f lib/config.sh ]]; then
|
||||
echo "Run start.sh first"
|
||||
exit 1
|
||||
fi
|
||||
# shellcheck source=/dev/null
|
||||
source lib/config.sh
|
||||
|
||||
: "${INFLUXDB_ADMIN_USER:?}"
|
||||
: "${INFLUXDB_ADMIN_PASSWORD:?}"
|
||||
: "${INFLUXDB_WRITE_USER:?}"
|
||||
: "${INFLUXDB_WRITE_PASSWORD:?}"
|
||||
|
||||
(
|
||||
set -x
|
||||
docker ps --no-trunc --size
|
||||
|
@ -24,9 +36,11 @@ fi
|
|||
cat <<EOF
|
||||
|
||||
=========================================================================
|
||||
* Grafana dashboards are available at http://localhost:3000/dashboards
|
||||
* Grafana url: http://localhost:3000/dashboards
|
||||
username: $INFLUXDB_ADMIN_USER
|
||||
password: $INFLUXDB_ADMIN_PASSWORD
|
||||
|
||||
* Enable local metric collection per shell by running:
|
||||
export SOLANA_METRICS_CONFIG="host=http://localhost:8086,db=testnet,u=write,p=write"
|
||||
* Enable metric collection per shell by running:
|
||||
export SOLANA_METRICS_CONFIG="host=http://localhost:8086,db=testnet,u=$INFLUXDB_WRITE_USER,p=$INFLUXDB_WRITE_PASSWORD"
|
||||
|
||||
EOF
|
||||
|
|
|
@ -7,12 +7,11 @@ set -e
|
|||
|
||||
for container in influxdb grafana; do
|
||||
if [ "$(docker ps -q -a -f name=$container)" ]; then
|
||||
(
|
||||
set +e
|
||||
docker rm -f $container
|
||||
exit 0
|
||||
)
|
||||
echo Stopping $container
|
||||
(
|
||||
set +e
|
||||
docker rm -f $container
|
||||
exit 0
|
||||
)
|
||||
fi
|
||||
done
|
||||
|
||||
echo Local metrics stopped
|
||||
|
|
Loading…
Reference in New Issue