Generate random passwords and keep them out of the environment/program args

metrics/scripts/enable.sh

@@ -1,6 +1,22 @@
 # |source| this file to enable metrics in the current shell
 
-export SOLANA_METRICS_CONFIG="host=http://localhost:8086,db=testnet,u=write,p=write"
+echoSolanaMetricsConfig() {
+  declare metrics_config_sh
+  metrics_config_sh="$(dirname "${BASH_SOURCE[0]}")"/lib/config.sh
+  if [[ ! -f "$metrics_config_sh" ]]; then
+    echo "Run start.sh first" >&2
+    return 1
+  fi
+  (
+    # shellcheck source=/dev/null
+    source "$metrics_config_sh"
+    echo "host=http://localhost:8086,db=testnet,u=$INFLUXDB_WRITE_USER,p=$INFLUXDB_WRITE_PASSWORD"
+  )
+}
+
+SOLANA_METRICS_CONFIG=$(echoSolanaMetricsConfig)
+export SOLANA_METRICS_CONFIG
+unset -f echoSolanaMetricsConfig
 
 __configure_metrics_sh="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. || true; pwd)"/scripts/configure-metrics.sh
 if [[ -f $__configure_metrics_sh ]]; then

metrics/scripts/grafana-provisioning/datasources/datasource.yml

@@ -1,16 +0,0 @@
-# config file version
-apiVersion: 1
-
-datasources:
-- name: local-influxdb
-  type: influxdb
-  isDefault: true
-  access: proxy
-  database: testnet
-  user: admin
-  password: admin
-  basicAuth: true
-  basicAuthUser: admin
-  basicAuthPassword: admin
-  url: http://influxdb:8086
-  editable: true

metrics/scripts/start.sh

@@ -9,10 +9,51 @@ cd "$(dirname "$0")"
 # Stop if already running
 ./stop.sh
 
-set -x
+randomPassword() {
+  declare p=
+  for _ in $(seq 0 16); do
+    p+="$((RANDOM % 10))"
+  done
+  echo $p
+}
 
-./adjust-dashboard-for-channel.py \
-  grafana-provisioning/dashboards/testnet-monitor.json local
+mkdir -p lib
+if [[ ! -f lib/config.sh ]]; then
+  cat > lib/config.sh <<EOF
+INFLUXDB_ADMIN_USER=admin
+INFLUXDB_ADMIN_PASSWORD=$(randomPassword)
+INFLUXDB_WRITE_USER=write
+INFLUXDB_WRITE_PASSWORD=$(randomPassword)
+INFLUXDB_READ_USER=read
+INFLUXDB_READ_PASSWORD=read
+EOF
+fi
+# shellcheck source=/dev/null
+source lib/config.sh
+
+if [[ ! -f lib/grafana-provisioning ]]; then
+  cp -va grafana-provisioning lib
+  ./adjust-dashboard-for-channel.py \
+    lib/grafana-provisioning/dashboards/testnet-monitor.json local
+
+  mkdir -p lib/grafana-provisioning/datasources
+  cat > lib/grafana-provisioning/datasources/datasource.yml <<EOF
+apiVersion: 1
+
+datasources:
+- name: local-influxdb
+  type: influxdb
+  isDefault: true
+  access: proxy
+  database: testnet
+  user: $INFLUXDB_READ_USER
+  password: $INFLUXDB_READ_PASSWORD
+  url: http://influxdb:8086
+  editable: true
+EOF
+fi
+
+set -x
 
 : "${INFLUXDB_IMAGE:=influxdb:1.6}"
 : "${GRAFANA_IMAGE:=solanalabs/grafana:stable}"
@@ -24,6 +65,16 @@ docker pull $GRAFANA_IMAGE
 docker network remove influxdb || true
 docker network create influxdb
 
+cat > "$PWD"/lib/influx-env-file <<EOF
+INFLUXDB_ADMIN_USER=$INFLUXDB_ADMIN_USER
+INFLUXDB_ADMIN_PASSWORD=$INFLUXDB_ADMIN_PASSWORD
+INFLUXDB_READ_USER=$INFLUXDB_READ_USER
+INFLUXDB_READ_PASSWORD=$INFLUXDB_READ_PASSWORD
+INFLUXDB_WRITE_USER=$INFLUXDB_WRITE_USER
+INFLUXDB_WRITE_PASSWORD=$INFLUXDB_WRITE_PASSWORD
+INFLUXDB_DB=testnet
+EOF
+
 docker run \
   --detach \
   --name=influxdb \
@@ -32,25 +83,25 @@ docker run \
   --user "$(id -u):$(id -g)" \
   --volume "$PWD"/influxdb.conf:/etc/influxdb/influxdb.conf:ro \
   --volume "$PWD"/lib/influxdb:/var/lib/influxdb \
-  --env INFLUXDB_DB=testnet \
-  --env INFLUXDB_ADMIN_USER=admin \
-  --env INFLUXDB_ADMIN_PASSWORD=admin \
-  --env INFLUXDB_READ_USER=read \
-  --env INFLUXDB_READ_PASSWORD=read \
-  --env INFLUXDB_WRITE_USER=write \
-  --env INFLUXDB_WRITE_PASSWORD=write \
+  --env-file "$PWD"/lib/influx-env-file \
   $INFLUXDB_IMAGE -config /etc/influxdb/influxdb.conf /init-influxdb.sh
 
+cat > "$PWD"/lib/grafana-env-file <<EOF
+GF_PATHS_CONFIG=/grafana.ini
+GF_SECURITY_ADMIN_USER=$INFLUXDB_ADMIN_USER
+GF_SECURITY_ADMIN_PASSWORD=$INFLUXDB_ADMIN_PASSWORD
+EOF
+
 docker run \
   --detach \
   --name=grafana \
   --net=influxdb \
   --publish 3000:3000 \
   --user "$(id -u):$(id -g)" \
-  --env GF_PATHS_CONFIG=/grafana.ini \
+  --env-file "$PWD"/lib/grafana-env-file \
   --volume "$PWD"/grafana.ini:/grafana.ini:ro \
   --volume "$PWD"/lib/grafana:/var/lib/grafana \
-  --volume "$PWD"/grafana-provisioning/:/etc/grafana/provisioning \
+  --volume "$PWD"/lib/grafana-provisioning/:/etc/grafana/provisioning:ro \
   $GRAFANA_IMAGE
 
 sleep 5

metrics/scripts/status.sh

@@ -6,6 +6,18 @@
 set -e
 cd "$(dirname "$0")"
 
+if [[ ! -f lib/config.sh ]]; then
+  echo "Run start.sh first"
+  exit 1
+fi
+# shellcheck source=/dev/null
+source lib/config.sh
+
+: "${INFLUXDB_ADMIN_USER:?}"
+: "${INFLUXDB_ADMIN_PASSWORD:?}"
+: "${INFLUXDB_WRITE_USER:?}"
+: "${INFLUXDB_WRITE_PASSWORD:?}"
+
 (
   set -x
   docker ps --no-trunc --size
@@ -24,9 +36,11 @@ fi
 cat <<EOF
 
 =========================================================================
-* Grafana dashboards are available at http://localhost:3000/dashboards
+* Grafana url: http://localhost:3000/dashboards
+     username: $INFLUXDB_ADMIN_USER
+     password: $INFLUXDB_ADMIN_PASSWORD
 
-* Enable local metric collection per shell by running:
-    export SOLANA_METRICS_CONFIG="host=http://localhost:8086,db=testnet,u=write,p=write"
+* Enable metric collection per shell by running:
+     export SOLANA_METRICS_CONFIG="host=http://localhost:8086,db=testnet,u=$INFLUXDB_WRITE_USER,p=$INFLUXDB_WRITE_PASSWORD"
 
 EOF

metrics/scripts/stop.sh

@@ -7,12 +7,11 @@ set -e
 
 for container in influxdb grafana; do
   if [ "$(docker ps -q -a -f name=$container)" ]; then
-  (
-    set +e
-    docker rm -f $container
-    exit 0
-  )
+    echo Stopping $container
+    (
+      set +e
+      docker rm -f $container
+      exit 0
+    )
   fi
 done
-
-echo Local metrics stopped