Back to ITRS Analytics FAQ

How do I troubleshoot setting up Grafana for ITRS Analytics?

The sections below cover additional configuration points that commonly cause login or data access issues. If you have not yet configured Grafana authentication with ITRS Analytics, refer to Configure Grafana authentication with ITRS Analytics.

Configure grafana.ini Copied

The domain setting is often left as localhost. Change it to the hostname or FQDN where Grafana is accessed.

Update the relevant fields in grafana.ini. Replace the example hostname and OAuth URLs with your ITRS Analytics server address. Obtain client_secret from your Keycloak obcerv-apps client configuration.

Below is an example of a grafana.ini file:

## The http port to use
http_port = 3000

## The public facing domain name used to access grafana from a browser
domain = ec2-18-171-143-13.eu-west-2.compute.amazonaws.com

#################################### Generic OAuth #######################
[auth.generic_oauth]
name = ITRS Analytics
enabled = true
allow_sign_up = true
client_id = obcerv-apps
client_secret = LZplLkJSag4lPRJhUXGA4OGxqpqV0ZEP
scopes = openid profile email offline_access roles
email_attribute_path = email
login_attribute_path = username
name_attribute_path = full_name
role_attribute_path = contains(roles[*], 'admin') && 'GrafanaAdmin' || 'Editor'
auth_url = https://ec2-18-171-143-13.eu-west-2.compute.amazonaws.com/auth/realms/obcerv/protocol/openid-connect/auth
token_url = https://ec2-18-171-143-13.eu-west-2.compute.amazonaws.com/auth/realms/obcerv/protocol/openid-connect/token
api_url = https://ec2-18-171-143-13.eu-west-2.compute.amazonaws.com/auth/realms/obcerv/protocol/openid-connect/userinfo
tls_skip_verify_insecure = true

Restart Grafana after saving changes.

Configure Keycloak Copied

Valid redirect URLs Copied

Configure valid redirect URLs for the Grafana OAuth client as shown below:

ITRS Analytics - Keycloak valid redirect URLs

Realm roles mapper Copied

Configure the realm roles mapper as shown below:

ITRS Analytics - Keycloak realm roles mapper

Set Token Claim Name to roles:

ITRS Analytics - Keycloak token claim name

Grafana user Copied

Create a user in Keycloak with admin role rights:

  1. Create a user under Users. Enter an email address. The address does not need to be a valid mailbox.

    ITRS Analytics - Create Keycloak user

  2. Set a password for the user.

    ITRS Analytics - Set Keycloak user password

  3. Clear the Temporary option so the password does not expire on first login.

    ITRS Analytics - Disable temporary password

  4. Under Realm roles, create an admin role if it does not already exist.

    ITRS Analytics - Create realm role

  5. For the Grafana user, assign client roles:

    ITRS Analytics - Assign client roles

  6. Assign realm roles to the user:

    ITRS Analytics - Assign realm roles

The user should have both client and realm roles assigned:

ITRS Analytics - User role assignment result

Verify Grafana access Copied

  1. Log in to Grafana with the Keycloak user you created.

    ITRS Analytics - Grafana login

  2. Complete the ITRS Analytics OAuth login when redirected:

    ITRS Analytics - ITRS Analytics OAuth login

  3. In Grafana, go to Connections > Data sources and open Explore:

    ITRS Analytics - Grafana Explore

  4. Open the Metrics drop-down and start typing a metric name, for example, cpuutilisation. Matching entries should appear as you type.

    ITRS Analytics - Select metric

    ITRS Analytics - Metric suggestions

  5. Click Run query. Data should appear in the results panel:

    ITRS Analytics - Query results

["Geneos"] ["FAQ"]

Was this topic helpful?