-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
👽 Use OpenShift Grafana image; use v3.11 OCP tag #82
Conversation
@grdryn I think we need to test
BTW, have you checked what Grafana version the OpenShift Grafana images use? |
2 other -stupid- questions:
|
@aliok Yes, this definitely needs some testing! :) Do you have any links or suggestions on how to test? I'm pretty new to all of this!
5.2.3
Right! 👍
Honestly, I just initially went for that because the Prometheus image here is already pulling from there. I also don't seem to be able to find a Grafana image from OpenShift on DockerHub, so maybe they haven't published that yet. I think I understand what you're saying about community preferences. I see it a little differently: it would maybe be better if we referenced non-RHEL images (i.e. from other open source communities such as CentOS or Fedora), in our community APBs. I don't think it should matter that they're on DockerHub or not, as long as they're publicly accessible (could be from docker hub, quay.io, registry.fedoraproject.org, registry.centos.org, or anywhere else (in that vein, is registry.access.redhat.com really any different, given that the images are publicly accessible?)). |
Was just asking... Good to hear your thoughts.
Here's what I will do to verify your changes:
Feel free to do the same tests or let me do it for you. |
started verifying this now... |
@aliok awesome, thanks! Let me know how you get on, I haven't managed to try this out at all yet (I know...that's a bad thing)! |
@grdryn @aliok
After these steps, I tried to provision
|
@psturc did you have the old services running? have you tried provision a new service? |
thanks for the suggestions guys. I will check it out myself too |
@wei-lee I used new minishift instance. |
Thanks for trying this out folks. Do you have any idea what might be going wrong? Do we maybe need to launch the container in a different way or something? I'll try to get a local environment configured (since I still haven't done even that), and see if I can understand anything about it. |
Checking it now @grdryn |
@grdryn I tried to deploy the image "registry.access.redhat.com/openshift3/grafana:v3.11" manually in a separate project. I got exactly the same error. I think this is the source for the that image: https://github.com/mrsiano/openshift-grafana but I am not 100% sure. |
@grdryn I guess we first need to ask/solve why deploying registry.access.redhat.com/openshift3/grafana:v3.11 in a clean project fails. maybe you can ask the people in https://github.com/mrsiano/openshift-grafana ? |
@aliok I'm not sure of the exact upstream repo, but I'd have thought it was this one: https://github.com/openshift/grafana/ I'm trying to get a local environment so that I can try to figure out what's going on (so that I can at least have some understanding before going to others). Thanks for the feedback on it, I'll try to have more confidence in future changes before I make PRs! 👍 |
Nice, that should be it. I missed it somehow :) |
Final note for now:
|
f89d392
to
88a11dd
Compare
I've added the missing container arg to pass the config file, and it seems to at least not crash now. Unfortunately, it seems that it doesn't have the extra plugins that we want (and assumed were there (@wei-lee and I saw them on some openshift cluster were this image (we thought) was deployed)) 😭 I also noticed that provisioning from the old APB and then trying to just update the grafana deployment to use the new image, it fails with what appears to be a data migration step. It looked to be similar to grafana/grafana#10830, where the resolution was "Grafana needs write access to the disk/volume where database is located". That sounds like Grafana upgrades might be difficult in future 😟 That also made me think of another problem that's not directly related: if we went for the approach I've been thinking about up to now -- "use the version of these images that matches the version of OpenShift" -- how would we handle OpenShift being upgraded underneath them? Our services wouldn't get a new image (unless maybe they were exposed as image streams in some centralized openshift project that we could reference 'latest' in, I don't see them though). Maybe that's a good thing, since we'd then need to be sure that upgrades would "just work" automatically, when it seems like they currently might not. From the rest of @aliok's test suggestions, here's how far I got:
✔️
✔️ (although I don't see any data on logins or login errors...does this mean logins to the admin console?)
❌ I've a feeling that I may have somehow set up Keycloak wrong. I was hoping for a redirect to OpenShift login, maybe that's not correct? It first brings me to this page: and if I go to "Administration Console", I just get the following login dialog, where I can login with
❌ (well, I couldn't actually do this one, so it's more "error" rather than "failure") I created a mobile client, and bound metrics service. I tried running locally with I was going to build and put on my device, but then I remembered that I'm running everything in minishift, and I don't think it's easy (if even possible?) to call back to from a device. I'm also not sure how to set any of this up with |
Now that you tried and didn't see anything, I am not sure. But, admin console is basically another app
Yeah, that's right. Security checks can't work on the browser.
LOL. You can access from a device but it is problematic. Maybe we can leave all of above to @psturc for verification. Or, I could do it myself. But, following is a bigger problem:
Can you tell me your APB image location? Let me give it a try on my machine. |
afaik this counts the number of logins/registrations of users for a specific realm (you must first create one via admin console and enable registrations in realm settings)
Yeah, let's share the apb and let's give it a try :) |
Thanks for the feedback guys! The APB is here (the tag is In any case, even if we do need to keep our own custom image, it would make more sense if it were based on this one than our own fork. |
👀 |
Yes. #22 @grdryn can you try to install the pie chart plugin (id |
@aliok Yeah, I'm on training this week, but when I get a chance, I'm going to try to install the plugins via the APB, similar to how we add the prometheus jar to keycloak from the APB |
I've made the changes here to bundle the latest version (1.3.3) of the piechart plugin (details in the relevant commit message), and I've added steps to the grafana provisioning tasks to put it into the PV after Grafana is up, and then restart grafana (scale down & up). I've played around with it a bit, and I'm relatively happy with it now. I'm not familiar enough with APB testing to know if/how it should be added to I haven't added the worldmap plugin that was in our old image, because I don't see it referenced in any of our dashboards. Is it a thing we definitely need? |
I've added a new commit here that isn't really related to the original PR purpose, but it's small so I've lumped it in. It removes the dependency on jq, since Note that if trying this part out, I've created AEROGEAR-8214 for issues with the unbind operation. |
Don't remember seeing worldmap used anywhere. If you didn't see it used we're fine. Is this PR ready for verification now @grdryn ? |
Did the 'official' approach not work?
|
Yes! :)
I don't think that would be sufficient for our use case unfortunately, since that would call out to the internet at runtime to download code that we don't have control over, right? |
Ok, trying it now |
I got this for some reason:
Have you seen something like this? Perhaps I made a mistake somewhere when building/pushing to my Docker hub. |
@aliok Thanks for taking a look! Can you tell me what you are running there when you get the error? The |
Ok tried 2 times. Receive this the APB pod logs:
But when I try https://aerogear-app-metrics-aa3.127.0.0.1.nip.io/healthz in my browser I see 200. |
Oh hey I never even noticed this PR before! I will try to make some time to review and verify this. |
I can't get this to build with the changes I've made to the Makefile and Jenkinsfile, so I'm going to back out them, and the changes I've made to the Dockerfile to remove the deprecation notice of the playbook location. I don't care about any of that stuff for the work that I'm doing, so I'll just create a new issue for it. |
This code is from the zip downloaded from grafana.com for the 1.3.3 version: https://grafana.com/plugins/grafana-piechart-panel/installation It corresponds to the code from this upstream commit: grafana/piechart-panel@5f249d5
This is now ready again. I've rebuilt and pushed as I've tested on my local minishift by provisioning from the service catalog, and everything works as expected. I have also deployed to the community cluster using the following command:
You can see the provisioned services here: https://comm2.skunkhenry.com:8443/console/project/grdryn-aerogear-8083/overview You can also see the logs for the completed provision pod here (the broker and catalog weren't used here, so the pod ran in the same namespace): https://comm2.skunkhenry.com:8443/console/project/grdryn-aerogear-8083/browse/pods/metrics-apb-provision?tab=logs |
I have verified the apb locally, and everything is working as expected. I can see the piechart plugin in grafana as well. |
Thanks a lot for helping with this everyone! :) |
JIRA: https://issues.jboss.org/browse/AEROGEAR-8083