mysql端口使用3306
docker run --name mySql -p 3306:3306 --restart always -e MYSQL_ROOT_PASSWORD=root -d mysql:8.0.16
keycloak和grafana有独立的数据库,需要分别创建数据库,我就按这两个名称来命名。
keycloak端口使用9080
docker run --name myKeycloak -d --restart always --net keycloak-network -p 9080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_VENDOR=mysql -e DB_ADDR=192.168.58.132 -e DB_PORT=3306 -e DB_DATABASE=keycloak -e DB_USER=root -e DB_PASSWORD=root jboss/keycloak
@ 登录Keycloak后台,比如 http://192.168.58.132:9080/auth/ ,点击 Administration Console ,输入账号密码 admin/admin 登录。
@ Add Realm,比如Name为"Allen"
@ 创建Client,Name为"grafana",grafana默认端口是3000, 因此比如Root URL填写http://192.168.58.132:3000
@ 开启Authorization Enabled,保存。(该步骤非必须,建议开启,可以提供鉴权功能)
@ 打开Credentials,留存Secret,用于稍后配置grafana.ini。
@ 到Users模块创建用户
@ 到用户的Credentials页签设定密码,关闭Temporary选项。
docker run -d --restart always --net keycloak-network --user root --name=myGrafana -e "GF_SERVER_ROOT_URL=http://192.168.58.132:3000" -e "GF_SECURITY_ADMIN_PASSWORD=root" -p 3000:3000 -v "/mydata/docker/volume/grafana/lib:/var/lib/grafana" grafana/grafana
@ 访问 http://192.168.58.132:3000 即可看到登录界面,并可以通过 admin/root 登录。
@ 编辑/etc/grafana/grafana.ini配置文件,需要进入docker中修改
主要修改三大块,Database,Security,Generic Oauth。如下三张图所示:
[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.
# Either "mysql", "postgres" or "sqlite3", it's your choice
type = mysql
host = 192.168.58.132:3306
name = grafana
user = root
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = root
mysql数据的jdbc配置,name是数据库名称grafana
[security]
# default admin user, created on startup
admin_user = admin
# default admin password, can be changed before first start of grafana, or in profile settings
admin_password = root
admin_user 和 admin_password 估计是 grafana 用普通登录时的账号密码
[auth.generic_oauth]
enabled = true
name = Allen
allow_sign_up = true
client_id = grafana
client_secret = 0f33ce60-6c66-4589-a952-cc630204c9af
scopes = openid email name
auth_url = http://192.168.58.132:9080/auth/realms/Allen/protocol/openid-connect/auth
token_url = http://192.168.58.132:9080/auth/realms/Allen/protocol/openid-connect/token
api_url = http://192.168.58.132:9080/auth/realms/Allen/protocol/openid-connect/userinfo
Allen 是 Realm Name 领域名称,在keyloak中创建Realm时指定的
grafana 是 client_id,是在keyloak中创建client时指定的;
client_secret 是 在client创建后自动生成的;
想查看整个配置文件,请参考文章 grafana + mysql8.0.16 配置(运行成功)
@ 重启docker grafana服务
@ 再次访问 http://192.168.58.132:3000 ,登录界面能看到"Sign in with Allen",点击即跳转到Keycloak登录界面,Realm为Allen。使用账号密码 zhaolinliang / root登录,登录成功跳转回grafana,实现单点登录。
登录成功:
参考资料:
Keycloak和Grafana集成实现单点登录