Grafana Dashboard Service

Introduced in GitLab 11.9.

Grafana is a powerful dashboard building system that you can use to visualize performance metrics from the embedded Prometheus monitoring system.

Starting with GitLab 12.0, Grafana is enabled by default and SSO with GitLab is automatically configured. Grafana will be available on

Enable login using username and password

The admin account’s username is admin.

Logging in to Grafana using username/password combo is disabled , and only GitLab SSO is available by default. However, to access the admin account, you need to enable login using username/password. For that, add the following line to /etc/gitlab/gitlab.rb file and reconfigure:

grafana['disable_login_form'] = false

Specifying an admin password

The admin password must be specified before the first reconfigure after installation. After this, the admin_password setting doesn’t have any effect, and you’ll have to reset the password manually. Also, to access the admin account, you have to enable login using username and password.

To specify an admin password, add the following line to /etc/gitlab/gitlab.rb file and reconfigure:

grafana['admin_password'] = 'foobar'

If no admin password is provided, Omnibus GitLab will automatically generate a random password for the admin user as a security measure. However, in that case you will have to reset the password manually to access the admin user.

Disabling Grafana

  1. Edit /etc/gitlab/gitlab.rb and add/edit the following lines:

    ## Set to true/false to enable/disable respectively
    grafana['enable'] = false
  2. Save the file and reconfigure GitLab for the changes to take effect.


If you want to give a user access to Grafana, you have two options.

Using Grafana’s authentication system

To allow users to create their own accounts in Grafana:

  1. Edit /etc/gitlab/gitlab.rb and add the following lines:

    grafana['allow_user_sign_up'] = true
  2. Save the file and reconfigure GitLab for the changes to take effect.

Using GitLab as an OAuth provider

If you’re using GitLab 12.0 or later, this is automatically configured. You can skip this section.

To use GitLab as an OAuth provider so that users of your GitLab instance have access to Grafana:

  1. First, create an application ID and secret.

  2. Set the callback URL based on your external_url. For example

  3. Then, edit /etc/gitlab/gitlab.rb and add the following lines:

    grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
    grafana['gitlab_secret'] = 'GITLAB_SECRET'

    Where GITLAB_APPLICATION_ID and GITLAB_SECRET the application ID and its secret that you created in the previous step.

  4. Optionally, you can select a list of GitLab groups allowed to log in:

    grafana['allowed_groups'] = [my_group, group_one/group_two]
  5. Save the file and reconfigure GitLab for the changes to take effect.

GitLab users are created with read-only Viewer privilege by default. The admin account must be used to grant additional access.

Resetting the admin password

After the first startup, the admin password is stored in the Grafana datastore and you cannot change it via gitlab.rb.

To update it, you can use the following command:

gitlab-ctl set-grafana-password

See the Grafana CLI documentation for more information.


Starting with GitLab 11.10, dashboards for monitoring Omnibus GitLab will be pre-loaded and available on initial login.

For earlier versions of GitLab, you can manually import the pre-built dashboards that are tailored for Omnibus installations.

Grafana metrics

Grafana can provide metrics to be scraped by Prometheus.

By default, the metrics API is disabled in the bundled Grafana instance.

Enabling Grafana’s metrics API

To enable Grafana’s metrics API with basic authentication:

  1. Edit /etc/gitlab/gitlab.rb and add/edit the following lines:

    grafana['metrics_enabled'] = true
    grafana['metrics_basic_auth_username'] = 'grafana_metrics'
    grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password'
  2. Save the file and reconfigure GitLab for the changes to take effect.

  3. The metrics will be available at with basic authentication. The username and password for basic authentication will be the metrics_basic_auth_username and metrics_basic_auth_password that was set in /etc/gitlab/gitlab.rb.

Grafana SMTP

Enable SMTP to allow Grafana to send emails:

grafana['smtp']['enabled'] = true

To fully customize Grafana’s SMTP configuration, use the following code snippet as a starting point:

grafana['smtp'] = {
  'enabled' => true,
  'host' => 'localhost:25',
  'user' => nil,
  'password' => nil,
  'cert_file' => nil,
  'key_file' => nil,
  'skip_verify' => false,
  'from_address' => 'admin@grafana.localhost',
  'from_name' => 'Grafana',
  'ehlo_identity' => '',
  'startTLS_policy' => nil

For more information on Grafana’s SMTP configuration see Grafana’s documentation.


X.509: certificate signed by unknown authority

When using a self-signed SSL certificate for GitLab, you may get the following error in the UI:


Check the Grafana server logs for the detailed error message.

The error reported in the Grafana logs at /var/log/gitlab/grafana/current can be:

lvl=eror msg=login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error="Post \"\": x509: certificate signed by unknown authority"

In this case, you must install the self-signed GitLab certificate as trusted.