Grafana Dashboard Service

Introduced in GitLab 11.9.

Grafana is a powerful dashboard building system that you can use to visualize performance metrics from the embedded Prometheus monitoring system.

Starting with GitLab 12.0, Grafana is enabled by default and SSO with GitLab is automatically configured. Grafana will be available on https://gitlab.example.com/-/grafana.

Enable login using username and password

Logging in to Grafana using username/password combo is disabled , and only GitLab SSO is available by default. However, to access the admin account, you need to enable login using username/password. For that, add the following line to /etc/gitlab/gitlab.rb file and reconfigure:

grafana['disable_login_form'] = false

Specifying an admin password

Note: The admin password must be specified before the first reconfigure after installation. After this, the admin_password setting doesn’t have any effect, and you’ll have to reset the password manually. Also, to access the admin account, you have to enable login using username and password.

To specify an admin password, add the following line to /etc/gitlab/gitlab.rb file and reconfigure:

grafana['admin_password'] = 'foobar'

If no admin password is provided, omnibus-gitlab will automatically generate a random password for the admin user as a security measure. However, in that case you will have to reset the password manually to access the admin user.

Disabling Grafana

  1. Edit /etc/gitlab/gitlab.rb and add/edit the following lines:

    ## Set to true/false to enable/disable respectively
    grafana['enable'] = false
    
  2. Save the file and reconfigure GitLab for the changes to take effect.

Authentication

If you want to give a user access to Grafana, you have two options.

Using Grafana’s authentication system

To allow users to create their own accounts in Grafana:

  1. Edit /etc/gitlab/gitlab.rb and add the following lines:

    grafana['allow_user_sign_up'] = true
    
  2. Save the file and reconfigure GitLab for the changes to take effect.

Using GitLab as an OAuth provider

Note: If you’re using GitLab 12.0 or later, this is automatically configured. You can skip this section.

To use GitLab as an OAuth provider so that users of your GitLab instance have access to Grafana:

  1. First, create an application ID and secret.

  2. Set the callback URL based on your external_url. For example https://gitlab.example.com/-/grafana/login/gitlab.

  3. Then, edit /etc/gitlab/gitlab.rb and add the following lines:

    grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
    grafana['gitlab_secret'] = 'GITLAB_SECRET'
    

    Where GITLAB_APPLICATION_ID and GITLAB_SECRET the application ID and its secret that you created in the previous step.

  4. Optionally, you can select a list of GitLab groups allowed to login:

    grafana['allowed_groups'] = [my_group, group_one/group_two]
    
  5. Save the file and reconfigure GitLab for the changes to take effect.

Note: GitLab users are created with read-only Viewer privilege by default. The admin account must be used to grant additional access.

Resetting the admin password

After the first startup, the admin password is stored in the Grafana datastore and you cannot change it via gitlab.rb.

To update it, you can use the following command:

gitlab-ctl set-grafana-password

See the Grafana CLI documentation for more information.

Dashboards

Starting with GitLab 11.10, dashboards for monitoring Omnibus GitLab will be pre-loaded and available on initial login.

For earlier versions of GitLab, you can manually import the pre-built dashboards that are tailored for Omnibus installations.