Grafana¶

What Is It?¶

Grafana is an open-source visualization and analytics platform. It connects to data sources like Prometheus (metrics) and Loki (logs) to create dashboards, graphs, and tables. It provides alerting capabilities and a large library of community dashboards that can be imported by ID.

Installation¶

Grafana is deployed as a Docker Compose service. No dnf installation is needed.

Container image:

• grafana/grafana:latest — visualization and dashboarding platform

Key Files and Directories¶

Web UI

All dashboard configuration, data source setup, and user management is done through the Grafana web interface at https://grafana.<vm_name>.sysadm.ee.

/var/lib/grafana

Internal data directory. Backed by a named Docker volume to persist dashboards and data sources across container restarts.

Default Ports¶

Configuration¶

Grafana connects to data sources and renders dashboards. All configuration after deployment is done through the web UI.

Minimal Working Configuration¶

Docker Compose service definition (add to docker-compose.yml):

grafana:
  image: grafana/grafana:latest
  environment:
    - GF_SECURITY_ADMIN_USER=admin
    - GF_SECURITY_ADMIN_PASSWORD=admin
  ports:
    - "127.0.0.1:3000:3000"
  volumes:
    - grafana-data:/var/lib/grafana
  restart: unless-stopped

Grafana binds to localhost only and is exposed via an Apache HTTPS reverse proxy.

Add DNS record in your zone file (/var/lib/knot/zones/<vm_name>.sysadm.ee.zone):

grafana  A  <vm-ip>

Bump the serial, then reload: sudo knotc reload

Add Apache vhosts to /etc/httpd/conf.d/:

/etc/httpd/conf.d/grafana.conf:

<VirtualHost *:80>
    ServerName grafana.<vm_name>.sysadm.ee
    Redirect permanent / https://grafana.<vm_name>.sysadm.ee/
</VirtualHost>

<VirtualHost *:443>
    ServerName grafana.<vm_name>.sysadm.ee
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/server.crt
    SSLCertificateKeyFile /etc/pki/tls/private/server.key
    SSLCACertificateFile /etc/pki/tls/certs/ca-chain.crt
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>

Test and reload: sudo apachectl configtest && sudo systemctl reload httpd

Add a Prometheus data source (Web UI):

1. Log in at https://grafana.<vm_name>.sysadm.ee with the admin credentials
2. Go to Connections → Data Sources → Add new data source
3. Select Prometheus
4. Set URL to http://prometheus:9090 (Docker Compose service name)
5. Click Save & Test

Import a dashboard:

1. Go to Dashboards → New → Import
2. Enter dashboard ID 1860 (Node Exporter Full)
3. Select the Prometheus data source and click Import

Add a Loki data source:

1. Go to Connections → Data Sources → Add new data source
2. Select Loki
3. Set URL to http://loki:3100 (Docker Compose service name)
4. Click Save & Test
5. Import dashboard ID 13639 (Logs App) for log visualization

Important Directives¶

GF_SECURITY_ADMIN_USER / GF_SECURITY_ADMIN_PASSWORD

Environment variables that configure the initial admin credentials.

Data source URL format

Use the Docker Compose service name as hostname: http://prometheus:9090, http://loki:3100.

Dashboard IDs

Community dashboards importable by ID: 1860 (Node Exporter Full), 13639 (Logs App for Loki).

Common Commands¶

# Check Grafana health
curl -sk https://grafana.<vm_name>.sysadm.ee/api/health

# View Grafana logs
sudo docker compose logs grafana

# Restart Grafana
sudo docker compose restart grafana

Logging and Debugging¶

• Health endpoint: curl -sk https://grafana.<vm_name>.sysadm.ee/api/health should return {"database":"ok"}.
• Data source test: Use the Save & Test button to verify connectivity to Prometheus/Loki.
• Dashboard shows no data: verify the data source URL is correct and the target service is running.

Troubleshooting checklist:

1. sudo docker compose ps — is the grafana container running?
2. curl http://localhost:3000/api/health — does it return ok?
3. curl -sk https://grafana.<vm_name>.sysadm.ee/api/health — does it work through Apache?
4. Data source Save & Test — does it succeed?

Security Considerations¶

• Default credentials: change the default admin password after first login.
• Network access: Grafana binds to 127.0.0.1 only and is exposed exclusively via the Apache HTTPS reverse proxy. No firewall port needs to be opened for Grafana directly.
• Data persistence: dashboards and data source configuration are stored on a named Docker volume.

Further Reading¶

• Grafana Documentation
• Grafana Dashboards Library
• Grafana Data Sources
• Loki Documentation

Related Documentation¶

• Concepts: Monitoring
• Technologies: Prometheus, Loki
• SOPs: Monitoring Setup