From 90418dc00b9c66e709ad3e4b510d96687b3c1542 Mon Sep 17 00:00:00 2001 From: Kristin Laemmert Date: Mon, 10 Jun 2024 09:22:16 -0400 Subject: [PATCH] Chore: update sample.ini file (#86941) rebase --- conf/sample.ini | 187 +++++++++++++++++++++++++++++++++++++----------- 1 file changed, 147 insertions(+), 40 deletions(-) diff --git a/conf/sample.ini b/conf/sample.ini index 62280de14eb..23478c1ad97 100644 --- a/conf/sample.ini +++ b/conf/sample.ini @@ -31,13 +31,13 @@ # Protocol (http, https, h2, socket) ;protocol = http -# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken +# Minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken ;min_tls_version = "" # The ip address to bind to, empty will bind to all interfaces ;http_addr = -# The http port to use +# The http port to use ;http_port = 3000 # The public facing domain name used to access grafana from a browser @@ -94,6 +94,10 @@ #exampleHeader1 = exampleValue1 #exampleHeader2 = exampleValue2 +[environment] +# Sets whether the local file system is available for Grafana to use. Default is true for backward compatibility. +;local_file_system_available = true + #################################### GRPC Server ######################### ;[grpc_server] ;network = "tcp" @@ -103,6 +107,8 @@ ;key_file = ;max_recv_msg_size = ;max_send_msg_size = +# this will log the request and response for each unary gRPC call +;enable_logging = false #################################### Database #################################### [database] @@ -116,11 +122,22 @@ ;user = root # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" ;password = - # Use either URL or the previous fields to configure the database # Example: mysql://user:secret@host:port/database ;url = +# Max idle conn setting default is 2 +;max_idle_conn = 2 + +# Max conn setting default is 0 (mean not set) +;max_open_conn = + +# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) +;conn_max_lifetime = 14400 + +# Set to true to log the sql calls and execution times. +;log_queries = + # For "postgres", use either "disable", "require" or "verify-full" # For "mysql", use either "true", "false", or "skip-verify". ;ssl_mode = disable @@ -142,18 +159,6 @@ # For "sqlite3" only, path relative to data_path setting ;path = grafana.db -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -;log_queries = - # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared) ;cache_mode = private @@ -175,11 +180,6 @@ # Set to true to add metrics and tracing for database queries. ;instrument_queries = false -################################### Data sources ######################### -[datasources] -# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API. -;datasource_limit = 5000 - #################################### Cache server ############################# [remote_cache] # Either "redis", "memcached" or "database" default is "database" @@ -300,6 +300,12 @@ # Intercom secret, optional, used to hash user_id before passing to Intercom via Rudderstack ;intercom_secret = +# Application Insights connection string. Specify an URL string to enable this feature. +;application_insights_connection_string = + +# Optional. Specifies an Application Insights endpoint URL where the endpoint string is wrapped in backticks ``. +;application_insights_endpoint_url = + # Controls if the UI contains any links to user feedback forms ;feedback_links_enabled = true @@ -383,6 +389,7 @@ # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. ;content_security_policy_report_only_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" + # Controls if old angular plugins are supported or not. ;angular_support_enabled = false @@ -424,7 +431,7 @@ # remove expired snapshot ;snapshot_remove_expired = true -#################################### Dashboards History ################## +#################################### Dashboards ################## [dashboards] # Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 ;versions_to_keep = 20 @@ -436,6 +443,30 @@ # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" ;default_home_dashboard_path = +################################### Data sources ######################### +[datasources] +# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API. +;datasource_limit = 5000 + +# Number of queries to be executed concurrently. Only for the datasource supports concurrency. +# For now only Loki and InfluxDB (with influxql) are supporting concurrency behind the feature flags. +# Check datasource documentations for enabling concurrency. +;concurrent_query_count = 10 + +################################### SQL Data Sources ##################### +[sql_datasources] +# Default maximum number of open connections maintained in the connection pool +# when connecting to SQL based data sources +;max_open_conns_default = 100 + +# Default maximum number of idle connections maintained in the connection pool +# when connecting to SQL based data sources +;max_idle_conns_default = 100 + +# Default maximum connection lifetime used when connecting +# to SQL based data sources. +;max_conn_lifetime_default = 14400 + #################################### Users ############################### [users] # disable user signup / registration @@ -463,7 +494,7 @@ ;login_hint = email or username ;password_hint = password -# Default UI theme ("dark" or "light") +# Default UI theme ("dark", "light" or "system") ;default_theme = dark # Default UI language (supported IETF language tag, such as en-US) @@ -558,9 +589,6 @@ # Set to true to enable Azure authentication option for HTTP-based datasources. ;azure_auth_enabled = false -# Set to skip the organization role from JWT login and use system's role assignment instead. -; skip_org_role_sync = false - # Use email lookup in addition to the unique ID provided by the IdP ;oauth_allow_insecure_email_lookup = false @@ -589,6 +617,9 @@ # mask the Grafana version number for unauthenticated users ;hide_version = false +# number of devices in total +;device_limit = + #################################### GitHub Auth ########################## [auth.github] ;name = GitHub @@ -611,6 +642,12 @@ ;org_mapping = ;allow_assign_grafana_admin = false ;skip_org_role_sync = false +;tls_skip_verify_insecure = false +;tls_client_cert = +;tls_client_key = +;tls_client_ca = +# GitHub OAuth apps does not provide refresh tokens and the access tokens never expires. +;use_refresh_token = false #################################### GitLab Auth ######################### [auth.gitlab] @@ -638,6 +675,7 @@ ;tls_client_key = ;tls_client_ca = ;use_pkce = true +;use_refresh_token = true #################################### Google Auth ########################## [auth.google] @@ -662,7 +700,12 @@ ;org_mapping = ;allow_assign_grafana_admin = false ;skip_org_role_sync = false +;tls_skip_verify_insecure = false +;tls_client_cert = +;tls_client_key = +;tls_client_ca = ;use_pkce = true +;use_refresh_token = true #################################### Grafana.com Auth #################### [auth.grafana_com] @@ -676,6 +719,7 @@ ;scopes = user:email ;allowed_organizations = ;skip_org_role_sync = false +;use_refresh_token = false #################################### Azure AD OAuth ####################### [auth.azuread] @@ -699,6 +743,7 @@ ;use_pkce = true # prevent synchronizing users organization roles ;skip_org_role_sync = false +;use_refresh_token = true #################################### Okta OAuth ####################### [auth.okta] @@ -721,12 +766,18 @@ ; org_mapping = ;allow_assign_grafana_admin = false ;skip_org_role_sync = false +;tls_skip_verify_insecure = false +;tls_client_cert = +;tls_client_key = +;tls_client_ca = ;use_pkce = true +;use_refresh_token = true #################################### Generic OAuth ########################## [auth.generic_oauth] -;enabled = false ;name = OAuth +;icon = signin +;enabled = false ;allow_sign_up = true ;auto_login = false ;client_id = some_id @@ -737,7 +788,11 @@ ;email_attribute_path = ;login_attribute_path = ;name_attribute_path = +;role_attribute_path = +;role_attribute_strict = false +;groups_attribute_path = ;id_token_attribute_name = +;team_ids_attribute_path ;auth_url = https://foo.bar/login/oauth/authorize ;token_url = https://foo.bar/login/oauth/access_token ;api_url = https://foo.bar/user @@ -746,11 +801,8 @@ ;allowed_domains = ;team_ids = ;allowed_organizations = -;role_attribute_path = -;role_attribute_strict = false ;org_attribute_path = ;org_mapping = -;groups_attribute_path = ;team_ids_attribute_path = ;tls_skip_verify_insecure = false ;tls_client_cert = @@ -759,6 +811,8 @@ ;use_pkce = false ;auth_style = ;allow_assign_grafana_admin = false +;skip_org_role_sync = false +;use_refresh_token = false #################################### Basic Auth ########################## [auth.basic] @@ -782,6 +836,7 @@ #################################### Auth JWT ########################## [auth.jwt] ;enabled = true +;enable_login_token = false ;header_name = X-JWT-Assertion ;email_claim = sub ;username_claim = sub @@ -795,11 +850,13 @@ # Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field ;key_id = some-key-id ;role_attribute_path = -;groups_attribute_path = ;role_attribute_strict = false +;groups_attribute_path = ;auto_sign_up = false ;url_login = false ;allow_assign_grafana_admin = false +;skip_org_role_sync = false +;signout_redirect_url = #################################### Auth LDAP ########################## [auth.ldap] @@ -1087,6 +1144,9 @@ # global limit of alerts ;global_alert_rule = -1 +# global limit of files uploaded to the SQL DB +;global_file = 1000 + # global limit of correlations ; global_correlations = -1 @@ -1226,6 +1286,35 @@ # Retention period for Alertmanager notification log entries. ;notification_log_retention = 5d +[unified_alerting.screenshots] +# Enable screenshots in notifications. You must have either installed the Grafana image rendering +# plugin, or set up Grafana to use a remote rendering service. +# For more information on configuration options, refer to [rendering]. +;capture = false + +# The timeout for capturing screenshots. If a screenshot cannot be captured within the timeout then +# the notification is sent without a screenshot. The maximum duration is 30 seconds. This timeout +# should be less than the minimum Interval of all Evaluation Groups to avoid back pressure on alert +# rule evaluation. +;capture_timeout = 10s + +# The maximum number of screenshots that can be taken at the same time. This option is different from +# concurrent_render_request_limit as max_concurrent_screenshots sets the number of concurrent screenshots +# that can be taken at the same time for all firing alerts where as concurrent_render_request_limit sets +# the total number of concurrent screenshots across all Grafana services. +;max_concurrent_screenshots = 5 + +# Uploads screenshots to the local Grafana server or remote storage such as Azure, S3 and GCS. Please +# see [external_image_storage] for further configuration options. If this option is false then +# screenshots will be persisted to disk for up to temp_data_lifetime. +;upload_external_image_storage = false + +[unified_alerting.reserved_labels] +# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled. +# For example: `disabled_labels=grafana_folder` +disabled_labels = + + [unified_alerting.reserved_labels] # Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled. # For example: `disabled_labels=grafana_folder` @@ -1356,6 +1445,11 @@ max_annotations_to_keep = # Enable the Query history ;enabled = true +#################################### Short Links ############################# +[short_links] +# Short links which are never accessed will be deleted as cleanup. Time is in days. Default is 7 days. Max is 365. 0 means they will be deleted approximately every 10 minutes. +;expire_time = 7 + #################################### Internal Grafana Metrics ########################## # Metrics available at HTTP URL /metrics and /metrics/plugins/:pluginId [metrics] @@ -1463,14 +1557,16 @@ max_annotations_to_keep = [external_image_storage.webdav] ;url = -;public_url = ;username = ;password = +;public_url = [external_image_storage.gcs] ;key_file = ;bucket = ;path = +;enable_signed_urls = false +;signed_url_expiration = [external_image_storage.azure_blob] ;account_name = @@ -1497,6 +1593,12 @@ max_annotations_to_keep = # Default is 5m. This should be more than enough for most deployments. # Change the value only if image rendering is failing and you see `Failed to get the render key from cache` in Grafana logs. ;render_key_lifetime = 5m +# Default width for panel screenshot +;default_image_width = 1000 +# Default height for panel screenshot +;default_image_height = 500 +# Default scale for panel screenshot +;default_image_scale = 1 [panels] # If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities. @@ -1576,6 +1678,10 @@ max_annotations_to_keep = # Default is false. This can be useful to enable (true) when troubleshooting. ;rendering_dumpio = +# Instruct headless browser instance whether to register metrics for the duration of every rendering step. Default is false. +# This can be useful to enable (true) when optimizing the rendering mode settings to improve the plugin performance or when troubleshooting. +;rendering_timing_metrics = + # Additional arguments to pass to the headless browser instance. Default is --no-sandbox. The list of Chromium flags can be found # here (https://peter.sh/experiments/chromium-command-line-switches/). Multiple arguments is separated with comma-character. ;rendering_args = @@ -1609,14 +1715,6 @@ max_annotations_to_keep = ;grpc_host = ;grpc_port = -[support_bundles] -# Enable support bundle creation (default: true) -#enabled = true -# Only server admins can generate and view support bundles (default: true) -#server_admin_only = true -# If set, bundles will be encrypted with the provided public keys separated by whitespace -#public_keys = "" - [enterprise] # Path to a valid Grafana Enterprise license.jwt file ;license_path = @@ -1669,6 +1767,15 @@ max_annotations_to_keep = # Enable or disable loading other base map layers ;enable_custom_baselayers = true +#################################### Support Bundles ##################################### +[support_bundles] +# Enable support bundle creation (default: true) +#enabled = true +# Only server admins can generate and view support bundles (default: true) +#server_admin_only = true +# If set, bundles will be encrypted with the provided public keys separated by whitespace +#public_keys = "" + # Move an app plugin referenced by its id (including all its pages) to a specific navigation section [navigation.app_sections] # The following will move an app plugin with the id of `my-app-id` under the `cfg` section @@ -1708,4 +1815,4 @@ max_annotations_to_keep = #################################### Public Dashboards ##################################### [public_dashboards] # Set to false to disable public dashboards -;enabled = true +;enabled = true \ No newline at end of file