7eb17bccca
* Set every page to have defaults of 'Enterprise' and 'Open source' labels Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set administration pages to have of 'Cloud', 'Enterprise', and 'Open source' labels Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set administration/enterprise-licensing pages to have 'Enterprise' labels Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set administration/organization-management pages to have 'Enterprise' and 'Open source' labels Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set administration/provisioning pages to have 'Enterprise' and 'Open source' labels Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set administration/recorded-queries pages to have labels cloud,enterprise * Set administration/roles-and-permissions/access-control pages to have labels cloud,enterprise Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set administration/stats-and-license pages to have labels cloud,enterprise * Set alerting pages to have labels cloud,enterprise,oss * Set breaking-changes pages to have labels cloud,enterprise,oss * Set dashboards pages to have labels cloud,enterprise,oss * Set datasources pages to have labels cloud,enterprise,oss * Set explore pages to have labels cloud,enterprise,oss * Set fundamentals pages to have labels cloud,enterprise,oss * Set introduction/grafana-cloud pages to have labels cloud Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Fix introduction pages products Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set panels-visualizations pages to have labels cloud,enterprise,oss * Set release-notes pages to have labels cloud,enterprise,oss * Set search pages to have labels cloud,enterprise,oss * Set setup-grafana/configure-security/audit-grafana pages to have labels cloud,enterprise Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set setup-grafana/configure-security/configure-authentication pages to have labels cloud,enterprise,oss * Set setup-grafana/configure-security/configure-authentication/enhanced-ldap pages to have labels cloud,enterprise * Set setup-grafana/configure-security/configure-authentication/saml pages to have labels cloud,enterprise * Set setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-hashicorp-key-vault pages to have labels cloud,enterprise * Set setup-grafana/configure-security/configure-request-security pages to have labels cloud,enterprise,oss Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set setup-grafana/configure-security/configure-team-sync pages to have labels cloud,enterprise Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set setup-grafana/configure-security/export-logs pages to have labels cloud,enterprise Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Set troubleshooting pages to have labels cloud,enterprise,oss * Set whatsnew pages to have labels cloud,enterprise,oss * Apply updated labels from review Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com> Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com> --------- Signed-off-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com> Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
3.5 KiB
| aliases | description | keywords | labels | title | weight | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Settings updates at runtime |
|
|
Settings updates at runtime | 500 |
Settings updates at runtime
{{% admonition type="note" %}} Available in Grafana Enterprise version 8.0 and later. {{% /admonition %}}
By updating settings at runtime, you can update Grafana settings without needing to restart the Grafana server.
Updates that happen at runtime are stored in the database and override
[settings from other sources]({{< relref "../../configure-grafana" >}})
(arguments, environment variables, settings file, etc). Therefore, every time a specific setting key is removed at runtime,
the value used for that key is the inherited one from the other sources in the reverse order of precedence
(arguments > environment variables > settings file). When no value is provided through any of these options, then the value used will be the application default
Currently, it only supports updates on the auth.saml section.
Update settings via the API
You can update settings through the [Admin API]({{< relref "../../../developers/http_api/admin#update-settings" >}}).
When you submit a settings update via API, Grafana verifies if the given settings updates are allowed and valid. If they are, then Grafana stores the settings in the database and reloads Grafana services with no need to restart the instance.
So, the payload of a PUT request to the update settings endpoint (/api/admin/settings)
should contain (either one or both):
- An
updatesmap with a key, and a value per section you want to set. - A
removalslist with keys per section you want to unset.
For example, if you provide the following updates:
{
"updates": {
"auth.saml": {
"enabled": "true",
"single_logout": "false"
}
}
}
it would enable SAML and disable single logouts. And, if you provide the following removals:
{
"removals": {
"auth.saml": ["allow_idp_initiated"]
}
}
it would remove the key/value setting identified by allow_idp_initiated within the auth.saml.
So, the SAML service would be reloaded and that value would be inherited for either (settings .ini file,
environment variable, command line arguments or any other accepted mechanism to provide configuration).
Therefore, the complete HTTP payload would looks like:
{
"updates": {
"auth.saml": {
"enabled": "true",
"single_logout": "false"
}
},
"removals": {
"auth.saml": ["allow_idp_initiated"]
}
}
In case any of these settings cannot be overridden nor valid, it would return an error and these settings won't be persisted into the database.
Background job (high availability set-ups)
Grafana Enterprise has a built-in scheduled background job that looks into the database every minute for settings updates. If there are updates, it reloads the Grafana services affected by the detected changes.
The background job synchronizes settings between instances in a highly available set-up. So, after you perform some changes through the HTTP API, then the other instances are synchronized through the database and the background job.
Control access with role-based access control
If you have [role-based access control]({{< relref "../../../administration/roles-and-permissions/access-control" >}}) enabled, you can control who can read or update settings. Refer to the [Admin API]({{< relref "../../../developers/http_api/admin#update-settings" >}}) for more information.