search

grafana / oncall

Developer-friendly incident response with brilliant Slack integration
GNU Affero General Public License v3.0
3.47k stars 281 forks source link

Grafana Oncall Plugin not connected #5100

Open Ennakin opened 1 week ago

Ennakin commented 1 week ago

What went wrong?

What happened:

I have a hobby mode of grafana running in containers. The engine version is also 1.9.30, grafana version is 11.3.0-76679. The integrations is still working, alerts are still being sent. There is an error In grafana container logs: " level=error msg="Request Completed" method=POST path=/api/ds/query status=500" What did you expect to happen:

How do we reproduce it?

  1. Open Grafana and go to OnCall section
  2. Now click any page
  3. Wait for the browser to crash. Error message says: "Grafana Oncall Plugin not connected"

Grafana OnCall Version

v.1.9.30

Product Area

Helm/Kubernetes/Docker

Grafana OnCall Platform?

Docker

User's Browser?

Google Chrome

Anything else to add?

No response

felipevacar commented 1 week ago

I am getting the same error :(

curl -X GET 'https://my-user:mypassword@mygrafana.com/api/plugins/grafana-oncall-app/resources/plugin/status'

"error setting up request headers: failed to parse JSON response: json: cannot unmarshal object into Go value of type []plugin.OrgUser "

Grafana v10.2.2

Grafana OnCall Version v.1.9.31

Ennakin commented 1 week ago

I should mention that i have self-hosted grafana with multiple organizations, so enabling the externalServiceAccounts didn't work for me (as I learned from this https://github.com/grafana/grafana-plugin-examples/blob/main/examples/app-with-service-account/README.md). My error is "failed to parse JSON response: json: cannot unmarshal object into Go value of type []plugin.OnCallPermission body={"message":"Unlicensed","traceID":""}". I'm not running Grafana in the Enterprise mode. What's with the license?

mderynck commented 1 week ago

@Ennakin Multiple organizations in Grafana is not supported by OnCall.

Is accessControlOncall feature flag enabled? if you are not running enterprise it should not be on. This is what is telling OnCall to check for RBAC permissions.

Ennakin commented 1 week ago

@Ennakin Multiple organizations in Grafana is not supported by OnCall.

Is accessControlOncall feature flag enabled? if you are not running enterprise it should not be on. This is what is telling OnCall to check for RBAC permissions.

accessControlOncall flag isn't enabled nor through config file, nor through docker-compose envs. RBAC section in grafana.ini looks like this Image the toggler section: Image

so should the externalServiceAccounts toggler be enabled? If so I get "PluginAppClientSecret not set in config" error.

mderynck commented 1 week ago

externalServiceAccounts should be on accessControlOnCall should be off, may want to double check the feature_toggles section in the UI under Administration->General->Settings as well.

Ennakin commented 1 week ago

externalServiceAccounts should be on accessControlOnCall should be off, may want to double check the feature_toggles section in the UI under Administration->General->Settings as well.

Thank you! I checked settings area, externalServiceAccounts is only feature that is on. What PluginAppClientSecret is?

mderynck commented 1 week ago

PluginAppClientSecret is the token for the external service account associated with the Plugin. Under Administration->Users and Access->Service accounts there should be one called extsvc-grafana-oncall-app and it should have 1 token.

Ennakin commented 1 week ago

there is only sa-autogen-OnCall account wich was generated a few month ago with the installation of grafana-oncall. and it has 1 token

mderynck commented 1 week ago

Try going to Administration->Plugins and data->Plugins Grafana OnCall make sure there is an IAM tab on that screen and also check in the grafana log file if there is any errors on startup regarding the plugin. That service account should get created when the plugin is loaded.

Ennakin commented 1 week ago

IAM tab is in place. I still get 'msg="Request Completed" method=GET path=/api/plugins/grafana-oncall-app/resources/plugin/status status=500 ... msg="Error making sync request" error="error getting settings from context: PluginAppClientSecret not set in config "' in grafana logs

Ennakin commented 5 days ago

Is there any chance I can use a post method to create this service account?

Try going to Administration->Plugins and data->Plugins Grafana OnCall make sure there is an IAM tab on that screen and also check in the grafana log file if there is any errors on startup regarding the plugin. That service account should get created when the plugin is loaded.

Ennakin commented 5 days ago

And if I switched to grafana-enterprise would I need a license to use oncall plugin?

mderynck commented 5 days ago

Is there any chance I can use a post method to create this service account?

This service account can't be created by the user it should be created automatically by the plugin.

And if I switched to grafana-enterprise would I need a license to use oncall plugin?

You need a license to use all the features of grafana-enterprise, oncall does not have a license it just conforms to the Grafana version it is installed on.

Ennakin commented 5 days ago

In the enterprise mode with 'enable = externalServiceAccounts, accessControlOncall' setting I still get 'PluginAppClientSecret not set in config' error. Please let me know, if I missed anything

Ennakin commented 4 days ago

This service account can't be created by the user it should be created automatically by the plugin.

Is it supposed to work even without kubernetes? And why doesn't oncall plugin have a permission to create service account in IAM section? Image