Closed lucyb closed 7 months ago
self-hosted grafana is online at dashboards.opensafely.org, with CloudFlare proxy enabled on the hostname. Currently tidying up the process PR https://github.com/opensafely-core/sysadmin/pull/150
TODO: ensure the instance can send emails (invites, password reset etc)
some intermittent issues with accessing this services via dashboards.opensafely.org, although the dokku url works reliably.
Disabling the CloudFlare proxy on the CloudFlare DNS setting page makes it work! 🎉
EDIT: after a bit of flip-flopping, which I think was due to DNS propogation
We may be able to use CloudFlare Cache Rules to enable caching & still have a functioning system.
need to merge PR, configure continuous deployment & ensure auto-merge of dependabot PRs.
nb. if you need to redeploy this before I'm back from holidays, you can just push the sysadmin repo at the grafana app on dokku3.
@madwort I've noticed that we aren't getting dependabot alerts for the sysadmin repo at the moment. I know we have the dependabot workflow, but should we enable some of these settings too as part of this work, so that we are alerted when there are new versions of grafana or new vulnerabilities?
https://github.com/opensafely-core/sysadmin/settings/security_analysis
@lucyb yes, you're right, dependabot security updates
and dependabot version updates
are two essentially completely separate systems, we only have dependabot version updates
configured. I have just enabled dependabot security updates
for that repo - I think it doesn't have many config options.
todo:
I /think/ adding the github module is just running this line on dokku3 (& adding to the INSTALL.md)
dokku config:set grafana GF_INSTALL_PLUGINS="grafana-github-datasource"
I'll test later today.
TODO: continuous deployment, and auto-merging of the dependabot PRs
discussed with George yesterday, plan to keep the grafana prod deployment stuff in the metrics repo. Currently trying to figure out how to switch the grafana prod deployment from the current setup (the sysadmin repo, pushing git, building on dokku) to what I think is the best setup going forward (the metrics repo, building on CI, pushing a docker image). I'm going to set up a second grafana instance on dokku3 in order to do a dry-run of this change as I'm a bit unclear on how dokku will respond to these changes & don't want to break what is now effectively a prod system (with the wip dashboards!).
We have enabled public dashboards.
Continuous deployment is working, following https://github.com/ebmdatalab/metrics/pull/8
follow-up task https://github.com/ebmdatalab/metrics/issues/28
I think this is done now? Is there anything else? We could review user permissions?
all done
Questions to answer before we decide to self-host grafana
Related issues: