Grafana in Azure appservice and User Logout time

Hello Folk,
we have Grafana (grafana/grafana:9.3.6) pulled directly from docker HUB. We show at the entrance of our office a small dashboard but the user we use (a local user) gets always logged out after 10/15 min.
I can disable the log out? I checked everywhere and it seems that the following variables " login_maximum_*" cannot be set as Environment Variable (“GF_AUTH…etc…”), but only manageable inside Grafana.INI? IS there any suggestion? I do not how how to find the Grafana.ini inside the Appservice container…I relly looked everywhere…

Hi @danielesalvigni,

Thanks for opening this post.

Just to understand it clear, you are running the Grafana container using docker-compose?

I am running in appservice this image:

grafana/grafana:9.3.6-ubuntu

coming from

https://hub.docker.com/layers/grafana/grafana

Thanks.

I am not familiar with Azure as to how they provide images but normally in plain docker world, I would always use Docker
or
Docker

But if Azure provides it as the only image then all fine.

Regarding the configuration:

We do have these 2 parameters which you can use to allow users to remain login for longer period:

In order to define them, you need to pass them as ENVIRONMENT VARIABLES in your docker-compose.yml file

for e.g.

GF_CONFIG_NAME

Here is a sample config file

grafana:
  container_name: grafana
  image: grafana/grafana:latest
  ports:
    - 3000:3000
  environment:
    - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
    - GF_AUTH_ANONYMOUS_ENABLED=true
    - GF_AUTH_BASIC_ENABLED=false
    - GF_ENABLE_GZIP=true
    - GF_USERS_DEFAULT_THEME=light

For the above login_maximium_… parameters, you can do the following inside the environment section of docker-compose.

GF_AUTH_LOGIN_MAXIMUM_INACTIVE_LIFETIME_DURATION=2w
GF_AUTH_LOGIN_MAXIMUM_LIFETIME_DURATION=2w

Once that is done. Bring down your container and then start again so that it can take new config values.

You can verify if the setting take place or not by login to your Grafana account => Server Admin => Settings and there search for the above config values (should be under the auth section)

Hello! I was looking for these ENV variable but it was impossible to find in the documentation. To me it was appearing like the unique way was to rewrite grafana.ini…

Let me try!!!

Hello,
I applied in APP SERVICE

But still not overriding the default settings. Is there any chanche to open a PR for having this option into the Grafana Interface?
What else can u suggest?

Hey @danielesalvigni

Can you please tell a bit more about the Azure environment for e.g. using Azure Cloud etc …

which Grafana flavour (e.g. OSS, Hosted Grafana, Grafana Enterprise, etc)

I will then ask the team and then will get back to you

Hello,
Currently I am running it in Azure Cloud where i have full admin grants. I created an App Service and setup to download the image tag version from docker Hub:

Database is external (A Postgresql definied in the ENV Variables).
The ENV Variables are defined in the Configuration of app service. They all work but not the 2 suggested (The account continue to log off after 10 minutes…)


I mounted the following persistent storage:

I hope you have everything! Looking forward for your reply, thank you!

Hello, do you have any news? SUggestion?

Hi @danielesalvigni

I finally got some more information on this after talking to the folks.

They think we are looking for the wrong settings the:

login_maximum_inactive_lifetime_duration
and
login_maximum_lifetime_duration

already default to 7d and 30d respectively according to the docs, while the user is saying they are logged out after 10/15 minutes so it must be something else.

What about oauth_state_cookie_max_age (docs), that defaults to 600s (15 minutes). Its worth a try.

Also, for users that are using grafana with another managed service, they can get support from that provider. In this case, Microsoft Azure support might know if there are limitations of the instances they make available.

For example:

All users must have accounts in an Azure Active Directory. Microsoft (also known as MSA) and 3rd-party accounts aren’t supported.

From what I can find Azure AD supports Oauth 2.0 workflows, but not sure if there is any other customization of their image

Hello,
thank you for the reply! I confirm we use and support OAUTH but the problem here is that the account logged off is a local account (not azure account), created specifically for monitoring, which exists only in Grafana. I changed the oauth_state_cookie_max_age to 9000 but I do not think this will impact the local monitoring account…I could check tomorrow and let you know.
In the meantime I updated ti 9.4.3 version.

1 Like

Guys, you can close this ticket…it seems the oauth_state_cookie_max_age is doing is dirty work :smiley:

So I updated to 9.4.7 and stopped to work again…current situation: my local user continues to logo off after 10 minutes. Any clue or improvement where to look into??

Can you please recheck if the previous configuration may got overwritten?

I tried and nothing changed…how can i see inside the container which values are currently taken by the running instance of grafana? Is there any SSH command i can launch???

You can look into the container if you have access to the console.

Step 1 => Run the docker ps command

[root@docker grafana-plain]# docker ps
CONTAINER ID   IMAGE                        COMMAND     CREATED         STATUS         PORTS                                       NAMES
eac3f3dae010   grafana/grafana-oss:latest   "/run.sh"   3 seconds ago   Up 2 seconds   0.0.0.0:3000->3000/tcp, :::3000->3000/tcp   grafana

Step 2 => Note down the container-id e.g. in this case its eac3…

Step 3 => Run docker exec command with container-id

[root@docker grafana-plain]# docker exec -it eac3f3dae010 bash

Step 4 => Now you are in the container and go to the /etc/grafana to view the grafana.ini file

eac3f3dae010:/usr/share/grafana# vi /etc/grafana/grafana.ini

Check the configuration parameters if they got overwritten

1 Like