Grafana Panel - Sign a Private Plugin

companymvms · February 4, 2022, 5:50pm

Hello Everybody,

I built a panel plugin successfully. I could also see it at grafana.
However, it is unsigned.
I tried to signed it, in accord with the tutorials. So, after creating the plugin, I did:
npx @grafana/toolkit plugin:sign --rootUrls http://grafana.staged-by-discourse.com

The rootUrls is correctly set at grafana.ini as:
root_url = http://grafana.staged-by-discourse.com

However, I am getting this error here:

Please, can someone explain to me what I am missing here.

Thanks!
Cheers,
Turtles

marcusolsson · February 4, 2022, 7:26pm

Looks like you might’ve discovered a bug

Does it work if you sign it with a previous version? I think you should be able to run it with a specific version like this:

npx @grafana/toolkit@8.3.4 plugin:sign --rootUrls http://grafana.staged-by-discourse.com

companymvms · February 5, 2022, 5:59pm

Hallo @marcusolsson,

thanks for your help. I even used different versions of @grafana/toolkit I am getting another error. The error message is: Error signing manifest: Token invalid.

What can be invalid token?
The Grafana API Key was created at my grafana local host and is valid for about 6 months.
More information:
System: Ubuntu 20.04.3 LTS
Running on WSL2.
App: sample app template from grafana compiled and build with yarn.
I tried also with npm.

I appreciate any help!
Thank you vey much!
Cheers,
Turtles

mikhailvolkov · February 14, 2022, 3:42pm

You need to create an API key using your Grafana Cloud account and use it to sign the private plugin: Sign a plugin | Grafana Labs

jn6091 · March 14, 2022, 3:36pm

I have the same issue as the image below with generating an API key on localhost Grafana.

I don’t think generating an API on Grafana cloud account will help it work on local Grafana. I’ve tried generating it on cloud even with --rootUrls http://127.0.0.1:3000 and the plugin doesn’t show up anymore in local Grafana (even in dev mode) once you sign it.

So is there no solution to this? If you host your own Grafana server you’re unable to use Private plugins?

mikhailvolkov · March 14, 2022, 3:47pm

@jn6091 When plugin signed it creates MANIFEST file with all included files and their properties. If any of the files modified, it will be skipped and plugin should be resigned.

If you enable the Dev mode, MANIFEST file should be deleted. It was recently updated in the documentation.

If you do the provided steps in the correct order, plugin should be loaded successfully.
You can take a look at our Panel template for example: GitHub - VolkovLabs/volkovlabs-abc-panel: Template to create a new @grafana panel plugin.

jn6091 · March 14, 2022, 4:23pm

Here is the process i took:

Started grafana in production mode

cd /var/lib/grafana/plugins

npx @grafana/toolkit plugin:create randomname-defaultplugin

cd randomname-defaultplugin

yarn install

yarn dev

yarn build

Generated API key on grafana cloud account https://grafana.com/orgs/<username>/api-keys

export GRAFANA_API_KEY=<generated_key>

yarn sign --rootUrls http://127.0.0.1:3000

service grafana-server restart

This process above signs it successfully however the plugin does not show in the http://127.0.0.1:3000/plugins url.

mikhailvolkov · March 14, 2022, 5:03pm

I just followed your steps and saw the error that plugin was signed for “http://127.0.0.1:3000” when I have Grafana configured for “http://grafana.staged-by-discourse.com”. Do you see similar error when trying to load plugin? If you do, you should sign it with the correct Server Name.

grafana    | logger=plugin.loader t=2022-03-14T16:58:41.76+0000 lvl=warn msg="Could not find root URL that matches running application URL" plugin=volkovlabs-randomname-defaultplugin appUrl=http://grafana.staged-by-discourse.com/ rootUrls="unsupported value type"
grafana    | logger=plugin.loader t=2022-03-14T16:58:41.76+0000 lvl=warn msg="Skipping loading plugin due to problem with signature" pluginID=volkovlabs-randomname-defaultplugin status=invalid

jn6091 · March 14, 2022, 5:46pm

Indeed that was the issue. After signing it with http://grafana.staged-by-discourse.com instead of http://127.0.0.1:3000 it works now. Thank you very much!

luispinho · March 15, 2022, 12:38pm

Hi there,
sorry for stealing this topic (I can create a new one if you find it necessary).
I’m following the steps from @jn6091

Possible differences:

Using Windows OS (git bash)
replacing the 127.0.0.0 for localhost
Not using the grafana plugins directory, I’ve a development directory and then copy the dist content directory to the grafana plugins directory

And I’m getting the error:

Error signing manifest: Token invalid

The API Key I used was generated at https://randomname.grafana.net/org/apikeys today and will expire in 2023.

Could you please indicate how can I identify why the token is invalid?

Thanks,
Luís Pinho

davidkramer12 · February 17, 2024, 8:50am

Did you manage to solve the issue ? And how did you solve it?

jangaraj · February 17, 2024, 9:50am

Don’t use Grafana API key (that’s for access to Grafana). Use Grafana Cloud API key (with correct role: PluginPublisher).

https://grafana.com/orgs/<your-grafana-cloud-org-here>/api-keys

davidkramer12 · February 17, 2024, 9:53am

Yes I did use Cloud API key. First I want to point out that Grafana will be running localy alwasy.

bkgann · February 28, 2024, 9:25pm

You should be able to sign it by following the guides here:

Sign a plugin (setup)

and

signing a private plugin

Topic		Replies	Views
Problems signing my Panel Plugin Signing & publishing windows	9	3022	March 8, 2023
Signing is Plugin in private mode Signing & publishing windows	5	2173	September 16, 2022
Signed Panel plugin keep throwing invalid signature error Signing & publishing	2	1617	January 11, 2022
Invalid signature when signing a private plugin Signing & publishing	4	3993	April 12, 2022
Root_url not a valid rootUrl for signing a plugin Signing & publishing plugins	5	2224	May 6, 2022

Grafana Panel - Sign a Private Plugin

Related topics