Hello
I have a simple Grafana Dashboard with a bunch of time series graphs. The graphs have one InfluxDB Data source configured. I have configured this Dashboard as Public dashboard.
When opening the resulting link in a Private Browser Window I get red marks as it can’t load the data:
When opening the same public dashboard in the normal Browser Window it works. The difference is that I’m authenticated in the normal Browser Window.
The interesting part is that this issue is present on grafana/grafana-oss:10.2.1, but it works again if I downgrade to grafana/grafana-oss:10.1.5.
Do I need to configure my InfluxDB data source differently or is this a Grafana Bug?
This is the failing HTTP Request:
Hello,
we have the exact same problem, after we updated from 10.0 to 10.2.
Any Ideas?
yosiasz
November 23, 2023, 8:00pm
3
Here you go the issue in github. Maybe in test environment you can upgrade to latest and see if the fix is in?
opened 05:29PM - 24 Oct 23 UTC
closed 04:21PM - 26 Oct 23 UTC
It seems that the public dashboards upgrade, may have broken the `ENV GF_AUTH_AN… ONYMOUS_ORG_ROLE "Viewer"` and `ENV GF_AUTH_ANONYMOUS_ENABLED="true"` attributes.
### What happened?
After upgrading from 10.1.5 to 10.2. we now see the following error for all our dashboards displayed in the logs after Grafana boots up. No dashboards will load and localhost:3000/dashboards simply gives a page not found 404.
```
level=error msg="Could not make user admin" dashboard="<YourDashboardNameHere>" namespaceID=user userID=0 error="identifier is not initialized"_
```
When we revert back to 10.1.5 we instead see this error
```
level=warn msg="Failed to authenticate request" client=auth.client.session error="user token not found"
```
Note, this only happens when we enable anonymous logins (using the following env vars in the dockerfile)
ENV GF_AUTH_ANONYMOUS_ORG_ROLE "Viewer"
If we set that to ENV GF_AUTH_ANONYMOUS_ORG_ROLE "Admin" it fixes the problem, but we don't want users to be able to edit panels etc.
==========================================================
**grafana.ini**
```
[paths]
provisioning = /etc/grafana/provisioning
[server]
enable_gzip = true
# If you wish to host Grafana behind a SSL certificate, enable this.
# It is generally not required because we host Grafana within a kubernetes cluster
# and the HTTPS routing is already handled by the load balancer before hand.
# protocol = https
# cert_key = /etc/grafana/grafana.key
# cert_file = /etc/grafana/grafana.crt
root_url = /
serve_from_sub_path = true
#router_logging = false
[users]
default_theme = dark
[dashboards]
min_refresh_interval = 1s
```
**Dockerfile**
Note: We are manually pre-downloading some plugins and injecting them into the container.
```
ARG GRAFANA_VERSION="latest"
# Stage 1: Conditional Copy for subset dashboard builds
FROM alpine as conditional-copy
ARG ENV_TYPE
COPY /dashboards/ /dashboards/
RUN mkdir -p /dashboard_subset && \
if [ "$ENV_TYPE" = "45SLD" ]; then \
mkdir -p /dashboard_subset/dashboards/; \
cp /dashboards/space_weather.json /dashboard_subset/dashboards/; \
else \
cp -r /dashboards/ /dashboard_subset/; \
fi
# Stage 2: Final build
FROM --platform=amd64 grafana/grafana:${GRAFANA_VERSION}
ARG GF_INSTALL_IMAGE_RENDERER_PLUGIN="false"
ARG GF_GID="0"
ENV GF_PATHS_PLUGINS="/var/lib/grafana-plugins"
ENV GF_PLUGIN_RENDERING_CHROME_BIN="/usr/bin/chrome"
# Disable Login form or not
ENV GF_AUTH_DISABLE_LOGIN_FORM "true"
# Allow anonymous authentication or not
ENV GF_AUTH_ANONYMOUS_ENABLED="true"
ENV GF_AUTH_ANONYMOUS_ORG_ROLE "Viewer"
# Role of anonymous user
ENV GF_AUTH_OAUTH_AUTO_LOGIN=false
USER root
#RUN rm -f /etc/ssl/certs/ca-certificates.crt
#COPY certs/45SLD/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
RUN mkdir -p "$GF_PATHS_PLUGINS" && \
chown -R grafana:${GF_GID} "$GF_PATHS_PLUGINS" && \
if [ $GF_INSTALL_IMAGE_RENDERER_PLUGIN = "true" ]; then \
if grep -i -q alpine /etc/issue; then \
apk add --no-cache udev ttf-opensans chromium && \
ln -s /usr/bin/chromium-browser "$GF_PLUGIN_RENDERING_CHROME_BIN"; \
else \
cd /tmp && \
curl -sLO https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && \
DEBIAN_FRONTEND=noninteractive && \
apt-get update -q && \
apt-get install -q -y ./google-chrome-stable_current_amd64.deb && \
rm -rf /var/lib/apt/lists/* && \
rm ./google-chrome-stable_current_amd64.deb && \
ln -s /usr/bin/google-chrome "$GF_PLUGIN_RENDERING_CHROME_BIN"; \
fi \
fi
USER grafana
RUN if [ $GF_INSTALL_IMAGE_RENDERER_PLUGIN = "true" ]; then \
grafana-cli \
--pluginsDir "$GF_PATHS_PLUGINS" \
--pluginUrl https://github.com/grafana/grafana-image-renderer/releases/latest/download/plugin-linux-x64-glibc-no-chromium.zip \
plugins install grafana-image-renderer; \
fi
ARG GF_INSTALL_PLUGINS="yesoreyeram-infinity-datasource,ae3e-plotly-panel,gapit-htmlgraphics-panel"
RUN if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then \
OLDIFS=$IFS; \
IFS=','; \
for plugin in ${GF_INSTALL_PLUGINS}; do \
IFS=$OLDIFS; \
if expr match "$plugin" '.*\;.*'; then \
pluginUrl=$(echo "$plugin" | cut -d';' -f 1); \
pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2); \
grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}"; \
else \
grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin}; \
fi \
done \
fi
# use these if running docker-compose locally
COPY provisioning /etc/grafana/provisioning
COPY grafana.ini /etc/grafana/grafana.ini
COPY --from=conditional-copy /dashboard_subset/dashboards /etc/grafana/dashboards
```
### What did you expect to happen?
Dasbhoards still load if you are an anonymous user, and not require a login.
### Did this work before?
Yes it worked in v10.1.5
### How do we reproduce it?
Use the dockerfile and grafana.ini attached
### Is the bug inside a dashboard panel?
No
### Environment (with versions)?
Grafana: 10.2.0
OS: Windows or Linux
Browser: Chrome
### Grafana platform?
Docker
### Datasource(s)?
_No response_
