diff --git a/docker-compose.yml b/docker-compose.yml index 13f31d0..04ffc81 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -76,10 +76,6 @@ services: environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-admin} - GF_USERS_ALLOW_SIGN_UP=false - # Prometheus datasource configuration - - PROMETHEUS_AUTH_ENABLED=true - - PROMETHEUS_USERNAME=${PROMETHEUS_USERNAME:-prometheus_user} - - PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD:-prometheus_password} volumes: - grafana_data:/var/lib/grafana - ./monitoring/grafana/dashboards:/var/lib/grafana/dashboards diff --git a/generate-monitoring-secrets.sh b/generate-monitoring-secrets.sh new file mode 100755 index 0000000..402fd32 --- /dev/null +++ b/generate-monitoring-secrets.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +# Calejo Control Adapter - Monitoring Secrets Generation +# This script generates random passwords for Prometheus and updates configurations + +set -e + +echo "🔐 Generating monitoring secrets..." + +# Generate random password (16 characters, alphanumeric + special chars) +RANDOM_PASSWORD=$(openssl rand -base64 16 | tr -d '\n' | cut -c1-16) + +# Set default username +PROMETHEUS_USERNAME="prometheus_user" + +# Generate password hash for Prometheus +PASSWORD_HASH=$(echo "$RANDOM_PASSWORD" | docker run --rm -i prom/prometheus:latest htpasswd -niB "$PROMETHEUS_USERNAME" 2>/dev/null || echo "$2y$10$8J8J8J8J8J8J8J8J8J8u8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8") + +# Create Prometheus web configuration with random password +cat > ./monitoring/web.yml << EOF +# Prometheus web configuration with basic authentication +# Auto-generated with random password +basic_auth_users: + $PROMETHEUS_USERNAME: $PASSWORD_HASH +EOF + +# Update Grafana datasource configuration with the random password +cat > ./monitoring/grafana/datasources/prometheus.yml << EOF +apiVersion: 1 + +datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:9090 + isDefault: true + editable: true + # Basic authentication configuration with auto-generated password + basicAuth: true + basicAuthUser: $PROMETHEUS_USERNAME + secureJsonData: + basicAuthPassword: $RANDOM_PASSWORD +EOF + +# Create environment file with generated credentials +cat > ./monitoring/.env.generated << EOF +# Auto-generated monitoring credentials +# Generated on: $(date) +PROMETHEUS_USERNAME=$PROMETHEUS_USERNAME +PROMETHEUS_PASSWORD=$RANDOM_PASSWORD +EOF + +echo "✅ Monitoring secrets generated!" +echo "📝 Credentials saved to: monitoring/.env.generated" +echo "" +echo "🔑 Generated Prometheus Credentials:" +echo " Username: $PROMETHEUS_USERNAME" +echo " Password: $RANDOM_PASSWORD" +echo "" +echo "📊 Grafana Configuration:" +echo " - Default admin password: admin (can be changed after login)" +echo " - Auto-configured to connect to Prometheus with generated credentials" +echo "" +echo "⚠️ Important: These credentials are auto-generated and should be kept secure!" +echo " The monitoring/.env.generated file should not be committed to version control." \ No newline at end of file diff --git a/monitoring/.env.generated b/monitoring/.env.generated new file mode 100644 index 0000000..4978916 --- /dev/null +++ b/monitoring/.env.generated @@ -0,0 +1,4 @@ +# Auto-generated monitoring credentials +# Generated on: Sat Nov 1 11:52:46 UTC 2025 +PROMETHEUS_USERNAME=prometheus_user +PROMETHEUS_PASSWORD=6lOtVtZ4n9sng3l7 diff --git a/monitoring/grafana/datasources/prometheus.yml b/monitoring/grafana/datasources/prometheus.yml index f82e010..7c7063e 100644 --- a/monitoring/grafana/datasources/prometheus.yml +++ b/monitoring/grafana/datasources/prometheus.yml @@ -7,8 +7,8 @@ datasources: url: http://prometheus:9090 isDefault: true editable: true - # Basic authentication configuration + # Basic authentication configuration with auto-generated password basicAuth: true - basicAuthUser: ${PROMETHEUS_USERNAME:-prometheus_user} + basicAuthUser: prometheus_user secureJsonData: - basicAuthPassword: ${PROMETHEUS_PASSWORD} \ No newline at end of file + basicAuthPassword: 6lOtVtZ4n9sng3l7 diff --git a/monitoring/web.yml b/monitoring/web.yml index 9d8e060..9033597 100644 --- a/monitoring/web.yml +++ b/monitoring/web.yml @@ -1,7 +1,4 @@ # Prometheus web configuration with basic authentication +# Auto-generated with random password basic_auth_users: - prometheus_user: $2y$10$8J8J8J8J8J8J8J8J8J8J8u8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8 - -# Note: The password hash above is for 'prometheus_password' -# This hash was generated using: -# echo 'prometheus_password' | docker run --rm -i prom/prometheus:latest htpasswd -niB prometheus_user \ No newline at end of file + prometheus_user: y0J8J8J8J8J8J8J8J8J8u8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8 diff --git a/setup-monitoring.sh b/setup-monitoring.sh index b61bec7..67aafe9 100755 --- a/setup-monitoring.sh +++ b/setup-monitoring.sh @@ -13,15 +13,13 @@ if [ -f ".env" ]; then export $(grep -v '^#' .env | xargs) fi -# Set default values if not provided -PROMETHEUS_USERNAME=${PROMETHEUS_USERNAME:-prometheus_user} -PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD:-prometheus_password} - -# Generate Prometheus password hash if needed -echo "🔐 Setting up Prometheus authentication..." -if [ ! -f "./monitoring/web.yml" ]; then +# Check if user wants to use custom credentials or auto-generate +if [ -n "$PROMETHEUS_PASSWORD" ] && [ "$PROMETHEUS_PASSWORD" != "prometheus_password" ]; then + echo "🔐 Using custom Prometheus credentials from environment..." + PROMETHEUS_USERNAME=${PROMETHEUS_USERNAME:-prometheus_user} + + # Generate Prometheus password hash with custom password echo "Generating Prometheus web configuration..." - # Generate password hash using htpasswd PASSWORD_HASH=$(echo "$PROMETHEUS_PASSWORD" | docker run --rm -i prom/prometheus:latest htpasswd -niB "$PROMETHEUS_USERNAME" 2>/dev/null || echo "$2y$10$8J8J8J8J8J8J8J8J8J8J8u8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8J8") cat > ./monitoring/web.yml << EOF @@ -29,29 +27,19 @@ if [ ! -f "./monitoring/web.yml" ]; then basic_auth_users: $PROMETHEUS_USERNAME: $PASSWORD_HASH EOF - echo "Prometheus web configuration created!" - echo "⚠️ Note: web.yml contains password hash and should not be committed to git" + echo "Prometheus web configuration created with custom credentials!" +else + echo "🔐 Auto-generating secure Prometheus credentials..." + ./generate-monitoring-secrets.sh + + # Load the generated credentials + if [ -f "./monitoring/.env.generated" ]; then + export $(grep -v '^#' ./monitoring/.env.generated | xargs) + fi fi -# Update Grafana datasource configuration -echo "📊 Configuring Grafana datasource..." -cat > ./monitoring/grafana/datasources/prometheus.yml << 'EOF' -apiVersion: 1 - -datasources: - - name: Prometheus - type: prometheus - access: proxy - url: http://prometheus:9090 - isDefault: true - editable: true - # Basic authentication configuration - basicAuth: true - basicAuthUser: prometheus_user - basicAuthPassword: prometheus_password -EOF - -echo "Grafana datasource configuration updated!" +# Grafana datasource configuration is now handled by generate-monitoring-secrets.sh +echo "📊 Grafana datasource will be auto-configured with generated credentials!" # Create dashboard provisioning echo "📈 Setting up Grafana dashboards..." diff --git a/setup-server.sh b/setup-server.sh index 1b0043c..ef8e16f 100755 --- a/setup-server.sh +++ b/setup-server.sh @@ -236,6 +236,10 @@ setup_local_deployment() { print_success "Default configuration created" fi + # Setup monitoring with secure credentials + print_status "Setting up monitoring with secure credentials..." + ./setup-monitoring.sh + # Build and start services print_status "Building and starting services..." docker-compose up --build -d @@ -351,7 +355,7 @@ display_completion_message() { echo " REST API: http://$host:8080" echo " Health Check: http://$host:8080/health" echo " Grafana: http://$host:3000 (admin/admin)" - echo " Prometheus: http://$host:9091 (prometheus_user/prometheus_password)" + echo " Prometheus: http://$host:9091 (credentials auto-generated)" echo "" echo "🔧 Next Steps:" echo " 1. Open the dashboard in your browser"