Post-Install failed in Grafana task
If the post-install
step in Privacera Manager fails during the Grafana task, please check the following options.
Privacera Manager jumpbox does not have access to Gitlab.com
If you encounter any issues while running the post-install
task, specifically during the Clone Privacera Dashboard repository
step related to SSH access for cloning the Privacera monitoring dashboard repo, follow the steps below.
- Navigate to the
custom-vars
folder and create a file named vars.custom.yml
. Bash |
---|
| cd ~/privacera/privacera-manager/config/custom-vars/
vi vars.custom.yml
|
- Add the following variable to the file and save it.
Bash |
---|
| GRAFANA_UPLOAD_COMMON_DASHBOARDS: "false"
|
- Download and extract the Privacera monitoring dashboard tar file from the S3 bucket into the output folder.
Bash |
---|
| cd ~/privacera/privacera-manager/output
curl -L -o privacera-monitoring-dashboards.tar.gz https://privacera-releases.s3.us-east-1.amazonaws.com/privacera-monitoring-dashboards/privacera-monitoring-dashboards.tar.gz
tar -xvf privacera-monitoring-dashboards.tar.gz && mv privacera-monitoring-dashboards-main privacera-monitoring-dashboards
|
-
Now, navigate to the privacera-monitoring-dashboards
folder and run the script below by providing the required values.
Note
- Default value of
MONITORING_NAMESPACE
is privacera-monitoring
. - Please provide the full DNS name for
GRAFANA_URL
. For Example, https://grafana.test.com
Bash |
---|
| cd privacera-monitoring-dashboards/
python3 upload_datasources_dashboards.py --grafana-url <GRAFANA_URL> --userid admin --passwd <GRAFANA_PASSWORD> --grafana-oncall-url oncall --grafana-oncall-enabled false --namespace <NAMESPACE> --monitoring-namespace <MONITORING_NAMESPACE>
|
5. This will upload the all the required dashboards to your Grafana.
Grafana URL not accessible
If you encounter the following error while running post-install
, follow the steps below.
Bash |
---|
| TASK [roles : Upload Grafana Dashboards with script] ***************************
fatal: [privacera]: FAILED! => changed=true
cmd: |-
python3 upload_datasources_dashboards.py --grafana-url <GRAFANA_URL> --userid user --passwd password --grafana-oncall-url <ONCALL_URL> --grafana-oncall-enabled false --namespace <NAMESPACE> --monitoring-namespace privacera-monitoring
delta: '0:00:09.359583'
end: '2025-03-18 18:11:00.213087'
msg: non-zero return code
rc: 1
stderr: ''
stderr_lines: <omitted>
stdout: |-
Oncall URL: <ONCALL_URL>, Oncall Enabled: false
Failed to create service account: {'message': 'InternalError', 'messageId': 'sqlstore.max-retries-reached', 'statusCode': 500, 'traceID': ''}
stdout_lines: <omitted>
|
- Ensure that the Grafana pod is in a
running
and Ready
state. - Verify Grafana's accessibility in the browser. If Grafana is not accessible, check the Grafana DNS entry.
- If Grafana is accessible, proceed to re-run the
post-install
step.
Grafana service account already exist
If you encounter the following error while running post-install
, follow the steps below.
Bash |
---|
| TASK [roles : Upload Grafana Dashboards with script] ***************************
fatal: [privacera]: FAILED! => changed=true
cmd: |-
python3 upload_datasources_dashboards.py --grafana-url <GRAFANA_URL> --userid user --passwd password --grafana-oncall-url <ONCALL_URL> --grafana-oncall-enabled false --namespace <NAMESPACE> --monitoring-namespace privacera-monitoring
delta: '0:00:11.885358'
end: '2025-03-18 12:05:57.776343'
msg: non-zero return code
rc: 1
stderr: ''
stderr_lines: <omitted>
stdout: |-
Oncall URL: <ONCALL_URL>, Oncall Enabled: true
Service Account ID: 10
Failed to create token: 400 {'message': 'service account token with given name already exists in the organization', 'messageId': 'serviceaccounts.ErrTokenAlreadyExists', 'statusCode': 400, 'traceID': ''}
Failed to create token for Privacera Service account.
Service account with ID 10 deleted successfully.
stdout_lines: <omitted>
|
- Log in to your Grafana instance through a web browser.
- Navigate to
Administration
→ Users & Access
→ Service Accounts
. - Delete all existing service accounts.
- Re-run the
post-install
step.