Skip to content

Post-Install failed in Grafana task

If the post-install step in Privacera Manager fails during the Grafana task, please check the following options.

Privacera Manager jumpbox does not have access to Gitlab.com

If you encounter any issues while running the post-install task, specifically during the Clone Privacera Dashboard repository step related to SSH access for cloning the Privacera monitoring dashboard repo, follow the steps below.

  1. Navigate to the custom-vars folder and create a file named vars.custom.yml.
    Bash
    1
2
    cd ~/privacera/privacera-manager/config/custom-vars/
vi vars.custom.yml
  2. Add the following variable to the file and save it. This will ensure that you won't run into this issue again when you run the post-install task.
    Bash
    1
    GRAFANA_UPLOAD_COMMON_DASHBOARDS: "false"
  3. Download and extract the Privacera monitoring dashboard tar file from the S3 bucket into the output folder.
    Bash
    1
2
3
4
5
6
7
    cd ~/privacera/privacera-manager/output

curl -L -o privacera-monitoring-dashboards.tar.gz \
https://privacera-releases.s3.us-east-1.amazonaws.com/privacera-monitoring-dashboards/privacera-monitoring-dashboards.tar.gz

tar -xvf privacera-monitoring-dashboards.tar.gz && \
mv privacera-monitoring-dashboards-main privacera-monitoring-dashboards

  4. Now, navigate to the privacera-monitoring-dashboards folder and run the script below by providing the required values.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh shell

    Within the shell provided, run the following commands,

    Note

    • Default value of MONITORING_NAMESPACE is privacera-monitoring.
    • Please provide the full DNS name for GRAFANA_URL. For Example, https://grafana.test.com

    Bash
    1
2
3
4
5
6
7
8
    cd privacera-monitoring-dashboards/

python3 upload_datasources_dashboards.py \
  --grafana-url <GRAFANA_URL> --userid admin --passwd <GRAFANA_PASSWORD> \
  --grafana-oncall-url oncall --grafana-oncall-enabled false \
  --namespace <NAMESPACE> --monitoring-namespace <MONITORING_NAMESPACE>

exit
    5. This will upload the all the required dashboards to your Grafana.

Grafana URL not accessible

If you encounter the following error while running post-install, follow the steps below.

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
TASK [roles : Upload Grafana Dashboards with script] ***************************
fatal: [privacera]: FAILED! => changed=true
    cmd: |-
        python3 upload_datasources_dashboards.py --grafana-url <GRAFANA_URL> --userid user --passwd password --grafana-oncall-url <ONCALL_URL> --grafana-oncall-enabled false --namespace <NAMESPACE> --monitoring-namespace privacera-monitoring
    delta: '0:00:09.359583'
    end: '2025-03-18 18:11:00.213087'
    msg: non-zero return code
    rc: 1
    stderr: ''
    stderr_lines: <omitted>
    stdout: |-
        Oncall URL: <ONCALL_URL>, Oncall Enabled: false
        Failed to create service account: {'message': 'InternalError', 'messageId': 'sqlstore.max-retries-reached', 'statusCode': 500, 'traceID': ''}
    stdout_lines: <omitted>
  1. Ensure that the Grafana pod is in a running and Ready state.
  2. Verify Grafana's accessibility in the browser. If Grafana is not accessible, check the Grafana DNS entry.
  3. If Grafana is accessible, proceed to re-run the post-install step.

Grafana service account already exist

If you encounter the following error while running post-install, follow the steps below.

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
TASK [roles : Upload Grafana Dashboards with script] ***************************
fatal: [privacera]: FAILED! => changed=true
  cmd: |-
    python3 upload_datasources_dashboards.py --grafana-url <GRAFANA_URL> --userid user --passwd password --grafana-oncall-url <ONCALL_URL> --grafana-oncall-enabled false --namespace <NAMESPACE> --monitoring-namespace privacera-monitoring
  delta: '0:00:11.885358'
  end: '2025-03-18 12:05:57.776343'
  msg: non-zero return code
  rc: 1
  stderr: ''
  stderr_lines: <omitted>
  stdout: |-
    Oncall URL: <ONCALL_URL>, Oncall Enabled: true
    Service Account ID: 10
    Failed to create token: 400 {'message': 'service account token with given name already exists in the organization', 'messageId': 'serviceaccounts.ErrTokenAlreadyExists', 'statusCode': 400, 'traceID': ''}
    Failed to create token for Privacera Service account.
    Service account with ID 10 deleted successfully.
  stdout_lines: <omitted>

  1. Log in to your Grafana instance through a web browser.
  2. Navigate to AdministrationUsers & AccessService Accounts.
  3. Delete all existing service accounts.
  4. Re-run the post-install step.

Comments