Hello again! This is just a reminder that the shared accounts for grafana (`tor-guest` for grafana1 and `metrics` for grafana2) are bound to be removed two days from now, on thursday april 17th If you have not yet setup your "web password" and logged in to grafana1.tpo (mostly TPA for now) and/or grafana2.tpo (all teams in this email), I would encourage you to do so soon. Of course it's possible to do this after the cutoff date, it just means that in the mean time your access through the shared account will stop working this thursday. Once your first login on grafana has happened, give me a sign and I will add your user to the appropriate team in grafana to fix your permissions. Your user needs to exist in grafana before the permissions can be set. you can either add a comment to https://gitlab.torproject.org/tpo/tpa/team/-/issues/41636 , send me an email, or contact me on IRC. Cheers! On 2025-04-01 16:41, Gabriel Filion wrote:
Hello!
I'm writing to inform you that TPA's been moving on something that should make it possible to eventually merge both of the prometheus / grafana servers: we're moving towards per-user passwords that need to be set through LDAP and deprecating the shared passwords.
I would invite everyone who needs to continue accessing prometheus and grafana (either on prometheus1.tpo or prometheus2.tpo) to head over to https://db.torproject.org/ , login and set yourself a password in the "Web password" field. That field was previously hidden but it was recently added to the form.
The password will take some time to get synchronized to the servers, so allow some 1 to 2 hours before you test out your new credentials. When ready, head over to https://grafana2.torproject.org/ and use your ldap username with your new web password to confirm that you're able to login there.
The shared passwords that are currently in use are bound to be removed on April 17th.
If you're having issues with setting up and/or using your own credentials to access prometheus and grafana, please contact TPA and we'll take a look with you into what's happening.
Cheers!
additional note for TPA members: we now have a fallback password that's present in our password manager. it should let us access the monitoring sites even if ldap has a disruption. you can try that one as well.