@ -18,12 +18,12 @@ Grafana CLI is a small executable that is bundled with Grafana server. It can be
To list all commands and options:
```
grafana-cli -h
grafanacli -h
```
## Invoking Grafana CLI
To invoke Grafana CLI, add the path to the grafana binaries in your `PATH` environment variable. Alternately, if your current directory is the `bin` directory, use `./grafana-cli`. Otherwise, you can specify full path to the CLI. For example, on Linux `/usr/share/grafana/bin/grafana-cli` and on Windows `C:\Program Files\GrafanaLabs\grafana\bin\grafana-cli.exe`.
To invoke Grafana CLI, add the path to the grafana binaries in your `PATH` environment variable. Alternately, if your current directory is the `bin` directory, use `./grafanacli`. Otherwise, you can specify full path to the CLI. For example, on Linux `/usr/share/grafana/bin/grafana` and on Windows `C:\Program Files\GrafanaLabs\grafana\bin\grafana.exe`, and invoke it with `grafana cli`.
> **Note:** Some commands, such as installing or removing plugins, require `sudo` on Linux. If you are on Windows, run Windows PowerShell as Administrator.
@ -32,7 +32,7 @@ To invoke Grafana CLI, add the path to the grafana binaries in your `PATH` envir
The general syntax for commands in Grafana CLI is:
@ -154,43 +154,43 @@ All listed commands apply to the Grafana default repositories and directories. Y
### List available plugins
```bash
grafana-cli plugins list-remote
grafanacli plugins list-remote
```
### Install the latest version of a plugin
```bash
grafana-cli plugins install <plugin-id>
grafanacli plugins install <plugin-id>
```
### Install a specific version of a plugin
```bash
grafana-cli plugins install <plugin-id><version>
grafanacli plugins install <plugin-id><version>
```
### List installed plugins
```bash
grafana-cli plugins ls
grafanacli plugins ls
```
### Update all installed plugins
```bash
grafana-cli plugins update-all
grafanacli plugins update-all
```
### Update one plugin
```bash
grafana-cli plugins update <plugin-id>
grafanacli plugins update <plugin-id>
```
### Remove one plugin
```bash
grafana-cli plugins remove <plugin-id>
grafanacli plugins remove <plugin-id>
```
## Admin commands
@ -200,12 +200,12 @@ Admin commands are only available in Grafana 4.1 and later.
### Show all admin commands
```bash
grafana-cli admin
grafanacli admin
```
### Reset admin password
`grafana-cli admin reset-admin-password <new password>` resets the password for the admin user using the CLI. You might need to do this if you lose the admin password.
`grafanacli admin reset-admin-password <new password>` resets the password for the admin user using the CLI. You might need to do this if you lose the admin password.
If there are two flags being used to set the homepath and the config file path, then running the command returns this error:
@ -214,7 +214,7 @@ If there are two flags being used to set the homepath and the config file path,
To correct this, use the `--homepath` global option to specify the Grafana default homepath for this command:
If you have not lost the admin password, we recommend that you change the user password either in the User Preferences or in the Server Admin > User tab.
@ -230,5 +230,5 @@ If you need to set the password in a script, then you can use the [Grafana User
Note that `pprof` debugging endpoints are served on a different port than the Grafana HTTP server.
@ -38,7 +38,7 @@ Refer to [Go command pprof](https://golang.org/cmd/pprof/) for more information
The `grafana-server` can be started with the arguments `-tracing` to enable tracing and `-tracing-file` to override the default trace file (`trace.out`) where trace result is written to. For example:
@ -49,19 +49,19 @@ You can re-encrypt secrets in order to:
- Move already existing secrets' encryption forward from legacy to envelope encryption.
- Re-encrypt secrets after a [data keys rotation](#rotate-data-keys).
To re-encrypt secrets, use the [Grafana CLI]({{< relref "../../../cli/" >}}) by running the `grafana-cli admin secrets-migration re-encrypt` command or the `/encryption/reencrypt-secrets` endpoint of the Grafana [Admin API]({{< relref "../../../developers/http_api/admin/#roll-back-secrets" >}}). It's safe to run more than once, more recommended under maintenance mode.
To re-encrypt secrets, use the [Grafana CLI]({{< relref "../../../cli/" >}}) by running the `grafanacli admin secrets-migration re-encrypt` command or the `/encryption/reencrypt-secrets` endpoint of the Grafana [Admin API]({{< relref "../../../developers/http_api/admin/#roll-back-secrets" >}}). It's safe to run more than once, more recommended under maintenance mode.
### Roll back secrets
You can roll back secrets encrypted with envelope encryption to legacy encryption. This might be necessary to downgrade to Grafana versions prior to v9.0 after an unsuccessful upgrade.
To roll back secrets, use the [Grafana CLI]({{< relref "../../../cli/" >}}) by running the `grafana-cli admin secrets-migration rollback` command or the `/encryption/rollback-secrets` endpoint of the Grafana [Admin API]({{< relref "../../../developers/http_api/admin/#re-encrypt-secrets" >}}). It's safe to run more than once, more recommended under maintenance mode.
To roll back secrets, use the [Grafana CLI]({{< relref "../../../cli/" >}}) by running the `grafanacli admin secrets-migration rollback` command or the `/encryption/rollback-secrets` endpoint of the Grafana [Admin API]({{< relref "../../../developers/http_api/admin/#re-encrypt-secrets" >}}). It's safe to run more than once, more recommended under maintenance mode.
### Re-encrypt data keys
You can re-encrypt data keys encrypted with a specific key encryption key (KEK). This allows you to either re-encrypt existing data keys with a new KEK version (see [KMS integration](#kms-integration) rotation) or to re-encrypt them with a completely different KEK.
To re-encrypt data keys, use the [Grafana CLI]({{< relref "../../../cli/" >}}) by running the `grafana-cli admin secrets-migration re-encrypt-data-keys` command or the `/encryption/reencrypt-data-keys` endpoint of the Grafana [Admin API]({{< relref "../../../developers/http_api/admin/#re-encrypt-data-encryption-keys" >}}). It's safe to run more than once, more recommended under maintenance mode.
To re-encrypt data keys, use the [Grafana CLI]({{< relref "../../../cli/" >}}) by running the `grafanacli admin secrets-migration re-encrypt-data-keys` command or the `/encryption/reencrypt-data-keys` endpoint of the Grafana [Admin API]({{< relref "../../../developers/http_api/admin/#re-encrypt-data-encryption-keys" >}}). It's safe to run more than once, more recommended under maintenance mode.
@ -75,7 +75,7 @@ You can use an encryption key from AWS Key Management Service to encrypt secrets
8. (Optional) From the command line and the root directory of Grafana, re-encrypt all of the secrets within the Grafana database with the new key using the following command:
`grafana-cli admin secrets-migration re-encrypt`
`grafanacli admin secrets-migration re-encrypt`
If you do not re-encrypt existing secrets, then they will remain encrypted by the previous encryption key. Users will still be able to access them.
@ -73,7 +73,7 @@ You can use an encryption key from Azure Key Vault to encrypt secrets in the Gra
10. (Optional) From the command line and the root directory of Grafana Enterprise, re-encrypt all of the secrets within the Grafana database with the new key using the following command:
`grafana-cli admin secrets-migration re-encrypt`
`grafanacli admin secrets-migration re-encrypt`
If you do not re-encrypt existing secrets, then they will remain encrypted by the previous encryption key. Users will still be able to access them.
@ -62,7 +62,7 @@ You can use an encryption key from Google Cloud Key Management Service to encryp
9. (Optional) From the command line and the root directory of Grafana Enterprise, re-encrypt all of the secrets within the Grafana database with the new key using the following command:
`grafana-cli admin secrets-migration re-encrypt`
`grafanacli admin secrets-migration re-encrypt`
If you do not re-encrypt existing secrets, then they will remain encrypted by the previous encryption key. Users will still be able to access them.
@ -69,7 +69,7 @@ You can use an encryption key from Hashicorp Vault to encrypt secrets in the Gra
8. (Optional) From the command line and the root directory of Grafana Enterprise, re-encrypt all of the secrets within the Grafana database with the new key using the following command:
`grafana-cli admin secrets-migration re-encrypt`
`grafanacli admin secrets-migration re-encrypt`
If you do not re-encrypt existing secrets, then they will remain encrypted by the previous encryption key. Users will still be able to access them.
@ -80,7 +80,7 @@ You can install official and community plugins listed on the Grafana [plugins pa
### Install official and community Grafana plugins
Pass the plugins you want installed to Docker with the `GF_INSTALL_PLUGINS` environment variable as a comma-separated list. This sends each plugin name to `grafana-cli plugins install ${plugin}` and installs them when Grafana starts.
Pass the plugins you want installed to Docker with the `GF_INSTALL_PLUGINS` environment variable as a comma-separated list. This sends each plugin name to `grafanacli plugins install ${plugin}` and installs them when Grafana starts.
Kevin Minehart
3 years ago
committed by