Пример #1
0
func (h *Handler) HandleMessage(m *nsq.Message) error {
	ms, err := msg.MetricDataFromMsg(m.Body)
	if err != nil {
		log.Error(3, "skipping message. %s", err)
		return nil
	}
	msgsAge.Value(time.Now().Sub(ms.Produced).Nanoseconds() / 1000)

	err = ms.DecodeMetricData()
	if err != nil {
		log.Error(3, "skipping message. %s", err)
		return nil
	}
	metricsPerMessage.Value(int64(len(ms.Metrics)))

	metricsReceived.Inc(int64(len(ms.Metrics)))
	for _, metric := range ms.Metrics {
		if metric.Time == 0 {
			log.Warn("invalid metric. metric.Time is 0. %s", metric.Id())
		} else {
			m := h.metrics.GetOrCreate(metric.Id())
			m.Add(uint32(metric.Time), metric.Value)
		}
	}

	return nil
}
Пример #2
0
func (k *KairosHandler) HandleMessage(m *nsq.Message) error {
	created := time.Unix(0, m.Timestamp)
	if time.Now().Add(-time.Duration(4) * time.Minute).After(created) {
		log.Debug("requeuing msg %s. timestamp: %s. attempts: %d\n ", m.ID, time.Unix(0, m.Timestamp), m.Attempts)
		attempts := 3 // try 3 different hosts before giving up and requeuing
		var err error
		for attempt := 1; attempt <= attempts; attempt++ {
			err = k.trySubmit(m.Body)
			if err == nil {
				msgsToLowPrioOK.Inc(1)
				return nil // we published the msg as lowprio and can mark it as processed
			}
		}
		msgsToLowPrioFail.Inc(1)
		log.Warn("failed to publish out of date message %s as low-prio. reprocessing later\n", m.ID)
		return err
	}
	err := k.gateway.ProcessHighPrio(m)
	if err != nil {
		msgsHandleHighPrioFail.Inc(1)
	} else {
		msgsHandleHighPrioOK.Inc(1)
	}
	return err
}
Пример #3
0
func LoadPlaylistDashboards(id int64) ([]m.PlaylistDashboardDto, error) {
	playlistItems, _ := LoadPlaylistItems(id)

	dashboardIds := make([]int64, 0)

	for _, i := range playlistItems {
		dashboardId, _ := strconv.ParseInt(i.Value, 10, 64)
		dashboardIds = append(dashboardIds, dashboardId)
	}

	if len(dashboardIds) == 0 {
		return make([]m.PlaylistDashboardDto, 0), nil
	}

	dashboardQuery := m.GetPlaylistDashboardsQuery{DashboardIds: dashboardIds}
	if err := bus.Dispatch(&dashboardQuery); err != nil {
		log.Warn("dashboardquery failed: %v", err)
		return nil, errors.New("Playlist not found")
	}

	dtos := make([]m.PlaylistDashboardDto, 0)
	for _, item := range *dashboardQuery.Result {
		dtos = append(dtos, m.PlaylistDashboardDto{
			Id:    item.Id,
			Slug:  item.Slug,
			Title: item.Title,
			Uri:   "db/" + item.Slug,
		})
	}

	return dtos, nil
}
Пример #4
0
func (a *ldapAuther) searchUserInGroup(ldapUser *ldapUserInfo, ldapGroupDN string) error {
	var searchResult *ldap.SearchResult
	var err error

	searchReq := ldap.SearchRequest{
		BaseDN:       ldapGroupDN,
		Scope:        ldap.ScopeWholeSubtree,
		DerefAliases: ldap.NeverDerefAliases,
		Filter:       fmt.Sprintf("(member=%s)", ldapUser.DN),
	}

	if searchResult, err = a.conn.Search(&searchReq); err != nil {
		if ldapErr, ok := err.(*ldap.Error); ok {
			if ldapCfg.VerboseLogging {
				log.Warn("Ldap Auth: error while search user %s in LDAP group %s. %s", ldapUser.DN, ldapGroupDN, ldapErr.Error())
			}
		}
	}

	for _, group := range searchResult.Entries {
		if !ldapUser.isMemberOf(group.DN) {
			ldapUser.MemberOf = append(ldapUser.MemberOf, group.DN)
		}
	}

	return nil
}
Пример #5
0
func (e *EventDefinition) UnmarshalJSON(raw []byte) error {
	//lets start by unmashaling into a basic map datastructure
	event := make(map[string]interface{})
	err := json.Unmarshal(raw, &event)
	if err != nil {
		return err
	}

	//lets get a list of our required fields.
	s := reflect.TypeOf(*e)
	requiredFields := make(map[string]*requiredField)

	for i := 0; i < s.NumField(); i++ {
		field := s.Field(i)
		name := field.Name
		// look at the field Tags to work out the property named used in the
		// JSON document.
		tag := field.Tag.Get("json")
		if tag != "" && tag != "-" {
			name = tag
		}
		//all fields except 'Extra' and 'Id' are required.
		if name != "Extra" && name != "id" {
			requiredFields[name] = &requiredField{
				StructName: field.Name,
				Seen:       false,
			}
		}
	}

	e.Extra = make(map[string]interface{})
	for k, v := range event {
		def, ok := requiredFields[k]
		// anything that is not a required field gets
		// stored in our 'Extra' field.
		if !ok {
			e.Extra[k] = v
		} else {
			//coerce any float64 values to int64
			if reflect.ValueOf(v).Type().Name() == "float64" {
				v = int64(v.(float64))
			}
			value := reflect.ValueOf(v)
			if value.IsValid() {
				reflect.ValueOf(e).Elem().FieldByName(def.StructName).Set(value)
			} else {
				log.Warn(fmt.Sprintf("Yikes, in eventdef %s had the zero value! %v", k, v))
			}
			def.Seen = true
		}
	}

	//make sure all required fields were present.
	for _, v := range requiredFields {
		if !v.Seen {
			return fmt.Errorf("Required field '%s' missing", v.StructName)
		}
	}
	return nil
}
Пример #6
0
func (this *service) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	urlPath := r.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]

	var avatar *Avatar

	if avatar, _ = this.cache[hash]; avatar == nil {
		avatar = New(hash)
	}

	if avatar.Expired() {
		if err := avatar.Update(); err != nil {
			log.Trace("avatar update error: %v", err)
		}
	}

	if avatar.notFound {
		avatar = this.notFound
	} else {
		this.cache[hash] = avatar
	}

	w.Header().Set("Content-Type", "image/jpeg")
	w.Header().Set("Content-Length", strconv.Itoa(len(avatar.data.Bytes())))
	w.Header().Set("Cache-Control", "private, max-age=3600")

	if err := avatar.Encode(w); err != nil {
		log.Warn("avatar encode error: %v", err)
		w.WriteHeader(500)
	}
}
Пример #7
0
// error is what is used to determine to ACK or NACK
func (kg *KairosGateway) process(job Job) error {
	msg := job.msg
	messagesSize.Value(int64(len(job.Msg.Msg)))
	log.Debug("processing metrics %s %d. timestamp: %s. format: %s. attempts: %d\n", job.qualifier, job.Msg.Id, time.Unix(0, msg.Timestamp), job.Msg.Format, msg.Attempts)

	err := job.Msg.DecodeMetricData()
	if err != nil {
		log.Info("%s: skipping message", err.Error())
		return nil
	}

	metricsPerMessage.Value(int64(len(job.Msg.Metrics)))
	if !kg.dryRun {
		pre := time.Now()
		err = kg.kairos.SendMetricPointers(job.Msg.Metrics)
		if err != nil {
			metricsToKairosFail.Inc(int64(len(job.Msg.Metrics)))
			log.Warn("can't send to kairosdb: %s. retrying later", err)
		} else {
			metricsToKairosOK.Inc(int64(len(job.Msg.Metrics)))
			kairosPutDuration.Value(time.Now().Sub(pre))
		}
	}
	log.Debug("finished metrics %s %d - %d metrics sent\n", job.qualifier, job.Msg.Id, len(job.Msg.Metrics))
	return err
}
Пример #8
0
func GetHomeDashboard(c *middleware.Context) Response {
	prefsQuery := m.GetPreferencesWithDefaultsQuery{OrgId: c.OrgId, UserId: c.UserId}
	if err := bus.Dispatch(&prefsQuery); err != nil {
		return ApiError(500, "Failed to get preferences", err)
	}

	if prefsQuery.Result.HomeDashboardId != 0 {
		slugQuery := m.GetDashboardSlugByIdQuery{Id: prefsQuery.Result.HomeDashboardId}
		err := bus.Dispatch(&slugQuery)
		if err == nil {
			dashRedirect := dtos.DashboardRedirect{RedirectUri: "db/" + slugQuery.Result}
			return Json(200, &dashRedirect)
		} else {
			log.Warn("Failed to get slug from database, %s", err.Error())
		}
	}

	filePath := path.Join(setting.StaticRootPath, "dashboards/home.json")
	file, err := os.Open(filePath)
	if err != nil {
		return ApiError(500, "Failed to load home dashboard", err)
	}

	dash := dtos.DashboardFullWithMeta{}
	dash.Meta.IsHome = true
	dash.Meta.CanEdit = canEditDashboard(c.OrgRole)
	jsonParser := json.NewDecoder(file)
	if err := jsonParser.Decode(&dash.Dashboard); err != nil {
		return ApiError(500, "Failed to load home dashboard", err)
	}

	return Json(200, &dash)
}
Пример #9
0
func Init() error {
	DataSources = make(map[string]*DataSourcePlugin)
	StaticRoutes = make([]*PluginStaticRoute, 0)
	Panels = make(map[string]*PanelPlugin)
	Apps = make(map[string]*AppPlugin)
	Plugins = make(map[string]*PluginBase)
	PluginTypes = map[string]interface{}{
		"panel":      PanelPlugin{},
		"datasource": DataSourcePlugin{},
		"app":        AppPlugin{},
	}

	log.Info("Plugins: Scan starting")
	scan(path.Join(setting.StaticRootPath, "app/plugins"))

	// check if plugins dir exists
	if _, err := os.Stat(setting.PluginsPath); os.IsNotExist(err) {
		log.Warn("Plugins: Plugin dir %v does not exist", setting.PluginsPath)
		if err = os.MkdirAll(setting.PluginsPath, os.ModePerm); err != nil {
			log.Warn("Plugins: Failed to create plugin dir: %v, error: %v", setting.PluginsPath, err)
		} else {
			log.Info("Plugins: Plugin dir %v created", setting.PluginsPath)
			scan(setting.PluginsPath)
		}
	} else {
		scan(setting.PluginsPath)
	}

	// check plugin paths defined in config
	checkPluginPaths()

	for _, panel := range Panels {
		panel.initFrontendPlugin()
	}
	for _, panel := range DataSources {
		panel.initFrontendPlugin()
	}
	for _, app := range Apps {
		app.initApp()
	}

	go StartPluginUpdateChecker()
	return nil
}
Пример #10
0
func (k *KairosHandler) trySubmit(body []byte) error {
	hostPoolResponse := k.hostPool.Get()
	p := k.producers[hostPoolResponse.Host()]
	err := p.Publish(*topicLowPrio, body)
	buf := bytes.NewReader(body[1:9])
	var id int64
	binary.Read(buf, binary.BigEndian, &id)
	if err != nil {
		log.Warn("publisher marking host %s as faulty due to %s", hostPoolResponse.Host(), err)
		hostPoolResponse.Mark(err)
	}
	return err
}
Пример #11
0
func scan(pluginDir string) error {
	scanner := &PluginScanner{
		pluginPath: pluginDir,
	}

	if err := util.Walk(pluginDir, true, true, scanner.walker); err != nil {
		log.Warn("Failed to scan dir \"%v\" error: %s", pluginDir, err)
		return err
	}

	if len(scanner.errors) > 0 {
		return errors.New("Some plugins failed to load")
	}

	return nil
}
Пример #12
0
func scan(pluginDir string) error {
	scanner := &PluginScanner{
		pluginPath: pluginDir,
	}

	log.Info("Plugins: Scaning dir %s", pluginDir)

	if err := util.Walk(pluginDir, true, true, scanner.walker); err != nil {
		if pluginDir != "data/plugins" {
			log.Warn("Could not scan dir \"%v\" error: %s", pluginDir, err)
		}
		return err
	}

	if len(scanner.errors) > 0 {
		return errors.New("Some plugins failed to load")
	}

	return nil
}
Пример #13
0
func listenToSystemSignels() {
	signalChan := make(chan os.Signal, 1)
	code := 0

	signal.Notify(signalChan, os.Interrupt, os.Kill, syscall.SIGTERM)

	select {
	case sig := <-signalChan:
		log.Info("Received signal %s. shutting down", sig)
	case code = <-exitChan:
		switch code {
		case 0:
			log.Info("Shutting down")
		default:
			log.Warn("Shutting down")
		}
	}

	log.Close()
	os.Exit(code)
}
Пример #14
0
func NewConfigContext(args *CommandLineArgs) {
	setHomePath(args)
	loadConfiguration(args)

	Env = Cfg.Section("").Key("app_mode").MustString("development")

	server := Cfg.Section("server")
	AppUrl, AppSubUrl = parseAppUrlAndSubUrl(server)

	Protocol = HTTP
	if server.Key("protocol").MustString("http") == "https" {
		Protocol = HTTPS
		CertFile = server.Key("cert_file").String()
		KeyFile = server.Key("cert_key").String()
	}

	Domain = server.Key("domain").MustString("localhost")
	HttpAddr = server.Key("http_addr").MustString("0.0.0.0")
	HttpPort = server.Key("http_port").MustString("3000")
	StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath)
	RouterLogging = server.Key("router_logging").MustBool(false)
	EnableGzip = server.Key("enable_gzip").MustBool(false)
	EnforceDomain = server.Key("enforce_domain").MustBool(false)

	security := Cfg.Section("security")
	SecretKey = security.Key("secret_key").String()
	LogInRememberDays = security.Key("login_remember_days").MustInt()
	CookieUserName = security.Key("cookie_username").String()
	CookieRememberName = security.Key("cookie_remember_name").String()
	DisableGravatar = security.Key("disable_gravatar").MustBool(true)

	// admin
	AdminUser = security.Key("admin_user").String()
	AdminPassword = security.Key("admin_password").String()

	users := Cfg.Section("users")
	AllowUserSignUp = users.Key("allow_sign_up").MustBool(true)
	AllowUserOrgCreate = users.Key("allow_org_create").MustBool(true)
	AutoAssignOrg = users.Key("auto_assign_org").MustBool(true)
	AutoAssignOrgRole = users.Key("auto_assign_org_role").In("Editor", []string{"Editor", "Admin", "Read Only Editor", "Viewer"})
	VerifyEmailEnabled = users.Key("verify_email_enabled").MustBool(false)

	// anonymous access
	AnonymousEnabled = Cfg.Section("auth.anonymous").Key("enabled").MustBool(false)
	AnonymousOrgName = Cfg.Section("auth.anonymous").Key("org_name").String()
	AnonymousOrgRole = Cfg.Section("auth.anonymous").Key("org_role").String()

	// auth proxy
	authProxy := Cfg.Section("auth.proxy")
	AuthProxyEnabled = authProxy.Key("enabled").MustBool(false)
	AuthProxyHeaderName = authProxy.Key("header_name").String()
	AuthProxyHeaderProperty = authProxy.Key("header_property").String()
	AuthProxyAutoSignUp = authProxy.Key("auto_sign_up").MustBool(true)

	authBasic := Cfg.Section("auth.basic")
	BasicAuthEnabled = authBasic.Key("enabled").MustBool(true)

	// PhantomJS rendering
	ImagesDir = filepath.Join(DataPath, "png")
	PhantomDir = filepath.Join(HomePath, "vendor/phantomjs")

	analytics := Cfg.Section("analytics")
	ReportingEnabled = analytics.Key("reporting_enabled").MustBool(true)
	GoogleAnalyticsId = analytics.Key("google_analytics_ua_id").String()
	GoogleTagManagerId = analytics.Key("google_tag_manager_id").String()

	ldapSec := Cfg.Section("auth.ldap")
	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
	LdapConfigFile = ldapSec.Key("config_file").String()

	readSessionConfig()
	readSmtpSettings()

	if VerifyEmailEnabled && !Smtp.Enabled {
		log.Warn("require_email_validation is enabled but smpt is disabled")
	}
}
Пример #15
0
func (a *ldapAuther) syncOrgRoles(user *m.User, ldapUser *ldapUserInfo) error {
	if len(a.server.LdapGroups) == 0 {
		log.Warn("Ldap: no group mappings defined")
		return nil
	}

	orgsQuery := m.GetUserOrgListQuery{UserId: user.Id}
	if err := bus.Dispatch(&orgsQuery); err != nil {
		return err
	}

	handledOrgIds := map[int64]bool{}

	// update or remove org roles
	for _, org := range orgsQuery.Result {
		match := false
		handledOrgIds[org.OrgId] = true

		for _, group := range a.server.LdapGroups {
			if org.OrgId != group.OrgId {
				continue
			}

			if ldapUser.isMemberOf(group.GroupDN) {
				match = true
				if org.Role != group.OrgRole {
					// update role
					cmd := m.UpdateOrgUserCommand{OrgId: org.OrgId, UserId: user.Id, Role: group.OrgRole}
					if err := bus.Dispatch(&cmd); err != nil {
						return err
					}
				}
				// ignore subsequent ldap group mapping matches
				break
			}
		}

		// remove role if no mappings match
		if !match {
			cmd := m.RemoveOrgUserCommand{OrgId: org.OrgId, UserId: user.Id}
			if err := bus.Dispatch(&cmd); err != nil {
				return err
			}
		}
	}

	// add missing org roles
	for _, group := range a.server.LdapGroups {
		if !ldapUser.isMemberOf(group.GroupDN) {
			continue
		}

		if _, exists := handledOrgIds[group.OrgId]; exists {
			continue
		}

		// add role
		cmd := m.AddOrgUserCommand{UserId: user.Id, Role: group.OrgRole, OrgId: group.OrgId}
		err := bus.Dispatch(&cmd)
		if err != nil && err != m.ErrOrgNotFound {
			return err
		}

		// mark this group has handled so we do not process it again
		handledOrgIds[group.OrgId] = true
	}

	return nil
}
Пример #16
0
func NewConfigContext(args *CommandLineArgs) error {
	setHomePath(args)
	loadConfiguration(args)

	Env = Cfg.Section("").Key("app_mode").MustString("development")
	InstanceName = Cfg.Section("").Key("instance_name").MustString("unknown_instance_name")
	PluginsPath = Cfg.Section("paths").Key("plugins").String()

	server := Cfg.Section("server")
	AppUrl, AppSubUrl = parseAppUrlAndSubUrl(server)

	Protocol = HTTP
	if server.Key("protocol").MustString("http") == "https" {
		Protocol = HTTPS
		CertFile = server.Key("cert_file").String()
		KeyFile = server.Key("cert_key").String()
	}

	Domain = server.Key("domain").MustString("localhost")
	HttpAddr = server.Key("http_addr").MustString("0.0.0.0")
	HttpPort = server.Key("http_port").MustString("3000")
	RouterLogging = server.Key("router_logging").MustBool(false)
	EnableGzip = server.Key("enable_gzip").MustBool(false)
	EnforceDomain = server.Key("enforce_domain").MustBool(false)
	StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath)

	if err := validateStaticRootPath(); err != nil {
		return err
	}

	// read security settings
	security := Cfg.Section("security")
	SecretKey = security.Key("secret_key").String()
	LogInRememberDays = security.Key("login_remember_days").MustInt()
	CookieUserName = security.Key("cookie_username").String()
	CookieRememberName = security.Key("cookie_remember_name").String()
	DisableGravatar = security.Key("disable_gravatar").MustBool(true)

	// read snapshots settings
	snapshots := Cfg.Section("snapshots")
	ExternalSnapshotUrl = snapshots.Key("external_snapshot_url").String()
	ExternalSnapshotName = snapshots.Key("external_snapshot_name").String()
	ExternalEnabled = snapshots.Key("external_enabled").MustBool(true)
	SnapShotRemoveExpired = snapshots.Key("snapshot_remove_expired").MustBool(true)
	SnapShotTTLDays = snapshots.Key("snapshot_TTL_days").MustInt(90)

	//  read data source proxy white list
	DataProxyWhiteList = make(map[string]bool)
	for _, hostAndIp := range security.Key("data_source_proxy_whitelist").Strings(" ") {
		DataProxyWhiteList[hostAndIp] = true
	}

	// admin
	AdminUser = security.Key("admin_user").String()
	AdminPassword = security.Key("admin_password").String()

	users := Cfg.Section("users")
	AllowUserSignUp = users.Key("allow_sign_up").MustBool(true)
	AllowUserOrgCreate = users.Key("allow_org_create").MustBool(true)
	AutoAssignOrg = users.Key("auto_assign_org").MustBool(true)
	AutoAssignOrgRole = users.Key("auto_assign_org_role").In("Editor", []string{"Editor", "Admin", "Read Only Editor", "Viewer"})
	VerifyEmailEnabled = users.Key("verify_email_enabled").MustBool(false)
	LoginHint = users.Key("login_hint").String()
	DefaultTheme = users.Key("default_theme").String()

	// auth
	auth := Cfg.Section("auth")
	DisableLoginForm = auth.Key("disable_login_form").MustBool(false)

	// anonymous access
	AnonymousEnabled = Cfg.Section("auth.anonymous").Key("enabled").MustBool(false)
	AnonymousOrgName = Cfg.Section("auth.anonymous").Key("org_name").String()
	AnonymousOrgRole = Cfg.Section("auth.anonymous").Key("org_role").String()

	// auth proxy
	authProxy := Cfg.Section("auth.proxy")
	AuthProxyEnabled = authProxy.Key("enabled").MustBool(false)
	AuthProxyHeaderName = authProxy.Key("header_name").String()
	AuthProxyHeaderProperty = authProxy.Key("header_property").String()
	AuthProxyAutoSignUp = authProxy.Key("auto_sign_up").MustBool(true)

	authBasic := Cfg.Section("auth.basic")
	BasicAuthEnabled = authBasic.Key("enabled").MustBool(true)

	// PhantomJS rendering
	ImagesDir = filepath.Join(DataPath, "png")
	PhantomDir = filepath.Join(HomePath, "vendor/phantomjs")

	analytics := Cfg.Section("analytics")
	ReportingEnabled = analytics.Key("reporting_enabled").MustBool(true)
	CheckForUpdates = analytics.Key("check_for_updates").MustBool(true)
	GoogleAnalyticsId = analytics.Key("google_analytics_ua_id").String()
	GoogleTagManagerId = analytics.Key("google_tag_manager_id").String()

	ldapSec := Cfg.Section("auth.ldap")
	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
	LdapConfigFile = ldapSec.Key("config_file").String()

	alerting := Cfg.Section("alerting")
	AlertingEnabled = alerting.Key("enabled").MustBool(false)

	readSessionConfig()
	readSmtpSettings()
	readQuotaSettings()

	if VerifyEmailEnabled && !Smtp.Enabled {
		log.Warn("require_email_validation is enabled but smpt is disabled")
	}

	GrafanaNetUrl = Cfg.Section("grafana_net").Key("url").MustString("https://grafana.net")

	imageUploadingSection := Cfg.Section("external_image_storage")
	ImageUploadProvider = imageUploadingSection.Key("provider").MustString("internal")
	return nil
}
Пример #17
0
func NewConfigContext(args *CommandLineArgs) error {
	setHomePath(args)
	loadConfiguration(args)

	Env = Cfg.Section("").Key("app_mode").MustString("development")
	InstanceId = Cfg.Section("").Key("instance_id").MustString("default")

	server := Cfg.Section("server")
	AppUrl, AppSubUrl = parseAppUrlAndSubUrl(server)

	Protocol = HTTP
	if server.Key("protocol").MustString("http") == "https" {
		Protocol = HTTPS
		CertFile = server.Key("cert_file").String()
		KeyFile = server.Key("cert_key").String()
	}

	Domain = server.Key("domain").MustString("localhost")
	HttpAddr = server.Key("http_addr").MustString("0.0.0.0")
	HttpPort = server.Key("http_port").MustString("3000")
	RouterLogging = server.Key("router_logging").MustBool(false)
	EnableGzip = server.Key("enable_gzip").MustBool(false)
	EnforceDomain = server.Key("enforce_domain").MustBool(false)
	StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath)

	if err := validateStaticRootPath(); err != nil {
		return err
	}

	// read security settings
	security := Cfg.Section("security")
	SecretKey = security.Key("secret_key").String()
	LogInRememberDays = security.Key("login_remember_days").MustInt()
	CookieUserName = security.Key("cookie_username").String()
	CookieRememberName = security.Key("cookie_remember_name").String()
	DisableGravatar = security.Key("disable_gravatar").MustBool(true)

	//  read data source proxy white list
	DataProxyWhiteList = make(map[string]bool)
	for _, hostAndIp := range security.Key("data_source_proxy_whitelist").Strings(" ") {
		DataProxyWhiteList[hostAndIp] = true
	}

	// admin
	AdminUser = security.Key("admin_user").String()
	AdminPassword = security.Key("admin_password").String()

	users := Cfg.Section("users")
	AllowUserSignUp = users.Key("allow_sign_up").MustBool(true)
	AllowUserOrgCreate = users.Key("allow_org_create").MustBool(true)
	AutoAssignOrg = users.Key("auto_assign_org").MustBool(true)
	AutoAssignOrgRole = users.Key("auto_assign_org_role").In("Editor", []string{"Editor", "Admin", "Read Only Editor", "Viewer"})
	VerifyEmailEnabled = users.Key("verify_email_enabled").MustBool(false)

	// anonymous access
	AnonymousEnabled = Cfg.Section("auth.anonymous").Key("enabled").MustBool(false)
	AnonymousOrgName = Cfg.Section("auth.anonymous").Key("org_name").String()
	AnonymousOrgRole = Cfg.Section("auth.anonymous").Key("org_role").String()

	// auth proxy
	authProxy := Cfg.Section("auth.proxy")
	AuthProxyEnabled = authProxy.Key("enabled").MustBool(false)
	AuthProxyHeaderName = authProxy.Key("header_name").String()
	AuthProxyHeaderProperty = authProxy.Key("header_property").String()
	AuthProxyAutoSignUp = authProxy.Key("auto_sign_up").MustBool(true)

	authBasic := Cfg.Section("auth.basic")
	BasicAuthEnabled = authBasic.Key("enabled").MustBool(true)

	// PhantomJS rendering
	ImagesDir = filepath.Join(DataPath, "png")
	PhantomDir = filepath.Join(HomePath, "vendor/phantomjs")

	GraphiteUrl = Cfg.Section("raintank").Key("graphite_url").MustString("http://localhost:8888/")
	if GraphiteUrl[len(GraphiteUrl)-1] != '/' {
		GraphiteUrl += "/"
	}
	// Check if has app suburl.
	_, err := url.Parse(GraphiteUrl)
	if err != nil {
		log.Fatal(4, "Invalid graphite_url(%s): %s", GraphiteUrl, err)
	}

	alerting := Cfg.Section("alerting")
	AlertingEnabled = alerting.Key("enabled").MustBool(false)
	AlertingHandler = alerting.Key("handler").MustString("builtin")
	TickQueueSize = alerting.Key("tickqueue_size").MustInt(0)
	InternalJobQueueSize = alerting.Key("internal_jobqueue_size").MustInt(0)
	PreAMQPJobQueueSize = alerting.Key("pre_amqp_jobqueue_size").MustInt(0)
	ExecutorLRUSize = alerting.Key("executor_lru_size").MustInt(0)
	EnableScheduler = alerting.Key("enable_scheduler").MustBool(true)
	Executors = alerting.Key("executors").MustInt(100)
	WriteIndividualAlertResults = alerting.Key("write_individual_alert_results").MustBool(false)
	AlertingInspect = alerting.Key("inspect").MustBool(false)

	analytics := Cfg.Section("analytics")
	ReportingEnabled = analytics.Key("reporting_enabled").MustBool(true)
	GoogleAnalyticsId = analytics.Key("google_analytics_ua_id").String()
	GoogleTagManagerId = analytics.Key("google_tag_manager_id").String()

	telemetry := Cfg.Section("telemetry")
	StatsdEnabled = telemetry.Key("statsd_enabled").MustBool(false)
	StatsdAddr = telemetry.Key("statsd_addr").String()
	StatsdType = telemetry.Key("statsd_type").String()
	ProfileHeapMB = telemetry.Key("profile_heap_MB").MustInt(0)
	ProfileHeapWait = telemetry.Key("profile_heap_wait").MustInt(3600)
	ProfileHeapDir = telemetry.Key("profile_heap_dir").MustString("/tmp")

	ldapSec := Cfg.Section("auth.ldap")
	LdapEnabled = ldapSec.Key("enabled").MustBool(false)
	LdapConfigFile = ldapSec.Key("config_file").String()

	readSessionConfig()
	readSmtpSettings()
	readQuotaSettings()

	if VerifyEmailEnabled && !Smtp.Enabled {
		log.Warn("require_email_validation is enabled but smpt is disabled")
	}

	return nil
}