From dbcd291b72a1c122fda4c71de0bfef772c4d28a4 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 4 Sep 2021 16:14:20 +0200 Subject: [PATCH] chore: template main grafana config file --- defaults/main.yml | 56 +++++++++ handlers/main.yml | 10 ++ tasks/main.yml | 2 +- tasks/setup.yml | 53 +++++++++ templates/etc/grafana/grafana.ini.j2 | 162 +++++++++++++++++++++++++++ 5 files changed, 282 insertions(+), 1 deletion(-) create mode 100644 handlers/main.yml create mode 100644 tasks/setup.yml create mode 100644 templates/etc/grafana/grafana.ini.j2 diff --git a/defaults/main.yml b/defaults/main.yml index ed97d53..5617a68 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1 +1,57 @@ --- +grafana_packages_extra: [] + +grafana_instance_name: grafana + +grafana_data_dir: /var/lib/grafana +grafana_log_dir: /var/log/grafana +grafana_plugin_dir: "{{ grafana_data_dir }}/plugins" + +grafana_bind_ip: 127.0.0.1 +grafana_bind_port: 61000 +grafana_listen_address: http://localhost + +grafana_admin_user: admin +grafana_admin_password: secure + +# @var grafana_secret_key:description: Should be replaced by your own secret. +grafana_secret_key: "1234567ABCDEFG" + +# @var grafana_db_type:description: > +# Database provider to use. Available options are `mysql`, 'postgres' and `sqlite3`. +# Extended configuration options are only applies to non-sqlite provider. +# @end +grafana_db_type: sqlite3 +grafana_db_server: localhost +grafana_db_port: 5432 +grafana_db_name: grafana +grafana_db_user: pggrafana +grafana_db_password: secure +grafana_db_ssl_mode: disable + +# @var grafana_cache_provider:description: Either `redis`, `memcached' or `database`. +grafana_cache_provider: database + +# @var grafana_cache_provider_config:description: > +# Cache connection string options: +# - database: Will use Grafana primary database. +# - redis: Config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. +# - memcache: `127.0.0.1:11211` +# @end +# @var grafana_cache_provider_config: $ "_unset_" + +# @var grafana_smtp_host: $ "_unset_" +grafana_smtp_from: "grafana@localhost" +grafana_smtp_from_name: "Grafana" +grafana_smtp_port: 587 +# @var grafana_smtp_username: $ "_unset_" +# @var grafana_smtp_password: $ "_unset_" + +grafana_auth_providers: [] + +grafana_log_mode: + - console + - file +grafana_log_level: info + +grafana_log_providers: [] diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..895207b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Restart Grafana + service: + name: grafana-server + state: restarted + daemon_reload: yes + enabled: yes + listen: __grafana_restart + become: True + become_user: root diff --git a/tasks/main.yml b/tasks/main.yml index 9fa4d47..1f69f7a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,2 @@ --- -# TODO +- include_tasks: setup.yml diff --git a/tasks/setup.yml b/tasks/setup.yml new file mode 100644 index 0000000..7cb7f28 --- /dev/null +++ b/tasks/setup.yml @@ -0,0 +1,53 @@ +--- +- block: + - name: Add Grafana repository + yum_repository: + name: influxdb + file: InfluxDB + description: InfluxDB Repository + baseurl: https://packages.grafana.com/oss/rpm + gpgkey: https://packages.grafana.com/gpg.key + gpgcheck: yes + + - name: Ensure dependencies are installed + package: + name: "{{ item }}" + state: present + loop: "{{ grafana_packages_extra }}" + + - name: Ensure Grafana is installed + package: + name: "{{ item }}" + state: present + loop: + - grafana + + - name: Ensure Grafana directories exist + file: + path: "{{ item }}" + state: directory + owner: grafana + group: grafana + mode: 0750 + loop: + - "{{ grafana_data_dir }}" + - "{{ grafana_log_dir }}" + - "{{ grafana_plugin_dir }}" + + - name: Write config file + template: + src: etc/grafana/grafana.ini.j2 + dest: /etc/grafana/grafana.ini + owner: root + group: grafana + mode: 0640 + notify: __grafana_restart + + - name: Ensure Grafana is up and running + service: + name: grafana-server + daemon_reload: yes + enabled: yes + state: started + become: True + become_user: root diff --git a/templates/etc/grafana/grafana.ini.j2 b/templates/etc/grafana/grafana.ini.j2 new file mode 100644 index 0000000..22f9313 --- /dev/null +++ b/templates/etc/grafana/grafana.ini.j2 @@ -0,0 +1,162 @@ +{{ ansible_managed | comment }} +# More informations: +# http://docs.grafana.org/installation/configuration +# https://github.com/grafana/grafana/blob/master/conf/sample.ini + +app_mode = production +instance_name = {{ grafana_instance_name }} + +[paths] +data = {{ grafana_data_dir }} +logs = {{ grafana_log_dir }} +plugins = {{ grafana_plugin_dir }} + +[server] +protocol = http + +http_addr = {{ grafana_bind_ip }} +http_port = {{ grafana_bind_port }} + +domain = {{ grafana_listen_address | urlsplit('hostname') }} +enforce_domain = true +root_url = {{ grafana_listen_address }} + +serve_from_sub_path = false +router_logging = false +static_root_path = public +enable_gzip = true + +[database] +type = {{ grafana_db_type }} +{% if grafana_db_type == "sqlite3" %} +path = {{ grafana_data_dir }}/grafana.db +cache_mode = private +{% else %} +host = {{ grafana_db_server }}:{{ grafana_db_port }} +name = {{ grafana_db_name }} +user = {{ grafana_db_user }} +password = """{{ grafana_db_password }}""" +ssl_mode = {{ grafana_db_ssl_mode }} +{% endif %} + +max_idle_conn = 2 +max_open_conn = 0 + +conn_max_lifetime = 14400 + +[datasources] +datasource_limit = 5000 + +[remote_cache] +type = {{ grafana_cache_provider }} +{% if not grafana_cache_provider == "database" %} +connstr = +{% endif %} + +[analytics] +reporting_enabled = false +check_for_updates = false + +[security] +disable_initial_admin_creation = false + +admin_user = {{ grafana_admin_user }} +admin_password = {{ grafana_admin_password }} + +secret_key = {{ grafana_secret_key }} +disable_gravatar = true + +disable_brute_force_login_protection = false + +[dashboards] +versions_to_keep = 20 +min_refresh_interval = 5s + +[users] +allow_sign_up = false +allow_org_create = false + +auto_assign_org = true +auto_assign_org_id = 1 +auto_assign_org_role = Viewer + +default_theme = light + +viewers_can_edit = false +editors_can_admin = false + +user_invite_max_lifetime_duration = 24h + +hidden_users = {{ grafana_admin_user }} + +[auth] +login_cookie_name = grafana_session + +login_maximum_inactive_lifetime_duration = 12h +login_maximum_lifetime_duration = 30d + +token_rotation_interval_minutes = 10 + +disable_login_form = false +disable_signout_menu = false + +oauth_auto_login = false +oauth_state_cookie_max_age = 600 +api_key_max_seconds_to_live = -1 + +{% for provider in grafana_auth_providers %} +[auth.{{ provider.name }}] +{% if "enabled" not in provider.config %} +enabled = true +{% endif %} +{% for key, value in provider.config %} +{{ key }} = {{ value }} +{% endfor %} +{% endfor %} + +[smtp] +{% if grafana_smtp_host is defined %} +enabled = true +host = {{ grafana_smtp_host }}:{{ grafana_smtp_port }} +user = {{ grafana_smtp_username }} +password = """{{ grafana_smtp_password }}""" +skip_verify = false +from_address = {{ grafana_smtp_from }} +from_name = {{ grafana_smtp_from_name }} +{% else %} +enabled = false +{% endif %} + +[emails] +welcome_email_on_sign_up = false +templates_pattern = emails/*.html, emails/*.txt +content_types = text/html + +[log] +mode = {{ grafana_log_mode | join(" ") }} +level = {{ grafana_log_level | lower }} + +{% for provider in grafana_log_providers %} +[log.{{ provider.name }}] +{% if "enabled" not in provider.config %} +enabled = true +{% endif %} +{% for key, value in provider.config %} +{{ key }} = {{ value }} +{% endfor %} +{% endfor %} + +[alerting] +enabled = true +execute_alerts = true + +[plugins] +enable_alpha = false +plugin_admin_enabled = false +plugin_admin_external_manage_enabled = false +plugin_catalog_url = https://grafana.com/grafana/plugins/ + +[date_formats] +full_date = YYYY-MM-DD HH:mm:ss +use_browser_locale = true +default_timezone = browser