Dev/ansible-role-grafana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Add custom ports.

Browse Source
This commit is contained in:
Laur Ivan 2022-12-19 15:02:42 +01:00
parent 058d553d44
commit 9588a0e9a2
3 changed files with 33 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
README.md
View File

@ -10,164 +10,51 @@ None
All variables are listed below (see also `defaults/main.yml`).
### Grafana Core Variables
### Paths and Volumes
Grafana requires a couple of secrets for data encryption:
All paths are by default defined as relative to `grafana_volume_base`:
```yml
grafana_secret_key: 'changeme'
grafana_utils_secret: 'changeme'
grafana_volume_base: "/mnt/data/grafana"
grafana_setup_path: "{{ grafana_volume_base }}/config"
grafana_volume_grafana: "{{ grafana_volume_base }}/grafana"
grafana_volume_influxdb: "{{ grafana_volume_base }}/influxdb"
```
You also need to specify the deployment type. Usually it's `production`
You can however define specific volumes for the individual items:
- `grafana_setup_path` - where the Docker compose files are placed
- `grafana_volume_grafana` - volume for the grafana docker container
- `grafana_volume_influxdb` - volume for InfluxDB
### InfluxDB
We define the following variables for InfluxDB:
```yml
grafana_deployment: ''
influxdb:
username: influxdb
password: change_me
org: example.com
bucket: my_bucket
admin_token: change_me
```
You also need to define how you access grafana:
### Grafana
- `grafana_port` is the port mapping in Docker. Grafana runs at port 3000, which is alos the default
- `grafana_url` is the public URL where we see Grafana. If you use reverse proxy mapping, put the URL of the reverse proxy (in my case *[this one](https://wiki.home.laurivan.com)*).
- `grafana_force_https` will run with HTTPS if true. you can define it as *false* If you're behind a proxy or you don't have a certificate. It defaults to `false`.
- `grafana_enable_updates` will enable updates if true. Please read [the documentation](https://app.getgrafana.com/s/770a97da-13e5-401e-9f8a-37949c19f97e/) for what this implies (e.g. telemetry)
- Define `grafana_cdn_url` if you have a CDN. Defaults to *empty*
**Note**: `grafana_url` will define the authentication redirect url for e.g. authentik
You can define which debug messages to be logged via `grafana_debug`.
### Storage
Following values are defined for the docker-compose:
We also define several variables for grafana
```yml
grafana_volume_base: "/mnt/grafana"
grafana_setup_path: '{{ grafana_volume_base }}/config'
grafana_volume_redis: "{{ grafana_volume_base }}/redis"
grafana_volume_db: "{{ grafana_volume_base }}/db"
grafana_volume_s3: "{{ grafana_volume_base }}/s3"
grafana:
username: changeme
password: changeme
```
Please note that `grafana_volume_db` and `grafana_volume_s3` are actually created only if local posstgres and fake_s3 containers are created by configuration below.
You can specify a logo too via `grafana_team_logo_url`. By default this is empty.
You can also change the default language via `grafana_language`. The role defaults the language to *en_US*.
### Authentication
Grafana authentication can happen via:
- OIDC
- Google authentication
- Slack
You need to define at least one of them.
#### OIDC
OIDC parameters are
Just in case, you can override the user/group for grafana via:
```yml
oidc_client_id:
oidc_client_secret:
oidc_auth_uri:
oidc_token_uri:
oidc_userinfo_uri:
```
Your authentication app should provide you all the above. I use something along the lines:
```yml
oidc_client_id: "changeme"
oidc_client_secret: "changeme"
oidc_auth_uri: "https://sso.laurivan.com/application/o/authorize/"
oidc_token_uri: "https://sso.laurivan.com/application/o/token/"
oidc_userinfo_uri: "https://sso.laurivan.com/application/o/userinfo/"
oidc_username_claim: "preferred_username"
```
**Note**: you will probably need to provide the redirect URL to the authentication application. For Authentik, you can find it in the **Provider** for the specific application.
#### Google ID
You need to define:
```yml
grafana_google_client_id:
grafana_google_client_secret:
```
#### Slack
You need to define
```yml
grafana_slack_client_id:
grafana_slack_client_secret:
```
### Database
You need to assign a database to Grafana. This role allows you to launch Postgres in a container via:
```yml
grafana_db_schema: "postgres"
grafana_db_host: "postgres"
grafana_db_port: "5432"
grafana_db_user: "postgres"
grafana_db_password: "changeme"
grafana_db: "grafana"
```
If the db_host is not "postgres", then we assume the db is external and not spin up the docker container.
By default, PostgreSQL is not secured. If you have a secure database instance, set the `grafana_db_ssl` variable to "enable".
### S3
We define the following variables:
```yml
grafana_fake_s3: true
grafana_fake_s3_port: 4569
grafana_aws_access_key_id:
grafana_aws_secret_access_key:
grafana_aws_region:
grafana_aws_s3_upload_bucket_url: "http://s3:4569"
grafana_aws_s3_upload_bucket_name: grafana-bucket
grafana_aws_s3_upload_max_size: "26214400"
grafana_aws_s3_force_path_style: "true"
grafana_aws_s3_acl: "private"
```
You need S3 (or S3-like) storage for e.g. uploaded files. By default, the role spins up the fake S3 only if `fake_s3` variable is true.
I use [MinIO](https://min.io/) with something like:
```yml
grafana_fake_s3: ""
grafana_aws_access_key_id: "change me"
grafana_aws_secret_access_key: "change me"
grafana_aws_region: "my-rack"
grafana_aws_s3_upload_bucket_url: "http://minio,example.com:9000"
grafana_aws_s3_upload_max_size: "26214400"
grafana_aws_s3_force_path_style: "true"
grafana_aws_s3_acl: "private"
```
### Email
Grafana can send notification emails if you set up the SMTP variables:
```yml
grafana_smtp_host:
grafana_smtp_port:
grafana_smtp_username:
grafana_smtp_password:
grafana_smtp_from_email:
grafana_smtp_reply_email:
grafana_uid:
grafana_gid:
```
## Dependencies

2
defaults/main.yml
View File

@ -7,10 +7,12 @@ influxdb:
org: example.com
bucket: my_bucket
admin_token: change_me
port: "8086"
grafana:
username: changeme
password: changeme
port: "3001"
grafana_volume_base: "/mnt/grafana"
grafana_setup_path: "{{ grafana_volume_base }}/config"

4
templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
influxdb:
image: influxdb:latest
ports:
- '8086:8086'
- '{{ influxdb.port }}:8086'
volumes:
- "{{ grafana_volume_influxdb | expanduser | realpath }}:/var/lib/influxdb"
env_file:
@ -14,7 +14,7 @@ services:
grafana:
image: grafana/grafana-oss:latest
ports:
- '3001:3000'
- '{{ grafana.port }}:3000'
volumes:
# - "{{ grafana_volume_grafana | expanduser | realpath }}:/var/lib/grafana"
- "{{ grafana_setup_path | expanduser | realpath }}/grafana-provisioning/:/etc/grafana/provisioning/"