diff --git a/README.md b/README.md index 395c6ef..4e7a8bd 100644 --- a/README.md +++ b/README.md @@ -10,164 +10,51 @@ None All variables are listed below (see also `defaults/main.yml`). -### Grafana Core Variables +### Paths and Volumes -Grafana requires a couple of secrets for data encryption: +All paths are by default defined as relative to `grafana_volume_base`: ```yml -grafana_secret_key: 'changeme' -grafana_utils_secret: 'changeme' +grafana_volume_base: "/mnt/data/grafana" +grafana_setup_path: "{{ grafana_volume_base }}/config" +grafana_volume_grafana: "{{ grafana_volume_base }}/grafana" +grafana_volume_influxdb: "{{ grafana_volume_base }}/influxdb" ``` -You also need to specify the deployment type. Usually it's `production` +You can however define specific volumes for the individual items: + +- `grafana_setup_path` - where the Docker compose files are placed +- `grafana_volume_grafana` - volume for the grafana docker container +- `grafana_volume_influxdb` - volume for InfluxDB + +### InfluxDB + +We define the following variables for InfluxDB: ```yml -grafana_deployment: '' +influxdb: + username: influxdb + password: change_me + org: example.com + bucket: my_bucket + admin_token: change_me ``` -You also need to define how you access grafana: +### Grafana -- `grafana_port` is the port mapping in Docker. Grafana runs at port 3000, which is alos the default -- `grafana_url` is the public URL where we see Grafana. If you use reverse proxy mapping, put the URL of the reverse proxy (in my case *[this one](https://wiki.home.laurivan.com)*). -- `grafana_force_https` will run with HTTPS if true. you can define it as *false* If you're behind a proxy or you don't have a certificate. It defaults to `false`. -- `grafana_enable_updates` will enable updates if true. Please read [the documentation](https://app.getgrafana.com/s/770a97da-13e5-401e-9f8a-37949c19f97e/) for what this implies (e.g. telemetry) -- Define `grafana_cdn_url` if you have a CDN. Defaults to *empty* - -**Note**: `grafana_url` will define the authentication redirect url for e.g. authentik - -You can define which debug messages to be logged via `grafana_debug`. - -### Storage - -Following values are defined for the docker-compose: +We also define several variables for grafana ```yml -grafana_volume_base: "/mnt/grafana" -grafana_setup_path: '{{ grafana_volume_base }}/config' -grafana_volume_redis: "{{ grafana_volume_base }}/redis" -grafana_volume_db: "{{ grafana_volume_base }}/db" -grafana_volume_s3: "{{ grafana_volume_base }}/s3" +grafana: + username: changeme + password: changeme ``` -Please note that `grafana_volume_db` and `grafana_volume_s3` are actually created only if local posstgres and fake_s3 containers are created by configuration below. - -You can specify a logo too via `grafana_team_logo_url`. By default this is empty. - -You can also change the default language via `grafana_language`. The role defaults the language to *en_US*. - -### Authentication - -Grafana authentication can happen via: - -- OIDC -- Google authentication -- Slack - -You need to define at least one of them. - -#### OIDC - -OIDC parameters are +Just in case, you can override the user/group for grafana via: ```yml -oidc_client_id: -oidc_client_secret: -oidc_auth_uri: -oidc_token_uri: -oidc_userinfo_uri: -``` - -Your authentication app should provide you all the above. I use something along the lines: - -```yml -oidc_client_id: "changeme" -oidc_client_secret: "changeme" -oidc_auth_uri: "https://sso.laurivan.com/application/o/authorize/" -oidc_token_uri: "https://sso.laurivan.com/application/o/token/" -oidc_userinfo_uri: "https://sso.laurivan.com/application/o/userinfo/" -oidc_username_claim: "preferred_username" -``` - -**Note**: you will probably need to provide the redirect URL to the authentication application. For Authentik, you can find it in the **Provider** for the specific application. - -#### Google ID - -You need to define: - -```yml -grafana_google_client_id: -grafana_google_client_secret: -``` - -#### Slack - -You need to define - -```yml -grafana_slack_client_id: -grafana_slack_client_secret: -``` - -### Database - -You need to assign a database to Grafana. This role allows you to launch Postgres in a container via: - -```yml -grafana_db_schema: "postgres" -grafana_db_host: "postgres" -grafana_db_port: "5432" -grafana_db_user: "postgres" -grafana_db_password: "changeme" -grafana_db: "grafana" -``` - -If the db_host is not "postgres", then we assume the db is external and not spin up the docker container. - -By default, PostgreSQL is not secured. If you have a secure database instance, set the `grafana_db_ssl` variable to "enable". - -### S3 - -We define the following variables: - -```yml -grafana_fake_s3: true -grafana_fake_s3_port: 4569 -grafana_aws_access_key_id: -grafana_aws_secret_access_key: -grafana_aws_region: -grafana_aws_s3_upload_bucket_url: "http://s3:4569" -grafana_aws_s3_upload_bucket_name: grafana-bucket -grafana_aws_s3_upload_max_size: "26214400" -grafana_aws_s3_force_path_style: "true" -grafana_aws_s3_acl: "private" -``` - -You need S3 (or S3-like) storage for e.g. uploaded files. By default, the role spins up the fake S3 only if `fake_s3` variable is true. - -I use [MinIO](https://min.io/) with something like: - -```yml -grafana_fake_s3: "" -grafana_aws_access_key_id: "change me" -grafana_aws_secret_access_key: "change me" -grafana_aws_region: "my-rack" -grafana_aws_s3_upload_bucket_url: "http://minio,example.com:9000" -grafana_aws_s3_upload_max_size: "26214400" -grafana_aws_s3_force_path_style: "true" -grafana_aws_s3_acl: "private" -``` - -### Email - -Grafana can send notification emails if you set up the SMTP variables: - -```yml -grafana_smtp_host: -grafana_smtp_port: -grafana_smtp_username: -grafana_smtp_password: -grafana_smtp_from_email: -grafana_smtp_reply_email: +grafana_uid: +grafana_gid: ``` ## Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 5296015..9f651db 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,10 +7,12 @@ influxdb: org: example.com bucket: my_bucket admin_token: change_me + port: "8086" grafana: username: changeme password: changeme + port: "3001" grafana_volume_base: "/mnt/grafana" grafana_setup_path: "{{ grafana_volume_base }}/config" diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 index f2e4633..f3d5bab 100644 --- a/templates/docker-compose.yml.j2 +++ b/templates/docker-compose.yml.j2 @@ -3,7 +3,7 @@ services: influxdb: image: influxdb:latest ports: - - '8086:8086' + - '{{ influxdb.port }}:8086' volumes: - "{{ grafana_volume_influxdb | expanduser | realpath }}:/var/lib/influxdb" env_file: @@ -14,7 +14,7 @@ services: grafana: image: grafana/grafana-oss:latest ports: - - '3001:3000' + - '{{ grafana.port }}:3000' volumes: # - "{{ grafana_volume_grafana | expanduser | realpath }}:/var/lib/grafana" - "{{ grafana_setup_path | expanduser | realpath }}/grafana-provisioning/:/etc/grafana/provisioning/"