Go to file

Laur Ivan 23a5ea6703 feat: Add grafana role.		2022-12-19 14:18:31 +01:00
.github	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
defaults	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
handlers	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
meta	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
molecule	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
tasks	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
templates	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
tests	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
vars	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
.gitignore	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
.travis.yml	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
.yamllint	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
CHANGELOG.md	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
LICENSE	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
README.md	feat: Add grafana role.	2022-12-19 14:18:31 +01:00
TODO.md	feat: Add grafana role.	2022-12-19 14:18:31 +01:00

README.md

laurivan.grafana

This role installs Grafana via Docker.

Requirements

None

Role Variables

All variables are listed below (see also defaults/main.yml).

Grafana Core Variables

Grafana requires a couple of secrets for data encryption:

grafana_secret_key: 'changeme'
grafana_utils_secret: 'changeme'

You also need to specify the deployment type. Usually it's production

grafana_deployment: ''

You also need to define how you access grafana:

grafana_port is the port mapping in Docker. Grafana runs at port 3000, which is alos the default
grafana_url is the public URL where we see Grafana. If you use reverse proxy mapping, put the URL of the reverse proxy (in my case this one).
grafana_force_https will run with HTTPS if true. you can define it as false If you're behind a proxy or you don't have a certificate. It defaults to false.
grafana_enable_updates will enable updates if true. Please read the documentation for what this implies (e.g. telemetry)
Define grafana_cdn_url if you have a CDN. Defaults to empty

Note: grafana_url will define the authentication redirect url for e.g. authentik

You can define which debug messages to be logged via grafana_debug.

Storage

Following values are defined for the docker-compose:

grafana_volume_base: "/mnt/grafana"
grafana_setup_path: '{{ grafana_volume_base }}/config'
grafana_volume_redis: "{{ grafana_volume_base }}/redis"
grafana_volume_db: "{{ grafana_volume_base }}/db"
grafana_volume_s3: "{{ grafana_volume_base }}/s3"

Please note that grafana_volume_db and grafana_volume_s3 are actually created only if local posstgres and fake_s3 containers are created by configuration below.

You can specify a logo too via grafana_team_logo_url. By default this is empty.

You can also change the default language via grafana_language. The role defaults the language to en_US.

Authentication

Grafana authentication can happen via:

OIDC
Google authentication
Slack

You need to define at least one of them.

OIDC

OIDC parameters are

oidc_client_id:
oidc_client_secret:
oidc_auth_uri:
oidc_token_uri:
oidc_userinfo_uri:

Your authentication app should provide you all the above. I use something along the lines:

oidc_client_id: "changeme"
oidc_client_secret: "changeme"
oidc_auth_uri: "https://sso.laurivan.com/application/o/authorize/"
oidc_token_uri: "https://sso.laurivan.com/application/o/token/"
oidc_userinfo_uri: "https://sso.laurivan.com/application/o/userinfo/"
oidc_username_claim: "preferred_username"

Note: you will probably need to provide the redirect URL to the authentication application. For Authentik, you can find it in the Provider for the specific application.

Google ID

You need to define:

grafana_google_client_id:
grafana_google_client_secret:

Slack

You need to define

grafana_slack_client_id:
grafana_slack_client_secret:

Database

You need to assign a database to Grafana. This role allows you to launch Postgres in a container via:

grafana_db_schema: "postgres"
grafana_db_host: "postgres"
grafana_db_port: "5432"
grafana_db_user: "postgres"
grafana_db_password: "changeme"
grafana_db: "grafana"

If the db_host is not "postgres", then we assume the db is external and not spin up the docker container.

By default, PostgreSQL is not secured. If you have a secure database instance, set the grafana_db_ssl variable to "enable".

S3

We define the following variables:

grafana_fake_s3: true
grafana_fake_s3_port: 4569
grafana_aws_access_key_id:
grafana_aws_secret_access_key:
grafana_aws_region:
grafana_aws_s3_upload_bucket_url: "http://s3:4569"
grafana_aws_s3_upload_bucket_name: grafana-bucket
grafana_aws_s3_upload_max_size: "26214400"
grafana_aws_s3_force_path_style: "true"
grafana_aws_s3_acl: "private"

You need S3 (or S3-like) storage for e.g. uploaded files. By default, the role spins up the fake S3 only if fake_s3 variable is true.

I use MinIO with something like:

grafana_fake_s3: ""
grafana_aws_access_key_id: "change me"
grafana_aws_secret_access_key: "change me"
grafana_aws_region: "my-rack"
grafana_aws_s3_upload_bucket_url: "http://minio,example.com:9000"
grafana_aws_s3_upload_max_size: "26214400"
grafana_aws_s3_force_path_style: "true"
grafana_aws_s3_acl: "private"

Email

Grafana can send notification emails if you set up the SMTP variables:

grafana_smtp_host:
grafana_smtp_port:
grafana_smtp_username:
grafana_smtp_password:
grafana_smtp_from_email:
grafana_smtp_reply_email:

Dependencies

You need a machine with docker and docker-compose installed.

Example Playbook

- hosts: servers
  roles:
      - 'laurivan.grafana'

License

MIT

Author Information

This role was created in 2022 by Laur Ivan.