|
|
|
|
- name: Set up Grafana
|
|
|
|
|
hosts: lotus-land-story
|
|
|
|
|
vars_files:
|
|
|
|
|
- vars.yml
|
|
|
|
|
vars:
|
|
|
|
|
version: 11.2.1
|
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
|
|
- name: Grafana user
|
|
|
|
|
ansible.builtin.user:
|
|
|
|
|
name: grafana
|
|
|
|
|
register: grafana_user
|
|
|
|
|
|
|
|
|
|
- name: Create Grafana dir
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: /mnt/lotus-land-story/grafana/provisioning/{{ item }}
|
|
|
|
|
state: directory
|
|
|
|
|
mode: "0755"
|
|
|
|
|
owner: "{{ grafana_user.name }}"
|
|
|
|
|
loop:
|
|
|
|
|
- datasources
|
|
|
|
|
|
|
|
|
|
- name: Configure Grafana
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
dest: /mnt/lotus-land-story/grafana/grafana.ini
|
|
|
|
|
content: |
|
|
|
|
|
[log]
|
|
|
|
|
# level = debug
|
|
|
|
|
|
|
|
|
|
[metrics]
|
|
|
|
|
enabled = true
|
|
|
|
|
disable_total_stats = false
|
|
|
|
|
|
|
|
|
|
[server]
|
|
|
|
|
domain = grafana.{{ domain }}
|
|
|
|
|
http_addr = 0.0.0.0
|
|
|
|
|
root_url = https://grafana.{{ domain }}
|
|
|
|
|
|
|
|
|
|
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication
|
|
|
|
|
[auth]
|
|
|
|
|
oauth_allow_insecure_email_lookup = true
|
|
|
|
|
disable_signout_menu = true
|
|
|
|
|
|
|
|
|
|
# https://www.authelia.com/integration/openid-connect/grafana/
|
|
|
|
|
[auth.generic_oauth]
|
|
|
|
|
enabled = true
|
|
|
|
|
name = Authelia
|
|
|
|
|
icon = signin
|
|
|
|
|
client_id = grafana
|
|
|
|
|
client_secret = {{ grafana.oauth_secret }}
|
|
|
|
|
scopes = openid profile email groups
|
|
|
|
|
empty_scopes = false
|
|
|
|
|
auth_url = https://auth.{{ domain }}/api/oidc/authorization
|
|
|
|
|
token_url = https://auth.{{ domain }}/api/oidc/token
|
|
|
|
|
api_url = https://auth.{{ domain }}/api/oidc/userinfo
|
|
|
|
|
login_attribute_path = preferred_username
|
|
|
|
|
groups_attribute_path = groups
|
|
|
|
|
name_attribute_path = name
|
|
|
|
|
use_pkce = true
|
|
|
|
|
auto_login = true
|
|
|
|
|
role_attribute_path = contains(groups, 'admin') && 'Admin' || contains(groups, 'editor') && 'Editor' || 'Viewer'
|
|
|
|
|
allow_assign_grafana_admin = true
|
|
|
|
|
|
|
|
|
|
[smtp]
|
|
|
|
|
enabled = true
|
|
|
|
|
host = smtp.sendgrid.net:465
|
|
|
|
|
user = apikey
|
|
|
|
|
password = {{ grafana.smtp_password }}
|
|
|
|
|
from_address = grafana@kejadlen.dev
|
|
|
|
|
mode: "0600"
|
|
|
|
|
owner: "{{ grafana_user.name }}"
|
|
|
|
|
|
|
|
|
|
- name: Provision Prometheus
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
dest: /mnt/lotus-land-story/grafana/provisioning/datasources/prometheus.yml
|
|
|
|
|
content: |
|
|
|
|
|
apiVersion: 1
|
|
|
|
|
|
|
|
|
|
datasources:
|
|
|
|
|
- name: Prometheus
|
|
|
|
|
type: prometheus
|
|
|
|
|
# Access mode - proxy (server in the UI) or direct (browser in the UI).
|
|
|
|
|
access: proxy
|
|
|
|
|
url: http://prometheus:9090
|
|
|
|
|
jsonData:
|
|
|
|
|
httpMethod: POST
|
|
|
|
|
manageAlerts: true
|
|
|
|
|
prometheusType: Prometheus
|
|
|
|
|
prometheusVersion: 2.37.0
|
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
|
|
- name: Create Grafana volume
|
|
|
|
|
community.docker.docker_volume:
|
|
|
|
|
name: grafana
|
|
|
|
|
|
|
|
|
|
- name: Run Grafana
|
|
|
|
|
community.docker.docker_container:
|
|
|
|
|
name: grafana
|
|
|
|
|
image: grafana/grafana-oss:{{ version }}
|
|
|
|
|
volumes:
|
|
|
|
|
- /mnt/lotus-land-story/grafana/grafana.ini:/etc/grafana/grafana.ini
|
|
|
|
|
- /mnt/lotus-land-story/grafana/provisioning:/etc/grafana/provisioning
|
|
|
|
|
- grafana:/var/lib/grafana
|
|
|
|
|
env:
|
|
|
|
|
GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/grafana-lokiexplore-app/grafana-lokiexplore-app-latest.zip;grafana-lokiexplore-app
|
|
|
|
|
restart_policy: unless-stopped
|
|
|
|
|
networks:
|
|
|
|
|
- name: lotus_land_story
|
|
|
|
|
etc_hosts:
|
|
|
|
|
host.docker.internal: host-gateway
|
|
|
|
|
user: "{{ grafana_user.uid }}"
|
|
|
|
|
|
|
|
|
|
# vim: ft=yaml.ansible
|
