Configuration managed by ini_file.
This commit is contained in:
parent
c85f39925e
commit
0d537a0c34
|
@ -5,17 +5,83 @@ grafana_pkg_state: latest
|
||||||
grafana_packages:
|
grafana_packages:
|
||||||
- grafana
|
- grafana
|
||||||
|
|
||||||
grafana_conf_files:
|
grafana_conf:
|
||||||
- grafana.ini
|
- {section: '', option: 'app_mode', value: '{{ grafana_app_mode }}', state: present}
|
||||||
|
- {section: '', option: 'instance_name', value: '{{ grafana_instance_name }}', state: present}
|
||||||
|
- {section: 'paths', option: 'data', value: '{{ grafana_data_path }}', state: present}
|
||||||
|
- {section: 'server', option: 'protocol', value: '{{ grafana_server_protocol }}', state: present}
|
||||||
|
- {section: 'server', option: 'http_addr', value: '{{ grafana_bind_ip_address }}', state: present}
|
||||||
|
- {section: 'server', option: 'http_port', value: '{{ grafana_http_port }}', state: present}
|
||||||
|
- {section: 'server', option: 'domain', value: '{{ grafana_domain_name }}', state: present}
|
||||||
|
- {section: 'server', option: 'enforce_domain', value: '{{ grafana_enforce_dns_name }}', state: present}
|
||||||
|
- {section: 'database', option: 'type', value: '{{ grafana_db_type }}', state: present}
|
||||||
|
- {section: 'database', option: 'host', value: '{{ grafana_db_hostport }}', state: present}
|
||||||
|
- {section: 'database', option: 'name', value: '{{ grafana_db_name }}', state: present}
|
||||||
|
- {section: 'database', option: 'user', value: '{{ grafana_db_user }}', state: present}
|
||||||
|
- {section: 'database', option: 'password', value: '{{ grafana_db_password }}', state: present}
|
||||||
|
- {section: 'database', option: 'ssl_mode', value: '{{ grafana_db_pg_ssl_mode }}', state: present}
|
||||||
|
- {section: 'session', option: 'provider', value: '{{ grafana_session_provider }}', state: present}
|
||||||
|
- {section: 'session', option: 'provider_config', value: '{{ grafana_session_config }}', state: present}
|
||||||
|
- {section: 'session', option: 'secure_cookie', value: '{{ grafana_secure_cookie | lower }}', state: present}
|
||||||
|
- {section: 'session', option: 'cookie_name', value: '{{ grafana_cookie_name }}', state: present}
|
||||||
|
- {section: 'analytics', option: 'reporting_enabled', value: '{{ grafana_analytics_reporting_enabled | lower }}', state: present}
|
||||||
|
- {section: 'analytics', option: 'check_for_updates', value: '{{ grafana_analytics_updates_check | lower }}', state: present}
|
||||||
|
- {section: 'security', option: 'admin_user', value: '{{ grafana_admin_user }}', state: "{% if grafana_setup_admin_user %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'security', option: 'secret_key', value: '{{grafana_signing_key }}', state: "{% if grafana_setup_signing_key %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'security', option: 'cookie_secure', value: '{{ grafana_secure_cookies | lower }}', state: present}
|
||||||
|
- {section: 'security', option: 'cookie_samesite', value: "{{ grafana_cookie_samesite | default('lax') }}", state: present}
|
||||||
|
- {section: 'security', option: 'allow_embedding', value: "{{ grafana_allow_embedding | default(false) }}", state: present}
|
||||||
|
- {section: 'dashboards', option: 'versions_to_keep', value: "{{ grafana_dashboards_versions_to_keep | default('20') }}", state: present}
|
||||||
|
- {section: 'dashboards', option: 'min_refresh_interval', value: "{{ grafana_dashbards_min_default_interval | default('5s') }}", state: present}
|
||||||
|
- {section: 'users', option: 'allow_sign_up', value: '{{ grafana_u_allow_signup | lower }}', state: present}
|
||||||
|
- {section: 'users', option: 'allow_org_create', value: '{{ grafana_u_allow_org_create | lower }}', state: present}
|
||||||
|
- {section: 'users', option: 'auto_assign_org', value: "{{ grafana_u_auto_assign_org | default(true) | lower }}", state: present}
|
||||||
|
- {section: 'users', option: 'auto_assign_org_role', value: "{{grafana_u_default_role | lower }}", state: present}
|
||||||
|
- {section: 'users', option: 'default_theme', value: '{{ grafana_u_default_theme }}', state: present}
|
||||||
|
- {section: 'users', option: 'disable_login_form', value: '{{ grafana_u_disable_login_form | lower }}', state: present}
|
||||||
|
- {section: 'auth.anonymous', option: 'enabled', value: '{{ grafana_auth_anon | lower }}', state: present}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'enabled', value: '{{ grafana_oauth_generic_enabled | lower }}', state: present}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'name', value: '{{ grafana_oauth_name }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'icon', value: 'signin', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'scopes', value: '{{ grafana_oauth_scopes }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'empty_scopes', value: '{{ grafana_oauth_empty_scopes | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'tls_skip_verify_insecure', value: '{{ grafana_tls_skip_verify_insecure | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'allow_sign_up', value: '{{ grafana_oauth_allow_signup | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'client_id', value: '{{ grafana_oauth_client_id | default('grafana') }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'client_secret', value: '{{ grafana_oauth_client_secret }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'auth_url', value: '{{ grafana_oauth_auth_url }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'token_url', value: "{{ grafana_oauth_token_url | default('') }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'api_url', value: '{{grafana_oauth_api_url }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'use_pkce', value: '{{ grafana_oauth_use_pkce | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'auth_style', value: "{{ grafana_oauth_auth_style | default('') }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'allow_assign_grafana_admin', value: '{{ grafana_oauth_allow_assign_grafana_admin | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.generic_oauth', option: 'role_attribute_path', value: "{{ grafana_oauth_role_attribute_path }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
|
||||||
|
- {section: 'auth.ldap', option: 'enabled', value: '{{grafana_ldap_auth | lower }}', state: present}
|
||||||
|
- {section: 'auth.ldap', option: 'config_file', value: '/etc/grafana/ldap.toml', state: present}
|
||||||
|
- {section: 'log', option: 'mode', value: '{{ grafana_log_mode }}', state: present}
|
||||||
|
- {section: 'log', option: 'level', value: '{{ grafana_log_level }}', state: present}
|
||||||
|
- {section: 'log.console', option: 'level', value: '{{ grafana_log_level }}', state: present}
|
||||||
|
- {section: 'log.console', option: 'format', value: "{{ grafana_log_console_format | default('text') }}", state: present}
|
||||||
|
- {section: 'log.syslog', option: 'level', value: '{{ grafana_log_level }}', state: present}
|
||||||
|
- {section: 'log.syslog', option: 'facility', value: '{{ grafana_syslog_facility }}', state: present}
|
||||||
|
- {section: 'dashboards.json', option: 'enabled', value: '{{ grafana_dashboard_json | lower }}', state: present}
|
||||||
|
- {section: 'dashboards.json', option: 'path', value: "{{ grafana_dashboards_json_path | default('/var/lib/grafana/dashboards')", state: present}
|
||||||
|
- {section: 'metrics', option: 'enabled', value: "{{ grafana_metrics_enabled | default(true) | lower }}", state: present}
|
||||||
|
- {section: 'grafana_net', option: 'url', value: 'https://grafana.net', state: present}
|
||||||
|
|
||||||
|
grafana_additional_conf: []
|
||||||
|
|
||||||
grafana_ldap_conf_file:
|
grafana_ldap_conf_file:
|
||||||
- ldap.toml
|
- ldap.toml
|
||||||
|
|
||||||
grafana_enabled: true
|
grafana_enabled: true
|
||||||
grafana_app_mode: production
|
grafana_app_mode: production
|
||||||
|
grafana_instance_name: '{{ ansible_fqdn }}'
|
||||||
|
|
||||||
grafana_require_nginx: true
|
grafana_require_nginx: true
|
||||||
grafana_require_redis: true
|
grafana_require_redis: true
|
||||||
|
# redis, file
|
||||||
|
grafana_session_provider: file
|
||||||
|
|
||||||
grafana_data_path: /var/lib/grafana
|
grafana_data_path: /var/lib/grafana
|
||||||
grafana_server_protocol: http
|
grafana_server_protocol: http
|
||||||
|
@ -40,11 +106,10 @@ grafana_db_pg_ssl_mode: require
|
||||||
grafana_setup_admin_user: true
|
grafana_setup_admin_user: true
|
||||||
grafana_admin_user: admin
|
grafana_admin_user: admin
|
||||||
# grafana_admin_pwd: 'Use a vault file'
|
# grafana_admin_pwd: 'Use a vault file'
|
||||||
grafana_setup_signing_key: true
|
grafana_setup_signing_key: false
|
||||||
# grafana_signing_key: 'Use a vault file'
|
# grafana_signing_key: 'Use a vault file'
|
||||||
grafana_session_provider: file
|
# sessions, or if redis: 'addr=127.0.0.1:6379,pool_size=100,db=grafana'
|
||||||
grafana_session_config: sessions
|
grafana_session_config: sessions
|
||||||
grafana_session_redis_config: 'addr=127.0.0.1:6379,pool_size=100,db=grafana'
|
|
||||||
|
|
||||||
grafana_analytics_reporting_enabled: 'true'
|
grafana_analytics_reporting_enabled: 'true'
|
||||||
grafana_analytics_updates_check: 'true'
|
grafana_analytics_updates_check: 'true'
|
||||||
|
@ -54,13 +119,14 @@ grafana_u_allow_org_create: 'false'
|
||||||
grafana_u_default_role: Viewer
|
grafana_u_default_role: Viewer
|
||||||
# dark or light
|
# dark or light
|
||||||
grafana_u_default_theme: dark
|
grafana_u_default_theme: dark
|
||||||
|
grafana_u_disable_login_form: false
|
||||||
grafana_auth_anon: 'false'
|
grafana_auth_anon: 'false'
|
||||||
|
|
||||||
grafana_log_mode: syslog
|
grafana_log_mode: syslog
|
||||||
grafana_log_level: info
|
grafana_log_level: info
|
||||||
grafana_syslog_facility: daemon
|
grafana_syslog_facility: daemon
|
||||||
|
|
||||||
grafana_dashboard_json: 'true'
|
grafana_dashboard_json: true
|
||||||
|
|
||||||
grafana_additional_plugins:
|
grafana_additional_plugins:
|
||||||
- name: grafana-clock-panel
|
- name: grafana-clock-panel
|
||||||
|
|
|
@ -22,18 +22,35 @@
|
||||||
- name: Install the grafana deb packages
|
- name: Install the grafana deb packages
|
||||||
apt: name={{ grafana_packages }} state={{ grafana_pkg_state }} update_cache=yes cache_valid_time=1800
|
apt: name={{ grafana_packages }} state={{ grafana_pkg_state }} update_cache=yes cache_valid_time=1800
|
||||||
|
|
||||||
- name: Install the grafana configuration files
|
- name: Install the grafana configuration
|
||||||
ansible.builtin.template:
|
ansible.builtin.ini_file:
|
||||||
src: '{{ item }}.j2'
|
path: '/etc/grafana/grafana.ini'
|
||||||
dest: '/etc/grafana/{{ item }}'
|
section: '{{ item.section }}'
|
||||||
mode: 0440
|
option: '{{ item.option }}'
|
||||||
|
value: '{{ item.value }}'
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
mode: '0440'
|
||||||
owner: root
|
owner: root
|
||||||
group: grafana
|
group: grafana
|
||||||
loop: '{{ grafana_conf_files }}'
|
loop: '{{ grafana_conf }}'
|
||||||
notify: Restart grafana
|
notify: Restart grafana
|
||||||
tags: [ 'grafana', 'grafana_conf' ]
|
tags: [ 'grafana', 'grafana_conf' ]
|
||||||
|
|
||||||
- name: Install the grafana LDAP configuration files
|
- name: Add additional grafana configurations
|
||||||
|
ansible.builtin.ini_file:
|
||||||
|
path: '/etc/grafana/grafana.ini'
|
||||||
|
section: '{{ item.section }}'
|
||||||
|
option: '{{ item.option }}'
|
||||||
|
value: '{{ item.value }}'
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
mode: '0440'
|
||||||
|
owner: root
|
||||||
|
group: grafana
|
||||||
|
loop: '{{ grafana_additional_conf }}'
|
||||||
|
notify: Restart grafana
|
||||||
|
tags: [ 'grafana', 'grafana_conf' ]
|
||||||
|
|
||||||
|
- name: Install the grafana LDAP configuration file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: '{{ item }}.j2'
|
src: '{{ item }}.j2'
|
||||||
dest: '/etc/grafana/{{ item }}'
|
dest: '/etc/grafana/{{ item }}'
|
||||||
|
|
|
@ -146,12 +146,82 @@ admin_password = {{ grafana_admin_pwd }}
|
||||||
# data source proxy whitelist (ip_or_domain:port separated by spaces)
|
# data source proxy whitelist (ip_or_domain:port separated by spaces)
|
||||||
;data_source_proxy_whitelist =
|
;data_source_proxy_whitelist =
|
||||||
|
|
||||||
|
# set to true if you host Grafana behind HTTPS. default is false.
|
||||||
|
;cookie_secure = false
|
||||||
|
|
||||||
|
# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
|
||||||
|
;cookie_samesite = lax
|
||||||
|
|
||||||
|
# set to true if you want to allow browsers to render Grafana in a <frame>, <iframe>, <embed> or <object>. default is false.
|
||||||
|
;allow_embedding = false
|
||||||
|
|
||||||
|
# Set to true if you want to enable http strict transport security (HSTS) response header.
|
||||||
|
# HSTS tells browsers that the site should only be accessed using HTTPS.
|
||||||
|
;strict_transport_security = false
|
||||||
|
|
||||||
|
# Sets how long a browser should cache HSTS. Only applied if strict_transport_security is enabled.
|
||||||
|
;strict_transport_security_max_age_seconds = 86400
|
||||||
|
|
||||||
|
# Set to true if to enable HSTS preloading option. Only applied if strict_transport_security is enabled.
|
||||||
|
;strict_transport_security_preload = false
|
||||||
|
|
||||||
|
# Set to true if to enable the HSTS includeSubDomains option. Only applied if strict_transport_security is enabled.
|
||||||
|
;strict_transport_security_subdomains = false
|
||||||
|
|
||||||
|
# Set to true to enable the X-Content-Type-Options response header.
|
||||||
|
# The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised
|
||||||
|
# in the Content-Type headers should not be changed and be followed.
|
||||||
|
;x_content_type_options = true
|
||||||
|
|
||||||
|
# Set to true to enable the X-XSS-Protection header, which tells browsers to stop pages from loading
|
||||||
|
# when they detect reflected cross-site scripting (XSS) attacks.
|
||||||
|
;x_xss_protection = true
|
||||||
|
|
||||||
|
# Enable adding the Content-Security-Policy header to your requests.
|
||||||
|
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
|
||||||
|
;content_security_policy = false
|
||||||
|
|
||||||
|
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
|
||||||
|
# $NONCE in the template includes a random nonce.
|
||||||
|
# $ROOT_PATH is server.root_url without the protocol.
|
||||||
|
;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline'
|
||||||
|
blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
|
||||||
|
|
||||||
|
# Controls if old angular plugins are supported or not. This will be disabled by default in future release
|
||||||
|
;angular_support_enabled = true
|
||||||
|
|
||||||
|
# List of additional allowed URLs to pass by the CSRF check, separated by spaces. Suggested when authentication comes from an IdP.
|
||||||
|
;csrf_trusted_origins = example.com
|
||||||
|
|
||||||
|
# List of allowed headers to be set by the user, separated by spaces. Suggested to use for if authentication lives behind reverse proxies.
|
||||||
|
;csrf_additional_headers =
|
||||||
|
|
||||||
|
[security.encryption]
|
||||||
|
# Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache).
|
||||||
|
# Please note that small values may cause performance issues due to a high frequency decryption operations.
|
||||||
|
;data_keys_cache_ttl = 15m
|
||||||
|
|
||||||
|
# Defines the frequency of data encryption keys cache cleanup interval.
|
||||||
|
# On every interval, decrypted data encryption keys that reached the TTL are removed from the cache.
|
||||||
|
;data_keys_cache_cleanup_interval = 1m
|
||||||
|
|
||||||
[snapshots]
|
[snapshots]
|
||||||
# snapshot sharing options
|
# snapshot sharing options
|
||||||
;external_enabled = true
|
;external_enabled = true
|
||||||
;external_snapshot_url = https://snapshots-origin.raintank.io
|
;external_snapshot_url = https://snapshots-origin.raintank.io
|
||||||
;external_snapshot_name = Publish to snapshot.raintank.io
|
;external_snapshot_name = Publish to snapshot.raintank.io
|
||||||
|
|
||||||
|
[dashboards]
|
||||||
|
# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
|
||||||
|
;versions_to_keep = 20
|
||||||
|
|
||||||
|
# Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
|
||||||
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
||||||
|
;min_refresh_interval = 5s
|
||||||
|
|
||||||
|
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
|
||||||
|
;default_home_dashboard_path =
|
||||||
|
|
||||||
#################################### Users ####################################
|
#################################### Users ####################################
|
||||||
[users]
|
[users]
|
||||||
# disable user signup / registration
|
# disable user signup / registration
|
||||||
|
@ -172,6 +242,19 @@ auto_assign_org_role = {{ grafana_u_default_role }}
|
||||||
# Default UI theme ("dark" or "light")
|
# Default UI theme ("dark" or "light")
|
||||||
default_theme = {{ grafana_u_default_theme }}
|
default_theme = {{ grafana_u_default_theme }}
|
||||||
|
|
||||||
|
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
|
||||||
|
;disable_login_form = false
|
||||||
|
|
||||||
|
# Set to true to disable the sign out link in the side menu. Useful if you use auth.proxy or auth.jwt, defaults to false
|
||||||
|
;disable_signout_menu = false
|
||||||
|
|
||||||
|
# URL to redirect the user to after sign out
|
||||||
|
;signout_redirect_url =
|
||||||
|
|
||||||
|
# Set to true to attempt login with OAuth automatically, skipping the login screen.
|
||||||
|
# This setting is ignored if multiple OAuth providers are configured.
|
||||||
|
;oauth_auto_login = false
|
||||||
|
|
||||||
#################################### Anonymous Auth ##########################
|
#################################### Anonymous Auth ##########################
|
||||||
[auth.anonymous]
|
[auth.anonymous]
|
||||||
# enable anonymous access
|
# enable anonymous access
|
||||||
|
@ -201,6 +284,11 @@ allow_sign_up = {{ grafana_oauth_allow_signup | lower }}
|
||||||
client_id = {{ grafana_oauth_client_id | default('grafana') }}
|
client_id = {{ grafana_oauth_client_id | default('grafana') }}
|
||||||
client_secret = {{ grafana_oauth_client_secret }}
|
client_secret = {{ grafana_oauth_client_secret }}
|
||||||
auth_url = {{ grafana_oauth_auth_url }}
|
auth_url = {{ grafana_oauth_auth_url }}
|
||||||
|
|
||||||
|
|
||||||
|
RIPARTIRE DA QUA
|
||||||
|
|
||||||
|
|
||||||
token_url = {{ grafana_oauth_token_url }}
|
token_url = {{ grafana_oauth_token_url }}
|
||||||
api_url = {{ grafana_oauth_api_url }}
|
api_url = {{ grafana_oauth_api_url }}
|
||||||
use_pkce = {{ grafana_oauth_use_pkce | lower }}
|
use_pkce = {{ grafana_oauth_use_pkce | lower }}
|
||||||
|
|
Loading…
Reference in New Issue