--- grafana_repo_key: https://packages.grafana.com/gpg.key grafana_repo: deb https://packages.grafana.com/oss/deb stable main grafana_pkg_state: latest grafana_packages: - grafana grafana_conf: - { section: "", option: app_mode, value: "{{ grafana_app_mode }}", state: present } - { section: "", option: instance_name, value: "{{ grafana_instance_name }}", state: present } - { section: paths, option: data, value: "{{ grafana_data_path }}", state: present } - { section: server, option: protocol, value: "{{ grafana_server_protocol }}", state: present } - { section: server, option: http_addr, value: "{{ grafana_bind_ip_address }}", state: present } - { section: server, option: http_port, value: "{{ grafana_http_port }}", state: present } - { section: server, option: domain, value: "{{ grafana_domain_name }}", state: present } - { section: server, option: enforce_domain, value: "{{ grafana_enforce_dom_name | lower }}", state: present } - section: server option: root_url value: "{{ grafana_public_endpoint | default('%(protocol)s://%(domain)s:%(http_port)s/') }}" state: present - { section: database, option: type, value: "{{ grafana_db_type }}", state: present } - { section: database, option: host, value: "{{ grafana_db_hostport }}", state: present } - { section: database, option: name, value: "{{ grafana_db_name }}", state: present } - { section: database, option: user, value: "{{ grafana_db_user }}", state: present } - { section: database, option: password, value: "{{ grafana_db_password }}", state: present } - { section: database, option: ssl_mode, value: "{{ grafana_db_pg_ssl_mode }}", state: present } - { section: session, option: provider, value: "{{ grafana_session_provider }}", state: present } - { section: session, option: provider_config, value: "{{ grafana_session_config }}", state: present } - { section: session, option: secure_cookie, value: "{{ grafana_secure_cookies | lower }}", state: present } - { section: session, option: cookie_name, value: "{{ grafana_cookie_name }}", state: present } - section: analytics option: reporting_enabled value: "{{ grafana_analytics_reporting_enabled | lower }}" state: present - { section: analytics, option: check_for_updates, value: "{{ grafana_analytics_updates_check | lower }}", state: present } - section: security option: admin_user value: "{{ grafana_admin_user }}" state: "{% if grafana_setup_admin_user %}present{% else %}absent{% endif %}" - section: security option: admin_password value: "{{ grafana_admin_password }}" state: "{% if grafana_setup_admin_user %}present{% else %}absent{% endif %}" - section: security option: secret_key value: "{{grafana_signing_key }}" state: "{% if grafana_setup_signing_key %}present{% else %}absent{% endif %}" - { section: security, option: cookie_secure, value: "{{ grafana_secure_cookies | lower }}", state: present } - { section: security, option: cookie_samesite, value: "{{ grafana_cookie_samesite | default('lax') }}", state: present } - section: security option: allow_embedding value: "{{ grafana_allow_embedding | default(false) | lower }}" state: present - section: dashboards option: versions_to_keep value: "{{ grafana_dashboards_versions_to_keep | default('20') }}" state: present - section: dashboards option: min_refresh_interval value: "{{ grafana_dashbards_min_default_interval | default('5s') }}" state: present - { section: users, option: allow_sign_up, value: "{{ grafana_u_allow_signup | lower }}", state: present } - { section: users, option: allow_org_create, value: "{{ grafana_u_allow_org_create | lower }}", state: present } - section: users option: auto_assign_org value: "{{ grafana_u_auto_assign_org | default(true) | lower }}" state: present - { section: users, option: auto_assign_org_role, value: "{{grafana_u_default_role | lower }}", state: present } - { section: users, option: default_theme, value: "{{ grafana_u_default_theme }}", state: present } - { section: auth, option: disable_login_form, value: "{{ grafana_u_disable_login_form | lower }}", state: present } - { section: auth, option: oauth_auto_login, value: "{{ grafana_oauth_auto_login | lower }}", state: present } - { section: auth.anonymous, option: enabled, value: "{{ grafana_auth_anon | lower }}", state: present } - { section: auth.generic_oauth, option: enabled, value: "{{ grafana_oauth_generic_enabled | lower }}", state: present } - section: auth.generic_oauth option: name value: "{{ grafana_oauth_name }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: icon value: signin state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: scopes value: "{{ grafana_oauth_scopes }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: empty_scopes value: "{{ grafana_oauth_empty_scopes | lower }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: tls_skip_verify_insecure value: "{{ grafana_tls_skip_verify_insecure | lower }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: allow_sign_up value: "{{ grafana_oauth_allow_signup | lower }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: client_id value: "{{ grafana_oauth_client_id | default('grafana') }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: client_secret value: "{{ grafana_oauth_client_secret }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: auth_url value: "{{ grafana_oauth_auth_url }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: token_url value: "{{ grafana_oauth_token_url | default('') }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: api_url value: "{{grafana_oauth_api_url }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: use_pkce value: "{{ grafana_oauth_use_pkce | lower }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: auth_style value: "{{ grafana_oauth_auth_style | default('') }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: allow_assign_grafana_admin value: "{{ grafana_oauth_allow_assign_grafana_admin | lower }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - section: auth.generic_oauth option: role_attribute_path value: "{{ grafana_oauth_role_attribute_path }}" state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}" - { section: auth.ldap, option: enabled, value: "{{grafana_ldap_auth | lower }}", state: present } - { section: auth.ldap, option: config_file, value: /etc/grafana/ldap.toml, state: present } - { section: log, option: mode, value: "{{ grafana_log_mode }}", state: present } - { section: log, option: level, value: "{{ grafana_log_level }}", state: present } - { section: log.console, option: level, value: "{{ grafana_log_level }}", state: present } - { section: log.console, option: format, value: "{{ grafana_log_console_format | default('text') }}", state: present } - { section: log.syslog, option: level, value: "{{ grafana_log_level }}", state: present } - { section: log.syslog, option: facility, value: "{{ grafana_syslog_facility }}", state: present } - { section: dashboards.json, option: enabled, value: "{{ grafana_dashboard_json | lower }}", state: present } - section: dashboards.json option: path value: "{{ grafana_dashboards_json_path | default('/var/lib/grafana/dashboards') }}" state: present - { section: metrics, option: enabled, value: "{{ grafana_metrics_enabled | default(true) | lower }}", state: present } - { section: grafana_net, option: url, value: https://grafana.net, state: present } - { section: remote_cache, option: type, value: "{{ grafana_remote_cache }}", state: present } - { section: remote_cache, option: connstr, value: "{{ grafana_remote_cache_connstr }}", state: present } grafana_additional_conf: [] grafana_ldap_conf_file: - ldap.toml grafana_enabled: true grafana_app_mode: production grafana_instance_name: "{{ ansible_fqdn }}" grafana_require_nginx: true grafana_require_redis: true # redis, file grafana_session_provider: file # Remote cache: "redis", "memcached" or "database" default is "database" grafana_remote_cache: database grafana_remote_cache_connstr: "" grafana_data_path: /var/lib/grafana grafana_server_protocol: http grafana_bind_ip_address: 127.0.0.1 grafana_http_port: 3000 grafana_domain_name: "{{ ansible_fqdn }}" grafana_enforce_dom_name: true grafana_cookie_name: grafana_sess grafana_secure_cookies: true # Either mysql, postgres or sqlite3 grafana_db_type: sqlite3 # The other db data is not needed when the choice is sqlite3 grafana_db_port: 5432 grafana_db_host: 127.0.0.1 grafana_db_hostport: "{{ grafana_db_host }}:{{ grafana_db_port }}" grafana_db_name: grafana grafana_db_user: grafana_u # grafana_db_password: 'set_it_into_a_vault_file' grafana_db_pg_ssl_mode: require # grafana_setup_admin_user: true grafana_admin_user: admin # grafana_admin_pwd: 'Use a vault file' grafana_setup_signing_key: false # grafana_signing_key: 'Use a vault file' # sessions, or if redis: 'addr=127.0.0.1:6379,pool_size=100,db=grafana' grafana_session_config: sessions grafana_analytics_reporting_enabled: "true" grafana_analytics_updates_check: "true" grafana_u_allow_signup: "false" grafana_u_allow_org_create: "false" grafana_u_default_role: Viewer # dark or light grafana_u_default_theme: dark grafana_u_disable_login_form: false grafana_auth_anon: "false" grafana_log_mode: syslog grafana_log_level: info grafana_syslog_facility: daemon grafana_dashboard_json: true grafana_additional_plugins: - name: grafana-clock-panel - name: grafana-piechart-panel - name: grafana-polystat-panel grafana_ldap_auth: false grafana_ldap_host: 127.0.0.1 grafana_ldap_port: 636 grafana_ldap_use_ssl: "true" grafana_ldap_ssl_skip_verify: "false" grafana_ldap_bind_dn: cn=admin,dc=grafana,dc=org grafana_ldap_bind_pwd: grafana grafana_ldap_u_search_filter: (uid=%s) grafana_ldap_u_search_base: dc=grafana,dc=org grafana_ldap_posix_groups: "false" grafana_ldap_g_search_filter: (&(objectClass=posixGroup)(memberUid=%s)) grafana_ldap_g_search_filter_user_attr: uid grafana_ldap_g_search_base: ou=groups,dc=grafana,dc=org grafana_ldap_u_email: mail grafana_ldap_admin_role_group: cn=admins,dc=grafana,dc=org grafana_ldap_serverattrs_username: uid grafana_ldap_group_roles: - { dn: "cn=users,dc=grafana,dc=org", role: Editor } - { dn: "*", role: Viewer } grafana_oauth_generic_enabled: false grafana_oauth_client_id: "" # grafana_oauth_client_secret: 'use a vault' grafana_oauth_auth_url: "" grafana_oauth_token_url: "" grafana_oauth_api_url: "" grafana_oauth_name: Oauth grafana_oauth_scopes: openid email profile grafana_oauth_empty_scopes: false grafana_tls_skip_verify_insecure: false grafana_oauth_allow_signup: false grafana_oauth_auto_login: false grafana_oauth_allowed_domains: "" grafana_oauth_use_pkce: true grafana_oauth_allow_assign_grafana_admin: false # Examples: # 'role' # contains(info.roles[*], 'admin') && 'Admin' || contains(info.roles[*], 'editor') && 'Editor' || 'Viewer' # contains(info.roles[*], 'admin') && 'GrafanaAdmin' || contains(info.roles[*], 'editor') && 'Editor' || 'Viewer' # https://grafana.com/docs/grafana/next/setup-grafana/configure-security/configure-authentication/generic-oauth/#jmespath-examples grafana_oauth_role_attribute_path: "" nginx_virthosts: - virthost_name: "{{ ansible_fqdn }}" listen: "80" server_name: "{{ ansible_fqdn }}" server_aliases: "" index: index.html ssl_enabled: false ssl_only: false ssl_letsencrypt_certs: "{{ nginx_letsencrypt_managed }}" root: "{{ nginx_webroot }}" server_tokens: "off" proxy_standard_setup: true proxies: - location: / target: http://localhost:{{ grafana_http_port }};