277 lines
13 KiB
YAML
277 lines
13 KiB
YAML
---
|
|
grafana_repo_key: https://apt.grafana.com/gpg.key
|
|
grafana_repo: "deb [signed-by=/usr/share/keyrings/grafana.key] https://apt.grafana.com stable main"
|
|
grafana_pkg_state: latest
|
|
grafana_packages:
|
|
- grafana
|
|
|
|
grafana_conf:
|
|
- { section: "", option: app_mode, value: "{{ grafana_app_mode }}", state: present }
|
|
- { section: "", option: instance_name, value: "{{ grafana_instance_name }}", state: present }
|
|
- { section: paths, option: data, value: "{{ grafana_data_path }}", state: present }
|
|
- { section: server, option: protocol, value: "{{ grafana_server_protocol }}", state: present }
|
|
- { section: server, option: http_addr, value: "{{ grafana_bind_ip_address }}", state: present }
|
|
- { section: server, option: http_port, value: "{{ grafana_http_port }}", state: present }
|
|
- { section: server, option: domain, value: "{{ grafana_domain_name }}", state: present }
|
|
- { section: server, option: enforce_domain, value: "{{ grafana_enforce_dom_name | lower }}", state: present }
|
|
- section: server
|
|
option: root_url
|
|
value: "{{ grafana_public_endpoint | default('%(protocol)s://%(domain)s:%(http_port)s/') }}"
|
|
state: present
|
|
- { section: database, option: type, value: "{{ grafana_db_type }}", state: present }
|
|
- { section: database, option: host, value: "{{ grafana_db_hostport }}", state: present }
|
|
- { section: database, option: name, value: "{{ grafana_db_name }}", state: present }
|
|
- { section: database, option: user, value: "{{ grafana_db_user }}", state: present }
|
|
- { section: database, option: password, value: "{{ grafana_db_password }}", state: present }
|
|
- { section: database, option: ssl_mode, value: "{{ grafana_db_pg_ssl_mode }}", state: present }
|
|
- { section: session, option: provider, value: "{{ grafana_session_provider }}", state: present }
|
|
- { section: session, option: provider_config, value: "{{ grafana_session_config }}", state: present }
|
|
- { section: session, option: secure_cookie, value: "{{ grafana_secure_cookies | lower }}", state: present }
|
|
- { section: session, option: cookie_name, value: "{{ grafana_cookie_name }}", state: present }
|
|
- section: analytics
|
|
option: reporting_enabled
|
|
value: "{{ grafana_analytics_reporting_enabled | lower }}"
|
|
state: present
|
|
- { section: analytics, option: check_for_updates, value: "{{ grafana_analytics_updates_check | lower }}", state: present }
|
|
- section: security
|
|
option: admin_user
|
|
value: "{{ grafana_admin_user }}"
|
|
state: "{% if grafana_setup_admin_user %}present{% else %}absent{% endif %}"
|
|
- section: security
|
|
option: admin_password
|
|
value: "{{ grafana_admin_password }}"
|
|
state: "{% if grafana_setup_admin_user %}present{% else %}absent{% endif %}"
|
|
- section: security
|
|
option: secret_key
|
|
value: "{{grafana_signing_key }}"
|
|
state: "{% if grafana_setup_signing_key %}present{% else %}absent{% endif %}"
|
|
- { section: security, option: cookie_secure, value: "{{ grafana_secure_cookies | lower }}", state: present }
|
|
- { section: security, option: cookie_samesite, value: "{{ grafana_cookie_samesite | default('lax') }}", state: present }
|
|
- section: security
|
|
option: allow_embedding
|
|
value: "{{ grafana_allow_embedding | default(false) | lower }}"
|
|
state: present
|
|
- section: dashboards
|
|
option: versions_to_keep
|
|
value: "{{ grafana_dashboards_versions_to_keep | default('20') }}"
|
|
state: present
|
|
- section: dashboards
|
|
option: min_refresh_interval
|
|
value: "{{ grafana_dashbards_min_default_interval | default('5s') }}"
|
|
state: present
|
|
- { section: users, option: allow_sign_up, value: "{{ grafana_u_allow_signup | lower }}", state: present }
|
|
- { section: users, option: allow_org_create, value: "{{ grafana_u_allow_org_create | lower }}", state: present }
|
|
- section: users
|
|
option: auto_assign_org
|
|
value: "{{ grafana_u_auto_assign_org | default(true) | lower }}"
|
|
state: present
|
|
- { section: users, option: auto_assign_org_role, value: "{{grafana_u_default_role | lower }}", state: present }
|
|
- { section: users, option: default_theme, value: "{{ grafana_u_default_theme }}", state: present }
|
|
- { section: auth, option: disable_login_form, value: "{{ grafana_u_disable_login_form | lower }}", state: present }
|
|
- { section: auth, option: oauth_auto_login, value: "{{ grafana_oauth_auto_login | lower }}", state: present }
|
|
- { section: auth.anonymous, option: enabled, value: "{{ grafana_auth_anon | lower }}", state: present }
|
|
- { section: auth.generic_oauth, option: enabled, value: "{{ grafana_oauth_generic_enabled | lower }}", state: present }
|
|
- section: auth.generic_oauth
|
|
option: name
|
|
value: "{{ grafana_oauth_name }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: icon
|
|
value: signin
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: scopes
|
|
value: "{{ grafana_oauth_scopes }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: empty_scopes
|
|
value: "{{ grafana_oauth_empty_scopes | lower }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: tls_skip_verify_insecure
|
|
value: "{{ grafana_tls_skip_verify_insecure | lower }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: allow_sign_up
|
|
value: "{{ grafana_oauth_allow_signup | lower }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: client_id
|
|
value: "{{ grafana_oauth_client_id | default('grafana') }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: client_secret
|
|
value: "{{ grafana_oauth_client_secret }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: auth_url
|
|
value: "{{ grafana_oauth_auth_url }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: token_url
|
|
value: "{{ grafana_oauth_token_url | default('') }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: api_url
|
|
value: "{{grafana_oauth_api_url }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: use_pkce
|
|
value: "{{ grafana_oauth_use_pkce | lower }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: auth_style
|
|
value: "{{ grafana_oauth_auth_style | default('') }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: allow_assign_grafana_admin
|
|
value: "{{ grafana_oauth_allow_assign_grafana_admin | lower }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- section: auth.generic_oauth
|
|
option: role_attribute_path
|
|
value: "{{ grafana_oauth_role_attribute_path }}"
|
|
state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
|
|
- { section: auth.ldap, option: enabled, value: "{{grafana_ldap_auth | lower }}", state: present }
|
|
- { section: auth.ldap, option: config_file, value: /etc/grafana/ldap.toml, state: present }
|
|
- { section: log, option: mode, value: "{{ grafana_log_mode }}", state: present }
|
|
- { section: log, option: level, value: "{{ grafana_log_level }}", state: present }
|
|
- { section: log.console, option: level, value: "{{ grafana_log_level }}", state: present }
|
|
- { section: log.console, option: format, value: "{{ grafana_log_console_format | default('text') }}", state: present }
|
|
- { section: log.syslog, option: level, value: "{{ grafana_log_level }}", state: present }
|
|
- { section: log.syslog, option: facility, value: "{{ grafana_syslog_facility }}", state: present }
|
|
- { section: dashboards.json, option: enabled, value: "{{ grafana_dashboard_json | lower }}", state: present }
|
|
- section: dashboards.json
|
|
option: path
|
|
value: "{{ grafana_dashboards_json_path | default('/var/lib/grafana/dashboards') }}"
|
|
state: present
|
|
- { section: metrics, option: enabled, value: "{{ grafana_metrics_enabled | default(true) | lower }}", state: present }
|
|
- { section: grafana_net, option: url, value: https://grafana.net, state: present }
|
|
- { section: remote_cache, option: type, value: "{{ grafana_remote_cache }}", state: present }
|
|
- { section: remote_cache, option: connstr, value: "{{ grafana_remote_cache_connstr }}", state: present }
|
|
|
|
|
|
grafana_additional_conf: []
|
|
grafana_ldap_conf_file:
|
|
- ldap.toml
|
|
|
|
grafana_enabled: true
|
|
grafana_app_mode: production
|
|
grafana_instance_name: "{{ ansible_fqdn }}"
|
|
|
|
grafana_require_nginx: true
|
|
grafana_require_redis: true
|
|
# redis, file
|
|
grafana_session_provider: file
|
|
|
|
# Remote cache: "redis", "memcached" or "database" default is "database"
|
|
grafana_remote_cache: database
|
|
grafana_remote_cache_connstr: ""
|
|
|
|
grafana_data_path: /var/lib/grafana
|
|
grafana_server_protocol: http
|
|
grafana_bind_ip_address: 127.0.0.1
|
|
grafana_http_port: 3000
|
|
grafana_domain_name: "{{ ansible_fqdn }}"
|
|
grafana_enforce_dom_name: true
|
|
grafana_cookie_name: grafana_sess
|
|
grafana_secure_cookies: true
|
|
|
|
# Either mysql, postgres or sqlite3
|
|
grafana_db_type: sqlite3
|
|
# The other db data is not needed when the choice is sqlite3
|
|
grafana_db_port: 5432
|
|
grafana_db_host: 127.0.0.1
|
|
grafana_db_hostport: "{{ grafana_db_host }}:{{ grafana_db_port }}"
|
|
grafana_db_name: grafana
|
|
grafana_db_user: grafana_u
|
|
# grafana_db_password: 'set_it_into_a_vault_file'
|
|
grafana_db_pg_ssl_mode: require
|
|
#
|
|
grafana_setup_admin_user: true
|
|
grafana_admin_user: admin
|
|
# grafana_admin_pwd: 'Use a vault file'
|
|
grafana_setup_signing_key: false
|
|
# grafana_signing_key: 'Use a vault file'
|
|
# sessions, or if redis: 'addr=127.0.0.1:6379,pool_size=100,db=grafana'
|
|
grafana_session_config: sessions
|
|
|
|
grafana_analytics_reporting_enabled: "true"
|
|
grafana_analytics_updates_check: "true"
|
|
|
|
grafana_u_allow_signup: "false"
|
|
grafana_u_allow_org_create: "false"
|
|
grafana_u_default_role: Viewer
|
|
# dark or light
|
|
grafana_u_default_theme: dark
|
|
grafana_u_disable_login_form: false
|
|
grafana_auth_anon: "false"
|
|
|
|
grafana_log_mode: syslog
|
|
grafana_log_level: info
|
|
grafana_syslog_facility: daemon
|
|
|
|
grafana_dashboard_json: true
|
|
|
|
grafana_additional_plugins:
|
|
- name: grafana-clock-panel
|
|
- name: grafana-piechart-panel
|
|
- name: grafana-polystat-panel
|
|
|
|
grafana_ldap_auth: false
|
|
grafana_ldap_host: 127.0.0.1
|
|
grafana_ldap_port: 636
|
|
grafana_ldap_use_ssl: "true"
|
|
grafana_ldap_ssl_skip_verify: "false"
|
|
grafana_ldap_bind_dn: cn=admin,dc=grafana,dc=org
|
|
grafana_ldap_bind_pwd: grafana
|
|
grafana_ldap_u_search_filter: (uid=%s)
|
|
grafana_ldap_u_search_base: dc=grafana,dc=org
|
|
grafana_ldap_posix_groups: "false"
|
|
grafana_ldap_g_search_filter: (&(objectClass=posixGroup)(memberUid=%s))
|
|
grafana_ldap_g_search_filter_user_attr: uid
|
|
grafana_ldap_g_search_base: ou=groups,dc=grafana,dc=org
|
|
grafana_ldap_u_email: mail
|
|
grafana_ldap_admin_role_group: cn=admins,dc=grafana,dc=org
|
|
grafana_ldap_serverattrs_username: uid
|
|
grafana_ldap_group_roles:
|
|
- { dn: "cn=users,dc=grafana,dc=org", role: Editor }
|
|
- { dn: "*", role: Viewer }
|
|
|
|
grafana_oauth_generic_enabled: false
|
|
grafana_oauth_client_id: ""
|
|
# grafana_oauth_client_secret: 'use a vault'
|
|
grafana_oauth_auth_url: ""
|
|
grafana_oauth_token_url: ""
|
|
grafana_oauth_api_url: ""
|
|
grafana_oauth_name: Oauth
|
|
grafana_oauth_scopes: openid email profile
|
|
grafana_oauth_empty_scopes: false
|
|
grafana_tls_skip_verify_insecure: false
|
|
grafana_oauth_allow_signup: false
|
|
grafana_oauth_auto_login: false
|
|
grafana_oauth_allowed_domains: ""
|
|
grafana_oauth_use_pkce: true
|
|
grafana_oauth_allow_assign_grafana_admin: false
|
|
# Examples:
|
|
# 'role'
|
|
# contains(info.roles[*], 'admin') && 'Admin' || contains(info.roles[*], 'editor') && 'Editor' || 'Viewer'
|
|
# contains(info.roles[*], 'admin') && 'GrafanaAdmin' || contains(info.roles[*], 'editor') && 'Editor' || 'Viewer'
|
|
# https://grafana.com/docs/grafana/next/setup-grafana/configure-security/configure-authentication/generic-oauth/#jmespath-examples
|
|
grafana_oauth_role_attribute_path: ""
|
|
|
|
grafana_nginx_virthosts:
|
|
- virthost_name: "{{ ansible_fqdn }}"
|
|
listen: "80"
|
|
server_name: "{{ ansible_fqdn }}"
|
|
server_aliases: ""
|
|
index: index.html
|
|
ssl_enabled: false
|
|
ssl_only: false
|
|
ssl_letsencrypt_certs: "{{ nginx_letsencrypt_managed }}"
|
|
root: "{{ nginx_webroot }}"
|
|
server_tokens: "off"
|
|
proxy_standard_setup: true
|
|
proxies:
|
|
- location: /
|
|
target: http://localhost:{{ grafana_http_port }};
|