InfraScience
/
ansible-role-grafana
24
0
Fork 0
Code Issues Pull Requests Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '26df2b0dcb'
${ noResults }
ansible-role-grafana/defaults/main.yml

192 lines
12 KiB
YAML
Raw Blame History

---
grafana_repo_key: https://packages.grafana.com/gpg.key
grafana_repo: 'deb https://packages.grafana.com/oss/deb stable main'
grafana_pkg_state: latest
grafana_packages:
- grafana
grafana_conf:
- {section: '', option: 'app_mode', value: '{{ grafana_app_mode }}', state: present}
- {section: '', option: 'instance_name', value: '{{ grafana_instance_name }}', state: present}
- {section: 'paths', option: 'data', value: '{{ grafana_data_path }}', state: present}
- {section: 'server', option: 'protocol', value: '{{ grafana_server_protocol }}', state: present}
- {section: 'server', option: 'http_addr', value: '{{ grafana_bind_ip_address }}', state: present}
- {section: 'server', option: 'http_port', value: '{{ grafana_http_port }}', state: present}
- {section: 'server', option: 'domain', value: '{{ grafana_domain_name }}', state: present}
- {section: 'server', option: 'enforce_domain', value: '{{ grafana_enforce_dom_name | lower }}', state: present}
- {section: 'database', option: 'type', value: '{{ grafana_db_type }}', state: present}
- {section: 'database', option: 'host', value: '{{ grafana_db_hostport }}', state: present}
- {section: 'database', option: 'name', value: '{{ grafana_db_name }}', state: present}
- {section: 'database', option: 'user', value: '{{ grafana_db_user }}', state: present}
- {section: 'database', option: 'password', value: '{{ grafana_db_password }}', state: present}
- {section: 'database', option: 'ssl_mode', value: '{{ grafana_db_pg_ssl_mode }}', state: present}
- {section: 'session', option: 'provider', value: '{{ grafana_session_provider }}', state: present}
- {section: 'session', option: 'provider_config', value: '{{ grafana_session_config }}', state: present}
- {section: 'session', option: 'secure_cookie', value: '{{ grafana_secure_cookie | lower }}', state: present}
- {section: 'session', option: 'cookie_name', value: '{{ grafana_cookie_name }}', state: present}
- {section: 'analytics', option: 'reporting_enabled', value: '{{ grafana_analytics_reporting_enabled | lower }}', state: present}
- {section: 'analytics', option: 'check_for_updates', value: '{{ grafana_analytics_updates_check | lower }}', state: present}
- {section: 'security', option: 'admin_user', value: '{{ grafana_admin_user }}', state: "{% if grafana_setup_admin_user %}present{% else %}absent{% endif %}"}
- {section: 'security', option: 'secret_key', value: '{{grafana_signing_key }}', state: "{% if grafana_setup_signing_key %}present{% else %}absent{% endif %}"}
- {section: 'security', option: 'cookie_secure', value: '{{ grafana_secure_cookies | lower }}', state: present}
- {section: 'security', option: 'cookie_samesite', value: "{{ grafana_cookie_samesite | default('lax') }}", state: present}
- {section: 'security', option: 'allow_embedding', value: "{{ grafana_allow_embedding | default(false) }}", state: present}
- {section: 'dashboards', option: 'versions_to_keep', value: "{{ grafana_dashboards_versions_to_keep | default('20') }}", state: present}
- {section: 'dashboards', option: 'min_refresh_interval', value: "{{ grafana_dashbards_min_default_interval | default('5s') }}", state: present}
- {section: 'users', option: 'allow_sign_up', value: '{{ grafana_u_allow_signup | lower }}', state: present}
- {section: 'users', option: 'allow_org_create', value: '{{ grafana_u_allow_org_create | lower }}', state: present}
- {section: 'users', option: 'auto_assign_org', value: "{{ grafana_u_auto_assign_org | default(true) | lower }}", state: present}
- {section: 'users', option: 'auto_assign_org_role', value: "{{grafana_u_default_role | lower }}", state: present}
- {section: 'users', option: 'default_theme', value: '{{ grafana_u_default_theme }}', state: present}
- {section: 'users', option: 'disable_login_form', value: '{{ grafana_u_disable_login_form | lower }}', state: present}
- {section: 'auth.anonymous', option: 'enabled', value: '{{ grafana_auth_anon | lower }}', state: present}
- {section: 'auth.generic_oauth', option: 'enabled', value: '{{ grafana_oauth_generic_enabled | lower }}', state: present}
- {section: 'auth.generic_oauth', option: 'name', value: '{{ grafana_oauth_name }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'icon', value: 'signin', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'scopes', value: '{{ grafana_oauth_scopes }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'empty_scopes', value: '{{ grafana_oauth_empty_scopes | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'tls_skip_verify_insecure', value: '{{ grafana_tls_skip_verify_insecure | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'allow_sign_up', value: '{{ grafana_oauth_allow_signup | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'client_id', value: "{{ grafana_oauth_client_id | default('grafana') }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'client_secret', value: '{{ grafana_oauth_client_secret }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'auth_url', value: '{{ grafana_oauth_auth_url }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'token_url', value: "{{ grafana_oauth_token_url | default('') }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'api_url', value: '{{grafana_oauth_api_url }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'use_pkce', value: '{{ grafana_oauth_use_pkce | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'auth_style', value: "{{ grafana_oauth_auth_style | default('') }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'allow_assign_grafana_admin', value: '{{ grafana_oauth_allow_assign_grafana_admin | lower }}', state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.generic_oauth', option: 'role_attribute_path', value: "{{ grafana_oauth_role_attribute_path }}", state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"}
- {section: 'auth.ldap', option: 'enabled', value: '{{grafana_ldap_auth | lower }}', state: present}
- {section: 'auth.ldap', option: 'config_file', value: '/etc/grafana/ldap.toml', state: present}
- {section: 'log', option: 'mode', value: '{{ grafana_log_mode }}', state: present}
- {section: 'log', option: 'level', value: '{{ grafana_log_level }}', state: present}
- {section: 'log.console', option: 'level', value: '{{ grafana_log_level }}', state: present}
- {section: 'log.console', option: 'format', value: "{{ grafana_log_console_format | default('text') }}", state: present}
- {section: 'log.syslog', option: 'level', value: '{{ grafana_log_level }}', state: present}
- {section: 'log.syslog', option: 'facility', value: '{{ grafana_syslog_facility }}', state: present}
- {section: 'dashboards.json', option: 'enabled', value: '{{ grafana_dashboard_json | lower }}', state: present}
- {section: 'dashboards.json', option: 'path', value: "{{ grafana_dashboards_json_path | default('/var/lib/grafana/dashboards')", state: present}
- {section: 'metrics', option: 'enabled', value: "{{ grafana_metrics_enabled | default(true) | lower }}", state: present}
- {section: 'grafana_net', option: 'url', value: 'https://grafana.net', state: present}
grafana_additional_conf: []
grafana_ldap_conf_file:
- ldap.toml
grafana_enabled: true
grafana_app_mode: production
grafana_instance_name: '{{ ansible_fqdn }}'
grafana_require_nginx: true
grafana_require_redis: true
# redis, file
grafana_session_provider: file
grafana_data_path: /var/lib/grafana
grafana_server_protocol: http
grafana_bind_ip_address: 127.0.0.1
grafana_http_port: 3000
grafana_domain_name: '{{ ansible_fqdn }}'
grafana_enforce_dom_name: true
grafana_cookie_name: grafana_sess
grafana_secure_cookies: true
# Either mysql, postgres or sqlite3
grafana_db_type: sqlite3
# The other db data is not needed when the choice is sqlite3
grafana_db_port: 5432
grafana_db_host: '127.0.0.1'
grafana_db_hostport: '{{ grafana_db_host }}:{{ grafana_db_port }}'
grafana_db_name: grafana
grafana_db_user: grafana_u
# grafana_db_password: 'set_it_into_a_vault_file'
grafana_db_pg_ssl_mode: require
#
grafana_setup_admin_user: true
grafana_admin_user: admin
# grafana_admin_pwd: 'Use a vault file'
grafana_setup_signing_key: false
# grafana_signing_key: 'Use a vault file'
# sessions, or if redis: 'addr=127.0.0.1:6379,pool_size=100,db=grafana'
grafana_session_config: sessions
grafana_analytics_reporting_enabled: 'true'
grafana_analytics_updates_check: 'true'
grafana_u_allow_signup: 'false'
grafana_u_allow_org_create: 'false'
grafana_u_default_role: Viewer
# dark or light
grafana_u_default_theme: dark
grafana_u_disable_login_form: false
grafana_auth_anon: 'false'
grafana_log_mode: syslog
grafana_log_level: info
grafana_syslog_facility: daemon
grafana_dashboard_json: true
grafana_additional_plugins:
- name: grafana-clock-panel
- name: grafana-piechart-panel
- name: grafana-polystat-panel
grafana_ldap_auth: false
grafana_ldap_host: 127.0.0.1
grafana_ldap_port: 636
grafana_ldap_use_ssl: 'true'
grafana_ldap_ssl_skip_verify: 'false'
grafana_ldap_bind_dn: 'cn=admin,dc=grafana,dc=org'
grafana_ldap_bind_pwd: 'grafana'
grafana_ldap_u_search_filter: '(uid=%s)'
grafana_ldap_u_search_base: 'dc=grafana,dc=org'
grafana_ldap_posix_groups: 'false'
grafana_ldap_g_search_filter: '(&(objectClass=posixGroup)(memberUid=%s))'
grafana_ldap_g_search_filter_user_attr: 'uid'
grafana_ldap_g_search_base: 'ou=groups,dc=grafana,dc=org'
grafana_ldap_u_email: 'mail'
grafana_ldap_admin_role_group: 'cn=admins,dc=grafana,dc=org'
grafana_ldap_serverattrs_username: 'uid'
grafana_ldap_group_roles:
- {dn: 'cn=users,dc=grafana,dc=org', role: 'Editor'}
- {dn: '*', role: 'Viewer'}
grafana_oauth_generic_enabled: false
grafana_oauth_client_id: ''
# grafana_oauth_client_secret: 'use a vault'
grafana_oauth_auth_url: ''
grafana_oauth_token_url: ''
grafana_oauth_api_url: ''
grafana_oauth_name: 'Oauth'
grafana_oauth_scopes: 'openid email profile'
grafana_oauth_empty_scopes: false
grafana_tls_skip_verify_insecure: false
grafana_oauth_allow_signup: false
grafana_oauth_allowed_domains: ''
grafana_oauth_use_pkce: true
grafana_oauth_allow_assign_grafana_admin: false
# Examples:
# 'role'
# contains(info.roles[*], 'admin') && 'Admin' || contains(info.roles[*], 'editor') && 'Editor' || 'Viewer'
# contains(info.roles[*], 'admin') && 'GrafanaAdmin' || contains(info.roles[*], 'editor') && 'Editor' || 'Viewer'
# https://grafana.com/docs/grafana/next/setup-grafana/configure-security/configure-authentication/generic-oauth/#jmespath-examples
grafana_oauth_role_attribute_path: ""
nginx_virthosts:
- virthost_name: '{{ ansible_fqdn }}'
listen: '80'
server_name: '{{ ansible_fqdn }}'
server_aliases: ''
index: index.html
ssl_enabled: false
ssl_only: false
ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
root: '{{ nginx_webroot }}'
server_tokens: 'off'
proxy_standard_setup: true
proxies:
- location: /
target: http://localhost:{{ grafana_http_port }};
View Git Blame Copy Permalink