add prometheus data source with mssl

2021-09-24 22:30:14 +02:00 · 2021-09-24 22:30:14 +02:00 · f487bb87e1
commit f487bb87e1
parent 29a67e9e97
2 changed files with 44 additions and 0 deletions
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@ -39,6 +39,33 @@
  no_log: true
  notify: Restart Grafana

+- name: Copy the CA cert
+  copy:
+    content: "{{ ca_cert }}"
+    dest: /etc/grafana/ca.crt
+  notify: Restart prometheus
+
+- name: Generate certificate
+  include_role:
+    name: generate-cert
+  vars:
+    directory: /etc/grafana/
+    cname: "grafana-{{ lan_address }}"
+    owner: grafana
+    group: grafana
+    key_mode: u=rw,g=,o=
+    subject_alt_name: "IP:{{ lan_address }}"
+# Need an equivalent to notify here
+
+- name: Add Prometheus data source
+  template:
+    src: prometheus_datasource.yaml
+    dest: /etc/grafana/provisioning/datasources/prometheus_datasource.yaml
+    owner: grafana
+    group: grafana
+    mode: u=rw,g=r,o=
+  notify: Restart Grafana
+
 - name: Enable Grafana
  systemd:
    name: grafana-server
--- a/roles/grafana/templates/prometheus_datasource.yaml
+++ b/roles/grafana/templates/prometheus_datasource.yaml
@ -0,0 +1,17 @@
+{{ ansible_managed | comment }}
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    # Access mode - proxy (server in the UI) or direct (browser in the UI).
+    access: proxy
+    url: https://{{ lan_address }}:9090
+    jsonData:
+      httpMethod: POST
+	  tlsAuth: true
+	  tlsAuthWithCACert: true
+    secureJsonData: 
+	  tlsCACert: $__file{/etc/grafana/ca.cert}
+	  tlsClientCert: $__file{/etc/grafana/grafana-{{ lan_address }}.cert}
+	  tlsClientKey: $__file{/etc/grafana/grafana-{{ lan_address }}.key}