ansible/roles/grafana/tasks/main.yml

---
- name: Install gpg (to import Grafana key)
  apt:
    name: gpg
    state: present
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Import Grafana GPG signing key
  apt_key:
    url: https://packages.grafana.com/gpg.key
    state: present
  register: apt_key_result
  retries: 3
  until: apt_key_result is succeeded

- name: Add Grafana repository
  apt_repository:
    repo: deb https://packages.grafana.com/oss/deb stable main
    state: present
    update_cache: true

- name: Install Grafana
  apt:
    name: grafana
    state: present
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Configure Grafana
  ini_file:
    path: /etc/grafana/grafana.ini
    section: "{{ item.section }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
    mode: 0640
  loop:
    - section: server
      option: root_url
      value: "{{ grafana.root_url }}"
    - section: analytics
      option: reporting_enabled
      value: "false"
    - section: analytics
      option: check_for_updates
      value: "false"
    - section: security
      option: disable_initial_admin_creation
      value: "true"
    - section: security
      option: cookie_secure
      value: "true"
    - section: security
      option: disable_gravatar
      value: "true"
    - section: snapshots
      option: external_enabled
      value: "false"
    - section: users
      option: allow_sign_up
      value: "false"
    - section: users
      option: allow_org_create
      value: "false"
    - section: auth.anonymous
      option: enabled
      value: "false"  # no public access
    - section: auth.anonymous
      option: hide_version
      value: "true"
    - section: auth.basic  # only LDAP auth
      option: enabled
      value: "false"
    - section: auth.ldap
      option: enabled
      value: "true"
    - section: alerting
      option: enabled
      value: "false"
    - section: database
      option: type
      value: "{{ grafana.database.type }}"
    - section: database
      option: host
      value: "{{ grafana.database.host }}"
    - section: database
      option: name
      value: "{{ grafana.database.name }}"
    - section: database
      option: user
      value: "{{ grafana.database.user }}"
    - section: database
      option: password
      value: "{{ grafana.database.password }}"
  notify: Restart grafana

- name: Configure Grafana LDAP
  template:
    src: ldap.toml.j2
    dest: /etc/grafana/ldap.toml
    mode: 0640
  notify: Restart grafana

- name: Enable and start Grafana
  systemd:
    name: grafana-server
    enabled: true
    state: started
    daemon_reload: true
Add grafana playbook and machine 2021-11-27 10:05:11 +01:00			`---`
			`- name: Install gpg (to import Grafana key)`
			`apt:`
			`name: gpg`
			`state: present`
			`register: apt_result`
			`retries: 3`
			`until: apt_result is succeeded`

			`- name: Import Grafana GPG signing key`
			`apt_key:`
			`url: https://packages.grafana.com/gpg.key`
			`state: present`
			`register: apt_key_result`
			`retries: 3`
			`until: apt_key_result is succeeded`

			`- name: Add Grafana repository`
			`apt_repository:`
			`repo: deb https://packages.grafana.com/oss/deb stable main`
			`state: present`
			`update_cache: true`

			`- name: Install Grafana`
			`apt:`
			`name: grafana`
			`state: present`
			`register: apt_result`
			`retries: 3`
			`until: apt_result is succeeded`

			`- name: Configure Grafana`
			`ini_file:`
			`path: /etc/grafana/grafana.ini`
			`section: "{{ item.section }}"`
			`option: "{{ item.option }}"`
			`value: "{{ item.value }}"`
			`mode: 0640`
			`loop:`
			`- section: server`
			`option: root_url`
			`value: "{{ grafana.root_url }}"`
			`- section: analytics`
			`option: reporting_enabled`
			`value: "false"`
			`- section: analytics`
			`option: check_for_updates`
			`value: "false"`
			`- section: security`
			`option: disable_initial_admin_creation`
			`value: "true"`
			`- section: security`
			`option: cookie_secure`
			`value: "true"`
			`- section: security`
			`option: disable_gravatar`
			`value: "true"`
			`- section: snapshots`
			`option: external_enabled`
			`value: "false"`
			`- section: users`
			`option: allow_sign_up`
			`value: "false"`
			`- section: users`
			`option: allow_org_create`
			`value: "false"`
			`- section: auth.anonymous`
			`option: enabled`
			`value: "false" # no public access`
			`- section: auth.anonymous`
			`option: hide_version`
			`value: "true"`
			`- section: auth.basic # only LDAP auth`
			`option: enabled`
			`value: "false"`
			`- section: auth.ldap`
			`option: enabled`
			`value: "true"`
			`- section: alerting`
			`option: enabled`
			`value: "false"`
			`- section: database`
			`option: type`
			`value: "{{ grafana.database.type }}"`
			`- section: database`
			`option: host`
			`value: "{{ grafana.database.host }}"`
			`- section: database`
			`option: name`
			`value: "{{ grafana.database.name }}"`
			`- section: database`
			`option: user`
			`value: "{{ grafana.database.user }}"`
			`- section: database`
			`option: password`
			`value: "{{ grafana.database.password }}"`
			`notify: Restart grafana`

			`- name: Configure Grafana LDAP`
			`template:`
			`src: ldap.toml.j2`
			`dest: /etc/grafana/ldap.toml`
			`mode: 0640`
			`notify: Restart grafana`

			`- name: Enable and start Grafana`
			`systemd:`
			`name: grafana-server`
			`enabled: true`
			`state: started`
			`daemon_reload: true`