ansible/roles/grafana/tasks/main.yml

112 lines
2.6 KiB
YAML
Raw Normal View History

2021-11-27 10:05:11 +01:00
---
- name: Install gpg (to import Grafana key)
apt:
name: gpg
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Import Grafana GPG signing key
2024-02-24 13:16:19 +01:00
get_url:
url: https://apt.grafana.com/gpg.key
2024-02-24 14:32:51 +01:00
dest: /etc/apt/keyrings/grafana-release-keyring.asc
2021-11-27 10:05:11 +01:00
- name: Add Grafana repository
2024-02-24 13:16:19 +01:00
deb822_repository:
2024-02-24 14:06:17 +01:00
name: grafana
2024-02-24 13:16:19 +01:00
types: deb
uris: https://apt.grafana.com
suites: stable
2024-02-24 14:06:17 +01:00
components: main
2024-02-24 14:28:08 +01:00
signed_by: /etc/apt/keyrings/grafana-release-keyring.asc
2021-11-27 10:05:11 +01:00
- name: Install Grafana
apt:
name: grafana
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure Grafana
ini_file:
path: /etc/grafana/grafana.ini
section: "{{ item.section }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: 0640
loop:
- section: server
option: root_url
value: "{{ grafana.root_url }}"
- section: analytics
option: reporting_enabled
value: "false"
- section: analytics
option: check_for_updates
value: "false"
- section: security
option: disable_initial_admin_creation
value: "true"
- section: security
option: cookie_secure
value: "true"
- section: security
option: disable_gravatar
value: "true"
- section: snapshots
option: external_enabled
value: "false"
- section: users
option: allow_sign_up
value: "false"
- section: users
option: allow_org_create
value: "false"
- section: auth.anonymous
option: enabled
value: "false" # no public access
- section: auth.anonymous
option: hide_version
value: "true"
- section: auth.basic # only LDAP auth
option: enabled
value: "false"
- section: auth.ldap
option: enabled
value: "true"
- section: alerting
option: enabled
value: "false"
- section: database
option: type
value: "{{ grafana.database.type }}"
- section: database
option: host
value: "{{ grafana.database.host }}"
- section: database
option: name
value: "{{ grafana.database.name }}"
- section: database
option: user
value: "{{ grafana.database.user }}"
- section: database
option: password
value: "{{ grafana.database.password }}"
notify: Restart grafana
- name: Configure Grafana LDAP
template:
src: ldap.toml.j2
dest: /etc/grafana/ldap.toml
mode: 0640
notify: Restart grafana
- name: Enable and start Grafana
systemd:
name: grafana-server
enabled: true
state: started
daemon_reload: true