diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..fdae38c
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+ "ansible.python.interpreterPath": "/bin/python3.11",
+ "files.associations": {
+ "*.j2": "ansible-jinja",
+ "*.yaml": "ansible",
+ "*.yml": "ansible"
+ },
+}
diff --git a/README.md b/README.md
index 43feffe..a974e0c 100644
--- a/README.md
+++ b/README.md
@@ -3,12 +3,16 @@ Grafana
[Grafana](https://grafana.com) ist eine Redering-Enging für Zeitreihen.
+# Variablen
+Die folgenden Variablen müssen vor der Ausführung der Rolle gesetzt werden:
+
+| Variable | Wert | Bedeutung |
+|----------|------|--------------|
+| `grafana_domain` | string | Domainname der Grafana-Instanz |
+| `grafana_db_password` | string | Passwort des Datenbanknutzers |
+
# Ausführen der Rolle
-- In der jeweiligen `host_vars`-Datei die Variablen in einer `grafana`-Map setzen:
- | Variable | Wert | Beschreibung |
- |----------|------|--------------|
- | `domain` | string | Domainname der Grafana-Instanz |
-- Rolle ausführen:
+- Erstelle ein Playbook namen `grafana.yml` und führe die Rolle aus:
```Shell
ansible-playbook playbooks/grafana.yml
```
diff --git a/defaults/main.yml b/defaults/main.yml
index ed95b8e..56f6d29 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,3 @@
---
grafana_db: grafana
grafana_db_user: grafana
-grafana_db_password: "{{ lookup('password', '/tmp/grafana_database_pwd length=42 chars=ascii_letters,digits') }}"
diff --git a/handlers/main.yml b/handlers/main.yml
index 7c80396..7b4bc44 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,7 +1,4 @@
---
-- name: get certificate
- ansible.builtin.command: dehydrated --cron -g
-
- name: restart grafana
ansible.builtin.service:
name: grafana-server
@@ -11,8 +8,3 @@
ansible.builtin.service:
name: monit
state: reloaded
-
-- name: reload fail2ban
- ansible.builtin.service:
- name: fail2ban
- state: reloaded
diff --git a/meta/main.yml b/meta/main.yml
index 8e4798e..f6d3ccb 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -3,7 +3,7 @@ galaxy_info:
description: Role to install Grafana
company: Sense.Lab e.V.
license: GPLv3
- min_ansible_version: "2.9"
+ min_ansible_version: "2.14"
platforms:
- name: Debian
versions:
diff --git a/tasks/database.yml b/tasks/database.yml
index aeb235b..8b82ef2 100644
--- a/tasks/database.yml
+++ b/tasks/database.yml
@@ -1,12 +1,12 @@
---
-- name: "database | Erstelle Datenbank"
- ansible.builtin.mysql_db:
+- name: "Database | Erstelle Datenbank"
+ community.mysql.mysql_db:
name: "{{ grafana_db }}"
login_unix_socket: "{{ mysql_socket }}"
login_user: root
-- name: "database | Erstelle Datenbank-Nutzer"
- ansible.builtin.mysql_user:
+- name: "Database | Erstelle Datenbank-Nutzer"
+ community.mysql.mysql_user:
name: "{{ grafana_db_user }}"
password: "{{ grafana_db_password }}"
priv: "{{ grafana_db }}.*:ALL"
diff --git a/tasks/grafana.yml b/tasks/grafana.yml
index b053eea..c23fbc5 100644
--- a/tasks/grafana.yml
+++ b/tasks/grafana.yml
@@ -1,26 +1,19 @@
---
-- name: grafana | Aktivere und starte Service"
+- name: "Grafana | Aktivere und starte Service"
ansible.builtin.systemd:
name: grafana-server
enabled: true
state: started
daemon_reload: true
-- name: "grafana | Erzeuge Grafana-Konfiguration"
+- name: "Grafana | Erzeuge Grafana-Konfiguration"
ansible.builtin.template:
src: grafana.ini
dest: /etc/grafana/grafana.ini
- mode: 0640
+ mode: "0640"
notify: restart grafana
-- name: "grafana | Installiere Image Renderer Module"
+- name: "Grafana | Installiere Image Renderer Module"
ansible.builtin.command:
cmd: grafana-cli plugins install grafana-image-renderer
creates: /var/lib/grafana/plugins/grafana-image-renderer
-
-- name: "grafana | Aktiviere Monit-Ueberwachung"
- ansible.builtin.copy:
- src: "grafana.monit"
- dest: "/etc/monit/conf-enabled/grafana"
- mode: 0644
- notify: reload monit
diff --git a/tasks/main.yml b/tasks/main.yml
index eff01da..890888c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,16 @@
---
-- import_tasks: packages.yml
+- name: Packages
+ ansible.builtin.import_tasks: packages.yml
tags: packages
-- import_tasks: database.yml
+- name: Database
+ ansible.builtin.import_tasks: database.yml
delegate_to: "{{ database_host }}"
-- import_tasks: grafana.yml
+- name: Grafana
+ ansible.builtin.import_tasks: grafana.yml
tags: grafana
-- import_tasks: webserver.yml
+- name: Webserver
+ ansible.builtin.import_tasks: webserver.yml
tags: webserver
diff --git a/tasks/packages.yml b/tasks/packages.yml
index 41b9250..a64f7b3 100644
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -1,18 +1,18 @@
---
-- name: "packages | Fuege apt-key hinzu"
+- name: "Packages | Fuege apt-key hinzu"
ansible.builtin.apt_key:
url: https://packages.grafana.com/gpg.key
-- name: "packages | Fuege deb-Repository hinzu"
+- name: "Packages | Fuege deb-Repository hinzu"
ansible.builtin.apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main
filename: grafana
-- name: "packages | Installiere Grafana"
+- name: "Packages | Installiere Grafana"
ansible.builtin.apt:
name: grafana
-- name: "packages | Installiere chromium"
+- name: "Packages | Installiere chromium"
ansible.builtin.apt:
name: chromium
install_recommends: false
diff --git a/tasks/webserver.yml b/tasks/webserver.yml
index d7de552..7f654fa 100644
--- a/tasks/webserver.yml
+++ b/tasks/webserver.yml
@@ -1,12 +1,6 @@
---
-- name: "webserver | Erzeuge Letsencrypt-Zertifikat"
- ansible.builtin.lineinfile:
- path: /etc/dehydrated/domains.txt
- line: "{{ grafana.domain }}"
- notify: get certificate
-
-- name: "webserver | Aktiviere Apache-Modul"
- ansible.builtin.apache2_module:
+- name: "Webserver | Aktiviere Apache-Modul"
+ community.general.apache2_module:
name: "{{ item }}"
state: present
notify: restart apache2
@@ -14,14 +8,14 @@
- proxy
- proxy_http
-- name: "webserver | Kopiere Grafana-Seitenkonfiguration"
+- name: "Webserver | Kopiere Grafana-Seitenkonfiguration"
ansible.builtin.template:
src: apache2-site.conf
- dest: "/etc/apache2/sites-available/{{ grafana.domain }}.conf"
- mode: 0644
+ dest: "/etc/apache2/sites-available/{{ grafana_domain }}.conf"
+ mode: "0644"
-- name: "webserver | Aktiviere Grafana-Seitenkonfiguration"
+- name: "Webserver | Aktiviere Grafana-Seitenkonfiguration"
ansible.builtin.command:
- cmd: "a2ensite {{ grafana.domain }}"
- creates: "/etc/apache2/site-enabled/{{ grafana.domain }}.conf"
+ cmd: "a2ensite {{ grafana_domain }}"
+ creates: "/etc/apache2/site-enabled/{{ grafana_domain }}.conf"
notify: reload apache2
diff --git a/templates/apache2-site.conf b/templates/apache2-site.conf
index cdc4354..d8bfaa9 100644
--- a/templates/apache2-site.conf
+++ b/templates/apache2-site.conf
@@ -1,11 +1,11 @@
- ServerName {{ grafana.domain }}
- Redirect permanent / https://{{ grafana.domain }}/
+ ServerName {{ grafana_domain }}
+ Redirect permanent / https://{{ grafana_domain }}/
- ServerName {{ grafana.domain }}
+ ServerName {{ grafana_domain }}
Protocols h2 http/1.1
DocumentRoot /var/www/html
IncludeOptional /etc/apache2/conf-available/add-headers.conf
@@ -15,8 +15,8 @@
LogLevel Error
SSLEngine On
- SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana.domain }}/fullchain.pem
- SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana.domain }}/privkey.pem
+ SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana_domain }}/fullchain.pem
+ SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana_domain }}/privkey.pem
ProxyPreserveHost On
ProxyPass /.well-known !
diff --git a/templates/grafana.ini b/templates/grafana.ini
index 1b972a3..55cc644 100644
--- a/templates/grafana.ini
+++ b/templates/grafana.ini
@@ -2,13 +2,13 @@
[server]
protocoll = https
-domain = {{ grafana.domain }}
+domain = {{ grafana_domain }}
enforce_domain = true
-root_url = https://{{ grafana.domain }}
+root_url = https://{{ grafana_domain }}
[database]
type = mysql
-host = 127.0.0.1:3306
+host = {{ database_host }}:3306
name = {{ grafana_db }}
user = {{ grafana_db_user }}
password = {{ grafana_db_password }}
@@ -48,11 +48,10 @@ rendering_language = de-DE
signout_redirect_url = {{ grafana_auth_signout_redirect_url }}
oauth_auto_login = false
+{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
[auth.generic_oauth]
name = {{ grafana_auth_generic_oauth_name }}
-{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
enabled = true
-{% endif %}
client_id = {{ grafana_auth_generic_oauth_client_id }}
client_secret = {{ grafana_auth_generic_oauth_client_secret }}
scopes = openid email profile
@@ -60,3 +59,4 @@ auth_url = {{ grafana_auth_generic_oauth_auth_url }}
token_url = {{ grafana_auth_generic_oauth_token_url }}
api_url = {{ grafana_auth_generic_oauth_api_url }}
role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}
+{% endif %}