This commit is contained in:
phil 2023-11-20 11:47:05 +01:00
parent 90132f42d5
commit 9d49e05e12
12 changed files with 56 additions and 62 deletions

8
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,8 @@
{
"ansible.python.interpreterPath": "/bin/python3.11",
"files.associations": {
"*.j2": "ansible-jinja",
"*.yaml": "ansible",
"*.yml": "ansible"
},
}

View file

@ -3,12 +3,16 @@ Grafana
[Grafana](https://grafana.com) ist eine Redering-Enging für Zeitreihen. [Grafana](https://grafana.com) ist eine Redering-Enging für Zeitreihen.
# Ausführen der Rolle # Variablen
- In der jeweiligen `host_vars`-Datei die Variablen in einer `grafana`-Map setzen: Die folgenden Variablen müssen vor der Ausführung der Rolle gesetzt werden:
| Variable | Wert | Beschreibung |
| Variable | Wert | Bedeutung |
|----------|------|--------------| |----------|------|--------------|
| `domain` | string | Domainname der Grafana-Instanz | | `grafana_domain` | string | Domainname der Grafana-Instanz |
- Rolle ausführen: | `grafana_db_password` | string | Passwort des Datenbanknutzers |
# Ausführen der Rolle
- Erstelle ein Playbook namen `grafana.yml` und führe die Rolle aus:
```Shell ```Shell
ansible-playbook playbooks/grafana.yml ansible-playbook playbooks/grafana.yml
``` ```

View file

@ -1,4 +1,3 @@
--- ---
grafana_db: grafana grafana_db: grafana
grafana_db_user: grafana grafana_db_user: grafana
grafana_db_password: "{{ lookup('password', '/tmp/grafana_database_pwd length=42 chars=ascii_letters,digits') }}"

View file

@ -1,7 +1,4 @@
--- ---
- name: get certificate
ansible.builtin.command: dehydrated --cron -g
- name: restart grafana - name: restart grafana
ansible.builtin.service: ansible.builtin.service:
name: grafana-server name: grafana-server
@ -11,8 +8,3 @@
ansible.builtin.service: ansible.builtin.service:
name: monit name: monit
state: reloaded state: reloaded
- name: reload fail2ban
ansible.builtin.service:
name: fail2ban
state: reloaded

View file

@ -3,7 +3,7 @@ galaxy_info:
description: Role to install Grafana description: Role to install Grafana
company: Sense.Lab e.V. company: Sense.Lab e.V.
license: GPLv3 license: GPLv3
min_ansible_version: "2.9" min_ansible_version: "2.14"
platforms: platforms:
- name: Debian - name: Debian
versions: versions:

View file

@ -1,12 +1,12 @@
--- ---
- name: "database | Erstelle Datenbank" - name: "Database | Erstelle Datenbank"
ansible.builtin.mysql_db: community.mysql.mysql_db:
name: "{{ grafana_db }}" name: "{{ grafana_db }}"
login_unix_socket: "{{ mysql_socket }}" login_unix_socket: "{{ mysql_socket }}"
login_user: root login_user: root
- name: "database | Erstelle Datenbank-Nutzer" - name: "Database | Erstelle Datenbank-Nutzer"
ansible.builtin.mysql_user: community.mysql.mysql_user:
name: "{{ grafana_db_user }}" name: "{{ grafana_db_user }}"
password: "{{ grafana_db_password }}" password: "{{ grafana_db_password }}"
priv: "{{ grafana_db }}.*:ALL" priv: "{{ grafana_db }}.*:ALL"

View file

@ -1,26 +1,19 @@
--- ---
- name: grafana | Aktivere und starte Service" - name: "Grafana | Aktivere und starte Service"
ansible.builtin.systemd: ansible.builtin.systemd:
name: grafana-server name: grafana-server
enabled: true enabled: true
state: started state: started
daemon_reload: true daemon_reload: true
- name: "grafana | Erzeuge Grafana-Konfiguration" - name: "Grafana | Erzeuge Grafana-Konfiguration"
ansible.builtin.template: ansible.builtin.template:
src: grafana.ini src: grafana.ini
dest: /etc/grafana/grafana.ini dest: /etc/grafana/grafana.ini
mode: 0640 mode: "0640"
notify: restart grafana notify: restart grafana
- name: "grafana | Installiere Image Renderer Module" - name: "Grafana | Installiere Image Renderer Module"
ansible.builtin.command: ansible.builtin.command:
cmd: grafana-cli plugins install grafana-image-renderer cmd: grafana-cli plugins install grafana-image-renderer
creates: /var/lib/grafana/plugins/grafana-image-renderer creates: /var/lib/grafana/plugins/grafana-image-renderer
- name: "grafana | Aktiviere Monit-Ueberwachung"
ansible.builtin.copy:
src: "grafana.monit"
dest: "/etc/monit/conf-enabled/grafana"
mode: 0644
notify: reload monit

View file

@ -1,12 +1,16 @@
--- ---
- import_tasks: packages.yml - name: Packages
ansible.builtin.import_tasks: packages.yml
tags: packages tags: packages
- import_tasks: database.yml - name: Database
ansible.builtin.import_tasks: database.yml
delegate_to: "{{ database_host }}" delegate_to: "{{ database_host }}"
- import_tasks: grafana.yml - name: Grafana
ansible.builtin.import_tasks: grafana.yml
tags: grafana tags: grafana
- import_tasks: webserver.yml - name: Webserver
ansible.builtin.import_tasks: webserver.yml
tags: webserver tags: webserver

View file

@ -1,18 +1,18 @@
--- ---
- name: "packages | Fuege apt-key hinzu" - name: "Packages | Fuege apt-key hinzu"
ansible.builtin.apt_key: ansible.builtin.apt_key:
url: https://packages.grafana.com/gpg.key url: https://packages.grafana.com/gpg.key
- name: "packages | Fuege deb-Repository hinzu" - name: "Packages | Fuege deb-Repository hinzu"
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main repo: deb https://packages.grafana.com/oss/deb stable main
filename: grafana filename: grafana
- name: "packages | Installiere Grafana" - name: "Packages | Installiere Grafana"
ansible.builtin.apt: ansible.builtin.apt:
name: grafana name: grafana
- name: "packages | Installiere chromium" - name: "Packages | Installiere chromium"
ansible.builtin.apt: ansible.builtin.apt:
name: chromium name: chromium
install_recommends: false install_recommends: false

View file

@ -1,12 +1,6 @@
--- ---
- name: "webserver | Erzeuge Letsencrypt-Zertifikat" - name: "Webserver | Aktiviere Apache-Modul"
ansible.builtin.lineinfile: community.general.apache2_module:
path: /etc/dehydrated/domains.txt
line: "{{ grafana.domain }}"
notify: get certificate
- name: "webserver | Aktiviere Apache-Modul"
ansible.builtin.apache2_module:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
notify: restart apache2 notify: restart apache2
@ -14,14 +8,14 @@
- proxy - proxy
- proxy_http - proxy_http
- name: "webserver | Kopiere Grafana-Seitenkonfiguration" - name: "Webserver | Kopiere Grafana-Seitenkonfiguration"
ansible.builtin.template: ansible.builtin.template:
src: apache2-site.conf src: apache2-site.conf
dest: "/etc/apache2/sites-available/{{ grafana.domain }}.conf" dest: "/etc/apache2/sites-available/{{ grafana_domain }}.conf"
mode: 0644 mode: "0644"
- name: "webserver | Aktiviere Grafana-Seitenkonfiguration" - name: "Webserver | Aktiviere Grafana-Seitenkonfiguration"
ansible.builtin.command: ansible.builtin.command:
cmd: "a2ensite {{ grafana.domain }}" cmd: "a2ensite {{ grafana_domain }}"
creates: "/etc/apache2/site-enabled/{{ grafana.domain }}.conf" creates: "/etc/apache2/site-enabled/{{ grafana_domain }}.conf"
notify: reload apache2 notify: reload apache2

View file

@ -1,11 +1,11 @@
<VirtualHost *:80> <VirtualHost *:80>
ServerName {{ grafana.domain }} ServerName {{ grafana_domain }}
Redirect permanent / https://{{ grafana.domain }}/ Redirect permanent / https://{{ grafana_domain }}/
</VirtualHost> </VirtualHost>
<IfModule mod_ssl.c> <IfModule mod_ssl.c>
<VirtualHost *:443> <VirtualHost *:443>
ServerName {{ grafana.domain }} ServerName {{ grafana_domain }}
Protocols h2 http/1.1 Protocols h2 http/1.1
DocumentRoot /var/www/html DocumentRoot /var/www/html
IncludeOptional /etc/apache2/conf-available/add-headers.conf IncludeOptional /etc/apache2/conf-available/add-headers.conf
@ -15,8 +15,8 @@
LogLevel Error LogLevel Error
SSLEngine On SSLEngine On
SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana.domain }}/fullchain.pem SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana_domain }}/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana.domain }}/privkey.pem SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana_domain }}/privkey.pem
ProxyPreserveHost On ProxyPreserveHost On
ProxyPass /.well-known ! ProxyPass /.well-known !

View file

@ -2,13 +2,13 @@
[server] [server]
protocoll = https protocoll = https
domain = {{ grafana.domain }} domain = {{ grafana_domain }}
enforce_domain = true enforce_domain = true
root_url = https://{{ grafana.domain }} root_url = https://{{ grafana_domain }}
[database] [database]
type = mysql type = mysql
host = 127.0.0.1:3306 host = {{ database_host }}:3306
name = {{ grafana_db }} name = {{ grafana_db }}
user = {{ grafana_db_user }} user = {{ grafana_db_user }}
password = {{ grafana_db_password }} password = {{ grafana_db_password }}
@ -48,11 +48,10 @@ rendering_language = de-DE
signout_redirect_url = {{ grafana_auth_signout_redirect_url }} signout_redirect_url = {{ grafana_auth_signout_redirect_url }}
oauth_auto_login = false oauth_auto_login = false
{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
[auth.generic_oauth] [auth.generic_oauth]
name = {{ grafana_auth_generic_oauth_name }} name = {{ grafana_auth_generic_oauth_name }}
{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
enabled = true enabled = true
{% endif %}
client_id = {{ grafana_auth_generic_oauth_client_id }} client_id = {{ grafana_auth_generic_oauth_client_id }}
client_secret = {{ grafana_auth_generic_oauth_client_secret }} client_secret = {{ grafana_auth_generic_oauth_client_secret }}
scopes = openid email profile scopes = openid email profile
@ -60,3 +59,4 @@ auth_url = {{ grafana_auth_generic_oauth_auth_url }}
token_url = {{ grafana_auth_generic_oauth_token_url }} token_url = {{ grafana_auth_generic_oauth_token_url }}
api_url = {{ grafana_auth_generic_oauth_api_url }} api_url = {{ grafana_auth_generic_oauth_api_url }}
role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }} role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}
{% endif %}