Updates
This commit is contained in:
parent
90132f42d5
commit
9d49e05e12
12 changed files with 56 additions and 62 deletions
8
.vscode/settings.json
vendored
Normal file
8
.vscode/settings.json
vendored
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
"ansible.python.interpreterPath": "/bin/python3.11",
|
||||||
|
"files.associations": {
|
||||||
|
"*.j2": "ansible-jinja",
|
||||||
|
"*.yaml": "ansible",
|
||||||
|
"*.yml": "ansible"
|
||||||
|
},
|
||||||
|
}
|
14
README.md
14
README.md
|
@ -3,12 +3,16 @@ Grafana
|
||||||
|
|
||||||
[Grafana](https://grafana.com) ist eine Redering-Enging für Zeitreihen.
|
[Grafana](https://grafana.com) ist eine Redering-Enging für Zeitreihen.
|
||||||
|
|
||||||
# Ausführen der Rolle
|
# Variablen
|
||||||
- In der jeweiligen `host_vars`-Datei die Variablen in einer `grafana`-Map setzen:
|
Die folgenden Variablen müssen vor der Ausführung der Rolle gesetzt werden:
|
||||||
| Variable | Wert | Beschreibung |
|
|
||||||
|
| Variable | Wert | Bedeutung |
|
||||||
|----------|------|--------------|
|
|----------|------|--------------|
|
||||||
| `domain` | string | Domainname der Grafana-Instanz |
|
| `grafana_domain` | string | Domainname der Grafana-Instanz |
|
||||||
- Rolle ausführen:
|
| `grafana_db_password` | string | Passwort des Datenbanknutzers |
|
||||||
|
|
||||||
|
# Ausführen der Rolle
|
||||||
|
- Erstelle ein Playbook namen `grafana.yml` und führe die Rolle aus:
|
||||||
```Shell
|
```Shell
|
||||||
ansible-playbook playbooks/grafana.yml
|
ansible-playbook playbooks/grafana.yml
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
---
|
||||||
grafana_db: grafana
|
grafana_db: grafana
|
||||||
grafana_db_user: grafana
|
grafana_db_user: grafana
|
||||||
grafana_db_password: "{{ lookup('password', '/tmp/grafana_database_pwd length=42 chars=ascii_letters,digits') }}"
|
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: get certificate
|
|
||||||
ansible.builtin.command: dehydrated --cron -g
|
|
||||||
|
|
||||||
- name: restart grafana
|
- name: restart grafana
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: grafana-server
|
name: grafana-server
|
||||||
|
@ -11,8 +8,3 @@
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: monit
|
name: monit
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
- name: reload fail2ban
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: fail2ban
|
|
||||||
state: reloaded
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ galaxy_info:
|
||||||
description: Role to install Grafana
|
description: Role to install Grafana
|
||||||
company: Sense.Lab e.V.
|
company: Sense.Lab e.V.
|
||||||
license: GPLv3
|
license: GPLv3
|
||||||
min_ansible_version: "2.9"
|
min_ansible_version: "2.14"
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
- name: "database | Erstelle Datenbank"
|
- name: "Database | Erstelle Datenbank"
|
||||||
ansible.builtin.mysql_db:
|
community.mysql.mysql_db:
|
||||||
name: "{{ grafana_db }}"
|
name: "{{ grafana_db }}"
|
||||||
login_unix_socket: "{{ mysql_socket }}"
|
login_unix_socket: "{{ mysql_socket }}"
|
||||||
login_user: root
|
login_user: root
|
||||||
|
|
||||||
- name: "database | Erstelle Datenbank-Nutzer"
|
- name: "Database | Erstelle Datenbank-Nutzer"
|
||||||
ansible.builtin.mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: "{{ grafana_db_user }}"
|
name: "{{ grafana_db_user }}"
|
||||||
password: "{{ grafana_db_password }}"
|
password: "{{ grafana_db_password }}"
|
||||||
priv: "{{ grafana_db }}.*:ALL"
|
priv: "{{ grafana_db }}.*:ALL"
|
||||||
|
|
|
@ -1,26 +1,19 @@
|
||||||
---
|
---
|
||||||
- name: grafana | Aktivere und starte Service"
|
- name: "Grafana | Aktivere und starte Service"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: grafana-server
|
name: grafana-server
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
|
|
||||||
- name: "grafana | Erzeuge Grafana-Konfiguration"
|
- name: "Grafana | Erzeuge Grafana-Konfiguration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: grafana.ini
|
src: grafana.ini
|
||||||
dest: /etc/grafana/grafana.ini
|
dest: /etc/grafana/grafana.ini
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: restart grafana
|
notify: restart grafana
|
||||||
|
|
||||||
- name: "grafana | Installiere Image Renderer Module"
|
- name: "Grafana | Installiere Image Renderer Module"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: grafana-cli plugins install grafana-image-renderer
|
cmd: grafana-cli plugins install grafana-image-renderer
|
||||||
creates: /var/lib/grafana/plugins/grafana-image-renderer
|
creates: /var/lib/grafana/plugins/grafana-image-renderer
|
||||||
|
|
||||||
- name: "grafana | Aktiviere Monit-Ueberwachung"
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: "grafana.monit"
|
|
||||||
dest: "/etc/monit/conf-enabled/grafana"
|
|
||||||
mode: 0644
|
|
||||||
notify: reload monit
|
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
---
|
---
|
||||||
- import_tasks: packages.yml
|
- name: Packages
|
||||||
|
ansible.builtin.import_tasks: packages.yml
|
||||||
tags: packages
|
tags: packages
|
||||||
|
|
||||||
- import_tasks: database.yml
|
- name: Database
|
||||||
|
ansible.builtin.import_tasks: database.yml
|
||||||
delegate_to: "{{ database_host }}"
|
delegate_to: "{{ database_host }}"
|
||||||
|
|
||||||
- import_tasks: grafana.yml
|
- name: Grafana
|
||||||
|
ansible.builtin.import_tasks: grafana.yml
|
||||||
tags: grafana
|
tags: grafana
|
||||||
|
|
||||||
- import_tasks: webserver.yml
|
- name: Webserver
|
||||||
|
ansible.builtin.import_tasks: webserver.yml
|
||||||
tags: webserver
|
tags: webserver
|
||||||
|
|
|
@ -1,18 +1,18 @@
|
||||||
---
|
---
|
||||||
- name: "packages | Fuege apt-key hinzu"
|
- name: "Packages | Fuege apt-key hinzu"
|
||||||
ansible.builtin.apt_key:
|
ansible.builtin.apt_key:
|
||||||
url: https://packages.grafana.com/gpg.key
|
url: https://packages.grafana.com/gpg.key
|
||||||
|
|
||||||
- name: "packages | Fuege deb-Repository hinzu"
|
- name: "Packages | Fuege deb-Repository hinzu"
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
repo: deb https://packages.grafana.com/oss/deb stable main
|
repo: deb https://packages.grafana.com/oss/deb stable main
|
||||||
filename: grafana
|
filename: grafana
|
||||||
|
|
||||||
- name: "packages | Installiere Grafana"
|
- name: "Packages | Installiere Grafana"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: grafana
|
name: grafana
|
||||||
|
|
||||||
- name: "packages | Installiere chromium"
|
- name: "Packages | Installiere chromium"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: chromium
|
name: chromium
|
||||||
install_recommends: false
|
install_recommends: false
|
||||||
|
|
|
@ -1,12 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "webserver | Erzeuge Letsencrypt-Zertifikat"
|
- name: "Webserver | Aktiviere Apache-Modul"
|
||||||
ansible.builtin.lineinfile:
|
community.general.apache2_module:
|
||||||
path: /etc/dehydrated/domains.txt
|
|
||||||
line: "{{ grafana.domain }}"
|
|
||||||
notify: get certificate
|
|
||||||
|
|
||||||
- name: "webserver | Aktiviere Apache-Modul"
|
|
||||||
ansible.builtin.apache2_module:
|
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
notify: restart apache2
|
notify: restart apache2
|
||||||
|
@ -14,14 +8,14 @@
|
||||||
- proxy
|
- proxy
|
||||||
- proxy_http
|
- proxy_http
|
||||||
|
|
||||||
- name: "webserver | Kopiere Grafana-Seitenkonfiguration"
|
- name: "Webserver | Kopiere Grafana-Seitenkonfiguration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: apache2-site.conf
|
src: apache2-site.conf
|
||||||
dest: "/etc/apache2/sites-available/{{ grafana.domain }}.conf"
|
dest: "/etc/apache2/sites-available/{{ grafana_domain }}.conf"
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
|
|
||||||
- name: "webserver | Aktiviere Grafana-Seitenkonfiguration"
|
- name: "Webserver | Aktiviere Grafana-Seitenkonfiguration"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: "a2ensite {{ grafana.domain }}"
|
cmd: "a2ensite {{ grafana_domain }}"
|
||||||
creates: "/etc/apache2/site-enabled/{{ grafana.domain }}.conf"
|
creates: "/etc/apache2/site-enabled/{{ grafana_domain }}.conf"
|
||||||
notify: reload apache2
|
notify: reload apache2
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName {{ grafana.domain }}
|
ServerName {{ grafana_domain }}
|
||||||
Redirect permanent / https://{{ grafana.domain }}/
|
Redirect permanent / https://{{ grafana_domain }}/
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
<IfModule mod_ssl.c>
|
||||||
<VirtualHost *:443>
|
<VirtualHost *:443>
|
||||||
ServerName {{ grafana.domain }}
|
ServerName {{ grafana_domain }}
|
||||||
Protocols h2 http/1.1
|
Protocols h2 http/1.1
|
||||||
DocumentRoot /var/www/html
|
DocumentRoot /var/www/html
|
||||||
IncludeOptional /etc/apache2/conf-available/add-headers.conf
|
IncludeOptional /etc/apache2/conf-available/add-headers.conf
|
||||||
|
@ -15,8 +15,8 @@
|
||||||
LogLevel Error
|
LogLevel Error
|
||||||
|
|
||||||
SSLEngine On
|
SSLEngine On
|
||||||
SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana.domain }}/fullchain.pem
|
SSLCertificateFile /var/lib/dehydrated/certs/{{ grafana_domain }}/fullchain.pem
|
||||||
SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana.domain }}/privkey.pem
|
SSLCertificateKeyFile /var/lib/dehydrated/certs/{{ grafana_domain }}/privkey.pem
|
||||||
|
|
||||||
ProxyPreserveHost On
|
ProxyPreserveHost On
|
||||||
ProxyPass /.well-known !
|
ProxyPass /.well-known !
|
||||||
|
|
|
@ -2,13 +2,13 @@
|
||||||
|
|
||||||
[server]
|
[server]
|
||||||
protocoll = https
|
protocoll = https
|
||||||
domain = {{ grafana.domain }}
|
domain = {{ grafana_domain }}
|
||||||
enforce_domain = true
|
enforce_domain = true
|
||||||
root_url = https://{{ grafana.domain }}
|
root_url = https://{{ grafana_domain }}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
type = mysql
|
type = mysql
|
||||||
host = 127.0.0.1:3306
|
host = {{ database_host }}:3306
|
||||||
name = {{ grafana_db }}
|
name = {{ grafana_db }}
|
||||||
user = {{ grafana_db_user }}
|
user = {{ grafana_db_user }}
|
||||||
password = {{ grafana_db_password }}
|
password = {{ grafana_db_password }}
|
||||||
|
@ -48,11 +48,10 @@ rendering_language = de-DE
|
||||||
signout_redirect_url = {{ grafana_auth_signout_redirect_url }}
|
signout_redirect_url = {{ grafana_auth_signout_redirect_url }}
|
||||||
oauth_auto_login = false
|
oauth_auto_login = false
|
||||||
|
|
||||||
|
{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
|
||||||
[auth.generic_oauth]
|
[auth.generic_oauth]
|
||||||
name = {{ grafana_auth_generic_oauth_name }}
|
name = {{ grafana_auth_generic_oauth_name }}
|
||||||
{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
|
|
||||||
enabled = true
|
enabled = true
|
||||||
{% endif %}
|
|
||||||
client_id = {{ grafana_auth_generic_oauth_client_id }}
|
client_id = {{ grafana_auth_generic_oauth_client_id }}
|
||||||
client_secret = {{ grafana_auth_generic_oauth_client_secret }}
|
client_secret = {{ grafana_auth_generic_oauth_client_secret }}
|
||||||
scopes = openid email profile
|
scopes = openid email profile
|
||||||
|
@ -60,3 +59,4 @@ auth_url = {{ grafana_auth_generic_oauth_auth_url }}
|
||||||
token_url = {{ grafana_auth_generic_oauth_token_url }}
|
token_url = {{ grafana_auth_generic_oauth_token_url }}
|
||||||
api_url = {{ grafana_auth_generic_oauth_api_url }}
|
api_url = {{ grafana_auth_generic_oauth_api_url }}
|
||||||
role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}
|
role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue