Add grafana role
This commit is contained in:
uumas
1
roles/grafana/README.md
Normal file
1
roles/grafana/README.md
Normal file
@@ -0,0 +1 @@
|
|||||||
|
Installs and configures grafana
|
||||||
13
roles/grafana/defaults/main.yaml
Normal file
13
roles/grafana/defaults/main.yaml
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
grafana_oauth_name: ""
|
||||||
|
grafana_oauth_client_id: ""
|
||||||
|
grafana_oauth_auth_url: ""
|
||||||
|
grafana_oauth_token_url: ""
|
||||||
|
grafana_oauth_api_url: ""
|
||||||
|
grafana_oauth_scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
grafana_oauth_role_attribute_path: ""
|
||||||
|
grafana_oauth_allow_sign_up: true
|
||||||
|
grafana_oauth_auto_login: true
|
||||||
72
roles/grafana/meta/argument_specs.yml
Normal file
72
roles/grafana/meta/argument_specs.yml
Normal file
@@ -0,0 +1,72 @@
|
|||||||
|
---
|
||||||
|
argument_specs:
|
||||||
|
main:
|
||||||
|
description: Installs and configures grafana
|
||||||
|
options:
|
||||||
|
grafana_domain:
|
||||||
|
description: The domain grafana should be available on
|
||||||
|
type: str
|
||||||
|
required: true
|
||||||
|
|
||||||
|
grafana_oauth_name:
|
||||||
|
description: >-
|
||||||
|
Name that refers to the generic OAuth2 authentication from the Grafana
|
||||||
|
user interface. Required to enable OAuth authentication.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
grafana_oauth_client_id:
|
||||||
|
description: >-
|
||||||
|
Client ID provided by your OAuth2 app. Required if OAuth is enabled.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
grafana_oauth_auth_url:
|
||||||
|
description: Authorization endpoint of your OAuth2 provider. Required if OAuth is enabled.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
grafana_oauth_token_url:
|
||||||
|
description: Endpoint used to obtain the OAuth2 access token.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
grafana_oauth_api_url:
|
||||||
|
description: Endpoint used to obtain user information compatible with OpenID UserInfo.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
grafana_oauth_scopes:
|
||||||
|
description: List of OAuth2 scopes.
|
||||||
|
type: list
|
||||||
|
required: false
|
||||||
|
elements: str
|
||||||
|
default:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
grafana_oauth_role_attribute_path:
|
||||||
|
description: >-
|
||||||
|
JMESPath expression to use for Grafana role lookup. Grafana will first
|
||||||
|
evaluate the expression using the OAuth2 ID token. If no role is found,
|
||||||
|
the expression will be evaluated using the user information obtained
|
||||||
|
from the UserInfo endpoint. The result of the evaluation should be
|
||||||
|
a valid Grafana role (Viewer, Editor, Admin or GrafanaAdmin).
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
grafana_oauth_allow_sign_up:
|
||||||
|
description: >-
|
||||||
|
Controls Grafana user creation through the generic OAuth2 login. Only
|
||||||
|
existing Grafana users can log in with generic OAuth if set to false.
|
||||||
|
type: bool
|
||||||
|
required: false
|
||||||
|
default: true
|
||||||
|
grafana_oauth_auto_login:
|
||||||
|
description: >-
|
||||||
|
Whether to enable users to bypass the login screen and automatically
|
||||||
|
log in. This setting is ignored if you configure multiple auth
|
||||||
|
providers to use auto-login.
|
||||||
|
type: bool
|
||||||
|
required: false
|
||||||
|
default: true
|
||||||
39
roles/grafana/tasks/main.yml
Normal file
39
roles/grafana/tasks/main.yml
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
- name: Grafana
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: service
|
||||||
|
vars:
|
||||||
|
service_name: grafana
|
||||||
|
service_container_image: "docker.io/grafana/grafana:latest"
|
||||||
|
service_container_mounts:
|
||||||
|
- type: volume
|
||||||
|
source: data
|
||||||
|
destination: /var/lib/grafana
|
||||||
|
service_container_http_port: 3000
|
||||||
|
service_domains:
|
||||||
|
- "{{ grafana_domain }}"
|
||||||
|
service_database_type: postgres
|
||||||
|
service_postgres_tag: 17-alpine
|
||||||
|
service_container_env:
|
||||||
|
GF_DATABASE_TYPE: postgres
|
||||||
|
GF_DATABASE_HOST: grafana-postgres:5432
|
||||||
|
GF_DATABASE_NAME: grafana
|
||||||
|
GF_DATABASE_USER: grafana
|
||||||
|
GF_DATABASE_PASSWORD__FILE: /run/secrets/postgres
|
||||||
|
GF_SERVER_DOMAIN: "{{ grafana_domain }}"
|
||||||
|
GF_SERVER_ROOT_URL: "https://{{ grafana_domain }}"
|
||||||
|
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ENABLED: "{{ 'true' if grafana_oauth_name | length > 0 else 'false' }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_NAME: "{{ grafana_oauth_name }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ grafana_oauth_client_id }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "{{ grafana_oauth_auth_url }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "{{ grafana_oauth_token_url }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_API_URL: "{{ grafana_oauth_userinfo_url }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_SCOPES: "{{ grafana_oauth_scopes | join(' ') }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "{{ 'true' if grafana_oauth_allow_sign_up else 'false' }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: "{{ 'true' if grafana_oauth_auto_login else 'false' }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "{{ grafana_oauth_role_attribute_path }}"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN: "true"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_USE_PKCE: "true"
|
||||||
|
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: preferred_username
|
||||||
Reference in New Issue
Block a user