Add grafana role
This commit is contained in:
uumas
1
roles/grafana/README.md
Normal file
1
roles/grafana/README.md
Normal file
@@ -0,0 +1 @@
|
||||
Installs and configures grafana
|
||||
13
roles/grafana/defaults/main.yaml
Normal file
13
roles/grafana/defaults/main.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
grafana_oauth_name: ""
|
||||
grafana_oauth_client_id: ""
|
||||
grafana_oauth_auth_url: ""
|
||||
grafana_oauth_token_url: ""
|
||||
grafana_oauth_api_url: ""
|
||||
grafana_oauth_scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
grafana_oauth_role_attribute_path: ""
|
||||
grafana_oauth_allow_sign_up: true
|
||||
grafana_oauth_auto_login: true
|
||||
72
roles/grafana/meta/argument_specs.yml
Normal file
72
roles/grafana/meta/argument_specs.yml
Normal file
@@ -0,0 +1,72 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
description: Installs and configures grafana
|
||||
options:
|
||||
grafana_domain:
|
||||
description: The domain grafana should be available on
|
||||
type: str
|
||||
required: true
|
||||
|
||||
grafana_oauth_name:
|
||||
description: >-
|
||||
Name that refers to the generic OAuth2 authentication from the Grafana
|
||||
user interface. Required to enable OAuth authentication.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
grafana_oauth_client_id:
|
||||
description: >-
|
||||
Client ID provided by your OAuth2 app. Required if OAuth is enabled.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
grafana_oauth_auth_url:
|
||||
description: Authorization endpoint of your OAuth2 provider. Required if OAuth is enabled.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
grafana_oauth_token_url:
|
||||
description: Endpoint used to obtain the OAuth2 access token.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
grafana_oauth_api_url:
|
||||
description: Endpoint used to obtain user information compatible with OpenID UserInfo.
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
grafana_oauth_scopes:
|
||||
description: List of OAuth2 scopes.
|
||||
type: list
|
||||
required: false
|
||||
elements: str
|
||||
default:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
grafana_oauth_role_attribute_path:
|
||||
description: >-
|
||||
JMESPath expression to use for Grafana role lookup. Grafana will first
|
||||
evaluate the expression using the OAuth2 ID token. If no role is found,
|
||||
the expression will be evaluated using the user information obtained
|
||||
from the UserInfo endpoint. The result of the evaluation should be
|
||||
a valid Grafana role (Viewer, Editor, Admin or GrafanaAdmin).
|
||||
type: str
|
||||
required: false
|
||||
default: ""
|
||||
grafana_oauth_allow_sign_up:
|
||||
description: >-
|
||||
Controls Grafana user creation through the generic OAuth2 login. Only
|
||||
existing Grafana users can log in with generic OAuth if set to false.
|
||||
type: bool
|
||||
required: false
|
||||
default: true
|
||||
grafana_oauth_auto_login:
|
||||
description: >-
|
||||
Whether to enable users to bypass the login screen and automatically
|
||||
log in. This setting is ignored if you configure multiple auth
|
||||
providers to use auto-login.
|
||||
type: bool
|
||||
required: false
|
||||
default: true
|
||||
39
roles/grafana/tasks/main.yml
Normal file
39
roles/grafana/tasks/main.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
---
|
||||
- name: Grafana
|
||||
ansible.builtin.import_role:
|
||||
name: service
|
||||
vars:
|
||||
service_name: grafana
|
||||
service_container_image: "docker.io/grafana/grafana:latest"
|
||||
service_container_mounts:
|
||||
- type: volume
|
||||
source: data
|
||||
destination: /var/lib/grafana
|
||||
service_container_http_port: 3000
|
||||
service_domains:
|
||||
- "{{ grafana_domain }}"
|
||||
service_database_type: postgres
|
||||
service_postgres_tag: 17-alpine
|
||||
service_container_env:
|
||||
GF_DATABASE_TYPE: postgres
|
||||
GF_DATABASE_HOST: grafana-postgres:5432
|
||||
GF_DATABASE_NAME: grafana
|
||||
GF_DATABASE_USER: grafana
|
||||
GF_DATABASE_PASSWORD__FILE: /run/secrets/postgres
|
||||
GF_SERVER_DOMAIN: "{{ grafana_domain }}"
|
||||
GF_SERVER_ROOT_URL: "https://{{ grafana_domain }}"
|
||||
|
||||
GF_AUTH_GENERIC_OAUTH_ENABLED: "{{ 'true' if grafana_oauth_name | length > 0 else 'false' }}"
|
||||
GF_AUTH_GENERIC_OAUTH_NAME: "{{ grafana_oauth_name }}"
|
||||
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{ grafana_oauth_client_id }}"
|
||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "{{ grafana_oauth_auth_url }}"
|
||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "{{ grafana_oauth_token_url }}"
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL: "{{ grafana_oauth_userinfo_url }}"
|
||||
GF_AUTH_GENERIC_OAUTH_SCOPES: "{{ grafana_oauth_scopes | join(' ') }}"
|
||||
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "{{ 'true' if grafana_oauth_allow_sign_up else 'false' }}"
|
||||
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: "{{ 'true' if grafana_oauth_auto_login else 'false' }}"
|
||||
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "{{ grafana_oauth_role_attribute_path }}"
|
||||
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: "true"
|
||||
GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN: "true"
|
||||
GF_AUTH_GENERIC_OAUTH_USE_PKCE: "true"
|
||||
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: preferred_username
|
||||
Reference in New Issue
Block a user