[grafana] Initial role

monitoring.yml

@@ -21,3 +21,8 @@
 - hosts: all
   roles:
     - prometheus-node
+
+# Deploy grafana
+- hosts: fy.adm.crans.org
+  roles:
+    - grafana

roles/grafana/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart grafana
+  service:
+    name: grafana-server
+    state: restarted

roles/grafana/tasks/main.yml

@@ -0,0 +1,74 @@
+---
+- name: Install APT HTTPS support
+  apt:
+    name: apt-transport-https
+    state: present
+    update_cache: true
+
+- name: Import Grafana GPG signing key
+  apt_key:
+    url: https://packages.grafana.com/gpg.key
+    state: present
+    validate_certs: false
+
+- name: Add Grafana repository
+  apt_repository:
+    repo: deb https://packages.grafana.com/oss/deb stable main
+    state: present
+    update_cache: true
+
+- name: Install Grafana
+  apt:
+    name: grafana
+    state: present
+
+- name: Configure Grafana
+  ini_file:
+    path: /etc/grafana/grafana.ini
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: 640
+  loop:
+    - section: server
+      option: root_url
+      value: https://grafana.crans.org  # TODO put var in playbook
+    - section: session  # This will break with HTTPS
+      option: cookie_secure
+      value: "true"
+    - section: analytics
+      option: reporting_enabled
+      value: "false"
+    - section: snapshots
+      option: external_enabled
+      value: "false"
+    - section: users
+      option: allow_sign_up
+      value: "false"
+    - section: users
+      option: allow_org_create
+      value: "false"
+    - section: auth.basic  # Only LDAP auth
+      option: enabled
+      value: "false"
+    - section: auth.ldap
+      option: enabled
+      value: "true"
+    - section: auth.ldap  # We don't want registration
+      option: allow_sign_up
+      value: "false"
+  notify: Restart grafana
+
+#- name: Configure Grafana LDAP
+#  lineinfile:
+#    # TODO
+#  loop:
+#    # TODO
+#  notify: Restart grafana
+
+#- name: Enable and start Grafana
+#  systemd:
+#    name: grafana-server
+#    enabled: true
+#    state: started
+#    daemon_reload: true