--- - name: Install APT HTTPS support apt: name: - apt-transport-https - gpg state: present update_cache: true register: apt_result retries: 3 until: apt_result is succeeded - name: Import Grafana GPG signing key apt_key: url: https://packages.grafana.com/gpg.key state: present validate_certs: false register: apt_key_result retries: 3 until: apt_key_result is succeeded - name: Add Grafana repository apt_repository: repo: deb https://packages.grafana.com/oss/deb stable main state: present update_cache: true - name: Install Grafana apt: name: grafana state: present register: apt_result retries: 3 until: apt_result is succeeded # This capability enables grafana to bind :80 - name: Add cap_net_bind_service to grafana capabilities: path: /usr/sbin/grafana-server capability: cap_net_bind_service+ep state: present - name: Configure Grafana ini_file: path: /etc/grafana/grafana.ini section: "{{ item.section }}" option: "{{ item.option }}" value: "{{ item.value }}" mode: 0640 loop: - section: server option: http_port value: "80" - section: server option: root_url value: "{{ grafana_root_url }}" - section: session # This will break with HTTPS option: cookie_secure value: "true" - section: analytics option: reporting_enabled value: "false" - section: snapshots option: external_enabled value: "false" - section: users option: allow_sign_up value: "false" - section: users option: allow_org_create value: "false" - section: auth.basic # Only LDAP auth option: enabled value: "false" - section: auth.ldap option: enabled value: "true" notify: Restart grafana - name: Configure Grafana LDAP template: src: ldap.toml.j2 dest: /etc/grafana/ldap.toml mode: 0640 notify: Restart grafana - name: Enable and start Grafana systemd: name: grafana-server enabled: true state: started daemon_reload: true - name: Indicate role in motd template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-grafana mode: 0755