99 lines
2.2 KiB
YAML
99 lines
2.2 KiB
YAML
---
|
|
- name: Install APT HTTPS support
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- gpg
|
|
state: present
|
|
update_cache: true
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
- name: Import Grafana GPG signing key
|
|
apt_key:
|
|
url: https://packages.grafana.com/gpg.key
|
|
state: present
|
|
validate_certs: false
|
|
register: apt_key_result
|
|
retries: 3
|
|
until: apt_key_result is succeeded
|
|
|
|
- name: Add Grafana repository
|
|
apt_repository:
|
|
repo: deb https://packages.grafana.com/oss/deb stable main
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Install Grafana
|
|
apt:
|
|
name: grafana
|
|
state: present
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
# This capability enables grafana to bind :80
|
|
- name: Add cap_net_bind_service to grafana
|
|
capabilities:
|
|
path: /usr/sbin/grafana-server
|
|
capability: cap_net_bind_service+ep
|
|
state: present
|
|
|
|
- name: Configure Grafana
|
|
ini_file:
|
|
path: /etc/grafana/grafana.ini
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
mode: 0640
|
|
loop:
|
|
- section: server
|
|
option: http_port
|
|
value: "80"
|
|
- section: server
|
|
option: root_url
|
|
value: "{{ grafana_root_url }}"
|
|
- section: session # This will break with HTTPS
|
|
option: cookie_secure
|
|
value: "true"
|
|
- section: analytics
|
|
option: reporting_enabled
|
|
value: "false"
|
|
- section: snapshots
|
|
option: external_enabled
|
|
value: "false"
|
|
- section: users
|
|
option: allow_sign_up
|
|
value: "false"
|
|
- section: users
|
|
option: allow_org_create
|
|
value: "false"
|
|
- section: auth.basic # Only LDAP auth
|
|
option: enabled
|
|
value: "false"
|
|
- section: auth.ldap
|
|
option: enabled
|
|
value: "true"
|
|
notify: Restart grafana
|
|
|
|
- name: Configure Grafana LDAP
|
|
template:
|
|
src: ldap.toml.j2
|
|
dest: /etc/grafana/ldap.toml
|
|
mode: 0640
|
|
notify: Restart grafana
|
|
|
|
- name: Enable and start Grafana
|
|
systemd:
|
|
name: grafana-server
|
|
enabled: true
|
|
state: started
|
|
daemon_reload: true
|
|
|
|
- name: Indicate role in motd
|
|
template:
|
|
src: update-motd.d/05-service.j2
|
|
dest: /etc/update-motd.d/05-grafana
|
|
mode: 0755
|