You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
166 lines
5.3 KiB
166 lines
5.3 KiB
5 years ago
|
---
|
||
|
- name: Install grafana
|
||
|
yum: name=grafana state=present
|
||
|
register: grafana_install
|
||
|
|
||
|
- name: Create unit snippet dir
|
||
|
file: path=/etc/systemd/system/grafana-server.service.d state=directory
|
||
|
|
||
|
- name: Tune to restart indefinitely
|
||
|
copy:
|
||
|
content: |
|
||
|
[Service]
|
||
|
StartLimitInterval=0
|
||
|
RestartSec=20
|
||
|
dest: /etc/systemd/system/grafana-server.service.d/restart.conf
|
||
|
register: grafana_unit
|
||
|
|
||
|
- name: Reload systemd
|
||
|
systemd: daemon_reload=True
|
||
|
when: grafana_unit.changed
|
||
|
|
||
|
- name: Install MySQL support
|
||
|
yum: name=MySQL-python state=present
|
||
|
when: grafana_db_type == 'mysql'
|
||
|
|
||
|
- name: Install PostgreSQL support
|
||
|
yum: name=python-psycopg2 state=present
|
||
|
when: grafana_db_type == 'postgres'
|
||
|
|
||
|
- name: Handle grafana port
|
||
|
iptables_raw:
|
||
|
name: grafana_port
|
||
|
state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}"
|
||
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT"
|
||
|
when: iptables_manage | default(True)
|
||
|
|
||
|
- name: Generate a random pass for database
|
||
|
shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass
|
||
|
args:
|
||
|
creates: /etc/grafana/ansible_db_pass
|
||
|
when:
|
||
|
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
|
||
|
- grafana_db_pass is not defined
|
||
|
|
||
|
- name: Restrict permission on db pass file
|
||
|
file: path=/etc/grafana/ansible_db_pass mode=600
|
||
|
when:
|
||
|
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
|
||
|
- grafana_db_pass is not defined
|
||
|
|
||
|
- name: Read db password
|
||
|
command: cat /etc/grafana/ansible_db_pass
|
||
|
register: grafana_rand_db_pass
|
||
|
when:
|
||
|
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
|
||
|
- grafana_db_pass is not defined
|
||
|
|
||
|
- name: Set db pass
|
||
|
set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }}
|
||
|
when:
|
||
|
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
|
||
|
- grafana_db_pass is not defined
|
||
|
|
||
|
- name: Create MySQL database
|
||
|
mysql_db:
|
||
|
name: "{{ grafana_db_name }}"
|
||
|
state: present
|
||
|
login_host: "{{ grafana_db_server }}"
|
||
|
login_user: sqladmin
|
||
|
login_password: "{{ mysql_admin_pass }}"
|
||
|
when: grafana_db_type == 'mysql'
|
||
|
|
||
|
- name: Create MySQL User
|
||
|
mysql_user:
|
||
|
name: "{{ grafana_db_user | default('grafana') }}"
|
||
|
password: "{{ grafana_db_pass }}"
|
||
|
priv: "{{ grafana_db_name | default('grafana') }}.*:ALL"
|
||
|
host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}"
|
||
|
login_host: "{{ grafana_db_server }}"
|
||
|
login_user: sqladmin
|
||
|
login_password: "{{ mysql_admin_pass }}"
|
||
|
state: present
|
||
|
when: grafana_db_type == 'mysql'
|
||
|
with_items: "{{ ansible_all_ipv4_addresses }}"
|
||
|
|
||
|
- name: Create the PostgreSQL role
|
||
|
postgresql_user:
|
||
|
name: "{{ grafana_db_user }}"
|
||
|
password: "{{ grafana_db_pass }}"
|
||
|
login_host: "{{ grafana_db_server }}"
|
||
|
login_user: sqladmin
|
||
|
login_password: "{{ pg_admin_pass }}"
|
||
|
when: grafana_db_type == 'postgres'
|
||
|
|
||
|
- name: Create the PostgreSQL database
|
||
|
postgresql_db:
|
||
|
name: "{{ grafana_db_name }}"
|
||
|
encoding: UTF-8
|
||
|
lc_collate: C
|
||
|
lc_ctype: C
|
||
|
template: template0
|
||
|
owner: "{{ grafana_db_user }}"
|
||
|
login_host: "{{ grafana_db_server }}"
|
||
|
login_user: sqladmin
|
||
|
login_password: "{{ pg_admin_pass }}"
|
||
|
when: grafana_db_type == 'postgres'
|
||
|
|
||
|
- name: Generate a secret key
|
||
|
shell: </dev/urandom tr -dc 'A-Za-z0-9!$%&\()*+,-./:;<=>?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key
|
||
|
args:
|
||
|
creates: /etc/grafana/ansible_secret_key
|
||
|
|
||
|
- name: Restrict permission on the secret key file
|
||
|
file: path=/etc/grafana/ansible_secret_key mode=600
|
||
|
|
||
|
- name: Read the secret key
|
||
|
command: cat /etc/grafana/ansible_secret_key
|
||
|
register: grafana_secret_key
|
||
|
changed_when: False
|
||
|
|
||
|
- name: Deploy grafana configuration
|
||
|
template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640
|
||
|
with_items:
|
||
|
- grafana.ini
|
||
|
- ldap.toml
|
||
|
notify: restart grafana
|
||
|
|
||
|
- name: Build a list of installed plugins
|
||
|
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"'
|
||
|
register: grafana_installed_plugins
|
||
|
changed_when: False
|
||
|
|
||
|
- name: Remove unmanaged plugins
|
||
|
command: grafana-cli plugins uninstall {{ item }}
|
||
|
with_items: "{{ grafana_installed_plugins.stdout_lines }}"
|
||
|
when: item not in grafana_plugins
|
||
|
notify: restart grafana
|
||
|
|
||
|
- name: Install plugins
|
||
|
command: grafana-cli plugins install {{ item }}
|
||
|
with_items: "{{ grafana_plugins }}"
|
||
|
when: item not in grafana_installed_plugins.stdout_lines
|
||
|
notify: restart grafana
|
||
|
|
||
|
- name: Check installed plugins versions
|
||
|
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"'
|
||
|
register: grafana_installed_plugins_versions
|
||
|
changed_when: False
|
||
|
|
||
|
- name: Check available plugins versions
|
||
|
shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"'
|
||
|
register: grafana_remote_plugins_versions
|
||
|
changed_when: False
|
||
|
|
||
|
- name: Update grafana plugins
|
||
|
command: grafana-cli plugins update-all
|
||
|
when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines)
|
||
|
notify: restart grafana
|
||
|
|
||
|
- name: Start and enable the service
|
||
|
service: name=grafana-server state=started enabled=yes
|
||
|
|
||
|
- name: Change admin password to a random one
|
||
|
command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33)
|
||
|
when: grafana_install.changed
|