Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

166 lines
5.3 KiB

---
- name: Install grafana
yum: name=grafana state=present
register: grafana_install
- name: Create unit snippet dir
file: path=/etc/systemd/system/grafana-server.service.d state=directory
- name: Tune to restart indefinitely
copy:
content: |
[Service]
StartLimitInterval=0
RestartSec=20
dest: /etc/systemd/system/grafana-server.service.d/restart.conf
register: grafana_unit
- name: Reload systemd
systemd: daemon_reload=True
when: grafana_unit.changed
- name: Install MySQL support
yum: name=MySQL-python state=present
when: grafana_db_type == 'mysql'
- name: Install PostgreSQL support
yum: name=python-psycopg2 state=present
when: grafana_db_type == 'postgres'
- name: Handle grafana port
iptables_raw:
name: grafana_port
state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
- name: Generate a random pass for database
shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass
args:
creates: /etc/grafana/ansible_db_pass
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Restrict permission on db pass file
file: path=/etc/grafana/ansible_db_pass mode=600
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Read db password
command: cat /etc/grafana/ansible_db_pass
register: grafana_rand_db_pass
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Set db pass
set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }}
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Create MySQL database
mysql_db:
name: "{{ grafana_db_name }}"
state: present
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when: grafana_db_type == 'mysql'
- name: Create MySQL User
mysql_user:
name: "{{ grafana_db_user | default('grafana') }}"
password: "{{ grafana_db_pass }}"
priv: "{{ grafana_db_name | default('grafana') }}.*:ALL"
host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}"
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
when: grafana_db_type == 'mysql'
with_items: "{{ ansible_all_ipv4_addresses }}"
- name: Create the PostgreSQL role
postgresql_user:
name: "{{ grafana_db_user }}"
password: "{{ grafana_db_pass }}"
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
when: grafana_db_type == 'postgres'
- name: Create the PostgreSQL database
postgresql_db:
name: "{{ grafana_db_name }}"
encoding: UTF-8
lc_collate: C
lc_ctype: C
template: template0
owner: "{{ grafana_db_user }}"
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
when: grafana_db_type == 'postgres'
- name: Generate a secret key
shell: </dev/urandom tr -dc 'A-Za-z0-9!$%&\()*+,-./:;<=>?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key
args:
creates: /etc/grafana/ansible_secret_key
- name: Restrict permission on the secret key file
file: path=/etc/grafana/ansible_secret_key mode=600
- name: Read the secret key
command: cat /etc/grafana/ansible_secret_key
register: grafana_secret_key
changed_when: False
- name: Deploy grafana configuration
template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640
with_items:
- grafana.ini
- ldap.toml
notify: restart grafana
- name: Build a list of installed plugins
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"'
register: grafana_installed_plugins
changed_when: False
- name: Remove unmanaged plugins
command: grafana-cli plugins uninstall {{ item }}
with_items: "{{ grafana_installed_plugins.stdout_lines }}"
when: item not in grafana_plugins
notify: restart grafana
- name: Install plugins
command: grafana-cli plugins install {{ item }}
with_items: "{{ grafana_plugins }}"
when: item not in grafana_installed_plugins.stdout_lines
notify: restart grafana
- name: Check installed plugins versions
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"'
register: grafana_installed_plugins_versions
changed_when: False
- name: Check available plugins versions
shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"'
register: grafana_remote_plugins_versions
changed_when: False
- name: Update grafana plugins
command: grafana-cli plugins update-all
when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines)
notify: restart grafana
- name: Start and enable the service
service: name=grafana-server state=started enabled=yes
- name: Change admin password to a random one
command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33)
when: grafana_install.changed