From 8c7d6c3daa354b33a1fd67c035ad9ca077bcd67a Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 20 Apr 2019 23:11:22 +0200
Subject: [PATCH] [grafana] Initial role

---
 monitoring.yml                  |  5 +++
 roles/grafana/handlers/main.yml |  5 +++
 roles/grafana/tasks/main.yml    | 74 +++++++++++++++++++++++++++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 roles/grafana/handlers/main.yml
 create mode 100644 roles/grafana/tasks/main.yml

diff --git a/monitoring.yml b/monitoring.yml
index 4400869d..cea4352d 100644
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -21,3 +21,8 @@
 - hosts: all
   roles:
     - prometheus-node
+
+# Deploy grafana
+- hosts: fy.adm.crans.org
+  roles:
+    - grafana
diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml
new file mode 100644
index 00000000..cbd4ffd0
--- /dev/null
+++ b/roles/grafana/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart grafana
+  service:
+    name: grafana-server
+    state: restarted
diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
new file mode 100644
index 00000000..54c346c6
--- /dev/null
+++ b/roles/grafana/tasks/main.yml
@@ -0,0 +1,74 @@
+---
+- name: Install APT HTTPS support
+  apt:
+    name: apt-transport-https
+    state: present
+    update_cache: true
+
+- name: Import Grafana GPG signing key
+  apt_key:
+    url: https://packages.grafana.com/gpg.key
+    state: present
+    validate_certs: false
+
+- name: Add Grafana repository
+  apt_repository:
+    repo: deb https://packages.grafana.com/oss/deb stable main
+    state: present
+    update_cache: true
+
+- name: Install Grafana
+  apt:
+    name: grafana
+    state: present
+
+- name: Configure Grafana
+  ini_file:
+    path: /etc/grafana/grafana.ini
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: 640
+  loop:
+    - section: server
+      option: root_url
+      value: https://grafana.crans.org  # TODO put var in playbook
+    - section: session  # This will break with HTTPS
+      option: cookie_secure
+      value: "true"
+    - section: analytics
+      option: reporting_enabled
+      value: "false"
+    - section: snapshots
+      option: external_enabled
+      value: "false"
+    - section: users
+      option: allow_sign_up
+      value: "false"
+    - section: users
+      option: allow_org_create
+      value: "false"
+    - section: auth.basic  # Only LDAP auth
+      option: enabled
+      value: "false"
+    - section: auth.ldap
+      option: enabled
+      value: "true"
+    - section: auth.ldap  # We don't want registration
+      option: allow_sign_up
+      value: "false"
+  notify: Restart grafana
+
+#- name: Configure Grafana LDAP
+#  lineinfile:
+#    # TODO
+#  loop:
+#    # TODO
+#  notify: Restart grafana
+
+#- name: Enable and start Grafana
+#  systemd:
+#    name: grafana-server
+#    enabled: true
+#    state: started
+#    daemon_reload: true
-- 
GitLab