diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml index 50da974855e8c0ea7c73aea7a78bda39cc091a43..5c8fd0d7cb057d3252abdffb8f3be91e361f2084 100644 --- a/group_vars/reverseproxy.yml +++ b/group_vars/reverseproxy.yml @@ -21,7 +21,7 @@ nginx: # Services web Crans - {from: re2o.crans.org, to: 172.16.10.156} - {from: intranet.crans.org, to: 172.16.10.156} - # - {from: grafana.crans.org, to: "10.231.136.102:3000"} + - {from: grafana.crans.org, to: "172.16.10.121:3000"} - {from: ftps.crans.org, to: 172.16.10.30} - {from: webmail.crans.org, to: 172.16.10.108} - {from: webirc.crans.org, to: "172.16.10.31:9000"} diff --git a/plays/monitoring.yml b/plays/monitoring.yml index 2a6c6bcd8d03d78d714c34a6162948d2ed8822f2..5e661a50289002e8c88b40cc72ba79c056887f51 100755 --- a/plays/monitoring.yml +++ b/plays/monitoring.yml @@ -25,12 +25,12 @@ grafana: root_url: https://grafana.crans.org - ldap_bind_dn: "cn=grafana,ou=service-users,{{ ldap_base }}" - ldap_passwd: "{{ vault_ldap_grafana_passwd }}" + ldap_bind_dn: "" + ldap_passwd: "" ldap_base: 'dc=crans,dc=org' ldap_master_ipv4: '172.16.10.1' - ldap_user_tree: "ou=users,{{ ldap_base }}" + ldap_user_tree: "ou=passwd,{{ ldap_base }}" roles: - prometheus - prometheus-alertmanager diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2 index 1fd96e129084e8fa63dbbe7f061a042f585a32a0..b044d42cfc88fdaf2498d8aa0a064898cf7913be 100644 --- a/roles/grafana/templates/ldap.toml.j2 +++ b/roles/grafana/templates/ldap.toml.j2 @@ -7,11 +7,11 @@ # Ldap server host (specify multiple hosts space separated) host = "{{ ldap_master_ipv4 }}" # Default port is 389 or 636 if use_ssl = true -port = 389 +port = 636 # Set to true if ldap server supports TLS -use_ssl = false +use_ssl = true # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) -start_tls = false +start_tls = true # set to true if you want to skip ssl cert validation ssl_skip_verify = false # set to the path to your root CA certificate or leave unset to use system defaults @@ -40,7 +40,7 @@ group_search_filter_user_attribute = "cn" # Specify names of the ldap attributes your ldap uses [servers.attributes] -name = "sn" +name = "" surname = "" username = "cn" member_of = "dn" @@ -48,7 +48,7 @@ email = "mail" # Map ldap groups to grafana org roles [[servers.group_mappings]] -group_dn = "cn=nounou,ou=posix,ou=groups,dc=crans,dc=org" +group_dn = "cn=nounou,ou=group,dc=crans,dc=org" org_role = "Admin" # To make user an instance admin (Grafana Admin) uncomment line below # grafana_admin = true @@ -56,7 +56,7 @@ org_role = "Admin" # org_id = 1 [[servers.group_mappings]] -group_dn = "cn=apprenti,ou=posix,ou=groups,dc=crans,dc=org" +group_dn = "cn=user,ou=group,dc=crans,dc=org" org_role = "Editor" [[servers.group_mappings]]