Skip to content

Latest commit

 

History

History
102 lines (82 loc) · 3.23 KB

README.md

File metadata and controls

102 lines (82 loc) · 3.23 KB

Grafana role

Deploy Grafana container.

Usage

Configure the role.

# https://hub.docker.com/r/grafana/grafana/
grafana_image: grafana/grafana:11.2.0
grafana_hostname: grafana01
grafana_description: Prometheus dashboard # default: Grafana
grafana_data_dir: /usr/share/graf # default: "/usr/share/{{ grafana_hostname }}"
grafana_volume_name: grafana_data01 # default: "{{ grafana_hostname }}"
grafana_admin_user: admin
grafana_admin_password: # default: "{{ vault_grafana_admin_password }}"
grafana_prometheus_hostname: prom01
grafana_server_domain: "monitor.example.com"
grafana_server_root_url: "https://monitor.example.com"

grafana_mail_enabled: "true" # default: "false"
grafana_mail_hostname: mail.example.com:587
grafana_mail_from: grafana@example.com
grafana_mail_from_name: Monitoring # default: Grafana
grafana_mail_username: bot@example.com
grafana_mail_password: "{{ vault_grafana_mail_password }}"

And include it in your playbook.

- hosts: prometheus
  roles:
  - role: grafana

Docs

Setup Loki Nginx config

For livetrailing with loki use this nginx config:

nginx_http_options: |
  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }
nginx_proxies:
  - src_hostname: monitor.example.com
    dest_hostname: grafana01
    dest_port: 3000
    ssl: true
    monitor: /
    options: |
      include /etc/nginx/conf.d/proxies/loki.nginx;
    locations:
      - path: '~ /(api/datasources/proxy/\d+/loki/api/v1/tail)'
        dest_hostname: grafana01
        dest_port: 3000
        options: |
          proxy_set_header Connection $connection_upgrade;
          proxy_set_header Upgrade $http_upgrade;

OAuth-Login with Keycloak

Create a client for your Grafana instance in Keycloak and define these vars:

grafana_generic_oauth_enabled: "true" # default: "false"
grafana_generic_oauth_name: "Example" # default: "Keycloak"
grafana_generic_oauth_sign_up: "false" # default: "true"
grafana_generic_oauth_client_id: "monitor.example.com"
grafana_generic_oauth_client_secret: "{{ vault_grafana_generic_oauth_client_secret }}"
grafana_generic_oauth_scopes: email # default: profile
grafana_generic_oauth_auth_url: "https://login.example.com/auth/realms/example.com/protocol/openid-connect/auth"
grafana_generic_oauth_token_url: "https://login.example.com/auth/realms/example.com/protocol/openid-connect/token"
grafana_generic_oauth_api_url: "https://login.example.com/auth/realms/example.com/protocol/openid-connect/userinfo"

OAuth-Login with Azure

Create a client for your Grafana instance in Keycloak and define these vars:

grafana_azuread_enabled: "true" # default: "false"
grafana_azuread_name: Microsoft # default: Azure AD
grafana_azuread_tenant_id: $TENANT_ID
grafana_azuread_sign_up: "false" # default:  "true"
grafana_azuread_auto_login: "true" # default: "false"
grafana_azuread_client_id: $CLIENT_ID
grafana_azuread_client_secret: # default: "{{ vault_grafana_azuread_client_secret }}"
grafana_azuread_scopes: openid # default: openid email profile

Install command line tools

The installation script requires that you have sudo access to root.

Run curl -L https://raw.githubusercontent.com/mint-system/ansible-build/main/roles/grafana/files/install | bash in your terminal.