0118627e4a
so despite having a grafana username and grafna password setting in all.yml these values are never actually changed in the config file for grafana. This adds that Change-Id: I75fe6c3c34f51ab62482974af0c3b5da190e4c39
151 lines
4.7 KiB
YAML
151 lines
4.7 KiB
YAML
---
|
|
#
|
|
# Install/run grafana-server for browbeat
|
|
#
|
|
|
|
# check that grafana_host and graphite_host is entered prior to playbook run
|
|
- name: Check Graphite/Grafana Host IP Address
|
|
fail:
|
|
msg="** Edit grafana_host and graphite_host in ../install/group_vars/all.yml before running **"
|
|
when: ((grafana_host is none) or (graphite_host is none))
|
|
|
|
- name: Install grafana RPM repo
|
|
copy:
|
|
src=grafana.repo
|
|
dest=/etc/yum.repos.d/grafana.repo
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
|
|
- name: Import grafana GPG Key
|
|
rpm_key: key=https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
|
|
state=present
|
|
become: True
|
|
|
|
- name: Install grafana RPM
|
|
yum: name={{ item }} state=present
|
|
become: true
|
|
with_items:
|
|
- grafana
|
|
|
|
- name: Set grafana config values
|
|
ini_file:
|
|
dest=/etc/grafana/grafana.ini
|
|
section={{item.section}}
|
|
option={{item.option}}
|
|
value={{item.value}}
|
|
with_items:
|
|
- section: server
|
|
option: http_port
|
|
value: "{{grafana_port}}"
|
|
- section: auth.anonymous
|
|
option: enabled
|
|
value: true
|
|
- section: security
|
|
option: admin_user
|
|
value: "{{grafana_username}}"
|
|
- section: security
|
|
option: admin_password
|
|
value: "{{grafana_password}}"
|
|
become: true
|
|
|
|
### begin firewall ###
|
|
# we need TCP/3000 open
|
|
# determine firewall status and take action
|
|
# 1) use firewall-cmd if firewalld is utilized
|
|
# 2) insert iptables rule if iptables is used
|
|
|
|
# Firewalld
|
|
- name: (grafana) Determine if firewalld is in use
|
|
shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
|
|
ignore_errors: true
|
|
register: firewalld_in_use
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if firewalld is in use.
|
|
- skip_ansible_lint
|
|
|
|
- name: (grafana) Determine if firewalld is active
|
|
shell: systemctl is-active firewalld.service | grep -vq inactive
|
|
ignore_errors: true
|
|
register: firewalld_is_active
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if firewalld is active.
|
|
- skip_ansible_lint
|
|
|
|
- name: (grafana) Determine if TCP/{{grafana_port}} is already active
|
|
shell: firewall-cmd --list-ports | egrep -q "^{{grafana_port}}/tcp"
|
|
ignore_errors: true
|
|
register: firewalld_grafana_port_exists
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if port is already active.
|
|
- skip_ansible_lint
|
|
|
|
# add firewall rule via firewall-cmd
|
|
- name: (grafana) Add firewall rule for TCP/{{grafana_port}} (firewalld)
|
|
command: "{{ item }}"
|
|
with_items:
|
|
- firewall-cmd --zone=public --add-port={{grafana_port}}/tcp --permanent
|
|
- firewall-cmd --reload
|
|
ignore_errors: true
|
|
become: true
|
|
when: firewalld_in_use.rc == 0 and firewalld_is_active.rc == 0 and firewalld_grafana_port_exists.rc != 0
|
|
|
|
# iptables-services
|
|
- name: (grafana) check firewall rules for TCP/{{grafana_port}} (iptables-services)
|
|
shell: grep "dport {{grafana_port}} \-j ACCEPT" /etc/sysconfig/iptables | wc -l
|
|
ignore_errors: true
|
|
register: iptables_grafana_port_exists
|
|
failed_when: iptables_grafana_port_exists == 127
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if port exists.
|
|
- skip_ansible_lint
|
|
|
|
- name: (grafana) Add firewall rule for TCP/{{grafana_port}} (iptables-services)
|
|
lineinfile:
|
|
dest: /etc/sysconfig/iptables
|
|
line: '-A INPUT -p tcp -m tcp --dport {{grafana_port}} -j ACCEPT'
|
|
regexp: '^INPUT -i lo -j ACCEPT'
|
|
insertbefore: '-A INPUT -i lo -j ACCEPT'
|
|
backup: yes
|
|
when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_grafana_port_exists.stdout|int == 0
|
|
register: iptables_needs_restart
|
|
|
|
- name: (grafana) Restart iptables-services for TCP/{{grafana_port}} (iptables-services)
|
|
command: systemctl restart iptables.service
|
|
ignore_errors: true
|
|
when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0
|
|
|
|
### end firewall ###
|
|
|
|
# setup the grafana-server service
|
|
- name: Setup grafana-server service
|
|
service: name=grafana-server state=started enabled=true
|
|
become: true
|
|
ignore_errors: true
|
|
|
|
- name: Wait for grafana to be ready
|
|
wait_for: host={{grafana_host}} port={{grafana_port}} delay=5 timeout=30
|
|
|
|
#
|
|
# Add graphite server as a default datasource
|
|
#
|
|
- name: Create Data Source on grafana server
|
|
uri:
|
|
method: POST
|
|
header: 'Content-Type: application/json'
|
|
body: "{{ lookup('template', 'data_source.json.j2') |to_json }}"
|
|
body_format: json
|
|
url: http://{{grafana_host}}:{{grafana_port}}/api/datasources
|
|
username: "{{ grafana_username }}"
|
|
password: "{{ grafana_password }}"
|
|
connection: local
|