x/browbeat
Code Issues Proposed changes
a217af06f7
browbeat/ansible/install/roles/grafana/tasks/main.yml
Sai Sindhur Malleni 280ac8dbda Move away from yum 
Latest versions of CentOS and RHEL already have YUM deprecated and future versions
would drop support. This commit moves browbeat to use the package module instead of yum.
Package module will select DNF if it is available on the system rather than yum.

Change-Id: I5892fd6209e3be7f3cb69bcfe3df54726043354a
2018-10-11 19:28:35 +00:00

162 lines
5.1 KiB
YAML
Raw Blame History

---
#
# Install/run grafana-server for browbeat
#
# check that grafana_host and graphite_host is entered prior to playbook run
- name: Check Graphite/Grafana Host IP Address
fail:
msg="** Edit grafana_host and graphite_host in ../install/group_vars/all.yml before running **"
when: ((grafana_host is none) or (graphite_host is none))
- name: Install grafana RPM repo
copy:
src=grafana.repo
dest=/etc/yum.repos.d/grafana.repo
owner=root
group=root
mode=0644
become: true
- name: Import grafana GPG Key
rpm_key: key=https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
state=present
become: True
- name: Install grafana RPM
package:
name: "{{ item }}"
state: present
become: true
with_items:
- grafana
- name: Set grafana config values
ini_file:
dest=/etc/grafana/grafana.ini
section={{item.section}}
option={{item.option}}
value={{item.value}}
with_items:
- section: server
option: http_port
value: "{{grafana_port}}"
- section: auth.anonymous
option: enabled
value: true
- section: security
option: admin_user
value: "{{grafana_username}}"
- section: security
option: admin_password
value: "{{grafana_password}}"
become: true
### begin firewall ###
# we need TCP/3000 open
# determine firewall status and take action
# 1) use firewall-cmd if firewalld is utilized
# 2) insert iptables rule if iptables is used
# Firewalld
- name: (grafana) Determine if firewalld is in use
shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
ignore_errors: true
register: firewalld_in_use
no_log: true
tags:
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
# Need to know if firewalld is in use.
- skip_ansible_lint
- name: (grafana) Determine if firewalld is active
shell: systemctl is-active firewalld.service | grep -vq inactive
ignore_errors: true
register: firewalld_is_active
no_log: true
tags:
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
# Need to know if firewalld is active.
- skip_ansible_lint
- name: (grafana) Determine if TCP/{{grafana_port}} is already active
shell: firewall-cmd --list-ports | egrep -q "^{{grafana_port}}/tcp"
ignore_errors: true
register: firewalld_grafana_port_exists
no_log: true
tags:
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
# Need to know if port is already active.
- skip_ansible_lint
# add firewall rule via firewall-cmd
- name: (grafana) Add firewall rule for TCP/{{grafana_port}} (firewalld)
command: "{{ item }}"
with_items:
- firewall-cmd --zone=public --add-port={{grafana_port}}/tcp --permanent
- firewall-cmd --reload
ignore_errors: true
become: true
when: firewalld_in_use.rc == 0 and firewalld_is_active.rc == 0 and firewalld_grafana_port_exists.rc != 0
# iptables-services
- name: (grafana) check firewall rules for TCP/{{grafana_port}} (iptables-services)
shell: grep "dport {{grafana_port}} \-j ACCEPT" /etc/sysconfig/iptables | wc -l
ignore_errors: true
register: iptables_grafana_port_exists
failed_when: iptables_grafana_port_exists == 127
no_log: true
tags:
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
# Need to know if port exists.
- skip_ansible_lint
- name: (grafana) Add firewall rule for TCP/{{grafana_port}} (iptables-services)
lineinfile:
dest: /etc/sysconfig/iptables
line: '-A INPUT -p tcp -m tcp --dport {{grafana_port}} -j ACCEPT'
regexp: '^INPUT -i lo -j ACCEPT'
insertbefore: '-A INPUT -i lo -j ACCEPT'
backup: yes
when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_grafana_port_exists.stdout|int == 0
register: iptables_needs_restart
- name: (grafana) Restart iptables-services for TCP/{{grafana_port}} (iptables-services)
systemd:
name: iptables.service
state: restarted
ignore_errors: true
when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0
### end firewall ###
# setup the grafana-server service
- name: Setup grafana-server service
service: name=grafana-server state=started enabled=true
become: true
ignore_errors: true
- name: Wait for grafana to be ready
wait_for: host={{grafana_host}} port={{grafana_port}} delay=5 timeout=30
#
# Add graphite server as a default datasource
#
# (akrzos) I reverted this back to the "old" way after testing Ansible 2.3.0.0
# which still could not POST with basic auth through uri vs curl command.
- name: Create data_source.json
template:
src: data_source.json.j2
dest: "{{role_path}}/files/data_source.json"
connection: local
- name: Create Data Source on grafana server
command: "curl -X POST -H 'Content-Type: application/json' -d @{{role_path}}/files/data_source.json http://{{grafana_username}}:{{grafana_password}}@{{grafana_host}}:{{grafana_port}}/api/datasources"
connection: local
tags:
- skip_ansible_lint
- name: Remove leftover json file
file: path={{role_path}}/files/data_source.json state=absent
connection: local
View Git Blame Copy Permalink