Skip to content

Ebury/ansible-grafana

 
 

Repository files navigation

grafana logo

Ansible Role: grafana

Build Status License Ansible Role GitHub tag

Provision and manage grafana - platform for analytics and monitoring

Requirements

  • Ansible >= 2.7 (It might work on previous versions, but we cannot guarantee it)
  • libselinux-python on deployer host (only when deployer machine has SELinux)
  • grafana >= 5.1 (for older grafana versions use this role in version 0.10.1 or earlier)
  • jmespath on deployer machine. If you are using Ansible from a Python virtualenv, install jmespath to the same virtualenv via pip.

Role Variables

All variables which can be overridden are stored in defaults/main.yml file as well as in table below.

Name Default Value Description
grafana_use_provisioning true Use Grafana provisioning capability when possible (grafana_version=latest will assume >= 5.0).
grafana_provisioning_synced false Ensure no previously provisioned dashboards are kept if not referenced anymore.
grafana_version latest Grafana package version
grafana_yum_repo_template etc/yum.repos.d/grafana.repo.j2 Yum template to use
grafana_manage_repo true Manage package repo (or don't)
grafana_instance {{ ansible_fqdn | default(ansible_host) | default(inventory_hostname) }} Grafana instance name
grafana_logs_dir /var/log/grafana Path to logs directory
grafana_data_dir /var/lib/grafana Path to database directory
grafana_address 0.0.0.0 Address on which grafana listens
grafana_port 3000 port on which grafana listens
grafana_cap_net_bind_service false Enables the use of ports below 1024 without root privileges by leveraging the 'capabilities' of the linux kernel. read: http://man7.org/linux/man-pages/man7/capabilities.7.html
grafana_url "http://{{ grafana_address }}:{{ grafana_port }}" Full URL used to access Grafana from a web browser
grafana_api_url "{{ grafana_url }}" URL used for API calls in provisioning if different from public URL. See this issue.
grafana_domain "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}" setting is only used in as a part of the root_url option. Useful when using GitHub or Google OAuth
grafana_server { protocol: http, enforce_domain: false, socket: "", cert_key: "", cert_file: "", enable_gzip: false, static_root_path: public, router_logging: false } server configuration section
grafana_security { admin_user: admin, admin_password: "" } security configuration section
grafana_database { type: sqlite3 } database configuration section
grafana_welcome_email_on_sign_up false Send welcome email after signing up
grafana_users { allow_sign_up: false, auto_assign_org_role: Viewer, default_theme: dark } users configuration section
grafana_auth {} authorization configuration section
grafana_ldap {} ldap configuration section. group_mappings are expanded, see defaults for example
grafana_session {} session management configuration section
grafana_analytics {} Google analytics configuration section
grafana_smtp {} smtp configuration section
grafana_alerting {} alerting configuration section
grafana_log {} log configuration section
grafana_metrics {} metrics configuration section
grafana_tracing {} tracing configuration section
grafana_snapshots {} snapshots configuration section
grafana_image_storage {} image storage configuration section
grafana_dashboards [] List of dashboards which should be imported
grafana_dashboards_dir "dashboards" Path to a local directory containing dashboards files in json format
grafana_datasources [] List of datasources which should be configured
grafana_environment {} Optional Environment param for Grafana installation, useful ie for setting http_proxy
grafana_plugins [] List of Grafana plugins which should be installed
grafana_alert_notifications [] List of alert notification channels to be created, updated, or deleted

Datasource example:

grafana_datasources:
  - name: prometheus
    type: prometheus
    access: proxy
    url: 'http://{{ prometheus_web_listen_address }}'
    basicAuth: false

Dashboard example:

grafana_dashboards:
  - dashboard_id: 111
    revision_id: 1
    datasource: prometheus

Alert notification channel example:

NOTE: setting the variable grafana_alert_notifications will only come into effect when grafana_use_provisioning is true. That means the new provisioning system using config files, which is available starting from Grafana v5.0, needs to be in use.

grafana_alert_notifications:
  notifiers:
    - name: Channel 1
      type: email
      uid: channel1
      is_default: false
      send_reminder: false
      settings:
        addresses: "example@example.com"
        autoResolve: true
  delete_notifiers:
    - name: Channel 2
      uid: channel2

Use a custom Grafana Yum repo template example:

  • Put your template next to your playbook under templates folder

  • Use a different path than the default one, because ansible , when using relative path, use the first template found and look under the role directory at first then the playbook directory.

  • The template expansion will be put under /etc/yum.repos.d/ , and will have as a name, the basename of the template path without the .j2

    Example:

    grafana_yum_repo_template: my_yum_repos/grafana.repo.j2
    
    # [playbook_dir]/templates/my_yum_repos/grafana.repo.j2
    # will be put under
    # /etc/yum.repos.d/grafana.repo
    # on the remote host

Supported CPU Architectures

Historically packages were taken from different channels according to CPU architecture. Specifically, armv6/armv7 and aarch64/arm64 packages were via unofficial packages distributed by fg2it. Now that Grafana publishes official ARM builds, all packages are taken from the official Debian/Ubuntu or RPM packages.

Example

Playbook

Fill in the admin password field with your choice, the Grafana web page won't ask to change it at the first login.

- hosts: all
  roles:
    - role: cloudalchemy.grafana
      vars:
        grafana_security:
          admin_user: admin
          admin_password: enter_your_secure_password

Demo site

We provide demo site for full monitoring solution based on prometheus and grafana. Repository with code and links to running instances is available on github and site is hosted on DigitalOcean.

Local Testing

The preferred way of locally testing the role is to use Docker and molecule (v2.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. We are using tox to simplify process of testing on multiple ansible versions. To install tox execute:

pip3 install tox

To run tests on all ansible versions (WARNING: this can take some time)

tox

To run a custom molecule command on custom environment with only default test scenario:

tox -e py35-ansible28 -- molecule test -s default

For more information about molecule go to their docs.

If you would like to run tests on remote docker host just specify DOCKER_HOST variable before running tox tests.

Travis CI

Combining molecule and travis CI allows us to test how new PRs will behave when used with multiple ansible versions and multiple operating systems. This also allows use to create test scenarios for different role configurations. As a result we have a quite large test matrix which will take more time than local testing, so please be patient.

Contributing

See contributor guideline.

Troubleshooting

See troubleshooting.

License

This project is licensed under MIT License. See LICENSE for more details.

About

Platform for analytics and monitoring

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Jinja 52.9%
  • Shell 26.1%
  • Python 21.0%