fixes for grafana

bodsch · Jul 13, 2024 · e2a2d33 · e2a2d33
1 parent a0f2a80
commit e2a2d33
Show file tree

Hide file tree

Showing 10 changed files with 42 additions and 33 deletions.
diff --git a/roles/grafana/molecule/upgrade/prepare.yml b/roles/grafana/molecule/upgrade/prepare.yml
@@ -59,6 +59,7 @@
     grafana_security:
       admin_user: admin
       admin_password: sUp3R
+    grafana_alerting: {}
 
   roles:
     - role: ca_grafana

diff --git a/roles/grafana/molecule/with-database-cache-and-ldap/molecule.yml b/roles/grafana/molecule/with-database-cache-and-ldap/molecule.yml
@@ -10,7 +10,7 @@ driver:
 
 platforms:
   - name: database
-    image: "bodsch/ansible-debian:11"
+    image: "bodsch/ansible-debian:12"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     docker_host: "${DOCKER_HOST:-unix://run/docker.sock}"
     privileged: true

diff --git a/roles/grafana/molecule/with-database-cache-and-ldap/prepare.yml b/roles/grafana/molecule/with-database-cache-and-ldap/prepare.yml
@@ -75,9 +75,15 @@
   gather_facts: true
 
   pre_tasks:
+    - name: make sure python3-pip3 is installed
+      ansible.builtin.package:
+        name:
+          - python3-pip
+        state: present
+
     # to fix https://github.com/mkayontour/ansible-influxdb/issues/9
     - name: add influxdata-archive_compat.key
-      shell:
+      ansible.builtin.shell:
         cd /tmp/ ;
         curl https://repos.influxdata.com/influxdata-archive_compat.key > /tmp/influxdata-archive_compat.key &&
         echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c /tmp/influxdata-archive_compat.key' | sha256sum -c && cat /tmp/influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg

diff --git a/roles/grafana/molecule/with-database-cache-and-ldap/requirements.yml b/roles/grafana/molecule/with-database-cache-and-ldap/requirements.yml
@@ -2,28 +2,28 @@
 
 - name: snapd
   src: https://github.com/bodsch/ansible-snapd
-  version: 1.3.0
+  version: 1.3.1
 
-- name: apparmor
-  src: https://github.com/bodsch/ansible-apparmor
-  version: 2.0.0
+# - name: apparmor
+  # src: https://github.com/bodsch/ansible-apparmor
+  # version: 2.0.0
 
 - name: nginx
   src: https://github.com/bodsch/ansible-nginx
   scm: git
-  version: 0.25.1
+  version: 0.27.0
 
 - name: redis
   src: https://github.com/bodsch/ansible-redis
   version: 1.4.0
 
 - name: mariadb
   src: https://github.com/bodsch/ansible-mariadb
-  version: 2.4.1
+  version: 2.4.3
 
 - name: influx2
   src: https://github.com/bodsch/ansible-influxdb
-  version: 1.2.0
+  version: 1.3.0
 
 - name: influxdb
   src: mkayontour.influxdb
@@ -32,6 +32,6 @@
 
 - name: glauth
   src: https://github.com/bodsch/ansible-glauth
-  version: 1.6.0
+  version: 1.6.1
 
 ...
diff --git a/roles/grafana/tasks/configure.yml b/roles/grafana/tasks/configure.yml
@@ -6,7 +6,7 @@
     path: "{{ grafana_config_dir }}"
     owner: root
     group: "{{ grafana_system_group }}"
-    mode: 0755
+    mode: "0755"
 
 - name: create grafana.ini
   ansible.builtin.template:
@@ -15,7 +15,8 @@
     force: true
     owner: root
     group: "{{ grafana_system_group }}"
-    mode: 0640
+    mode: "0640"
+  no_log: true
   notify:
     - validate config
     - restart grafana
@@ -27,7 +28,8 @@
     force: true
     owner: root
     group: "{{ grafana_system_group }}"
-    mode: 0640
+    mode: "0640"
+  no_log: true
   when:
     - grafana_config_auth is defined
     - grafana_config_auth.ldap is defined

diff --git a/roles/grafana/tasks/configure/api_keys.yml b/roles/grafana/tasks/configure/api_keys.yml
@@ -10,7 +10,7 @@
   ansible.builtin.file:
     path: "{{ grafana_api.store_directory }}/{{ inventory_hostname }}"
     state: directory
-    mode: 0750
+    mode: "0750"
 
 - name: manage api keys
   grafana_api_keys:
@@ -33,7 +33,7 @@
     dest: "{{ grafana_api.store_directory }}/{{ inventory_hostname }}/{{ item.value.result.key_file | basename }}"
     flat: true
     validate_checksum: false
-    mode: 0644
+    mode: "0644"
   no_log: true
   loop: "{{ manage_api_keys['result'] | dict2items }}"
   loop_control:

diff --git a/roles/grafana/tasks/configure/datasources.yml b/roles/grafana/tasks/configure/datasources.yml
@@ -17,9 +17,9 @@
     grafana_api_key: "{{ grafana_config_security.api_key | default(omit) }}"
     # -------------------------------------------------------------------
     # grafana_security: "{{ item.value.user | default(omit) }}"
-    #url: "{{ item.value.url | default('http://127.0.0.1') }}"
-    #url_password: "{{ item.value.url_password | default(omit) }}"
-    #url_username: "{{ item.value.url_username | default(omit) }}"
+    # url: "{{ item.value.url | default('http://127.0.0.1') }}"
+    # url_password: "{{ item.value.url_password | default(omit) }}"
+    # url_username: "{{ item.value.url_username | default(omit) }}"
     additional_json_data: "{{ item.value.json_data | default({}) }}"
     # Defined data is used for datasource secureJsonData
     # https://docs.ansible.com/ansible/latest/collections/community/grafana/grafana_datasource_module.html#parameter-additional_secure_json_data
@@ -94,7 +94,7 @@
     backup: false
     owner: root
     group: grafana
-    mode: 0640
+    mode: "0640"
   notify:
     - restart grafana
   when:

diff --git a/roles/grafana/tasks/configure/service_accounts.yml b/roles/grafana/tasks/configure/service_accounts.yml
@@ -7,7 +7,7 @@
   ansible.builtin.file:
     path: "{{ grafana_service_accounts.store_directory }}/{{ inventory_hostname }}"
     state: directory
-    mode: 0750
+    mode: "0750"
 
 - name: manage grafana service accounts
   bodsch.grafana.grafana_service_accounts:
@@ -29,7 +29,7 @@
     dest: "{{ grafana_service_accounts.store_directory }}/{{ inventory_hostname }}/{{ item | basename }}"
     flat: true
     validate_checksum: false
-    mode: 0644
+    mode: "0644"
   # no_log: true
   loop: "{{ manage_service_accounts | bodsch.grafana.service_account_keyfiles() }}"
   loop_control:

diff --git a/roles/grafana/tasks/download.yml b/roles/grafana/tasks/download.yml
@@ -45,7 +45,7 @@
   ansible.builtin.file:
     path: "{{ grafana_local_tmp_directory }}"
     state: directory
-    mode: 0750
+    mode: "0750"
 
 - name: detect the downloaded grafana archive
   become: false
@@ -67,7 +67,7 @@
       ansible.builtin.get_url:
         url: "{{ grafana_release.download_url }}/{{ grafana_release.file }}"
         dest: "{{ grafana_local_tmp_directory }}/"
-        mode: 0644
+        mode: "0644"
       register: _download_archive
       until: _download_archive is succeeded
       retries: 5

diff --git a/roles/grafana/tasks/install.yml b/roles/grafana/tasks/install.yml
@@ -26,14 +26,14 @@
     state: directory
     owner: "{{ grafana_system_user }}"
     group: "{{ grafana_system_group }}"
-    mode: 0755
+    mode: "0755"
 
 - name: create config directory
   ansible.builtin.file:
     state: directory
     path: /etc/grafana
     group: "{{ grafana_system_group }}"
-    mode: 0755
+    mode: "0755"
 
 - name: create grafana lib directory
   ansible.builtin.file:
@@ -55,7 +55,7 @@
   ansible.builtin.file:
     state: directory
     path: "{{ grafana_log_dir }}"
-    mode: 0755
+    mode: "0755"
 
 - name: detect installed grafana binary
   ansible.builtin.stat:
@@ -84,15 +84,15 @@
           ansible.builtin.file:
             path: "{{ grafana_remote_tmp_directory }}"
             state: directory
-            mode: 0755
+            mode: "0755"
           when:
             - not grafana_direct_download
 
         - name: propagate grafana archive
           ansible.builtin.copy:
             src: "{{ grafana_local_tmp_directory }}/{{ grafana_release.file }}"
             dest: "{{ grafana_remote_tmp_directory }}"
-            mode: 0755
+            mode: "0755"
             owner: "{{ grafana_system_user }}"
             group: "{{ grafana_system_group }}"
             remote_src: "{{ 'true' if grafana_direct_download else 'false' }}"
@@ -160,7 +160,7 @@
     dest: /etc/grafana/
     owner: root
     group: "{{ grafana_system_group }}"
-    mode: 0755
+    mode: "0755"
     force: true
     remote_src: true
   notify:
@@ -181,7 +181,7 @@
         force: true
         owner: root
         group: "{{ grafana_system_group }}"
-        mode: 0644
+        mode: "0644"
       notify:
         - validate config
         - reload grafana
@@ -192,7 +192,7 @@
         dest: "{{ systemd_lib_directory }}/grafana-server.service"
         owner: root
         group: root
-        mode: 0644
+        mode: "0644"
       notify:
         - daemon-reload
         - restart grafana
@@ -207,15 +207,15 @@
         dest: "/etc/conf.d/grafana-server"
         owner: root
         group: root
-        mode: 0644
+        mode: "0644"
 
     - name: create openrc init configuration
       ansible.builtin.template:
         src: "init/openrc/init.d/grafana-server.j2"
         dest: "/etc/init.d/grafana-server"
         owner: root
         group: root
-        mode: 0750
+        mode: "0750"
 
 - name: create custom fact file
   bodsch.core.facts: