DEPRECATED
This role has been deprecated in favor of a the grafana-ansible-collection collection.
Ansible Role: grafana
Provision and manage grafana - platform for analytics and monitoring
Requirements
- Ansible >= 2.7 (It might work on previous versions, but we cannot guarantee it)
- libselinux-python on deployer host (only when deployer machine has SELinux)
- grafana >= 5.1 (for older grafana versions use this role in version 0.10.1 or earlier)
- jmespath on deployer machine. If you are using Ansible from a Python virtualenv, install jmespath to the same virtualenv via pip.
Role Variables
All variables which can be overridden are stored in defaults/main.yml file as well as in table below.
Name | Default Value | Description |
---|---|---|
grafana_use_provisioning |
true | Use Grafana provisioning capability when possible (grafana_version=latest will assume >= 5.0). |
grafana_provisioning_synced |
false | Ensure no previously provisioned dashboards are kept if not referenced anymore. |
grafana_version |
latest | Grafana package version |
grafana_yum_repo_template |
etc/yum.repos.d/grafana.repo.j2 | Yum template to use |
grafana_manage_repo |
true | Manage package repo (or don't) |
grafana_instance |
{{ ansible_fqdn | default(ansible_host) | default(inventory_hostname) }} | Grafana instance name |
grafana_logs_dir |
/var/log/grafana | Path to logs directory |
grafana_data_dir |
/var/lib/grafana | Path to database directory |
grafana_address |
0.0.0.0 | Address on which grafana listens |
grafana_port |
3000 | port on which grafana listens |
grafana_cap_net_bind_service |
false | Enables the use of ports below 1024 without root privileges by leveraging the 'capabilities' of the linux kernel. read: http://man7.org/linux/man-pages/man7/capabilities.7.html |
grafana_url |
"http://{{ grafana_address }}:{{ grafana_port }}" | Full URL used to access Grafana from a web browser |
grafana_api_url |
"{{ grafana_url }}" | URL used for API calls in provisioning if different from public URL. See this issue. |
grafana_domain |
"{{ ansible_fqdn | default(ansible_host) | default('localhost') }}" | setting is only used in as a part of the root_url option. Useful when using GitHub or Google OAuth |
grafana_server |
{ protocol: http, enforce_domain: false, socket: "", cert_key: "", cert_file: "", enable_gzip: false, static_root_path: public, router_logging: false } | server configuration section |
grafana_security |
{ admin_user: admin, admin_password: "" } | security configuration section |
grafana_database |
{ type: sqlite3 } | database configuration section |
grafana_welcome_email_on_sign_up |
false | Send welcome email after signing up |
grafana_users |
{ allow_sign_up: false, auto_assign_org_role: Viewer, default_theme: dark } | users configuration section |
grafana_auth |
{} | authorization configuration section |
grafana_ldap |
{} | ldap configuration section. group_mappings are expanded, see defaults for example |
grafana_session |
{} | session management configuration section |
grafana_analytics |
{} | Google analytics configuration section |
grafana_smtp |
{} | smtp configuration section |
grafana_alerting |
{} | alerting configuration section |
grafana_log |
{} | log configuration section |
grafana_metrics |
{} | metrics configuration section |
grafana_tracing |
{} | tracing configuration section |
grafana_snapshots |
{} | snapshots configuration section |
grafana_image_storage |
{} | image storage configuration section |
grafana_dashboards |
[] | List of dashboards which should be imported |
grafana_dashboards_dir |
"dashboards" | Path to a local directory containing dashboards files in json format |
grafana_datasources |
[] | List of datasources which should be configured |
grafana_environment |
{} | Optional Environment param for Grafana installation, useful ie for setting http_proxy |
grafana_plugins |
[] | List of Grafana plugins which should be installed |
grafana_alert_notifications |
[] | List of alert notification channels to be created, updated, or deleted |
Datasource example:
grafana_datasources:
- name: prometheus
type: prometheus
access: proxy
url: 'http://{{ prometheus_web_listen_address }}'
basicAuth: false
Dashboard example:
grafana_dashboards:
- dashboard_id: 111
revision_id: 1
datasource: prometheus
Alert notification channel example:
NOTE: setting the variable grafana_alert_notifications
will only come into
effect when grafana_use_provisioning
is true
. That means the new
provisioning system using config files, which is available starting from Grafana
v5.0, needs to be in use.
grafana_alert_notifications:
notifiers:
- name: Channel 1
type: email
uid: channel1
is_default: false
send_reminder: false
settings:
addresses: "[email protected]"
autoResolve: true
delete_notifiers:
- name: Channel 2
uid: channel2
Use a custom Grafana Yum repo template example:
-
Put your template next to your playbook under
templates
folder -
Use a different path than the default one, because ansible , when using relative path, use the first template found and look under the role directory at first then the playbook directory.
-
The template expansion will be put under
/etc/yum.repos.d/
, and will have as a name, thebasename
of the template path without the .j2Example:
grafana_yum_repo_template: my_yum_repos/grafana.repo.j2 # [playbook_dir]/templates/my_yum_repos/grafana.repo.j2 # will be put under # /etc/yum.repos.d/grafana.repo # on the remote host
Supported CPU Architectures
Historically packages were taken from different channels according to CPU architecture. Specifically, armv6/armv7 and aarch64/arm64 packages were via unofficial packages distributed by fg2it. Now that Grafana publishes official ARM builds, all packages are taken from the official Debian/Ubuntu or RPM packages.
Example
Playbook
Fill in the admin password field with your choice, the Grafana web page won't ask to change it at the first login.
- hosts: all
roles:
- role: cloudalchemy.grafana
vars:
grafana_security:
admin_user: admin
admin_password: enter_your_secure_password
Demo site
We provide demo site for full monitoring solution based on prometheus and grafana. Repository with code and links to running instances is available on github and site is hosted on DigitalOcean.
Local Testing
The preferred way of locally testing the role is to use Docker and molecule (v2.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. We are using tox to simplify process of testing on multiple ansible versions. To install tox execute:
pip3 install tox
To run tests on all ansible versions (WARNING: this can take some time)
tox
To run a custom molecule command on custom environment with only default test scenario:
tox -e py35-ansible28 -- molecule test -s default
For more information about molecule go to their docs.
If you would like to run tests on remote docker host just specify DOCKER_HOST
variable before running tox tests.
Travis CI
Combining molecule and travis CI allows us to test how new PRs will behave when used with multiple ansible versions and multiple operating systems. This also allows use to create test scenarios for different role configurations. As a result we have a quite large test matrix which will take more time than local testing, so please be patient.
Contributing
Troubleshooting
See troubleshooting.
License
This project is licensed under MIT License. See LICENSE for more details.