grafana: First version of role
This commit is contained in:
parent
613beb7ddf
commit
81a68720ea
6 changed files with 129 additions and 0 deletions
17
roles/grafana/templates/grafana-container.service.j2
Normal file
17
roles/grafana/templates/grafana-container.service.j2
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Grafana Container
|
||||
|
||||
[Service]
|
||||
User=grafana
|
||||
EnvironmentFile=/etc/sysconfig/grafana-container
|
||||
ExecStart=/usr/bin/podman run --rm -p 127.0.0.1:8002:3000 --name grafana \
|
||||
--volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
|
||||
--volume={{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \
|
||||
--volume={{ tls_private }}/grafana.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \
|
||||
--volume=/etc/grafana-ldap.toml:/etc/grafana/ldap.toml:ro \
|
||||
--env=GF_* docker.io/grafana/grafana:9.0.2
|
||||
ExecStop=/usr/bin/podman stop grafana
|
||||
KillMode=none
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
13
roles/grafana/templates/grafana-container.sysconfig.j2
Normal file
13
roles/grafana/templates/grafana-container.sysconfig.j2
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
GF_DATABASE_TYPE=mysql
|
||||
GF_DATABASE_HOST=sqldb02.home.foo.sh
|
||||
GF_DATABASE_NAME=grafana
|
||||
GF_DATABASE_USER=grafana
|
||||
GF_DATABASE_PASSWORD={{ grafana_mysql_pass }}
|
||||
GF_DATABASE_SSL_MODE=true
|
||||
GF_DATABASE_SERVER_CERT_NAME=sqldb02.home.foo.sh
|
||||
GF_DATABASE_CA_CERT_PATH=/etc/ssl/certs/ca.crt
|
||||
GF_DATABASE_CLIENT_KEY_PATH=/etc/ssl/private/{{ inventory_hostname }}.key
|
||||
GF_DATABASE_CLIENT_CERT_PATH=/etc/ssl/certs/{{ inventory_hostname }}.crt
|
||||
|
||||
GF_AUTH_LDAP_ENABLED=true
|
||||
GF_AUTH_LDAP_ALLOW_SIGN_UP=true
|
||||
24
roles/grafana/templates/grafana-ldap.toml.j2
Normal file
24
roles/grafana/templates/grafana-ldap.toml.j2
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
[[servers]]
|
||||
host = "ldap.foo.sh"
|
||||
port = 636
|
||||
use_ssl = true
|
||||
ssl_skip_verify = false
|
||||
client_cert = "/etc/ssl/certs/{{ inventory_hostname }}.crt"
|
||||
client_key = "/etc/ssl/private/{{ inventory_hostname }}.key"
|
||||
search_filter = "(uid=%s)"
|
||||
search_base_dns = ["{{ ldap_basedn }}"]
|
||||
bind_dn = "uid=%s,ou=People,{{ ldap_basedn }}"
|
||||
|
||||
group_search_filter = "(&(objectClass=groupOfUniqueNames)(uniqueMember=%s))"
|
||||
group_search_base_dns = ["ou=Groups,{{ ldap_basedn }}"]
|
||||
group_search_filter_user_attribute = "dn"
|
||||
|
||||
[[servers.group_mappings]]
|
||||
group_dn = "cn=sysadm,ou=Groups,{{ ldap_basedn }}"
|
||||
org_role = "Admin"
|
||||
|
||||
[servers.attributes]
|
||||
name = "givenName"
|
||||
surname = "sn"
|
||||
username = "uid"
|
||||
email = "mail"
|
||||
Loading…
Add table
Add a link
Reference in a new issue