playbook grafana

14368ab6 · HgO · a6021d78 · 14368ab6 · 14368ab6 · 14368ab6
Commit 14368ab6 authored Aug 14, 2021 by HgO
--- a/inventories/group_vars/all.yml
+++ b/inventories/group_vars/all.yml
+mail_notification: hub-infra@neutrinet.be
+
+acme_enabled: true
+acme_account_email: "{{ mail_notification }}"
+acme_directory_url: https://acme-v02.api.letsencrypt.org/directory
+
 users:
  - name: tharyrok
    shell: /bin/zsh
@@ -43,8 +49,6 @@ users:
    keys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjigU9KeN4e973Lhbp39RvifzkC0uVZjTefD8wXtNDE celo@smeagol"

-mail_notification: "hub-infra@neutrinet.be"
-
 telegraf_username: telegraf
 telegraf_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256

--- a/inventories/group_vars/grafana.yml
+++ b/inventories/group_vars/grafana.yml
+grafana_domain: grafana.neutrinet.be
+grafana_org_name: Neutrinet
+grafana_admin_password: neutrinet
--- a/inventories/production.ini
+++ b/inventories/production.ini
@@ -137,3 +137,6 @@ man.patata.louise.neutri.net

 [alertmanager]
 monitoring.htz.neutri.net
+
+[grafana]
+monitoring.htz.neutri.net
--- a/playbooks/apps/grafana.yml
+++ b/playbooks/apps/grafana.yml
+- hosts: grafana
+  become: true
+
+  pre_tasks:
+    - name: Update cache
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+  roles:
+    - grafana
--- a/roles/caddy_server/defaults/main.yml
+++ b/roles/caddy_server/defaults/main.yml
@@ -3,5 +3,6 @@ caddy_vhosts_dir: "{{ caddy_config_dir }}/conf.d"
 caddy_log_dir: /var/log/caddy
 caddy_healthcheck_log: "{{ caddy_log_dir }}/healthcheck.log"

+acme_enabled: false
 acme_account_email: contact@example.com
-acme_directory_url: https://acme-v02.api.letsencrypt.org/directory
+acme_directory_url: https://acme-staging-v02.api.letsencrypt.org/directory
--- a/roles/grafana/defaults/main.yml
+++ b/roles/grafana/defaults/main.yml
+grafana_domain: grafana.example.com
+grafana_org_name: Example
+grafana_admin_password: neutrinet
--- a/roles/grafana/files/prometheus/grafana.yml
+++ b/roles/grafana/files/prometheus/grafana.yml
+# Grab metrics about grafana
+- targets:
+    - localhost:3000
+  labels:
+    job: grafana
--- a/roles/grafana/handlers/main.yml
+++ b/roles/grafana/handlers/main.yml
+- name: restart grafana
+  service:
+    name: grafana-server
+    state: restarted
+
+- name: reload prometheus
+  service:
+    name: prometheus
+    state: reloaded
--- a/roles/grafana/molecule/default/INSTALL.rst
+++ b/roles/grafana/molecule/default/INSTALL.rst
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'
--- a/roles/grafana/molecule/default/converge.yml
+++ b/roles/grafana/molecule/default/converge.yml
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  roles:
+    - grafana
--- a/roles/grafana/molecule/default/molecule.yml
+++ b/roles/grafana/molecule/default/molecule.yml
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+  provider:
+    name: virtualbox
+platforms:
+  - name: buster-grafana-molecule
+    box: debian/buster64
+    cpu: 2
+    memory: 1024
+    interfaces:
+      - network_name: private_network
+        type: dhcp
+        auto_config: true
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      interpreter_python: /usr/bin/python3
+    ssh_connection:
+      pipelining: true
+verifier:
+  name: ansible
--- a/roles/grafana/molecule/default/prepare.yml
+++ b/roles/grafana/molecule/default/prepare.yml
+---
+- name: Prepare
+  hosts: all
+  become: true
+
+  pre_tasks:
+    - name: Mise à jour du cache APT
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+  roles:
+    - telegraf
+    - prometheus
--- a/roles/grafana/tasks/caddy.yml
+++ b/roles/grafana/tasks/caddy.yml
+- name: Installation de Caddy2
+  import_role:
+    name: caddy_server
+  vars:
+    caddy_template: caddy/grafana.j2
+  tags: ['caddy']
+
+- name: Copie de la configuration Caddy2
+  template:
+    src: caddy/grafana.j2
+    dest: "{{ caddy_vhosts_dir }}/{{ grafana_domain | replace('.', '-') }}.conf"
+    owner: root
+    group: root
+    mode: "u=rw,go=r"
+    validate: caddy validate --adapter caddyfile --config %s
+  notify: reload caddy
--- a/roles/grafana/tasks/grafana.yml
+++ b/roles/grafana/tasks/grafana.yml
+- name: Ajout de la clé GPG de Grafana dans APT
+  apt_key:
+    url: https://packages.grafana.com/gpg.key
+    state: present
+
+- name: Ajout du dépôt APT Grafana
+  apt_repository:
+    repo: deb https://packages.grafana.com/oss/deb stable main
+    filename: grafana
+    state: present
+
+- name: Installation de Grafana
+  package:
+    name: grafana
+    state: present
+
+- name: Configuration de Grafana
+  template:
+    src: grafana/grafana.ini.j2
+    dest: /etc/grafana/grafana.ini
+    owner: grafana
+    group: grafana
+    mode: "u=rw,g=r,o="
+  notify: restart grafana
+
+- name: Activation de Grafana au démarrage
+  service:
+    name: grafana-server
+    state: started
+    enabled: yes
+
+- name: Vérification du mot de passe admin
+  uri:
+    url: http://localhost:3000/api/login/ping
+    user: admin
+    password: "{{ grafana_admin_password }}"
+    force_basic_auth: true
+    status_code: [200, 401]
+  no_log: true
+  register: _grafana_admin_login_checked
+  retries: 10
+  delay: 3
+  until: _grafana_admin_login_checked is success
+
+- name: Modification du mot de passe admin
+  command: grafana-cli admin reset-admin-password {{ grafana_admin_password | quote }}
+  when: _grafana_admin_login_checked.status == 401
+  no_log: true
+
+- name: Récupération des infos de l'organisation par défaut
+  uri:
+    url: http://localhost:3000/api/org
+    user: admin
+    password: "{{ grafana_admin_password }}"
+    force_basic_auth: true
+  register: _grafana_org
+  no_log: true
+
+- name: Modification du nom de l'organisation
+  # Nécessaire pour permettre un accès anonyme aux dashboards de l'organisation
+  uri:
+    url: http://localhost:3000/api/org
+    method: PUT
+    body_format: form-multipart
+    body:
+      name: "{{ grafana_org_name }}"
+    user: admin
+    password: "{{ grafana_admin_password }}"
+    force_basic_auth: true
+  changed_when: _grafana_org.json.name != grafana_org_name
+  no_log: true
+
+- name: Ajout du job grafana dans Prometheus
+  copy:
+    src: prometheus/grafana.yml
+    dest: /etc/prometheus/conf.d/grafana.yml
+    owner: prometheus
+    group: prometheus
+    mode: "u=rw,go=r"
+  notify: reload prometheus
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
+- import_tasks: grafana.yml
+  tags: ['grafana']
+
+- import_tasks: caddy.yml
+  tags: ['caddy']
--- a/roles/grafana/templates/caddy/grafana.j2
+++ b/roles/grafana/templates/caddy/grafana.j2
+{{ grafana_domain }} {
+{% if not acme_enabled %}
+    tls internal
+{% endif %}
+    reverse_proxy {
+        to http://127.0.0.1:3000
+        flush_interval -1
+        transport http {
+            keepalive 310s
+            compression off
+        }
+    }
+    log {
+        output file /var/log/caddy/{{ grafana_domain | replace('.', '-') }}.log
+    }
+}
--- a/roles/grafana/templates/grafana/grafana.ini.j2
+++ b/roles/grafana/templates/grafana/grafana.ini.j2
--- a/roles/web_app/tasks/caddy.yml
+++ b/roles/web_app/tasks/caddy.yml
@@ -5,6 +5,7 @@
    owner: root
    group: root
    mode: "u=rw,go=r"
+    validate: caddy validate --adapter caddyfile --config %s
  notify: reload caddy

 - name: Trigger Caddy handlers