grafana role for ansible.
- Protected with nginx and http basic auth
- Read-only access for data and read-write for dashboards
- Many instances per server could be deployed
- SSL ready, https is forced if enabled
grafana_owner
basically nginx user,www-data
by defaultgrafana_version
if defined, install this version via binary rather than building from gitgrafana_git_url
git url for grafana, set to upstream by defaultgrafana_git_branch
git branch to track, set to master by defaultgrafana_root_path
path to clone grafana,/var/www/grafana
by defaultgrafana_default_route
default dashboard url,/dashboard/file/default.json
by defaultgrafana_index
grafana index to store dashboards,grafana-dash
by defaultgrafana_elasticsearch_url
elasticsearch url for nginx, http://127.0.0.1:9200 by defaultgrafana_graphite_url
graphite-web url for nginx, http://127.0.0.1:8080 by defaultgrafana_nginx_config_name
nginx config name,grafana.conf
by defaultgrafana_nginx_config_path
nginx configs dir,/etc/nginx/sites-enabled
by defaultgrafana_nginx_listen
nginx listen address,127.0.0.1
by defaultgrafana_nginx_server_name
nginx server_name (hostname),127.0.0.1
by defaultgrafana_nginx_access_log
path to nginx access_log,false
by defaultgrafana_nginx_error_log
path to nginx error_log,false
by defaultgrafana_nginx_enable_ssl
whether or not ssl should be enabled,false
by defaultgrafana_nginx_ssl_cert_path
nginx ssl certificate path,""
by defaultgrafana_nginx_ssl_key_path
nginx ssl key path,""
by defaultgrafana_nginx_http_auth_file
path to nginx http auth file,false
by default
Minimal installation on ubuntu requires none of variables to be set, it will work on http://127.0.0.1/
.
- nginx
- elasticsearch
- (optional) node.js, required if
grafana_version
is not set.
Basic authentication may be set up with
apt: pkg=apache2-utils
command: htpasswd -bc {{ grafana_nginx_http_auth_file }} username password
You can create a self-signed certificate to use for SSL:
- command: openssl genrsa -out {{ grafana_nginx_ssl_key_path }} 2048 creates={{ grafana_nginx_ssl_key_path }}
- command: openssl req -new -key {{ grafana_nginx_ssl_key_path }} -out {{ grafana_nginx_ssl_csr_path }} -subj "/C={{ country_code }}/ST={{ state }}/L={{ location }}/O={{ organication }}/OU={{ organizational_unit }}/CN={{ cname }}" creates={{ grafana_nginx_ssl_csr_path }}
- command: openssl x509 -req -days 365 -in {{ grafana_nginx_ssl_csr_path }} -signkey {{ grafana_nginx_ssl_key_path }} -out {{ grafana_nginx_ssl_cert_path }} creates={{ grafana_nginx_ssl_cert_path }}
The default installation only listens on 127.0.0.1, so is not externally accessible. To make your server publicly accessible, set grafana_nginx_listen
to 0.0.0.0
. If you do this, it's strongly recommended that you also set grafana_nginx_enable_ssl
and grafana_nginx_http_auth_file
to password protect the site and ensure that the password is not sent in the clear.
MIT
- Ian Babrou, [email protected]
- Bryan Larsen, [email protected]