160 lines
5.1 KiB
YAML
160 lines
5.1 KiB
YAML
---
|
|
#
|
|
# Install/run grafana-server for browbeat
|
|
#
|
|
|
|
# check that grafana_host and graphite_host is entered prior to playbook run
|
|
- name: Check Graphite/Grafana Host IP Address
|
|
fail:
|
|
msg="** Edit grafana_host and graphite_host in ../install/group_vars/all.yml before running **"
|
|
when: ((grafana_host is none) or (graphite_host is none))
|
|
|
|
- name: Install grafana RPM repo
|
|
copy:
|
|
src=grafana.repo
|
|
dest=/etc/yum.repos.d/grafana.repo
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
become: true
|
|
|
|
- name: Import grafana GPG Key
|
|
rpm_key: key=https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
|
|
state=present
|
|
become: True
|
|
|
|
- name: Install grafana RPM
|
|
yum: name={{ item }} state=present
|
|
become: true
|
|
with_items:
|
|
- grafana
|
|
|
|
- name: Set grafana config values
|
|
ini_file:
|
|
dest=/etc/grafana/grafana.ini
|
|
section={{item.section}}
|
|
option={{item.option}}
|
|
value={{item.value}}
|
|
with_items:
|
|
- section: server
|
|
option: http_port
|
|
value: "{{grafana_port}}"
|
|
- section: auth.anonymous
|
|
option: enabled
|
|
value: true
|
|
- section: security
|
|
option: admin_user
|
|
value: "{{grafana_username}}"
|
|
- section: security
|
|
option: admin_password
|
|
value: "{{grafana_password}}"
|
|
become: true
|
|
|
|
### begin firewall ###
|
|
# we need TCP/3000 open
|
|
# determine firewall status and take action
|
|
# 1) use firewall-cmd if firewalld is utilized
|
|
# 2) insert iptables rule if iptables is used
|
|
|
|
# Firewalld
|
|
- name: (grafana) Determine if firewalld is in use
|
|
shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
|
|
ignore_errors: true
|
|
register: firewalld_in_use
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if firewalld is in use.
|
|
- skip_ansible_lint
|
|
|
|
- name: (grafana) Determine if firewalld is active
|
|
shell: systemctl is-active firewalld.service | grep -vq inactive
|
|
ignore_errors: true
|
|
register: firewalld_is_active
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if firewalld is active.
|
|
- skip_ansible_lint
|
|
|
|
- name: (grafana) Determine if TCP/{{grafana_port}} is already active
|
|
shell: firewall-cmd --list-ports | egrep -q "^{{grafana_port}}/tcp"
|
|
ignore_errors: true
|
|
register: firewalld_grafana_port_exists
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if port is already active.
|
|
- skip_ansible_lint
|
|
|
|
# add firewall rule via firewall-cmd
|
|
- name: (grafana) Add firewall rule for TCP/{{grafana_port}} (firewalld)
|
|
command: "{{ item }}"
|
|
with_items:
|
|
- firewall-cmd --zone=public --add-port={{grafana_port}}/tcp --permanent
|
|
- firewall-cmd --reload
|
|
ignore_errors: true
|
|
become: true
|
|
when: firewalld_in_use.rc == 0 and firewalld_is_active.rc == 0 and firewalld_grafana_port_exists.rc != 0
|
|
|
|
# iptables-services
|
|
- name: (grafana) check firewall rules for TCP/{{grafana_port}} (iptables-services)
|
|
shell: grep "dport {{grafana_port}} \-j ACCEPT" /etc/sysconfig/iptables | wc -l
|
|
ignore_errors: true
|
|
register: iptables_grafana_port_exists
|
|
failed_when: iptables_grafana_port_exists == 127
|
|
no_log: true
|
|
tags:
|
|
# Skip ANSIBLE0012] Commands should not change things if nothing needs doing
|
|
# Need to know if port exists.
|
|
- skip_ansible_lint
|
|
|
|
- name: (grafana) Add firewall rule for TCP/{{grafana_port}} (iptables-services)
|
|
lineinfile:
|
|
dest: /etc/sysconfig/iptables
|
|
line: '-A INPUT -p tcp -m tcp --dport {{grafana_port}} -j ACCEPT'
|
|
regexp: '^INPUT -i lo -j ACCEPT'
|
|
insertbefore: '-A INPUT -i lo -j ACCEPT'
|
|
backup: yes
|
|
when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_grafana_port_exists.stdout|int == 0
|
|
register: iptables_needs_restart
|
|
|
|
- name: (grafana) Restart iptables-services for TCP/{{grafana_port}} (iptables-services)
|
|
systemd:
|
|
name: iptables.service
|
|
state: restarted
|
|
ignore_errors: true
|
|
when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0
|
|
|
|
### end firewall ###
|
|
|
|
# setup the grafana-server service
|
|
- name: Setup grafana-server service
|
|
service: name=grafana-server state=started enabled=true
|
|
become: true
|
|
ignore_errors: true
|
|
|
|
- name: Wait for grafana to be ready
|
|
wait_for: host={{grafana_host}} port={{grafana_port}} delay=5 timeout=30
|
|
|
|
#
|
|
# Add graphite server as a default datasource
|
|
#
|
|
# (akrzos) I reverted this back to the "old" way after testing Ansible 2.3.0.0
|
|
# which still could not POST with basic auth through uri vs curl command.
|
|
- name: Create data_source.json
|
|
template:
|
|
src: data_source.json.j2
|
|
dest: "{{role_path}}/files/data_source.json"
|
|
connection: local
|
|
|
|
- name: Create Data Source on grafana server
|
|
command: "curl -X POST -H 'Content-Type: application/json' -d @{{role_path}}/files/data_source.json http://{{grafana_username}}:{{grafana_password}}@{{grafana_host}}:{{grafana_port}}/api/datasources"
|
|
connection: local
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Remove leftover json file
|
|
file: path={{role_path}}/files/data_source.json state=absent
|
|
connection: local
|