grafana.ini yaml syntax (#232)

grafana · Nov 30, 2024 · f0a4185 · f0a4185
1 parent 09c6fee
commit f0a4185
Show file tree

Hide file tree

Showing 19 changed files with 253 additions and 566 deletions.
diff --git a/roles/grafana/README.md b/roles/grafana/README.md
@@ -31,40 +31,26 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
 | `grafana_apt_arch` | {{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }} | Apt architecture | 
 | `grafana_apt_repo` | deb [arch={{ grafana_apt_arch }} signed-by=/usr/share/keyrings/grafana.key] https://apt.grafana.com/ {{ grafana_apt_release_channel }} main | Apt repository string |
 | `grafana_apt_key` | https://apt.grafana.com/gpg.key | Apt repository gpg key |
-| `grafana_instance` | {{ ansible_fqdn \| default(ansible_host) \| default(inventory_hostname) }} | Grafana instance name |
-| `grafana_logs_dir` | /var/log/grafana | Path to logs directory |
-| `grafana_data_dir` | /var/lib/grafana | Path to database directory |
-| `grafana_address` | 0.0.0.0 | Address on which Grafana listens |
-| `grafana_port` | 3000 | port on which Grafana listens |
+| `grafana_ini.instance_name` | {{ ansible_fqdn \| default(ansible_host) \| default(inventory_hostname) }} | Grafana instance name |
+| `grafana_ini.paths.logs` | /var/log/grafana | Path to logs directory |
+| `grafana_ini.paths.data` | /var/lib/grafana | Path to database directory |
+| `grafana_ini.server.http_addr` | 0.0.0.0 | Address on which Grafana listens |
+| `grafana_ini.server.http_port` | 3000 | port on which Grafana listens |
 | `grafana_cap_net_bind_service` | false | Enables the use of ports below 1024 without root privileges by leveraging the 'capabilities' of the linux kernel. read: http://man7.org/linux/man-pages/man7/capabilities.7.html |
-| `grafana_url` | "http://{{ grafana_address }}:{{ grafana_port }}" | Full URL used to access Grafana from a web browser |
+| `grafana_ini.server.root_url` | "http://{{ grafana_ini.server.http_addr }}:{{ grafana_ini.server.http_port }}" | Full URL used to access Grafana from a web browser |
 | `grafana_api_url` | "{{ grafana_url }}" | URL used for API calls in provisioning if different from public URL. See [this issue](https://github.com/cloudalchemy/ansible-grafana/issues/70). |
-| `grafana_domain` | "{{ ansible_fqdn \| default(ansible_host) \| default('localhost') }}" | setting is only used in as a part of the `root_url` option. Useful when using GitHub or Google OAuth |
-| `grafana_server` | { protocol: http, enforce_domain: false, socket: "", cert_key: "", cert_file: "", enable_gzip: false, static_root_path: public, router_logging: false } | [server](http://docs.grafana.org/installation/configuration/#server) configuration section |
-| `grafana_security` | { admin_user: admin, admin_password: "" } | [security](http://docs.grafana.org/installation/configuration/#security) configuration section |
-| `grafana_database` | { type: sqlite3 } | [database](http://docs.grafana.org/installation/configuration/#database) configuration section |
-| `grafana_welcome_email_on_sign_up` | false | Send welcome email after signing up |
-| `grafana_users` | { allow_sign_up: false, auto_assign_org_role: Viewer, default_theme: dark } | [users](http://docs.grafana.org/installation/configuration/#users) configuration section |
-| `grafana_auth` | {} | [authorization](http://docs.grafana.org/installation/configuration/#auth) configuration section |
+| `grafana_ini.server.domain` | "{{ ansible_fqdn \| default(ansible_host) \| default('localhost') }}" | setting is only used in as a part of the `root_url` option. Useful when using GitHub or Google OAuth |
+| `grafana_ini.server` | { protocol: http, enforce_domain: false, socket: "", cert_key: "", cert_file: "", enable_gzip: false, static_root_path: public, router_logging: false } | [server](http://docs.grafana.org/installation/configuration/#server) configuration section |
+| `grafana_ini.security` | { admin_user: admin, admin_password: "" } | [security](http://docs.grafana.org/installation/configuration/#security) configuration section |
+| `grafana_ini.database` | { type: sqlite3 } | [database](http://docs.grafana.org/installation/configuration/#database) configuration section |
+| `grafana_ini.users` | { allow_sign_up: false, auto_assign_org_role: Viewer, default_theme: dark } | [users](http://docs.grafana.org/installation/configuration/#users) configuration section |
+| `grafana_ini.auth` | {} | [authorization](http://docs.grafana.org/installation/configuration/#auth) configuration section |
 | `grafana_ldap` | {} | [ldap](http://docs.grafana.org/installation/ldap/) configuration section. group_mappings are expanded, see defaults for example |
-| `grafana_session` | {} | [session](http://docs.grafana.org/installation/configuration/#session) management configuration section |
-| `grafana_analytics` | {} | Google [analytics](http://docs.grafana.org/installation/configuration/#analytics) configuration section |
-| `grafana_smtp` | {} | [smtp](http://docs.grafana.org/installation/configuration/#smtp) configuration section |
-| `grafana_alerting` | { execute_alerts: true } | [alerting](http://docs.grafana.org/installation/configuration/#alerting) configuration section, require Grafana v10 and below |
-| `grafana_unified_alerting` | { enabled: true } | [unified_alerting](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#unified_alerting) configuration section, require Grafana v11+ |
-| `grafana_log` | {} | [log](http://docs.grafana.org/installation/configuration/#log) configuration section |
-| `grafana_metrics` | {} | [metrics](http://docs.grafana.org/installation/configuration/#metrics) configuration section |
-| `grafana_tracing` | {} | [tracing](http://docs.grafana.org/installation/configuration/#tracing) configuration section |
-| `grafana_snapshots` | {} | [snapshots](http://docs.grafana.org/installation/configuration/#snapshots) configuration section |
-| `grafana_image_storage` | {} | [image storage](http://docs.grafana.org/installation/configuration/#external-image-storage) configuration section |
-| `grafana_date_formats` | {} | [date formats](http://docs.grafana.org/installation/configuration/#date_formats) configuration section |
-| `grafana_feature_toggles` | {} | [feature toggles](http://docs.grafana.org/installation/configuration/#feature_toggles) configuration section |
 | `grafana_dashboards` | [] | List of dashboards which should be imported |
 | `grafana_dashboards_dir` | "dashboards" | Path to a local directory containing dashboards files in `json` format |
 | `grafana_datasources` | [] | List of datasources which should be configured |
 | `grafana_environment` | {} | Optional Environment param for Grafana installation, useful ie for setting http_proxy |
 | `grafana_plugins` | [] |  List of Grafana plugins which should be installed |
-| `grafana_plugins_ops` | {} |  [plugins](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugins-1) configuration section |
 | `grafana_alert_notifications` | [] | List of alert notification channels to be created, updated, or deleted |
 
 Data source example:
@@ -110,18 +96,6 @@ grafana_alert_notifications:
       uid: channel2
 ```
 
-**NOTE 2**: setting the `http_addr`,`http_port`,`domain` and `root_url` parameters under the `grafana_server` variable has no effect, the `grafana_address`, `grafana_port`, `grafana_domain` and `grafana_url` values are used instead ( from [defaults/main.yml](defaults/main.yml) or as set variables).
-An example snippet:
-```yaml
-grafana_domain: "{{ inventory_hostname }}"
-grafana_url: "https://{{ inventory_hostname }}:3000"
-grafana_address: 0.0.0.0
-grafana_port: 3000
-
-grafana_server:
-  enforce_domain: false
-```
-
 ## Supported CPU Architectures
 
 Historically packages were taken from different channels according to CPU architecture. Specifically, armv6/armv7 and aarch64/arm64 packages were via [unofficial packages distributed by fg2it](https://github.com/fg2it/grafana-on-raspberry). Now that Grafana publishes official ARM builds, all packages are taken from the official [Debian/Ubuntu](http://docs.grafana.org/installation/debian/#installing-on-debian-ubuntu) or [RPM](http://docs.grafana.org/installation/rpm/) packages.
@@ -137,9 +111,10 @@ Fill in the admin password field with your choice, the Grafana web page won't as
   roles:
     - role: grafana.grafana.grafana
       vars:
-        grafana_security:
-          admin_user: admin
-          admin_password: enter_your_secure_password
+        grafana_ini:
+          security:
+            admin_user: admin
+            admin_password: enter_your_secure_password
 ```
 
 

diff --git a/roles/grafana/defaults/main.yml b/roles/grafana/defaults/main.yml
@@ -19,92 +19,92 @@ grafana_use_provisioning: true
 # Should the provisioning be kept synced. If true, previous provisioned objects will be removed if not referenced anymore.
 grafana_provisioning_synced: false
 
-grafana_instance: "{{ ansible_fqdn | default(ansible_host) | default(inventory_hostname) }}"
-
-grafana_logs_dir: "/var/log/grafana"
-grafana_data_dir: "/var/lib/grafana"
-
-grafana_address: "0.0.0.0"
-grafana_port: 3000
 # To enable the use of ports below 1024 for unprivileged processes linux needs to set CAP_NET_BIND_SERVICE.
 # This has some security implications, and should be a conscious choice.
 # Get informed by reading: http://man7.org/linux/man-pages/man7/capabilities.7.html
 grafana_cap_net_bind_service: false
 
-# External Grafana address. Variable maps to "root_url" in grafana server section
-grafana_url: "http://{{ grafana_address }}:{{ grafana_port }}"
-grafana_api_url: "{{ grafana_url }}"
-grafana_domain: "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}"
-
-# Additional options for grafana "server" section
-# This section WILL omit options for: http_addr, http_port, domain, and root_url, as those settings are set by variables listed before
-grafana_server:
-  protocol: http
-  enforce_domain: false
-  socket: ""
-  cert_key: ""
-  cert_file: ""
-  enable_gzip: false
-  static_root_path: public
-  router_logging: false
-  serve_from_sub_path: false
-
-# Variables correspond to ones in grafana.ini configuration file
-# Security
-grafana_security:
-  admin_user: admin
-  admin_password: ""
-#  secret_key: ""
-#  login_remember_days: 7
-#  cookie_username: grafana_user
-#  cookie_remember_name: grafana_remember
-#  disable_gravatar: true
-#  data_source_proxy_whitelist:
-
-# Database setup
-grafana_database:
-  type: sqlite3
-#  host: 127.0.0.1:3306
-#  name: grafana
-#  user: root
-#  password: ""
-#  url: ""
-#  ssl_mode: disable
-#  path: grafana.db
-#  max_idle_conn: 2
-#  max_open_conn: ""
-#  log_queries: ""
-
-# Remote cache
-grafana_remote_cache: {}
-
-# User management and registration
-grafana_welcome_email_on_sign_up: false
-grafana_users:
-  allow_sign_up: false
-  # allow_org_create: true
-  # auto_assign_org: true
-  auto_assign_org_role: Viewer
-  # login_hint: "email or username"
-  default_theme: dark
-  # external_manage_link_url: ""
-  # external_manage_link_name: ""
-  # external_manage_info: ""
-
-# grafana authentication mechanisms
-grafana_auth: {}
-#  disable_login_form: false
-#  oauth_auto_login: false
-#  disable_signout_menu: false
-#  signout_redirect_url: ""
-#  anonymous:
-#    org_name: "Main Organization"
-#    org_role: Viewer
-#  ldap:
-#    config_file: "/etc/grafana/ldap.toml"
-#    allow_sign_up: false
-#  basic:
-#    enabled: true
+grafana_ini_default:
+  instance_name: "{{ ansible_fqdn | default(ansible_host) | default(inventory_hostname) }}"
+
+  paths:
+    logs: "/var/log/grafana"
+    data: "/var/lib/grafana"
+
+  server:
+    http_addr: "0.0.0.0"
+    http_port: 3000
+    # External Grafana address. Variable maps to "root_url" in grafana server section
+    #root_url: "http://{{ grafana_ini.server.http_addr }}:{{ grafana_ini.server.http_port }}"
+    domain: "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}"
+
+    # Additional options for grafana "server" section
+    # This section WILL omit options for: http_addr, http_port, domain, and root_url, as those settings are set by variables listed before
+    protocol: http
+    enforce_domain: false
+    socket: ""
+    cert_key: ""
+    cert_file: ""
+    enable_gzip: false
+    static_root_path: public
+    router_logging: false
+    serve_from_sub_path: false
+
+  # Variables correspond to ones in grafana.ini configuration file
+  # Security
+  security:
+    admin_user: admin
+    admin_password: ""
+    # secret_key: ""
+    # login_remember_days: 7
+    # cookie_username: grafana_user
+    # cookie_remember_name: grafana_remember
+    # disable_gravatar: true
+    # data_source_proxy_whitelist:
+
+  # Database setup
+  database:
+    type: sqlite3
+    # host: 127.0.0.1:3306
+    # name: grafana
+    # user: root
+    # password: ""
+    # url: ""
+    # ssl_mode: disable
+    # path: grafana.db
+    # max_idle_conn: 2
+    # max_open_conn: ""
+    # log_queries: ""
+
+  # User management and registration
+  users:
+    allow_sign_up: false
+    # allow_org_create: true
+    # auto_assign_org: true
+    auto_assign_org_role: Viewer
+    # login_hint: "email or username"
+    default_theme: dark
+    # external_manage_link_url: ""
+    # external_manage_link_name: ""
+    # external_manage_info: ""
+
+  # grafana authentication mechanisms
+  auth: {}
+  #  disable_login_form: false
+  #  oauth_auto_login: false
+  #  disable_signout_menu: false
+  #  signout_redirect_url: ""
+  #  anonymous:
+  #    org_name: "Main Organization"
+  #    org_role: Viewer
+  #  ldap:
+  #    config_file: "/etc/grafana/ldap.toml"
+  #    allow_sign_up: false
+  #  basic:
+  #    enabled: true
+
+
+grafana_api_url: "{{ grafana_ini.server.root_url }}"
 
 grafana_ldap: {}
 #  verbose_logging: false
@@ -145,109 +145,11 @@ grafana_ldap: {}
 #        - group_dn: "cn=alternative_admins,ou=groups,dc=grafana,dc=org"
 #          org_role: Admin
 
-# Grafana KeyCloak auth
-grafana_auth_generic_oauth: {}
-#  enabled: true
-#  name: "Keycloak-OAuth"
-#  allow_sign_up: true
-#  client_id: YOUR_APP_CLIENT_ID
-#  client_secret: YOUR_APP_CLIENT_SECRET
-#  scopes: "openid email profile offline_access roles"
-#  email_attribute_path: email
-#  login_attribute_path: username
-#  name_attribute_path: full_name
-#  auth_url: "https://<PROVIDER_DOMAIN>/realms/<REALM_NAME>/protocol/openid-connect/auth"
-#  token_url: "https://<PROVIDER_DOMAIN>/realms/<REALM_NAME>/protocol/openid-connect/token"
-#  api_url: "https://<PROVIDER_DOMAIN>/realms/<REALM_NAME>/protocol/openid-connect/userinfo"
-
-grafana_session: {}
-#  provider: file
-#  provider_config: "sessions"
-
-grafana_analytics: {}
-#  reporting_enabled: true
-#  google_analytics_ua_id: ""
-
-# Set this for mail notifications
-grafana_smtp: {}
-#  host:
-#  user:
-#  password:
-#  from_address:
-
-# Enable grafana unified alerting mechanism for grafana v11+
-grafana_unified_alerting:
-  enabled: true
-
-# REMOVED FROM Grafana v11+
-# Enable grafana alerting mechanism for grafana v10 and below
-grafana_alerting:
-  execute_alerts: true
-#  error_or_timeout: 'alerting'
-#  nodata_or_nullvalues: 'no_data'
-#  concurrent_render_limit: 5
-
-# Grafana logging configuration
-grafana_log:
-# mode: 'console file'
-# level: info
-
-# Internal grafana metrics system
-grafana_metrics: {}
-#  interval_seconds: 10
-#  graphite:
-#    address: "localhost:2003"
-#    prefix: "prod.grafana.%(instance_name)s"
-
-# Distributed tracing options
-grafana_tracing: {}
-#  address: "localhost:6831"
-#  always_included_tag: "tag1:value1,tag2:value2"
-#  sampler_type: const
-#  sampler_param: 1
-
-grafana_snapshots: {}
-#  external_enabled: true
-#  external_snapshot_url: "https://snapshots-origin.raintank.io"
-#  external_snapshot_name: "Publish to snapshot.raintank.io"
-#  snapshot_remove_expired: true
-#  snapshot_TTL_days: 90
-
-# External image store
-grafana_image_storage: {}
-#  provider: gcs
-#  key_file:
-#  bucket:
-#  path:
-
-# Date format
-grafana_date_formats: {}
-#  full_date: "DD-MM-YYYY HH:mm:ss"
-#  interval_second: "HH:mm:ss"
-#  interval_minute: "HH:mm"
-#  interval_hour: "DD/MM HH:mm"
-#  interval_day: "DD/MM"
-#  interval_month: "MM-YYYY"
-#  interval_year: "YYYY"
-#  use_browser_locale: true
-#  default_timezone: "browser"
-
-# Feature toggles
-# List of feature toggles: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/feature-toggles/#feature-toggles
-grafana_feature_toggles: {}
-#  autoMigrateOldPanels: true
-#  regressionTransformation: true
-
 #######
 # Plugins to install from https://grafana.com/plugins
 grafana_plugins: []
 #  - raintank-worldping-app
 
-#######
-# Configuration of plugins  ([plugin] section of grafana.ini]
-grafana_plugins_ops: {}
-#  allow_loading_unsigned_plugins: alexanderzobnin-zabbix-datasource
-
 # Dashboards from https://grafana.com/dashboards
 grafana_dashboards: []
 #  - dashboard_id: '4271'
@@ -302,8 +204,3 @@ grafana_api_keys: []
 grafana_api_keys_dir: "{{ lookup('env', 'HOME') }}/grafana/keys"
 
 grafana_environment: {}
-
-# Panels configurations
-grafana_panels: {}
-#  disable_sanitize_html: false
-#  enable_alpha: false
diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml
@@ -10,7 +10,7 @@
 
 - name: "Set privileges on provisioned dashboards"
   ansible.builtin.file:
-    path: "{{ grafana_data_dir }}/dashboards"
+    path: "{{ grafana_ini.paths.data }}/dashboards"
     recurse: true
     owner: "grafana"
     group: "grafana"
@@ -20,7 +20,7 @@
 
 - name: "Set privileges on provisioned dashboards directory"
   ansible.builtin.file:
-    path: "{{ grafana_data_dir }}/dashboards"
+    path: "{{ grafana_ini.paths.data }}/dashboards"
     state: "directory"
     recurse: false
     mode: "0755"