kopie der grafana konfiguration

2cf6ef28 · Christian Elberfeld · 310f2d61 · 2cf6ef28 · 2cf6ef28 · 2cf6ef28
Commit 2cf6ef28 authored 1 year ago by Christian Elberfeld
--- a/testserver/docker_grafana/tasks/main.yml
+++ b/testserver/docker_grafana/tasks/main.yml
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: "{{ basedir }}/grafana_admin_pass", length: 12 }
+    - { path: "/srv/mqtt/influxdb_token", length: -1 }
+- name: create folder struct for grafana
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+    - "{{ basedir }}/data/"   
+    - "{{ basedir }}/provisioning/"
+    - "{{ basedir }}/provisioning/dashboards/"
+    - "{{ basedir }}/provisioning/dashboards/pixelflut/"
+    - "{{ basedir }}/provisioning/datasources/"
+- name: create config filess
+  template: 
+    src: "{{ item }}" 
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - grafana.ini
+- name: create dashboards
+  template:
+    src: "provisioning/dashboards/{{ item }}"
+    dest: "{{ basedir }}/provisioning/dashboards/{{ item }}"
+  with_items:
+    - dashboards.yml
+- name: create dashboards for pixelflut
+  template:
+    src: "provisioning/dashboards/pixelflut/{{ item }}"
+    dest: "{{ basedir }}/provisioning/dashboards/pixelflut/{{ item }}"
+  with_items:
+    - breakwater.json
+- name: create datasources
+  template:
+    src: "provisioning/datasources/{{ item }}"
+    dest: "{{ basedir }}/provisioning/datasources/{{ item }}"
+  with_items:
+    - datasources.yml
+- name: start grafana docker
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
--- a/testserver/docker_grafana/templates/docker-compose.yml
+++ b/testserver/docker_grafana/templates/docker-compose.yml
+services:
+  app:
+    image: grafana/grafana:latest
+    restart: always
+    volumes:
+      - "{{ basedir }}/grafana.ini:/etc/grafana/grafana.ini"
+      - "{{ basedir }}/provisioning/:/etc/grafana/provisioning/"
+      - "{{ basedir }}/data/:/var/lib/grafana"
+    environment:
+      GF_SERVER_ROOT_URL: "https://{{ domain }}"
+      GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_admin_pass }}"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
+    networks:
+        - default
+        - web
+networks:
+  web:
+    external: true
--- a/testserver/docker_grafana/templates/grafana.ini
+++ b/testserver/docker_grafana/templates/grafana.ini
+##################### Grafana Configuration ##################################
+#
+# Everything has defaults so you only need to uncomment things you want to
+# change
+# possible values : production, development
+app_mode = production
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+instance_name = {{ inventory_hostname }}
+#
+#################################### Server ####################################
+[server]
+# Protocol (http, https, socket)
+;protocol = http
+# The ip address to bind to, empty will bind to all interfaces
+;http_addr =
+# The http port  to use
+;http_port = 3000
+# The public facing domain name used to access grafana from a browser
+;domain = localhost
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+;enforce_domain = false
+# The full public facing url you use in browser, used for redirects and emails
+# If you use reverse proxy and sub path specify full url (with sub path)
+;root_url = http://localhost:3000
+# Log web requests
+;router_logging = false
+# the path relative working path
+;static_root_path = public
+# enable gzip
+;enable_gzip = false
+# https certs & key file
+;cert_file =
+;cert_key =
+# Unix socket path
+;socket =
+#################################### Security ####################################
+[security]
+# default admin user, created on startup
+;admin_user = admin
+# default admin password, can be changed before first start of grafana,  or in profile settings
+;admin_password = admin
+# used for signing
+;secret_key = SW2YcwTIb9zpOOhoPsMm
+# Auto-login remember days
+;login_remember_days = 7
+;cookie_username = grafana_user 
+;cookie_remember_name = grafana_remember
+# Set to true if you host Grafana behind HTTPS. Default is false.
+cookie_secure = true
+# Sets the SameSite cookie attribute and prevents the browser from sending this 
+# cookie along with cross-site requests. The main goal is mitigate the risk of 
+# cross-origin information leakage. It also provides some protection against cross-site 
+# request forgery attacks (CSRF), read more here. Valid values are lax, strict and none. 
+# Default is lax.
+cookie_samesite = none
+# disable gravatar profile images
+;disable_gravatar = false
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+;data_source_proxy_whitelist =
+# Allow Embedding 
+allow_embedding = true 
+[snapshots]
+# snapshot sharing options
+;external_enabled = true
+;external_snapshot_url = https://snapshots-origin.raintank.io
+;external_snapshot_name = Publish to snapshot.raintank.io
+# remove expired snapshot
+;snapshot_remove_expired = true
+# remove snapshots after 90 days
+;snapshot_TTL_days = 90
+#################################### Users ####################################
+[users]
+# disable user signup / registration
+allow_sign_up = false
+# Allow non admin users to create organizations
+allow_org_create = false
+# Set to true to automatically assign new users to the default organization (id 1)
+auto_assign_org = true
+# Default role new users will be automatically assigned (if disabled above is set to true)
+auto_assign_org_role = Viewer
+# Background text for the user field on the login page
+login_hint = Fallback account
+# Default UI theme ("dark" or "light")
+default_theme = dark
+[auth]
+# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
+;disable_login_form = false
+disable_login_form = false
+# Auto Login via OAuth 
+# oauth_auto_login = true
+# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
+;disable_signout_menu = false
+#################################### Anonymous Auth ##########################
+[auth.anonymous]
+# enable anonymous access
+enabled = true
+# specify organization name that should be used for unauthenticated users
+org_name = Main Org.
+#################################### Alerting ############################
+[alerting]
+# Disable alerting engine & UI features
+enabled = false
+# Makes it possible to turn off alert rule execution but alerting UI is visible
+execute_alerts = false
--- a/testserver/docker_grafana/templates/provisioning/dashboards/dashboards.yml
+++ b/testserver/docker_grafana/templates/provisioning/dashboards/dashboards.yml
+apiVersion: 1
+providers:
+  # <string> an unique provider name
+- name: 'Pixelflut'
+  # <int> org id. will default to orgId 1 if not specified
+  # orgId: 1
+  # <string, required> name of the dashboard folder. Required
+  folder: 'Pixelflut'
+  # <string> folder UID. will be automatically generated if not specified
+  # folderUid: ''
+  # <string, required> provider type. Required
+  type: file
+  # <bool> disable dashboard deletion
+  # disableDeletion: false
+  # <bool> enable dashboard editing
+  editable: true
+  # <int> how often Grafana will scan for changed dashboards
+  updateIntervalSeconds: 10
+  # <bool> allow updating provisioned dashboards from the UI
+  allowUiUpdates: true
+  options:
+    # <string, required> path to dashboard files on disk. Required
+    path: /etc/grafana/provisioning/dashboards/pixelflut
--- a/testserver/docker_grafana/templates/provisioning/dashboards/pixelflut/breakwater.json
+++ b/testserver/docker_grafana/templates/provisioning/dashboards/pixelflut/breakwater.json
--- a/testserver/docker_grafana/templates/provisioning/datasources/datasources.yml
+++ b/testserver/docker_grafana/templates/provisioning/datasources/datasources.yml
+apiVersion: 1
+datasources:
+  - name: MQTT_Flux
+    type: influxdb
+    access: proxy
+    url: http://{{ int_ip4 }}:{{ mqtt_influxdb_port }}
+    jsonData:
+      version: Flux
+      organization: mqtt
+      defaultBucket: mqtt
+      tlsSkipVerify: true
+    secureJsonData:
+      token: {{ influxdb_token }}
+  - name: MQTT_InfluxQL
+    type: influxdb
+    access: proxy
+    url: http://{{ int_ip4 }}:{{ mqtt_influxdb_port }}
+    # This database should be mapped to a bucket
+    database: mqtt
+    jsonData:
+      httpMode: GET
+      httpHeaderName1: 'Authorization'
+    secureJsonData:
+      httpHeaderValue1: 'Token {{ influxdb_token }}'
+{% if inventory_hostname == 'hix' %}
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://{{ int_ip4 }}:9090
+{% endif %}
+{% if inventory_hostname == 'ogg' %}
+  - name: Pixelflut
+    type: prometheus
+    access: proxy
+    url: http://pixelflut.warpzone.lan:9090
+    uuid: P0FAC05DE14135586
+{% endif %}