From a7f8038feaf923acda8c9a3a64b5c7f064d47056 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 9 Sep 2023 20:13:20 +0200 Subject: monitoring/grafana: add automatic handling for admin password and additonal users --- roles/monitoring/grafana/defaults/main.yml | 13 ++++++++ roles/monitoring/grafana/filter_plugins/grafana.py | 32 +++++++++++++++++++ roles/monitoring/grafana/tasks/main.yml | 3 ++ roles/monitoring/grafana/tasks/users.yml | 36 ++++++++++++++++++++++ 4 files changed, 84 insertions(+) create mode 100644 roles/monitoring/grafana/filter_plugins/grafana.py create mode 100644 roles/monitoring/grafana/tasks/users.yml (limited to 'roles/monitoring') diff --git a/roles/monitoring/grafana/defaults/main.yml b/roles/monitoring/grafana/defaults/main.yml index 8a113e2d..0eaeb061 100644 --- a/roles/monitoring/grafana/defaults/main.yml +++ b/roles/monitoring/grafana/defaults/main.yml @@ -51,3 +51,16 @@ grafana_dashboards: [] # - id: 19 # revision: 3 # datasource: "Foo" + +grafana_admin_password: "{{ undef(hint='Please specify the password for the grafana admin user') }}" + +grafana_users: {} + # foo: + # password: somewhat-secret + # name: Foo Bar + # email: foo@bar.com + # root: + # password: very-secret + # name: The Root + # email: root@toor.com + # is_admin: yes diff --git a/roles/monitoring/grafana/filter_plugins/grafana.py b/roles/monitoring/grafana/filter_plugins/grafana.py new file mode 100644 index 00000000..750dc46d --- /dev/null +++ b/roles/monitoring/grafana/filter_plugins/grafana.py @@ -0,0 +1,32 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from functools import partial + +from ansible import errors +from ansible.module_utils.common.text import formatters + + +def resolve_grafana_url(url, config): + try: + protocol = config.get('protocol', 'http') + addr = config.get('http_addr', 'localhost') + port = config.get('http_port', '3000') + serve_from_sub_path = config.get('serve_from_sub_path', False) + + if not serve_from_sub_path: + return "%s://%s:%s" % (protocol, addr, port) + + return url.replace('%(protocol)s', str(protocol)).replace('%(domain)s', str(addr)).replace('%(http_port)s', str(port)) + except Exception as e: + raise errors.AnsibleFilterError("resolve_grafana_url(): %s" % str(e)) + + +class FilterModule(object): + + filter_map = { + 'resolve_grafana_url': resolve_grafana_url, + } + + def filters(self): + return self.filter_map diff --git a/roles/monitoring/grafana/tasks/main.yml b/roles/monitoring/grafana/tasks/main.yml index 48a0ec96..1e21ea39 100644 --- a/roles/monitoring/grafana/tasks/main.yml +++ b/roles/monitoring/grafana/tasks/main.yml @@ -147,3 +147,6 @@ name: grafana-server state: started enabled: yes + +- name: manage grafana users + include_tasks: users.yml diff --git a/roles/monitoring/grafana/tasks/users.yml b/roles/monitoring/grafana/tasks/users.yml new file mode 100644 index 00000000..695d34d8 --- /dev/null +++ b/roles/monitoring/grafana/tasks/users.yml @@ -0,0 +1,36 @@ +--- +- name: check if admin password is already set + check_mode: no + uri: + url: "{{ grafana_root_url | resolve_grafana_url(grafana_config_server) }}/api/user" + user: admin + password: "{{ grafana_admin_password }}" + force_basic_auth: true + body_format: json + status_code: + - 200 + - 400 + - 401 + register: grafana_admin_user_info + +- name: set password for admin user + when: grafana_admin_user_info.status != 200 + command: grafana-cli admin reset-admin-password --password-from-stdin + args: + stdin: "{{ grafana_admin_password }}" + stdin_add_newline: false + +- name: add additional users to grafana + loop: "{{ grafana_users | dict2items }}" + loop_control: + label: "{{ item.key }}" + community.grafana.grafana_user: + url: "{{ grafana_root_url | resolve_grafana_url(grafana_config_server) }}" + url_username: admin + url_password: "{{ grafana_admin_password }}" + name: "{{ item.value.name | default(omit) }}" + email: "{{ item.value.email | default(omit) }}" + login: "{{ item.key }}" + password: "{{ item.value.password }}" + is_admin: "{{ item.value.is_admin | default(False) }}" + state: present -- cgit v1.2.3