Add Grafana/Prometheus config

2024-01-24 19:12:43 +01:00 · 2024-01-24 19:12:43 +01:00 · a68edb81c4
commit a68edb81c4
parent 946b35efab
6 changed files with 1709 additions and 3 deletions
--- a/playbooks/templates/chaosknoten/configs/grafana/compose.yaml.j2
+++ b/playbooks/templates/chaosknoten/configs/grafana/compose.yaml.j2
@ -2,6 +2,7 @@
 version: "3.6"

 services:
+
  prometheus:
    image: prom/prometheus
    container_name: prometheus
@ -11,8 +12,9 @@ services:
      - 9090:9090
    restart: unless-stopped
    volumes:
-      - ./prometheus:/etc/prometheus
+      - ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
      - prom_data:/prometheus
+
  grafana:
    image: grafana/grafana
    container_name: grafana
@ -23,7 +25,8 @@ services:
      - GF_SECURITY_ADMIN_USER=admin
      - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
    volumes:
-      - ./grafana:/etc/grafana/provisioning/datasources
+      - ./configs/grafana.ini:/etc/grafana/grafana.ini
+      - ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
      - graf_data:/var/lib/grafana

 volumes:
--- a/playbooks/templates/chaosknoten/configs/grafana/docker_compose/grafana.ini
+++ b/playbooks/templates/chaosknoten/configs/grafana/docker_compose/grafana.ini
@ -0,0 +1,25 @@
+[server]
+root_url = https://grafana.hamburg.ccc.de
+
+[auth]
+disable_login_form = true
+
+# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
+[auth.generic_oauth]
+enabled = true
+auto_login = true
+name = id.hamburg.ccc.de
+allow_sign_up = true
+client_id = grafana
+client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+scopes = openid email profile offline_access roles
+email_attribute_path = email
+login_attribute_path = username
+name_attribute_path = full_name
+auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
+token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
+api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
+signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
+role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
+allow_assign_grafana_admin = true
+use_refresh_token = true