Add Grafana/Prometheus config

inventories/chaosknoten/host_vars/grafana.yaml

@@ -1,5 +1,11 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/grafana/compose.yaml.j2') }}"
-docker_compose__configuration_files: []
+docker_compose__configuration_files:
+  - name: grafana.ini
+    content: "{{ lookup('ansible.builtin.template', 'templates/chaosknoten/configs/grafana/docker_compose/grafana.ini') }}"
+  - name: grafana-datasource.yml
+    content: "{{ lookup('ansible.builtin.file', 'files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml') }}"
+  - name: prometheus.yml
+    content: "{{ lookup('ansible.builtin.file', 'files/chaosknoten/configs/grafana/docker_compose/prometheus.yml') }}"
 
 certbot__version_spec: ""
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de

playbooks/files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml

@@ -0,0 +1,10 @@
+apiVersion: 1
+
+datasources:
+- name: Prometheus
+  type: prometheus
+  url: http://prometheus:9090 
+  isDefault: true
+  access: proxy
+  editable: true
+

playbooks/files/chaosknoten/configs/grafana/docker_compose/prometheus.yml

@@ -0,0 +1,39 @@
+global:
+  scrape_interval: 15s
+  scrape_timeout: 10s
+  evaluation_interval: 15s
+alerting:
+  alertmanagers:
+  - static_configs:
+    - targets: []
+    scheme: http
+    timeout: 10s
+    api_version: v1
+scrape_configs:
+- job_name: prometheus
+  honor_timestamps: true
+  scrape_interval: 15s
+  scrape_timeout: 10s
+  metrics_path: /metrics
+  scheme: http
+  static_configs:
+  - targets:
+    - localhost:9090
+- job_name: c3lingo
+  honor_timestamps: true
+  scrape_interval: 5s
+  scrape_timeout: 1s
+  metrics_path: /mumblestats/metrics
+  scheme: https
+  static_configs:
+  - targets:
+    - mumble.c3lingo.org:443
+- job_name: mumble
+  honor_timestamps: true
+  scrape_interval: 5s
+  scrape_timeout: 1s
+  metrics_path: /
+  scheme: http
+  static_configs:
+  - targets:
+    - mumble.hamburg.ccc.de:9123

playbooks/templates/chaosknoten/configs/grafana/compose.yaml.j2

@@ -2,6 +2,7 @@
 version: "3.6"
 
 services:
+
   prometheus:
     image: prom/prometheus
     container_name: prometheus
@@ -11,8 +12,9 @@ services:
       - 9090:9090
     restart: unless-stopped
     volumes:
-      - ./prometheus:/etc/prometheus
+      - ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
       - prom_data:/prometheus
+
   grafana:
     image: grafana/grafana
     container_name: grafana
@@ -23,7 +25,8 @@ services:
       - GF_SECURITY_ADMIN_USER=admin
       - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
     volumes:
-      - ./grafana:/etc/grafana/provisioning/datasources
+      - ./configs/grafana.ini:/etc/grafana/grafana.ini
+      - ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
       - graf_data:/var/lib/grafana
 
 volumes:

playbooks/templates/chaosknoten/configs/grafana/docker_compose/grafana.ini

@@ -0,0 +1,25 @@
+[server]
+root_url = https://grafana.hamburg.ccc.de
+
+[auth]
+disable_login_form = true
+
+# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
+[auth.generic_oauth]
+enabled = true
+auto_login = true
+name = id.hamburg.ccc.de
+allow_sign_up = true
+client_id = grafana
+client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+scopes = openid email profile offline_access roles
+email_attribute_path = email
+login_attribute_path = username
+name_attribute_path = full_name
+auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
+token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
+api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
+signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
+role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
+allow_assign_grafana_admin = true
+use_refresh_token = true