Add Grafana/Prometheus config

This commit is contained in:
Stefan Bethke 2024-01-24 19:12:43 +01:00
parent 946b35efab
commit a68edb81c4
6 changed files with 1709 additions and 3 deletions

View file

@ -1,5 +1,11 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/grafana/compose.yaml.j2') }}"
docker_compose__configuration_files: []
docker_compose__configuration_files:
- name: grafana.ini
content: "{{ lookup('ansible.builtin.template', 'templates/chaosknoten/configs/grafana/docker_compose/grafana.ini') }}"
- name: grafana-datasource.yml
content: "{{ lookup('ansible.builtin.file', 'files/chaosknoten/configs/grafana/docker_compose/grafana-datasource.yml') }}"
- name: prometheus.yml
content: "{{ lookup('ansible.builtin.file', 'files/chaosknoten/configs/grafana/docker_compose/prometheus.yml') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de

View file

@ -0,0 +1,10 @@
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://prometheus:9090
isDefault: true
access: proxy
editable: true

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,39 @@
global:
scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
alerting:
alertmanagers:
- static_configs:
- targets: []
scheme: http
timeout: 10s
api_version: v1
scrape_configs:
- job_name: prometheus
honor_timestamps: true
scrape_interval: 15s
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets:
- localhost:9090
- job_name: c3lingo
honor_timestamps: true
scrape_interval: 5s
scrape_timeout: 1s
metrics_path: /mumblestats/metrics
scheme: https
static_configs:
- targets:
- mumble.c3lingo.org:443
- job_name: mumble
honor_timestamps: true
scrape_interval: 5s
scrape_timeout: 1s
metrics_path: /
scheme: http
static_configs:
- targets:
- mumble.hamburg.ccc.de:9123

View file

@ -2,6 +2,7 @@
version: "3.6"
services:
prometheus:
image: prom/prometheus
container_name: prometheus
@ -11,8 +12,9 @@ services:
- 9090:9090
restart: unless-stopped
volumes:
- ./prometheus:/etc/prometheus
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- prom_data:/prometheus
grafana:
image: grafana/grafana
container_name: grafana
@ -23,7 +25,8 @@ services:
- GF_SECURITY_ADMIN_USER=admin
- "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
volumes:
- ./grafana:/etc/grafana/provisioning/datasources
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
- graf_data:/var/lib/grafana
volumes:

View file

@ -0,0 +1,25 @@
[server]
root_url = https://grafana.hamburg.ccc.de
[auth]
disable_login_form = true
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
[auth.generic_oauth]
enabled = true
auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
name_attribute_path = full_name
auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
allow_assign_grafana_admin = true
use_refresh_token = true