Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
b0793ac5
Commit
b0793ac5
authored
May 01, 2021
by
Kristian Klausen
🎉
Browse files
grafana: Add anonymous access for dashboards.al.org
parent
14bd47b8
Changes
10
Hide whitespace changes
Inline
Side-by-side
playbooks/dashboards.archlinux.org.yml
View file @
b0793ac5
...
...
@@ -14,5 +14,5 @@
-
{
role
:
promtail
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
grafana
,
grafana_domain
:
'
dashboards.archlinux.org'
}
-
{
role
:
grafana
,
grafana_anonymous_access
:
true
,
grafana_domain
:
'
dashboards.archlinux.org'
}
-
{
role
:
fail2ban
}
roles/grafana/defaults/main.yml
View file @
b0793ac5
---
grafana_domain
:
"
grafana.archlinux.org"
grafana_anonymous_access
:
false
roles/grafana/files/public-dashboards/archive.json
0 → 120000
View file @
b0793ac5
../dashboards/archive.json
\ No newline at end of file
roles/grafana/files/public-dashboards/home.json
0 → 120000
View file @
b0793ac5
archive.json
\ No newline at end of file
roles/grafana/files/public-dashboards/rebuilderd.json
0 → 120000
View file @
b0793ac5
../dashboards/rebuilderd.json
\ No newline at end of file
roles/grafana/files/public-dashboards/repository.json
0 → 120000
View file @
b0793ac5
../dashboards/repository.json
\ No newline at end of file
roles/grafana/tasks/main.yml
View file @
b0793ac5
...
...
@@ -36,6 +36,10 @@
-
name
:
copy grafana dashboards
copy
:
src=dashboards dest=/var/lib/grafana/dashboards owner=grafana group=grafana mode=0600
-
name
:
copy (public) grafana dashboards
copy
:
src=public-dashboards dest=/var/lib/grafana/ owner=root group=grafana mode=0640
when
:
grafana_anonymous_access
-
name
:
install grafana config
template
:
src=grafana.ini.j2 dest=/etc/grafana.ini owner=grafana group=root mode=0600
notify
:
restart grafana
...
...
roles/grafana/templates/dashboard.yaml.j2
View file @
b0793ac5
...
...
@@ -9,6 +9,10 @@ providers:
allowUiUpdates: false
type: file
options:
{% if grafana_anonymous_access %}
path: /var/lib/grafana/public-dashboards
{% else %}
path: /var/lib/grafana/dashboards
{% endif %}
foldersFromFilesStructure: true
roles/grafana/templates/datasources.yaml.j2
View file @
b0793ac5
apiVersion: 1
datasources:
{% if grafana_anonymous_access %}
- name: Prometheus
type: prometheus
access: proxy
basicAuth: true
basicAuthUser: {{ vault_prometheus_user }}
secureJsonData:
basicAuthPassword: {{ vault_prometheus_passwd }}
url: https://{{ prometheus_domain }}:9090
{% else %}
- name: Prometheus
type: prometheus
access: proxy
...
...
@@ -9,4 +19,4 @@ datasources:
type: loki
access: proxy
url: http://localhost:3100
{% endif %}
roles/grafana/templates/grafana.ini.j2
View file @
b0793ac5
...
...
@@ -233,6 +233,11 @@ x_xss_protection = true
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
;min_refresh_interval =
{% if grafana_anonymous_access %}
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = /var/lib/grafana/public-dashboards/home.json
{% endif %}
#################################### Users ###############################
[users]
# disable user signup / registration
...
...
@@ -303,13 +308,15 @@ oauth_auto_login = true
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
;enabled = false
{% if grafana_anonymous_access %}
enabled = true
{% endif %}
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
# specify role for unauthenticated users
;
org_role = Viewer
org_role = Viewer
#################################### Github Auth ##########################
[auth.github]
...
...
@@ -373,6 +380,7 @@ oauth_auto_login = true
;allowed_domains =
;allowed_groups =
{% if not grafana_anonymous_access %}
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
...
...
@@ -394,6 +402,7 @@ role_attribute_path: contains(roles[*], 'DevOps') && 'Admin' || contains(roles[*
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
{% endif %}
#################################### SAML Auth ###########################
[auth.saml] # Enterprise only
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment