Merge pull request #2 from Diesel-Net/development

Configure LDAP auth

Author: tomdaley92

.ansible/deploy.yaml

@@ -12,30 +12,50 @@
         name: common
         tasks_from: make_data_dir
 
+    # notes on the file permissions: 
     # https://grafana.com/docs/grafana/latest/installation/docker/#migrate-to-v51-or-later
+
     - file:
         path: '{{ data_dir }}'
         owner: '472'
         group: '0'
         mode: u=rwx,g=rx
       become: yes
 
-    # - file:
-    #     path: '{{ config_dir }}'
-    #     owner: 472
-    #     group: 0
-    #     mode: u=rwx,g=rx
-    #   become: yes
-        
+    - file:
+        path: '{{ config_dir }}'
+        owner: '472'
+        group: '0'
+        mode: u=rwx,g=rx,o=r
+      become: yes
+
+    - name: 'render grafana.ini.j2 to {{ config_dir }}/grafana.ini'
+      template:
+        src: grafana.ini.j2
+        dest: '{{ config_dir }}/grafana.ini'
+        owner: '472'
+        group: '0'
+        mode: u=rwx,g=rx
+      become: yes
+
+    - name: 'render ldap.toml.j2 to {{ config_dir }}/ldap.toml'
+      template:
+        src: ldap.toml.j2
+        dest: '{{ config_dir }}/ldap.toml'
+        owner: '472'
+        group: '0'
+        mode: u=rwx,g=rx
+      become: yes
+
     - include_role:
         name: docker
         tasks_from: stack_deploy
       vars:
         docker_compose_template: docker-compose.yaml.j2
 
-    # - include_role:
-    #     name: docker
-    #     tasks_from: service_update
-    #   vars:
-    #     options: --force
-    #     docker_service: grafana
+    - include_role:
+        name: docker
+        tasks_from: service_update
+      vars:
+        options: --force
+        docker_service: grafana

.ansible/inventories/production.yaml

@@ -8,5 +8,6 @@ all:
 
   vars:
     grafana_host: grafana.diesel.net
+    ldap_admin_password: "{{ lookup('env', 'LDAP_ADMIN_PASSWORD') }}"
     ansible_user: automation
     ansible_python_interpreter: /usr/bin/python3

.ansible/templates/docker-compose.yaml.j2

@@ -2,11 +2,12 @@ version: '3.8'
 services:
 
   grafana:
-    image: grafana/grafana:8.5.2
+    image: grafana/grafana-oss:8.5.2
     volumes:
       - {{ ssl_cert_file }}:/etc/ssl/certs/ca-certificates.crt
       - {{ localtime_file }}:/etc/localtime
-      #- {{ config_dir }}:/etc/grafana
+      - {{ config_dir }}/grafana.ini:/etc/grafana/grafana.ini
+      - {{ config_dir }}/ldap.toml:/etc/grafana/ldap.toml
       - {{ data_dir }}:/var/lib/grafana
     deploy:
       labels: