From a890d1f924a879d2fc52fd86f019914441c27a00 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Tue, 27 Nov 2018 14:09:36 +0100 Subject: [PATCH 01/10] redhat --- grafana/init.sls | 3 +++ grafana/repo/redhat.sls | 10 ++++++++++ 2 files changed, 13 insertions(+) create mode 100644 grafana/repo/redhat.sls diff --git a/grafana/init.sls b/grafana/init.sls index 9829b7f..65e12fd 100644 --- a/grafana/init.sls +++ b/grafana/init.sls @@ -1,6 +1,9 @@ {%- if pillar.grafana is defined %} include: +{%- if grains['os_family'] == 'RedHat' %} +- grafana.repo.redhat +{%- endif %} {%- if pillar.grafana.server is defined %} - grafana.server {%- endif %} diff --git a/grafana/repo/redhat.sls b/grafana/repo/redhat.sls new file mode 100644 index 0000000..650ca35 --- /dev/null +++ b/grafana/repo/redhat.sls @@ -0,0 +1,10 @@ +grafana: + pkgrepo.managed: + - humanname: 'grafana' + - name: 'grafana' + - baseurl: 'https://packagecloud.io/grafana/stable/el/7/$basearch' + - enabled: 1 + - gpgcheck: 1 + - gpgkey: https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana + - sslverify: 1 + - sslcacert: /etc/pki/tls/certs/ca-bundle.crt From a958475d837d1cf28ab50118c0b37cc284b25845 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Tue, 27 Nov 2018 14:11:39 +0100 Subject: [PATCH 02/10] RedHat --- grafana/map.jinja | 53 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/grafana/map.jinja b/grafana/map.jinja index c1b1478..b103204 100644 --- a/grafana/map.jinja +++ b/grafana/map.jinja @@ -48,6 +48,51 @@ Debian: static: /usr/share/grafana/public dashboards: enabled: false +RedHat: + pkgs: + - grafana + service: grafana-server + user: grafana + group: grafana + path: + home: /usr/share/grafana + data: /var/lib/grafana + logs: /var/log/grafana + pid_file_dir: /var/run/grafana + bind: + address: 0.0.0.0 + port: 3000 + session: + engine: file + auth: + engine: application + ldap: + enabled: false + host: '127.0.0.1' + port: 389 + use_ssl: false + bind_dn: "cn=admin,dc=grafana,dc=org" + bind_password: "grafana" + user_search_filter: "(cn=%s)" + user_search_base_dns: + - "dc=grafana,dc=org" + servers: + attributes: + name: "givenName" + surname: "sn" + username: "cn" + member_of: "memberOf" + email: "email" + admin: + user: admin + password: admin + allow_sign_up: False + allow_org_create: False + auto_assign_role: Viewer + dir: + static: /usr/share/grafana/public + dashboards: + enabled: false {%- endload %} {%- set server = salt['grains.filter_by'](server_defaults, merge=salt['pillar.get']('grafana:server')) %} @@ -61,6 +106,14 @@ Debian: engine: none datasource: {} dashboard: {} +RedHat: + server: + host: 127.0.0.1 + port: 3000 + remote_data: + engine: none + datasource: {} + dashboard: {} {%- endload %} {%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('grafana:client')) %} From 882bf2f52302ce28a3ef7c231eb24311c9339769 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Tue, 27 Nov 2018 14:38:01 +0100 Subject: [PATCH 03/10] ssl_skip_verify --- grafana/files/ldap.toml | 2 +- grafana/map.jinja | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/grafana/files/ldap.toml b/grafana/files/ldap.toml index 0190ea2..771f923 100644 --- a/grafana/files/ldap.toml +++ b/grafana/files/ldap.toml @@ -14,7 +14,7 @@ use_ssl = {{ ldap_params.use_ssl|lower }} # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) start_tls = false # set to true if you want to skip ssl cert validation -ssl_skip_verify = false +ssl_skip_verify = {{ ldap_params.ssl_skip_verify }} # set to the path to your root CA certificate or leave unset to use system defaults # root_ca_cert = /path/to/certificate.crt diff --git a/grafana/map.jinja b/grafana/map.jinja index b103204..bd3e4b7 100644 --- a/grafana/map.jinja +++ b/grafana/map.jinja @@ -26,6 +26,7 @@ Debian: host: '127.0.0.1' port: 389 use_ssl: false + ssl_skip_verify: false bind_dn: "cn=admin,dc=grafana,dc=org" bind_password: "grafana" user_search_filter: "(cn=%s)" @@ -70,7 +71,8 @@ RedHat: enabled: false host: '127.0.0.1' port: 389 - use_ssl: false + use_ssl: false + ssl_skip_verify: false bind_dn: "cn=admin,dc=grafana,dc=org" bind_password: "grafana" user_search_filter: "(cn=%s)" From 5d5aa618563b82e8226267f04ae56e6b5584a2f2 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Tue, 27 Nov 2018 14:39:48 +0100 Subject: [PATCH 04/10] tab --- grafana/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/grafana/map.jinja b/grafana/map.jinja index bd3e4b7..bea8d7f 100644 --- a/grafana/map.jinja +++ b/grafana/map.jinja @@ -26,7 +26,7 @@ Debian: host: '127.0.0.1' port: 389 use_ssl: false - ssl_skip_verify: false + ssl_skip_verify: false bind_dn: "cn=admin,dc=grafana,dc=org" bind_password: "grafana" user_search_filter: "(cn=%s)" @@ -71,8 +71,8 @@ RedHat: enabled: false host: '127.0.0.1' port: 389 - use_ssl: false - ssl_skip_verify: false + use_ssl: false + ssl_skip_verify: false bind_dn: "cn=admin,dc=grafana,dc=org" bind_password: "grafana" user_search_filter: "(cn=%s)" From 897d9a028f03b3425e908e4d64f90b6017c3f369 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Tue, 27 Nov 2018 14:43:29 +0100 Subject: [PATCH 05/10] fix --- grafana/files/ldap.toml | 4 ++-- grafana/map.jinja | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/grafana/files/ldap.toml b/grafana/files/ldap.toml index 771f923..030ec67 100644 --- a/grafana/files/ldap.toml +++ b/grafana/files/ldap.toml @@ -12,9 +12,9 @@ port = {{ ldap_params.port }} use_ssl = {{ ldap_params.use_ssl|lower }} # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) -start_tls = false +start_tls = {{ ldap_params.start_tls|lower }} # set to true if you want to skip ssl cert validation -ssl_skip_verify = {{ ldap_params.ssl_skip_verify }} +ssl_skip_verify = {{ ldap_params.ssl_skip_verify|lower }} # set to the path to your root CA certificate or leave unset to use system defaults # root_ca_cert = /path/to/certificate.crt diff --git a/grafana/map.jinja b/grafana/map.jinja index bea8d7f..13e80c2 100644 --- a/grafana/map.jinja +++ b/grafana/map.jinja @@ -26,6 +26,7 @@ Debian: host: '127.0.0.1' port: 389 use_ssl: false + start_tls: false ssl_skip_verify: false bind_dn: "cn=admin,dc=grafana,dc=org" bind_password: "grafana" @@ -72,6 +73,7 @@ RedHat: host: '127.0.0.1' port: 389 use_ssl: false + start_tls: false ssl_skip_verify: false bind_dn: "cn=admin,dc=grafana,dc=org" bind_password: "grafana" From db864c59fa4a54b9543532df97f42d9151f56abd Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Thu, 20 Jun 2019 14:45:39 +0200 Subject: [PATCH 06/10] allow to disable repo --- grafana/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana/init.sls b/grafana/init.sls index 65e12fd..feac486 100644 --- a/grafana/init.sls +++ b/grafana/init.sls @@ -1,7 +1,7 @@ {%- if pillar.grafana is defined %} include: -{%- if grains['os_family'] == 'RedHat' %} +{%- if grafana.manage_repo and grains['os_family'] == 'RedHat' %} - grafana.repo.redhat {%- endif %} {%- if pillar.grafana.server is defined %} From 40f33c777a50bffdc1abf518973c672569079894 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Thu, 20 Jun 2019 14:53:08 +0200 Subject: [PATCH 07/10] Allow to not configure default parameters --- grafana/files/grafana.ini | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/grafana/files/grafana.ini b/grafana/files/grafana.ini index 6866229..836ed97 100644 --- a/grafana/files/grafana.ini +++ b/grafana/files/grafana.ini @@ -20,7 +20,11 @@ logs = {{ server.path.logs }} #################################### Server #################################### [server] # Protocol (http or https) +{%- if 'protocol' in server %} protocol = {{ server.protocol }} +{%- else %} +;protocol = http +{% endif %} # The ip address to bind to, empty will bind to all interfaces http_addr = {{ server.bind.address }} @@ -29,14 +33,22 @@ http_addr = {{ server.bind.address }} http_port = {{ server.bind.port }} # The public facing domain name used to access grafana from a browser +{%- if 'domain' in server %} domain = {{ server.domain }} +{%- else %} +;domain = localhost +{%- endif %} # Redirect to correct domain if host header does not match domain # Prevents DNS rebinding attacks ;enforce_domain = false # The full public facing url +{%- if 'root_url' in server %} root_url = {{ server.root_url }} +{%- else %} +;root_url = %(protocol)s://%(domain)s:%(http_port)s/ +{%- endif %} # Log web requests ;router_logging = false From ef6b9e5d42f6d0af118d9c0c26592a7f77dee7f1 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Thu, 20 Jun 2019 15:18:08 +0200 Subject: [PATCH 08/10] missing default value for manage_repo --- grafana/init.sls | 6 +++--- grafana/map.jinja | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/grafana/init.sls b/grafana/init.sls index feac486..0e9df70 100644 --- a/grafana/init.sls +++ b/grafana/init.sls @@ -1,10 +1,10 @@ {%- if pillar.grafana is defined %} include: -{%- if grafana.manage_repo and grains['os_family'] == 'RedHat' %} -- grafana.repo.redhat -{%- endif %} {%- if pillar.grafana.server is defined %} + {%- if pillar.grafana.server.manage_repo and grains['os_family'] == 'RedHat' %} +- grafana.repo.redhat + {%- endif %} - grafana.server {%- endif %} {%- if pillar.grafana.client is defined %} diff --git a/grafana/map.jinja b/grafana/map.jinja index 13e80c2..628476e 100644 --- a/grafana/map.jinja +++ b/grafana/map.jinja @@ -1,6 +1,7 @@ {%- load_yaml as server_defaults %} Debian: + manage_repo: false pkgs: - grafana service: grafana-server @@ -51,6 +52,7 @@ Debian: dashboards: enabled: false RedHat: + manage_repo: true pkgs: - grafana service: grafana-server From 156dab8eaf4bd327f3628965cb961e0a170c3b26 Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Tue, 13 Aug 2019 09:21:00 +0200 Subject: [PATCH 09/10] Update repo --- grafana/repo/redhat.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grafana/repo/redhat.sls b/grafana/repo/redhat.sls index 650ca35..c38330d 100644 --- a/grafana/repo/redhat.sls +++ b/grafana/repo/redhat.sls @@ -2,9 +2,9 @@ grafana: pkgrepo.managed: - humanname: 'grafana' - name: 'grafana' - - baseurl: 'https://packagecloud.io/grafana/stable/el/7/$basearch' + - baseurl: 'https://packages.grafana.com/oss/rpm' - enabled: 1 - gpgcheck: 1 - - gpgkey: https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana + - gpgkey: https://packages.grafana.com/gpg.key - sslverify: 1 - sslcacert: /etc/pki/tls/certs/ca-bundle.crt From 2dbcc53769187813dd973af72943977e246e53bf Mon Sep 17 00:00:00 2001 From: Benjamin DUPUIS Date: Wed, 16 Oct 2019 08:37:45 +0200 Subject: [PATCH 10/10] iteritems => items --- grafana/client/init.sls | 14 +++++++------- grafana/meta/salt.yml | 2 +- grafana/server.sls | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/grafana/client/init.sls b/grafana/client/init.sls index 129d52a..28800fd 100644 --- a/grafana/client/init.sls +++ b/grafana/client/init.sls @@ -2,7 +2,7 @@ {%- if client.get('enabled', False) %} {%- set datasources = [] %} -{%- for datasource_name, datasource in client.datasource.iteritems() %} +{%- for datasource_name, datasource in client.datasource.items() %} {%- do datasources.append(datasource.type) %} grafana_client_datasource_{{ datasource_name }}: @@ -42,7 +42,7 @@ grafana_client_datasource_{{ datasource_name }}: {%- set parameters = {} %} {%- if client.remote_data.engine == 'salt_mine' %} -{%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %} +{%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').items() %} {%- if node_grains.grafana is defined %} {%- set raw_dict = salt['grains.filter_by']({'default': raw_dict}, merge=node_grains.grafana.get('dashboard', {})) %} {%- set parameters = salt['grains.filter_by']({'default': parameters}, merge=node_grains.grafana.get('parameters', {})) %} @@ -57,15 +57,15 @@ grafana_client_datasource_{{ datasource_name }}: {%- set parameters = salt['grains.filter_by']({'default': parameters}, merge=client.parameters) %} {%- endif %} -{%- for dashboard_name, dashboard in raw_dict.iteritems() %} +{%- for dashboard_name, dashboard in raw_dict.items() %} {%- if dashboard.get('format', 'yaml')|lower == 'yaml' %} # Dashboards in JSON format are considered as blob {%- set rows = [] %} - {%- for row_name, row in dashboard.get('row', {}).iteritems() %} + {%- for row_name, row in dashboard.get('row', {}).items() %} {%- set panels = [] %} - {%- for panel_name, panel in row.get('panel', {}).iteritems() %} + {%- for panel_name, panel in row.get('panel', {}).items() %} {%- set targets = [] %} - {%- for target_name, target in panel.get('target', {}).iteritems() %} + {%- for target_name, target in panel.get('target', {}).items() %} {%- do targets.extend([target]) %} {%- endfor %} {%- do panel.update({'targets': targets}) %} @@ -80,7 +80,7 @@ grafana_client_datasource_{{ datasource_name }}: {%- do final_dict.update({dashboard_name: dashboard}) %} {%- endfor %} -{%- for dashboard_name, dashboard in final_dict.iteritems() %} +{%- for dashboard_name, dashboard in final_dict.items() %} {%- if dashboard.datasource is not defined or dashboard.datasource in datasources %} {%- if dashboard.get('enabled', True) %} grafana_client_dashboard_{{ dashboard_name }}: diff --git a/grafana/meta/salt.yml b/grafana/meta/salt.yml index 3c00ab7..94a59ea 100644 --- a/grafana/meta/salt.yml +++ b/grafana/meta/salt.yml @@ -1,7 +1,7 @@ {%- if pillar.get('grafana', {}).get('collector') %} {%- if pillar.grafana.collector.get('enabled', False) %} {%- set service_grains = {} %} - {%- for service_name, service in pillar.iteritems() %} + {%- for service_name, service in pillar.items() %} {%- if service.get('_support', {}).get('grafana', {}).get('enabled', False) %} {%- macro load_grains_file(grains_fragment_file) %}{% include grains_fragment_file ignore missing %}{% endmacro %} {%- set grains_fragment_file = service_name+'/meta/grafana.yml' %} diff --git a/grafana/server.sls b/grafana/server.sls index 1011d3e..b13e1b4 100644 --- a/grafana/server.sls +++ b/grafana/server.sls @@ -51,7 +51,7 @@ grafana_copy_default_dashboards: {%- endif %} -{%- for theme_name, theme in server.get('theme', {}).iteritems() %} +{%- for theme_name, theme in server.get('theme', {}).items() %} {%- if theme.css_override is defined %} @@ -102,7 +102,7 @@ grafana_service: - file: /etc/grafana/grafana.ini - file: /etc/default/grafana-server -{%- for plugin_name, plugin in server.get('plugins', {}).iteritems() %} +{%- for plugin_name, plugin in server.get('plugins', {}).items() %} {%- if plugin.get('enabled', False) %} install_{{ plugin_name }}: cmd.run: