Created
January 11, 2019 19:11
-
-
Save wwalker/6af2a8eaaa354cc18614346199a94811 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| include: | |
| - git | |
| {% if grains.get('os') == 'Ubuntu' %} | |
| {% set grafana_version = salt['pillar.get']('grafana:version', '5.4.2') %} | |
| grafana_dependencies: | |
| pkg.installed: | |
| - pkgs: | |
| - apt-transport-https | |
| # Install Grafana Repo on Ubuntu, Arch packages are in that repo | |
| add_grafana_repo: | |
| pkgrepo.managed: | |
| - name: deb https://packagecloud.io/grafana/stable/debian/ stretch main | |
| - file: /etc/apt/sources.list.d/grafana.list | |
| - key_url: https://packagecloud.io/gpg.key | |
| - require: | |
| - pkg: grafana_dependencies | |
| {% endif %} | |
| grafana: | |
| pkg.installed: | |
| - name: grafana | |
| {% if grains.get('os') == 'Ubuntu' %} | |
| - version: {{ grafana_version }} | |
| - hold: True | |
| - require: | |
| - pkgrepo: add_grafana_repo | |
| {% endif %} | |
| /etc/grafana: | |
| file.directory: | |
| - user: root | |
| - group: root | |
| - mode: 755 | |
| grafana_ini_file: | |
| file.managed: | |
| - name: /etc/grafana/grafana.ini | |
| - user: grafana | |
| - group: grafana | |
| - mode: 640 | |
| - require: | |
| - pkg: grafana | |
| {% set grafana_ini = salt.pillar.get('grafana:ini_config') %} | |
| /etc/grafana/grafana.ini: | |
| ini.options_present: | |
| - separator: '=' | |
| - strict: True | |
| - sections: {{ grafana_ini }} | |
| - watch_in: | |
| - service: grafana-server | |
| grafana-server: | |
| service.running: | |
| - enable: True | |
| - require: | |
| - pkg: grafana | |
| grafana-api-available: | |
| http.wait_for_successful_query: | |
| - name: http://127.0.0.1:3000/login | |
| - status: 200 | |
| - request_interval: 2.0 | |
| - wait_for: 20 | |
| - require: | |
| - service: grafana-server | |
| {% set admin_password = salt['pillar.get']('grafana:grafana_password', 'admin') %} | |
| {% if admin_password != 'admin' and salt['grains.get']('grafana_password_was_seeded') != True %} | |
| has a default admin password: | |
| http.query: | |
| - name: http://localhost:3000/api/admin/stats | |
| - method: 'GET' | |
| - status: 200 | |
| - username: 'admin' | |
| - password: 'admin' | |
| - require: | |
| - http: grafana-api-available | |
| set new admin password: | |
| http.query: | |
| - name: http://localhost:3000/api/user/password | |
| - method: 'PUT' | |
| - status: 200 | |
| - username: 'admin' | |
| - password: 'admin' | |
| - data: '{"oldPassword": "admin", "newPassword": "{{ admin_password }}", "confirmNew": "{{ admin_password }}"}' | |
| - decode_type: 'json' | |
| - data_render: True | |
| - header_dict: {"Content-Type": "application/json"} | |
| - header_render: True | |
| - require: | |
| - http: has a default admin password | |
| set the Grafana password was seeded grain: | |
| grains.present: | |
| - name: grafana_password_was_seeded | |
| - value: True | |
| - require: | |
| - http: set new admin password | |
| {% endif %} | |
| has a valid admin password: | |
| http.query: | |
| - name: http://localhost:3000/api/admin/stats | |
| - method: 'GET' | |
| - status: 200 | |
| - username: 'admin' | |
| - password: '{{ admin_password }}' | |
| - require: | |
| - http: grafana-api-available | |
| {% set prom_host = salt['pillar.get']('grafana:prom_host', None) %} | |
| {% set prom_host_access = salt['pillar.get']('grafana:prom_host_access', 'proxy') %} | |
| {% if prom_host != None %} | |
| Ensure Prometheus data source is present: | |
| grafana4_datasource.present: | |
| - name: prometheus | |
| - type: prometheus | |
| - url: http://{{ prom_host }}:9090 | |
| - access: {{ prom_host_access }} | |
| - is_default: true | |
| - require: | |
| - http: has a valid admin password | |
| {% endif %} | |
| # Seed the Grafana dashboards per ENV | |
| get the dashboards provisioning config file: | |
| file.managed: | |
| - name: /etc/grafana/provisioning/dashboards/tg.yaml | |
| - source: salt://grafana/templates/tg.yaml | |
| - template: jinja | |
| - user: grafana | |
| - group: grafana | |
| - mode: 640 | |
| - makedirs: True | |
| - require: | |
| - pkg: grafana | |
| - watch_in: | |
| - service: grafana-server | |
| get the deploy key so we can fetch the dashboards from github: | |
| file.managed: | |
| - name: /etc/grafana/deploy.key | |
| - contents_pillar: grafana:deploy_key | |
| - user: root | |
| - group: root | |
| - mode: 600 | |
| - makedirs: True | |
| - require: | |
| - pkg: grafana | |
| fetch the dashboards from github: | |
| git.latest: | |
| - name: [email protected]:threatgrid/grafana-dashboards.git | |
| - branch: master | |
| - rev: master | |
| - target: /var/lib/grafana/dashboards | |
| - force_reset: True | |
| - force_fetch: True | |
| - force_checkout: True | |
| - force_clone: True | |
| - identity: /etc/grafana/deploy.key | |
| - require: | |
| - file: /etc/grafana/deploy.key | |
| - pkg: git | |
| - watch_in: | |
| - service: grafana-server | |
| role-grafanaserver: | |
| file.append: | |
| - name: /etc/motd | |
| - text: | |
| - "Role: Grafana server" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment