benvin/grafana_postgres (#334)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
This commit was merged in pull request #334.
This commit is contained in:
2025-07-01 19:07:24 +10:00
parent 61d912de30
commit a9faa098ee
8 changed files with 115 additions and 51 deletions
+69 -17
View File
@@ -1,15 +1,16 @@
# profiles::metrics::grafana
class profiles::metrics::grafana (
String $ldap_bind_pass,
Stdlib::Port $http_port = 8080,
String $app_mode = 'production',
Boolean $allow_sign_up = false,
Boolean $mysql_backend = true,
String $mysql_user = 'grafana',
String $mysql_name = 'grafana',
String $mysql_pass = fqdn_rand_string(16),
Stdlib::Host $mysql_host = '127.0.0.1',
Stdlib::Port $mysql_port = 3306,
Boolean $mysql_backend = false,
Boolean $pgsql_backend = false,
String $db_user = 'grafana',
String $db_name = 'grafana',
String $db_pass = fqdn_rand_string(16),
Stdlib::Host $db_host = '127.0.0.1',
Stdlib::Port $db_port = 5432,
) {
# set the fqdn
@@ -18,26 +19,40 @@ class profiles::metrics::grafana (
# when using mysql backend
if $mysql_backend {
@@mysql_user { "${mysql_user}@${facts['networking']['fqdn']}":
@@mysql_user { "${db_user}@${facts['networking']['fqdn']}":
ensure => present,
password_hash => mysql::password(fqdn_rand_string(16)),
password_hash => mysql::password($db_pass),
tag => $facts['region'],
}
@@mysql_grant { "${mysql_user}@${facts['networking']['fqdn']}/${mysql_name}.*":
@@mysql_grant { "${db_user}@${facts['networking']['fqdn']}/${db_name}.*":
ensure => present,
table => "${mysql_name}.*",
user => "${mysql_user}@${facts['networking']['fqdn']}",
table => "${db_name}.*",
user => "${db_user}@${facts['networking']['fqdn']}",
privileges => ['ALL'],
tag => $facts['region'],
}
$database_config = {
type => 'mysql',
host => "${mysql_host}:${mysql_port}",
name => $mysql_name,
user => $mysql_user,
password => $mysql_pass.unwrap,
host => "${db_host}:${db_port}",
name => $db_name,
user => $db_user,
password => $db_pass.unwrap,
}
}
# when using mysql backend
if $pgsql_backend {
include profiles::sql::postgresdb
$database_config = {
type => 'postgres',
host => "${db_host}:${db_port}",
name => $db_name,
user => $db_user,
password => $db_pass.unwrap,
}
}
@@ -51,11 +66,48 @@ class profiles::metrics::grafana (
users => {
allow_sign_up => $allow_sign_up,
},
'auth.ldap' => {
enabled => 'true',
config_file => '/etc/grafana/ldap.toml',
},
}
# build the ldap config hash
$ldap_cfg = Sensitive({
servers => [
{ host => 'ldap.service.consul',
port => 389,
use_ssl => false,
search_filter => '(uid=%s)',
search_base_dns => [ 'dc=main,dc=unkin,dc=net' ],
bind_dn => 'cn=svc_grafana,ou=services,ou=users,dc=main,dc=unkin,dc=net',
bind_password => $ldap_bind_pass,
},
],
'servers.attributes' => {
name => 'givenName',
surname => 'sn',
username => 'uid',
member_of => 'memberOf',
email => 'mail',
},
'servers.group_mappings' => [
{
group_dn => 'ou=grafana_admin,ou=groups,dc=main,dc=unkin,dc=net',
org_role => 'Admin',
grafana_admin => true,
},
{
group_dn => 'ou=grafana_user,ou=groups,dc=main,dc=unkin,dc=net',
org_role => 'Viewer',
}
],
})
# deploy grafana
class { 'grafana':
cfg => $cfg,
cfg => $cfg,
ldap_cfg => $ldap_cfg,
}
# fix the package provided systemd service