benvin/grafana_postgres (#334)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
This commit was merged in pull request #334.
This commit is contained in:
@@ -1,15 +1,16 @@
|
||||
# profiles::metrics::grafana
|
||||
class profiles::metrics::grafana (
|
||||
String $ldap_bind_pass,
|
||||
Stdlib::Port $http_port = 8080,
|
||||
String $app_mode = 'production',
|
||||
Boolean $allow_sign_up = false,
|
||||
Boolean $mysql_backend = true,
|
||||
String $mysql_user = 'grafana',
|
||||
String $mysql_name = 'grafana',
|
||||
String $mysql_pass = fqdn_rand_string(16),
|
||||
Stdlib::Host $mysql_host = '127.0.0.1',
|
||||
Stdlib::Port $mysql_port = 3306,
|
||||
|
||||
Boolean $mysql_backend = false,
|
||||
Boolean $pgsql_backend = false,
|
||||
String $db_user = 'grafana',
|
||||
String $db_name = 'grafana',
|
||||
String $db_pass = fqdn_rand_string(16),
|
||||
Stdlib::Host $db_host = '127.0.0.1',
|
||||
Stdlib::Port $db_port = 5432,
|
||||
) {
|
||||
|
||||
# set the fqdn
|
||||
@@ -18,26 +19,40 @@ class profiles::metrics::grafana (
|
||||
# when using mysql backend
|
||||
if $mysql_backend {
|
||||
|
||||
@@mysql_user { "${mysql_user}@${facts['networking']['fqdn']}":
|
||||
@@mysql_user { "${db_user}@${facts['networking']['fqdn']}":
|
||||
ensure => present,
|
||||
password_hash => mysql::password(fqdn_rand_string(16)),
|
||||
password_hash => mysql::password($db_pass),
|
||||
tag => $facts['region'],
|
||||
}
|
||||
|
||||
@@mysql_grant { "${mysql_user}@${facts['networking']['fqdn']}/${mysql_name}.*":
|
||||
@@mysql_grant { "${db_user}@${facts['networking']['fqdn']}/${db_name}.*":
|
||||
ensure => present,
|
||||
table => "${mysql_name}.*",
|
||||
user => "${mysql_user}@${facts['networking']['fqdn']}",
|
||||
table => "${db_name}.*",
|
||||
user => "${db_user}@${facts['networking']['fqdn']}",
|
||||
privileges => ['ALL'],
|
||||
tag => $facts['region'],
|
||||
}
|
||||
|
||||
$database_config = {
|
||||
type => 'mysql',
|
||||
host => "${mysql_host}:${mysql_port}",
|
||||
name => $mysql_name,
|
||||
user => $mysql_user,
|
||||
password => $mysql_pass.unwrap,
|
||||
host => "${db_host}:${db_port}",
|
||||
name => $db_name,
|
||||
user => $db_user,
|
||||
password => $db_pass.unwrap,
|
||||
}
|
||||
}
|
||||
|
||||
# when using mysql backend
|
||||
if $pgsql_backend {
|
||||
|
||||
include profiles::sql::postgresdb
|
||||
|
||||
$database_config = {
|
||||
type => 'postgres',
|
||||
host => "${db_host}:${db_port}",
|
||||
name => $db_name,
|
||||
user => $db_user,
|
||||
password => $db_pass.unwrap,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,11 +66,48 @@ class profiles::metrics::grafana (
|
||||
users => {
|
||||
allow_sign_up => $allow_sign_up,
|
||||
},
|
||||
'auth.ldap' => {
|
||||
enabled => 'true',
|
||||
config_file => '/etc/grafana/ldap.toml',
|
||||
},
|
||||
}
|
||||
|
||||
# build the ldap config hash
|
||||
$ldap_cfg = Sensitive({
|
||||
servers => [
|
||||
{ host => 'ldap.service.consul',
|
||||
port => 389,
|
||||
use_ssl => false,
|
||||
search_filter => '(uid=%s)',
|
||||
search_base_dns => [ 'dc=main,dc=unkin,dc=net' ],
|
||||
bind_dn => 'cn=svc_grafana,ou=services,ou=users,dc=main,dc=unkin,dc=net',
|
||||
bind_password => $ldap_bind_pass,
|
||||
},
|
||||
],
|
||||
'servers.attributes' => {
|
||||
name => 'givenName',
|
||||
surname => 'sn',
|
||||
username => 'uid',
|
||||
member_of => 'memberOf',
|
||||
email => 'mail',
|
||||
},
|
||||
'servers.group_mappings' => [
|
||||
{
|
||||
group_dn => 'ou=grafana_admin,ou=groups,dc=main,dc=unkin,dc=net',
|
||||
org_role => 'Admin',
|
||||
grafana_admin => true,
|
||||
},
|
||||
{
|
||||
group_dn => 'ou=grafana_user,ou=groups,dc=main,dc=unkin,dc=net',
|
||||
org_role => 'Viewer',
|
||||
}
|
||||
],
|
||||
})
|
||||
|
||||
# deploy grafana
|
||||
class { 'grafana':
|
||||
cfg => $cfg,
|
||||
cfg => $cfg,
|
||||
ldap_cfg => $ldap_cfg,
|
||||
}
|
||||
|
||||
# fix the package provided systemd service
|
||||
|
||||
Reference in New Issue
Block a user