From 7950c96da288b4f4efeef3b0f80f5a6377a752e1 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 8 Jan 2020 12:08:06 +0100 Subject: [PATCH] grafana: new role --- roles/grafana/meta/main.yml | 5 +++++ roles/grafana/tasks/main.yml | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 roles/grafana/meta/main.yml create mode 100644 roles/grafana/tasks/main.yml diff --git a/roles/grafana/meta/main.yml b/roles/grafana/meta/main.yml new file mode 100644 index 0000000..8fcf724 --- /dev/null +++ b/roles/grafana/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: +- { role: acertmgr } +- { role: nginx, nginx_ssl: True } diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml new file mode 100644 index 0000000..bc380f6 --- /dev/null +++ b/roles/grafana/tasks/main.yml @@ -0,0 +1,35 @@ +--- + +- name: Enable grafana apt-key + apt_key: url='https://packages.grafana.com/gpg.key' + +- name: Enable grafana repository + apt_repository: repo='deb https://packages.grafana.com/oss/deb stable main' + +- name: Install grafana + apt: name=grafana + +- name: Ensure certificates are available + command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ grafana_domain }}.key -out /etc/nginx/ssl/{{ grafana_domain }}.crt -days 730 -subj "/CN={{ grafana_domain }}" creates=/etc/nginx/ssl/{{ grafana_domain }}.crt + notify: Restart nginx + +- name: Request nsupdate key for certificate + include_role: name=acme-dnskey-generate + vars: + acme_dnskey_san_domains: + - "{{ grafana_domain }}" + +- name: Configure certificate manager for grafana + template: src=certs.j2 dest=/etc/acertmgr/{{ grafana_domain }}.conf + notify: Run acertmgr + +- name: Configure vhost + template: src=vhost.j2 dest=/etc/nginx/sites-available/grafana + notify: Restart nginx + +- name: Enable vhost + file: src=/etc/nginx/sites-available/grafana dest=/etc/nginx/sites-enabled/grafana state=link + notify: Restart nginx + +- name: Start grafana + service: name=grafana state=started enabled=yes