Merge 2dbcc53769 into b863646e71

grafana/files/grafana.ini

@@ -20,7 +20,11 @@ logs = {{ server.path.logs }}
 #################################### Server ####################################
 [server]
 # Protocol (http or https)
+{%- if 'protocol' in server %}
 protocol = {{ server.protocol }}
+{%- else %}
+;protocol = http
+{% endif %}
 
 # The ip address to bind to, empty will bind to all interfaces
 http_addr = {{ server.bind.address }}
@@ -29,14 +33,22 @@ http_addr = {{ server.bind.address }}
 http_port = {{ server.bind.port }}
 
 # The public facing domain name used to access grafana from a browser
+{%- if 'domain' in server %}
 domain = {{ server.domain }}
+{%- else %}
+;domain = localhost
+{%- endif %}
 
 # Redirect to correct domain if host header does not match domain
 # Prevents DNS rebinding attacks
 ;enforce_domain = false
 
 # The full public facing url
+{%- if 'root_url' in server %}
 root_url = {{ server.root_url }}
+{%- else %}
+;root_url = %(protocol)s://%(domain)s:%(http_port)s/
+{%- endif %}
 
 # Log web requests
 ;router_logging = false

grafana/files/ldap.toml

@@ -12,9 +12,9 @@ port = {{ ldap_params.port }}
 use_ssl = {{ ldap_params.use_ssl|lower }}
 
 # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
-start_tls = false
+start_tls = {{ ldap_params.start_tls|lower }}
 # set to true if you want to skip ssl cert validation
-ssl_skip_verify = false
+ssl_skip_verify = {{ ldap_params.ssl_skip_verify|lower }}
 # set to the path to your root CA certificate or leave unset to use system defaults
 # root_ca_cert = /path/to/certificate.crt
 

grafana/init.sls

@@ -2,6 +2,9 @@
 {%- if pillar.grafana is defined %}
 include:
 {%- if pillar.grafana.server is defined %}
+  {%- if pillar.grafana.server.manage_repo and grains['os_family'] == 'RedHat' %}
+- grafana.repo.redhat
+  {%- endif %}
 - grafana.server
 {%- endif %}
 {%- if pillar.grafana.client is defined %}

grafana/map.jinja

@@ -1,6 +1,7 @@
 
 {%- load_yaml as server_defaults %}
 Debian:
+  manage_repo: false
   pkgs:
   - grafana
   service: grafana-server
@@ -26,6 +27,56 @@ Debian:
       host: '127.0.0.1'
       port: 389
       use_ssl: false
+      start_tls: false
+      ssl_skip_verify: false
+      bind_dn: "cn=admin,dc=grafana,dc=org"
+      bind_password: "grafana"
+      user_search_filter: "(cn=%s)"
+      user_search_base_dns:
+      - "dc=grafana,dc=org"
+      servers:
+        attributes:
+          name: "givenName"
+          surname: "sn"
+          username: "cn"
+          member_of: "memberOf"
+          email: "email"
+  admin:
+    user: admin
+    password: admin
+  allow_sign_up: False
+  allow_org_create: False
+  auto_assign_role: Viewer
+  dir:
+    static: /usr/share/grafana/public
+  dashboards:
+    enabled: false
+RedHat:
+  manage_repo: true
+  pkgs:
+  - grafana
+  service: grafana-server
+  user: grafana
+  group: grafana
+  path:
+    home: /usr/share/grafana
+    data: /var/lib/grafana
+    logs: /var/log/grafana
+    pid_file_dir: /var/run/grafana
+  bind:
+    address: 0.0.0.0
+    port: 3000
+  session:
+    engine: file
+  auth:
+    engine: application
+    ldap:
+      enabled: false
+      host: '127.0.0.1'
+      port: 389
+      use_ssl: false
+      start_tls: false
+      ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"
       user_search_filter: "(cn=%s)"
@@ -61,6 +112,14 @@ Debian:
     engine: none
   datasource: {}
   dashboard: {}
+RedHat:
+  server:
+    host: 127.0.0.1
+    port: 3000
+  remote_data:
+    engine: none
+  datasource: {}
+  dashboard: {}
 {%- endload %}
 
 {%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('grafana:client')) %}

grafana/repo/redhat.sls

@@ -0,0 +1,10 @@
+grafana:
+  pkgrepo.managed:
+    - humanname: 'grafana'
+    - name: 'grafana'
+    - baseurl: 'https://packages.grafana.com/oss/rpm'
+    - enabled: 1
+    - gpgcheck: 1
+    - gpgkey: https://packages.grafana.com/gpg.key
+    - sslverify: 1
+    - sslcacert: /etc/pki/tls/certs/ca-bundle.crt