1
0
Fork 0
mirror of synced 2024-11-22 17:05:34 -05:00

Client role

This commit is contained in:
Ales Komarek 2016-10-22 00:36:50 +02:00
parent 2e2279603e
commit 9e05491147
6 changed files with 175 additions and 26 deletions

View file

@ -8,28 +8,103 @@ A beautiful, easy to use and feature rich Graphite dashboard replacement and gra
Sample pillars Sample pillars
============== ==============
Sample pillar installed from system package Server deployments
------------------
Server installed from system package
.. code-block:: yaml
grafana: grafana:
server: server:
enabled: true enabled: true
admin:
user: admin
password: passwd
database:
engine: sqlite
Server installed with PostgreSQL database
.. code-block:: yaml
grafana:
server:
enabled: true
admin:
user: admin
password: passwd
database: database:
engine: postgresql engine: postgresql
host: localhost host: localhost
port: 5432 port: 5432
data_source: name: grafana
metrics1: user: grafana
engine: graphite password: passwd
host: metrics1.domain.com
ssl: true Client setups
-------------
Client enforced data sources
.. code-block:: yaml
grafana:
client:
enabled: true
server:
protocol: https
host: grafana.host
port: 3000
token: token
datasource:
graphite:
type: graphite
host: mtr01.domain.com
protocol: https
port: 443 port: 443
user: test elasticsearch:
metrics2: type: elasticsearch
engine: elasticsearch host: log01.domain.com
host: metrics2.domain.com
port: 80 port: 80
user: test user: admin
password: password
index: grafana-dash index: grafana-dash
Client enforced dashboards
.. code-block:: yaml
grafana:
client:
enabled: true
server:
host: grafana.host
port: 3000
token: token
dashboard:
system_metrics:
title: "Generic system metrics"
style: dark
editable: false
row:
top:
title: "First row"
Client enforced dashboards defined in salt-mine
.. code-block:: yaml
grafana:
client:
enabled: true
collect_mine: true
server:
host: grafana.host
port: 3000
token: token
Read more Read more
========= =========

38
grafana/client.sls Normal file
View file

@ -0,0 +1,38 @@
{%- from "grafana/map.jinja" import client with context %}
{%- if client.enabled %}
/etc/salt/minion.d/_grafana.conf:
file.managed:
- source: salt://grafana/files/_grafana.conf
- template: jinja
- user: root
- group: root
{%- for datasource_name, datasource in client.datasource.iteritems() %}
grafana_client_datasource_{{ datasource_name }}:
grafana_datasource.present:
- name: {{ datasource_name }}
- type: {{ datasource.type }}
- url: http://{{ datasource.host }}:{{ datasource.get('port', 80) }}
{%- if datasource.access is defined %}
- access: proxy
{%- endif %}
{%- if datasource.user is defined %}
- basic_auth: true
- basic_auth_user: {{ datasource.user }}
- basic_auth_password: {{ datasource.password }}
{%- endif %}
{%- endfor %}
{%- for dashboard_name, dashboard in client.dashboard.iteritems() %}
grafana_client_dashboard_{{ dashboard_name }}:
grafana_dashboard.present:
- name: {{ dashboard_name }}
- dashboard: {{ dashboard }}
{%- endfor %}
{%- endif %}

View file

@ -0,0 +1,8 @@
{%- from "grafana/map.jinja" import client with context %}
grafana_version: 2
grafana:
grafana_timeout: 3
grafana_token: {{ client.server.token }}
grafana_url: 'http://{{ client.server.host }}:{{ client.server.get('port', 80) }}'

View file

@ -25,7 +25,7 @@
# The ip address to bind to, empty will bind to all interfaces # The ip address to bind to, empty will bind to all interfaces
http_addr = {{ server.bind.address }} http_addr = {{ server.bind.address }}
# The http port to use # The http port to use
http_port = {{ server.bind.port }} http_port = {{ server.bind.port }}
# The public facing domain name used to access grafana from a browser # The public facing domain name used to access grafana from a browser
@ -55,21 +55,25 @@ http_port = {{ server.bind.port }}
[database] [database]
# Either "mysql", "postgres" or "sqlite3", it's your choice # Either "mysql", "postgres" or "sqlite3", it's your choice
type = {% if server.database.engine == "postgresql" %}postgres{% else %}{{ server.database.engine }}{% endif %} type = {% if server.database.engine == "postgresql" %}postgres{% else %}{{ server.database.engine }}{% endif %}
{%- if server.database.engine in ["postgresql", "mysql"] %}
host = {{ server.database.host }}:{{ server.database.port }} host = {{ server.database.host }}:{{ server.database.port }}
name = {{ server.database.name }} name = {{ server.database.name }}
user = {{ server.database.user }} user = {{ server.database.user }}
password = {{ server.database.password }} password = {{ server.database.password }}
{%- endif %}
# For "postgres" only, either "disable", "require" or "verify-full" # For "postgres" only, either "disable", "require" or "verify-full"
;ssl_mode = disable ;ssl_mode = disable
# For "sqlite3" only, path relative to data_path setting # For "sqlite3" only, path relative to data_path setting
;path = grafana.db {%- if server.database.engine in ["postgresql"] %}
path = grafana.db
{%- endif %}
#################################### Session #################################### #################################### Session ####################################
[session] [session]
# Either "memory", "file", "redis", "mysql", "postgres", default is "file" # Either "memory", "file", "redis", "mysql", "postgres", default is "file"
provider = {{ server.get('session', {}).get('engine', 'file') }} provider = {{ server.session.engine }}
# Provider config options # Provider config options
# memory: not have any config yet # memory: not have any config yet
@ -77,7 +81,7 @@ provider = {{ server.get('session', {}).get('engine', 'file') }}
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` # mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable # postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
{%- if server.get('session', {}).get('engine', 'file') == 'redis' %} {%- if server.session.engine == 'redis' %}
provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.session.get('port', 6379) }},db={{ server.session.get('db', 'grafana') }} provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.session.get('port', 6379) }},db={{ server.session.get('db', 'grafana') }}
{%- endif %} {%- endif %}
@ -104,10 +108,10 @@ provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.s
#################################### Security #################################### #################################### Security ####################################
[security] [security]
# default admin user, created on startup # default admin user, created on startup
;admin_user = admin admin_user = {{ server.admin.user }}
# default admin password, can be changed before first start of grafana, or in profile settings # default admin password, can be changed before first start of grafana, or in profile settings
;admin_password = admin admin_password = {{ server.admin.password }}
# used for signing # used for signing
;secret_key = SW2YcwTIb9zpOOhoPsMm ;secret_key = SW2YcwTIb9zpOOhoPsMm
@ -126,21 +130,21 @@ provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.s
#################################### Users #################################### #################################### Users ####################################
[users] [users]
# disable user signup / registration # disable user signup / registration
allow_sign_up = {{ server.get('users', {}).get('sign_up', True)|lower }} allow_sign_up = {{ server.allow_sign_up|lower }}
# Allow non admin users to create organizations # Allow non admin users to create organizations
allow_org_create = {{ server.get('users', {}).get('org_create', True)|lower }} allow_org_create = {{ server.allow_org_create|lower }}
# Set to true to automatically assign new users to the default organization (id 1) # Set to true to automatically assign new users to the default organization (id 1)
;auto_assign_org = true ;auto_assign_org = true
# Default role new users will be automatically assigned (if disabled above is set to true) # Default role new users will be automatically assigned (if disabled above is set to true)
;auto_assign_org_role = Viewer ;auto_assign_org_role = Viewer
auto_assign_org_role = {{ server.get('users', {}).get('auto_assign_role', 'Viewer') }} auto_assign_org_role = {{ server.auto_assign_role }}
#################################### Anonymous Auth ########################## #################################### Anonymous Auth ##########################
[auth.anonymous] [auth.anonymous]
{%- if server.get('auth', {}).get('engine', None) == 'anonymous' %} {%- if server.auth.engine == 'anonymous' %}
enabled = true enabled = true
{%- if server.auth.organization is defined %} {%- if server.auth.organization is defined %}
@ -189,7 +193,7 @@ org_name = {{ server.auth.role }}
#################################### Auth Proxy ########################## #################################### Auth Proxy ##########################
[auth.proxy] [auth.proxy]
{%- if server.get('auth', {}).get('engine', None) == 'proxy' %} {%- if server.auth.engine == 'proxy' %}
enabled = true enabled = true
header_name = {{ server.auth.get('header', 'X-Forwarded-User') }} header_name = {{ server.auth.get('header', 'X-Forwarded-User') }}
header_property = {{ server.auth.get('header_property', 'username') }} header_property = {{ server.auth.get('header_property', 'username') }}
@ -198,10 +202,10 @@ auto_sign_up = true
#################################### Basic Auth ########################## #################################### Basic Auth ##########################
[auth.basic] [auth.basic]
{%- if server.get('auth', {}).get('engine', 'basic') != 'basic' %} {%- if server.auth.engine == 'basic' %}
enabled = false
{%- else %}
enabled = true enabled = true
{%- else %}
enabled = false
{%- endif %} {%- endif %}
#################################### Auth LDAP ########################## #################################### Auth LDAP ##########################

View file

@ -4,4 +4,7 @@ include:
{%- if pillar.grafana.server is defined %} {%- if pillar.grafana.server is defined %}
- grafana.server - grafana.server
{%- endif %} {%- endif %}
{%- if pillar.grafana.client is defined %}
- grafana.client
{%- endif %}
{%- endif %} {%- endif %}

View file

@ -7,6 +7,27 @@ Debian:
bind: bind:
address: 0.0.0.0 address: 0.0.0.0
port: 3000 port: 3000
session:
engine: file
auth:
engine: application
admin:
user: admin
password: admin
allow_sign_up: False
allow_org_create: False
auto_assign_role: Viewer
{%- endload %} {%- endload %}
{%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('grafana:server')) %} {%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('grafana:server')) %}
{%- load_yaml as base_defaults %}
Debian:
server:
host: 127.0.0.1
port: 3000
datasource: {}
dashboard: {}
{%- endload %}
{%- set client = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('grafana:client')) %}