From a890d1f924a879d2fc52fd86f019914441c27a00 Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Tue, 27 Nov 2018 14:09:36 +0100
Subject: [PATCH 1/7] redhat

---
 grafana/init.sls        |  3 +++
 grafana/repo/redhat.sls | 10 ++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 grafana/repo/redhat.sls

diff --git a/grafana/init.sls b/grafana/init.sls
index 9829b7f..65e12fd 100644
--- a/grafana/init.sls
+++ b/grafana/init.sls
@@ -1,6 +1,9 @@
 
 {%- if pillar.grafana is defined %}
 include:
+{%- if grains['os_family'] == 'RedHat' %}
+- grafana.repo.redhat
+{%- endif %}
 {%- if pillar.grafana.server is defined %}
 - grafana.server
 {%- endif %}
diff --git a/grafana/repo/redhat.sls b/grafana/repo/redhat.sls
new file mode 100644
index 0000000..650ca35
--- /dev/null
+++ b/grafana/repo/redhat.sls
@@ -0,0 +1,10 @@
+grafana:
+  pkgrepo.managed:
+    - humanname: 'grafana'
+    - name: 'grafana'
+    - baseurl: 'https://packagecloud.io/grafana/stable/el/7/$basearch'
+    - enabled: 1
+    - gpgcheck: 1
+    - gpgkey: https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
+    - sslverify: 1
+    - sslcacert: /etc/pki/tls/certs/ca-bundle.crt

From a958475d837d1cf28ab50118c0b37cc284b25845 Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Tue, 27 Nov 2018 14:11:39 +0100
Subject: [PATCH 2/7] RedHat

---
 grafana/map.jinja | 53 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/grafana/map.jinja b/grafana/map.jinja
index c1b1478..b103204 100644
--- a/grafana/map.jinja
+++ b/grafana/map.jinja
@@ -48,6 +48,51 @@ Debian:
     static: /usr/share/grafana/public
   dashboards:
     enabled: false
+RedHat:
+  pkgs:
+  - grafana
+  service: grafana-server
+  user: grafana
+  group: grafana
+  path:
+    home: /usr/share/grafana
+    data: /var/lib/grafana
+    logs: /var/log/grafana
+    pid_file_dir: /var/run/grafana
+  bind:
+    address: 0.0.0.0
+    port: 3000
+  session:
+    engine: file
+  auth:
+    engine: application
+    ldap:
+      enabled: false
+      host: '127.0.0.1'
+      port: 389
+      use_ssl: false
+      bind_dn: "cn=admin,dc=grafana,dc=org"
+      bind_password: "grafana"
+      user_search_filter: "(cn=%s)"
+      user_search_base_dns:
+      - "dc=grafana,dc=org"
+      servers:
+        attributes:
+          name: "givenName"
+          surname: "sn"
+          username: "cn"
+          member_of: "memberOf"
+          email: "email"
+  admin:
+    user: admin
+    password: admin
+  allow_sign_up: False
+  allow_org_create: False
+  auto_assign_role: Viewer
+  dir:
+    static: /usr/share/grafana/public
+  dashboards:
+    enabled: false
 {%- endload %}
 
 {%- set server = salt['grains.filter_by'](server_defaults, merge=salt['pillar.get']('grafana:server')) %}
@@ -61,6 +106,14 @@ Debian:
     engine: none
   datasource: {}
   dashboard: {}
+RedHat:
+  server:
+    host: 127.0.0.1
+    port: 3000
+  remote_data:
+    engine: none
+  datasource: {}
+  dashboard: {}
 {%- endload %}
 
 {%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('grafana:client')) %}

From 882bf2f52302ce28a3ef7c231eb24311c9339769 Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Tue, 27 Nov 2018 14:38:01 +0100
Subject: [PATCH 3/7] ssl_skip_verify

---
 grafana/files/ldap.toml | 2 +-
 grafana/map.jinja       | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/grafana/files/ldap.toml b/grafana/files/ldap.toml
index 0190ea2..771f923 100644
--- a/grafana/files/ldap.toml
+++ b/grafana/files/ldap.toml
@@ -14,7 +14,7 @@ use_ssl = {{ ldap_params.use_ssl|lower }}
 # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
 start_tls = false
 # set to true if you want to skip ssl cert validation
-ssl_skip_verify = false
+ssl_skip_verify = {{ ldap_params.ssl_skip_verify }}
 # set to the path to your root CA certificate or leave unset to use system defaults
 # root_ca_cert = /path/to/certificate.crt
 
diff --git a/grafana/map.jinja b/grafana/map.jinja
index b103204..bd3e4b7 100644
--- a/grafana/map.jinja
+++ b/grafana/map.jinja
@@ -26,6 +26,7 @@ Debian:
       host: '127.0.0.1'
       port: 389
       use_ssl: false
+	  ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"
       user_search_filter: "(cn=%s)"
@@ -70,7 +71,8 @@ RedHat:
       enabled: false
       host: '127.0.0.1'
       port: 389
-      use_ssl: false
+	  use_ssl: false
+	  ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"
       user_search_filter: "(cn=%s)"

From 5d5aa618563b82e8226267f04ae56e6b5584a2f2 Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Tue, 27 Nov 2018 14:39:48 +0100
Subject: [PATCH 4/7] tab

---
 grafana/map.jinja | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/grafana/map.jinja b/grafana/map.jinja
index bd3e4b7..bea8d7f 100644
--- a/grafana/map.jinja
+++ b/grafana/map.jinja
@@ -26,7 +26,7 @@ Debian:
       host: '127.0.0.1'
       port: 389
       use_ssl: false
-	  ssl_skip_verify: false
+      ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"
       user_search_filter: "(cn=%s)"
@@ -71,8 +71,8 @@ RedHat:
       enabled: false
       host: '127.0.0.1'
       port: 389
-	  use_ssl: false
-	  ssl_skip_verify: false
+      use_ssl: false
+      ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"
       user_search_filter: "(cn=%s)"

From 897d9a028f03b3425e908e4d64f90b6017c3f369 Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Tue, 27 Nov 2018 14:43:29 +0100
Subject: [PATCH 5/7] fix

---
 grafana/files/ldap.toml | 4 ++--
 grafana/map.jinja       | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/grafana/files/ldap.toml b/grafana/files/ldap.toml
index 771f923..030ec67 100644
--- a/grafana/files/ldap.toml
+++ b/grafana/files/ldap.toml
@@ -12,9 +12,9 @@ port = {{ ldap_params.port }}
 use_ssl = {{ ldap_params.use_ssl|lower }}
 
 # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
-start_tls = false
+start_tls = {{ ldap_params.start_tls|lower }}
 # set to true if you want to skip ssl cert validation
-ssl_skip_verify = {{ ldap_params.ssl_skip_verify }}
+ssl_skip_verify = {{ ldap_params.ssl_skip_verify|lower }}
 # set to the path to your root CA certificate or leave unset to use system defaults
 # root_ca_cert = /path/to/certificate.crt
 
diff --git a/grafana/map.jinja b/grafana/map.jinja
index bea8d7f..13e80c2 100644
--- a/grafana/map.jinja
+++ b/grafana/map.jinja
@@ -26,6 +26,7 @@ Debian:
       host: '127.0.0.1'
       port: 389
       use_ssl: false
+      start_tls: false
       ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"
@@ -72,6 +73,7 @@ RedHat:
       host: '127.0.0.1'
       port: 389
       use_ssl: false
+      start_tls: false
       ssl_skip_verify: false
       bind_dn: "cn=admin,dc=grafana,dc=org"
       bind_password: "grafana"

From db864c59fa4a54b9543532df97f42d9151f56abd Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Thu, 20 Jun 2019 14:45:39 +0200
Subject: [PATCH 6/7] allow to disable repo

---
 grafana/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grafana/init.sls b/grafana/init.sls
index 65e12fd..feac486 100644
--- a/grafana/init.sls
+++ b/grafana/init.sls
@@ -1,7 +1,7 @@
 
 {%- if pillar.grafana is defined %}
 include:
-{%- if grains['os_family'] == 'RedHat' %}
+{%- if grafana.manage_repo and grains['os_family'] == 'RedHat' %}
 - grafana.repo.redhat
 {%- endif %}
 {%- if pillar.grafana.server is defined %}

From 40f33c777a50bffdc1abf518973c672569079894 Mon Sep 17 00:00:00 2001
From: Benjamin DUPUIS <benjamin.dupuis@orange.com>
Date: Thu, 20 Jun 2019 14:53:08 +0200
Subject: [PATCH 7/7] Allow to not configure default parameters

---
 grafana/files/grafana.ini | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/grafana/files/grafana.ini b/grafana/files/grafana.ini
index 6866229..836ed97 100644
--- a/grafana/files/grafana.ini
+++ b/grafana/files/grafana.ini
@@ -20,7 +20,11 @@ logs = {{ server.path.logs }}
 #################################### Server ####################################
 [server]
 # Protocol (http or https)
+{%- if 'protocol' in server %}
 protocol = {{ server.protocol }}
+{%- else %}
+;protocol = http
+{% endif %}
 
 # The ip address to bind to, empty will bind to all interfaces
 http_addr = {{ server.bind.address }}
@@ -29,14 +33,22 @@ http_addr = {{ server.bind.address }}
 http_port = {{ server.bind.port }}
 
 # The public facing domain name used to access grafana from a browser
+{%- if 'domain' in server %}
 domain = {{ server.domain }}
+{%- else %}
+;domain = localhost
+{%- endif %}
 
 # Redirect to correct domain if host header does not match domain
 # Prevents DNS rebinding attacks
 ;enforce_domain = false
 
 # The full public facing url
+{%- if 'root_url' in server %}
 root_url = {{ server.root_url }}
+{%- else %}
+;root_url = %(protocol)s://%(domain)s:%(http_port)s/
+{%- endif %}
 
 # Log web requests
 ;router_logging = false