From 08289a09146861649de6a328dace183f74e686f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Irek=20G=C5=82ownia?= <48471627+plirglo@users.noreply.github.com> Date: Fri, 5 Feb 2021 12:15:17 +0100 Subject: [PATCH] Upgrade Grafana to v7.3.5 [Backport] (#2020) Upgrade Grafana to v7.3.5 [Backport to v0.8] --- CHANGELOG-0.8.md | 1 + .../data/common/ansible/playbooks/grafana.yml | 2 +- .../playbooks/roles/grafana/defaults/main.yml | 6 +- .../playbooks/roles/grafana/handlers/main.yml | 12 +-- .../roles/grafana/tasks/api_keys.yml | 22 +++-- .../roles/grafana/tasks/configure.yml | 52 +++++++--- .../roles/grafana/tasks/dashboards.yml | 94 +++++-------------- .../roles/grafana/tasks/datasources.yml | 21 +---- .../playbooks/roles/grafana/tasks/install.yml | 39 ++++---- .../playbooks/roles/grafana/tasks/main.yml | 74 ++------------- .../roles/grafana/tasks/notifications.yml | 6 +- .../playbooks/roles/grafana/tasks/plugins.yml | 12 +-- .../roles/grafana/tasks/preflight.yml | 62 ++++-------- .../centos-7/requirements.txt | 2 +- .../redhat-7/requirements.txt | 2 +- .../ubuntu-18.04/requirements.txt | 2 +- .../playbooks/roles/upgrade/tasks/grafana.yml | 28 ++++++ .../data/common/ansible/playbooks/upgrade.yml | 9 ++ .../common/defaults/configuration/grafana.yml | 3 - docs/home/COMPONENTS.md | 2 +- 20 files changed, 170 insertions(+), 281 deletions(-) create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/grafana.yml diff --git a/CHANGELOG-0.8.md b/CHANGELOG-0.8.md index 0af2c53fe6..4ecd9e3216 100644 --- a/CHANGELOG-0.8.md +++ b/CHANGELOG-0.8.md @@ -15,6 +15,7 @@ - [#1964](https://github.com/epiphany-platform/epiphany/issues/1964) - Upgrade Elasticsearch Curator to v5.8.3 - [#1919](https://github.com/epiphany-platform/epiphany/issues/1919) - Upgrade Kafka to v2.6.0 - [#1926](https://github.com/epiphany-platform/epiphany/issues/1926) - Upgrade Zookeeper to v3.5.8 +- [#1949](https://github.com/epiphany-platform/epiphany/issues/1949) - Upgrade Grafana to v7.3.5 - [#1855](https://github.com/epiphany-platform/epiphany/issues/1855) - Upgrade Docker to v19.03.14 ## [0.8.0] 2020-10-22 diff --git a/core/src/epicli/data/common/ansible/playbooks/grafana.yml b/core/src/epicli/data/common/ansible/playbooks/grafana.yml index 77eca32da8..1e957ac8e2 100644 --- a/core/src/epicli/data/common/ansible/playbooks/grafana.yml +++ b/core/src/epicli/data/common/ansible/playbooks/grafana.yml @@ -1,7 +1,7 @@ --- - hosts: all gather_facts: yes - tasks: [ ] + tasks: [] - hosts: grafana become: true diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml index 2d98c1ed21..7841aa2963 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml @@ -1,8 +1,5 @@ --- -grafana_version: "{{ specification.version }}" - -# Should we use the provisioning capability when possible (provisioning require grafana >= 5.0) -grafana_use_provisioning: "{{ specification.grafana_use_provisioning }}" +grafana_version: 7.3.5 # Should the provisioning be kept synced. If true, previous provisioned objects will be removed if not referenced anymore. grafana_provisioning_synced: "{{ specification.grafana_provisioning_synced }}" @@ -93,4 +90,3 @@ grafana_api_keys: "{{ specification.grafana_api_keys }}" grafana_api_keys_dir: "{{ lookup('env', 'HOME') }}/grafana/keys" grafana_environment: {} - diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/handlers/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/handlers/main.yml index cc636abe27..0360230920 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/handlers/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/handlers/main.yml @@ -1,21 +1,17 @@ --- - name: restart grafana - become: true service: name: grafana-server state: restarted - tags: - - grafana_run - name: Set privileges on provisioned dashboards - become: true file: path: "{{ grafana_data_dir }}/dashboards" recurse: true owner: grafana group: grafana - mode: 0640 - listen: "provisioned dashboards changed" + mode: u=rw,g=r,o= + listen: provisioned dashboards changed - name: Set privileges on provisioned dashboards directory become: true @@ -23,5 +19,5 @@ path: "{{ grafana_data_dir }}/dashboards" state: directory recurse: false - mode: 0755 - listen: "provisioned dashboards changed" \ No newline at end of file + mode: u=rwx,go=rx + listen: provisioned dashboards changed diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/api_keys.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/api_keys.yml index 89ac23b204..48c8a257d1 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/api_keys.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/api_keys.yml @@ -1,10 +1,11 @@ --- - name: Ensure grafana key directory exists + delegate_to: localhost become: false file: path: "{{ grafana_api_keys_dir }}/{{ inventory_hostname }}" state: directory - delegate_to: localhost + mode: u=rwx,go= - name: Check api key list uri: @@ -13,8 +14,8 @@ password: "{{ grafana_security.admin_password }}" force_basic_auth: true return_content: true - no_log: true register: existing_api_keys + no_log: true - name: Create grafana api keys uri: @@ -25,17 +26,18 @@ method: POST body_format: json body: "{{ item | to_json }}" - with_items: "{{ grafana_api_keys }}" - no_log: true - when: ((existing_api_keys['json'] | selectattr("name", "equalto", item['name'])) | list) | length == 0 + when: existing_api_keys.json | selectattr('name', '==', item.name) | length == 0 + loop: "{{ grafana_api_keys }}" register: new_api_keys + no_log: true - name: Create api keys file to allow the keys to be seen and used by other automation + delegate_to: localhost become: false copy: - dest: "{{ grafana_api_keys_dir }}/{{ inventory_hostname }}/{{ item['item']['name'] }}.key" - content: "{{ item['json']['key'] }}" + dest: "{{ grafana_api_keys_dir }}/{{ inventory_hostname }}/{{ item.item.name }}.key" + content: "{{ item.json.key }}" backup: false - when: item['json'] is defined - with_items: "{{ new_api_keys['results'] }}" - delegate_to: localhost \ No newline at end of file + mode: u=rw,go= + when: item.json is defined + loop: "{{ new_api_keys.results }}" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/configure.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/configure.yml index 926245053b..44a66ccd06 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/configure.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/configure.yml @@ -5,11 +5,34 @@ state: directory owner: root group: grafana - with_items: - - "/etc/grafana" - - "/etc/grafana/datasources" - - "/etc/grafana/provisioning" - - "/etc/grafana/provisioning/datasources" + mode: ug=rwx,o= + loop: + - /etc/grafana/datasources + - /etc/grafana/provisioning/datasources + - /etc/grafana/ssl + +- name: Generate self signed SSL certificates + command: > + openssl req + -new + -newkey rsa:4096 + -days 365 + -nodes + -x509 + -subj "/C=US/ST=NY/L=NY/O=NA/CN=localhost" + -keyout /etc/grafana/ssl/grafana_key.key + -out /etc/grafana/ssl/grafana_cert.pem + args: + creates: /etc/grafana/ssl/grafana_cert.pem + +- name: Ensure grafana ssl directory permissions are correct + file: + path: /etc/grafana/ssl + state: directory + owner: root + group: grafana + mode: ug+rw,o= + recurse: true - name: Create grafana main configuration file template: @@ -17,9 +40,9 @@ dest: /etc/grafana/grafana.ini owner: root group: grafana - mode: 0640 - no_log: true + mode: ug=rw,o= notify: restart grafana + no_log: true - name: Create grafana LDAP configuration file template: @@ -27,23 +50,22 @@ dest: "{{ grafana_auth.ldap.config_file | default('/etc/grafana/ldap.toml') }}" owner: root group: grafana - mode: 0640 + mode: ug=rw,o= when: - "'ldap' in grafana_auth" - "'enabled' not in grafana_auth.ldap or grafana_auth.ldap.enabled" - no_log: true notify: restart grafana + no_log: true - name: Create grafana directories file: path: "{{ item }}" state: directory - mode: 0755 - owner: "grafana" - group: "grafana" + owner: grafana + group: grafana + mode: ug=rwx,o= with_items: - "{{ grafana_logs_dir }}" - - "{{ grafana_data_dir }}" - "{{ grafana_data_dir }}/dashboards" - "{{ grafana_data_dir }}/plugins" @@ -59,6 +81,6 @@ - name: Enable and start Grafana systemd unit systemd: name: grafana-server - enabled: true state: started - daemon_reload: true \ No newline at end of file + enabled: true + daemon_reload: true diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/dashboards.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/dashboards.yml index 3d91f6034d..f036a682d8 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/dashboards.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/dashboards.yml @@ -1,34 +1,25 @@ --- -- become: false +- name: Download and prepare dashboards delegate_to: localhost + become: false run_once: true block: - name: Create local grafana dashboard directory tempfile: state: directory - register: _tmp_dashboards + register: tmp_dashboards changed_when: false check_mode: false - # Use curl to solve issue #77 - - name: download grafana dashboard from grafana.net to local directory - command: > - curl --fail --compressed - https://grafana.com/api/dashboards/{{ item.dashboard_id }}/revisions/{{ item.revision_id }}/download - -o {{ _tmp_dashboards.path }}/{{ item.dashboard_id }}.json - args: - creates: "{{ _tmp_dashboards.path }}/{{ item.dashboard_id }}.json" - warn: false - register: _download_dashboards - until: _download_dashboards is succeeded + - name: Download grafana dashboard from grafana.com to local directory + get_url: + url: https://grafana.com/api/dashboards/{{ item.dashboard_id }}/revisions/{{ item.revision_id }}/download + dest: "{{ tmp_dashboards.path }}/{{ item.dashboard_id }}.json" + register: result + until: result is success retries: 5 delay: 2 - with_items: "{{ grafana_dashboards }}" - when: grafana_dashboards | length > 0 - changed_when: false - check_mode: false - tags: - - skip_ansible_lint + loop: "{{ grafana_dashboards }}" # As noted in [1] an exported dashboard replaces the exporter's datasource # name with a representative name, something like 'DS_GRAPHITE'. The name @@ -61,56 +52,19 @@ # # This regex can be tested and understood better by looking at the # matches and non-matches in https://regex101.com/r/f4Gkvg/6 - - name: Set the correct data source name in the dashboard replace: - dest: "{{ _tmp_dashboards.path }}/{{ item.dashboard_id }}.json" + dest: "{{ tmp_dashboards.path }}/{{ item.dashboard_id }}.json" regexp: '"(?:\${)?DS_[A-Z0-9_-]+(?:})?"' replace: '"{{ item.datasource }}"' changed_when: false - with_items: "{{ grafana_dashboards }}" - when: grafana_dashboards | length > 0 + loop: "{{ grafana_dashboards }}" -- name: Import grafana dashboards through API - uri: - url: "{{ grafana_api_url }}/api/dashboards/db" - user: "{{ grafana_security.admin_user }}" - password: "{{ grafana_security.admin_password }}" - force_basic_auth: true - method: POST - body_format: json - body: > - { - "dashboard": {{ lookup("file", item) }}, - "overwrite": true, - "message": "Updated by ansible" - } - no_log: true - with_fileglob: - - "{{ _tmp_dashboards.path }}/*" - - "{{ grafana_dashboards_dir }}/*.json" - when: not grafana_use_provisioning - -# TODO: uncomment this when ansible 2.7 will be min supported version -# - name: import grafana dashboards -# grafana_dashboard: -# grafana_url: "{{ grafana_api_url }}" -# grafana_user: "{{ grafana_security.admin_user }}" -# grafana_password: "{{ grafana_security.admin_password }}" -# path: "/tmp/dashboards/{{ item }}" -# message: Updated by ansible -# state: present -# overwrite: true -# no_log: true -# with_fileglob: -# - "/tmp/dashboards/*" - -- when: grafana_use_provisioning +- name: Update dashboards block: - name: Create/Update dashboards file (provisioning) - become: true copy: - dest: "/etc/grafana/provisioning/dashboards/ansible.yml" + dest: /etc/grafana/provisioning/dashboards/ansible.yml content: | apiVersion: 1 providers: @@ -123,7 +77,7 @@ backup: false owner: root group: grafana - mode: 0640 + mode: u=rw,g=r,o= notify: restart grafana - name: Register previously copied dashboards @@ -132,30 +86,28 @@ hidden: true patterns: - "*.json" - register: _dashboards_present + register: dashboards_present when: grafana_provisioning_synced - name: Import grafana dashboards - become: true copy: src: "{{ item }}" dest: "{{ grafana_data_dir }}/dashboards/{{ item | basename }}" with_fileglob: - - "{{ _tmp_dashboards.path }}/*" + - "{{ tmp_dashboards.path }}/*.json" - "{{ grafana_dashboards_dir }}/*.json" - register: _dashboards_copied - notify: "provisioned dashboards changed" + register: dashboards_copied + notify: provisioned dashboards changed - name: Get dashboard lists set_fact: - _dashboards_present_list: "{{ _dashboards_present | json_query('files[*].path') | default([]) }}" - _dashboards_copied_list: "{{ _dashboards_copied | json_query('results[*].dest') | default([]) }}" + dashboards_present_list: "{{ dashboards_present.files | map(attribute='path') | list }}" + dashboards_copied_list: "{{ dashboards_copied.results | map(attribute='dest') | list }}" when: grafana_provisioning_synced - name: Remove dashbards not present on deployer machine (synchronize) - become: true file: path: "{{ item }}" state: absent - with_items: "{{ _dashboards_present_list | difference( _dashboards_copied_list ) }}" - when: grafana_provisioning_synced \ No newline at end of file + loop: "{{ dashboards_present_list | difference(dashboards_copied_list) }}" + when: grafana_provisioning_synced diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/datasources.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/datasources.yml index ddf49dba83..3cb5cdbb9f 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/datasources.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/datasources.yml @@ -1,23 +1,7 @@ --- -- name: Ensure datasources exist (via API) - grafana_datasource: - grafana_url: "{{ grafana_api_url }}" - grafana_user: "{{ grafana_security.admin_user }}" - grafana_password: "{{ grafana_security.admin_password }}" - name: "{{ item.name }}" - url: "{{ item.url }}" - ds_type: "{{ item.type }}" - access: "{{ item.access | default(omit) }}" - is_default: "{{ item.isDefault | default(omit) }}" - basic_auth_user: "{{ item.basicAuthUser | default(omit) }}" - basic_auth_password: "{{ item.basicAuthPassword | default(omit) }}" - with_items: "{{ grafana_datasources }}" - when: not grafana_use_provisioning - - name: Create/Update datasources file (provisioning) - become: true copy: - dest: "/etc/grafana/provisioning/datasources/ansible.yml" + dest: /etc/grafana/provisioning/datasources/ansible.yml content: | apiVersion: 1 deleteDatasources: [] @@ -26,6 +10,5 @@ backup: false owner: root group: grafana - mode: 0640 + mode: u=rw,g=r,o= notify: restart grafana - when: grafana_use_provisioning diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml index a1f1b4ba25..ca62780b05 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml @@ -1,32 +1,25 @@ --- - - name: Remove conflicting grafana packages package: name: grafana-data state: absent - register: _old_grafana_pkgs - -- name: Install dependencies for Debian family - package: - name: "{{ item }}" - state: present - loop: - - apt-transport-https - - adduser - - ca-certificates - - libfontconfig - - gnupg2 - when: ansible_os_family == "Debian" -#TODO: this is a quick workaround, we should tackle versioning in a smarter way -- name: Install Grafana +- name: Install Grafana with dependencies package: - name: "grafana-{{ grafana_version }}" + name: "{{ _packages[ansible_os_family] }}" state: present - when: ansible_os_family == "RedHat" + vars: + _packages: + Debian: + - grafana={{ grafana_version }} + RedHat: + - grafana-{{ grafana_version }} -- name: Install Grafana - package: - name: "grafana={{ grafana_version }}" - state: present - when: ansible_os_family == "Debian" \ No newline at end of file +- name: Recursively chown /etc/grafana (fix permissions) + file: + path: /etc/grafana + state: directory + owner: root + group: grafana + mode: ug+rw,o= + recurse: true \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/main.yml index d70bad335d..507a18e522 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/main.yml @@ -1,86 +1,28 @@ --- +- include_tasks: preflight.yml -- include: preflight.yml - tags: - - grafana_install - - grafana_configure - - grafana_datasources - - grafana_notifications - - grafana_dashboards +- include_tasks: install.yml -- include: install.yml - become: true - tags: - - grafana_install +- include_tasks: configure.yml -- include: configure.yml - become: true - tags: - - grafana_configure - -- include: plugins.yml +- include_tasks: plugins.yml when: grafana_plugins != [] - tags: - - grafana_configure - name: Restart grafana before configuring datasources and dashboards meta: flush_handlers - tags: - - grafana_install - - grafana_configure - - grafana_datasources - - grafana_notifications - - grafana_dashboards - - grafana_run - name: Wait for grafana to start wait_for: host: "{{ grafana_address }}" port: "{{ grafana_port }}" - tags: - - grafana_install - - grafana_configure - - grafana_datasources - - grafana_notifications - - grafana_dashboards - - grafana_run -- include: api_keys.yml +- include_tasks: api_keys.yml when: grafana_api_keys | length > 0 - tags: - - grafana_configure - - grafana_run -- include: datasources.yml +- include_tasks: datasources.yml when: grafana_datasources != [] - tags: - - grafana_configure - - grafana_datasources - - grafana_run -- include: notifications.yml +- include_tasks: notifications.yml when: grafana_alert_notifications | length > 0 - tags: - - grafana_configure - - grafana_notifications - - grafana_run - -- name: "Check if there are any dashboards in {{ grafana_dashboards_dir }}" - become: false - find: - paths: "{{ grafana_dashboards_dir }}" - patterns: '*.json' - delegate_to: localhost - run_once: true - register: found_dashboards - tags: - - grafana_configure - - grafana_dashboards - - grafana_run -- include: dashboards.yml - when: grafana_dashboards | length > 0 or found_dashboards.matched > 0 - tags: - - grafana_configure - - grafana_dashboards - - grafana_run \ No newline at end of file +- include_tasks: dashboards.yml \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/notifications.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/notifications.yml index c6bde87095..a3cc9ac0df 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/notifications.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/notifications.yml @@ -6,8 +6,8 @@ password: "{{ grafana_security.admin_password }}" force_basic_auth: true return_content: true - no_log: true register: alert_notifications + no_log: true - name: Create grafana alert notification channels uri: @@ -18,6 +18,6 @@ method: POST body_format: json body: "{{ item | to_json }}" - with_items: "{{ grafana_alert_notifications }}" + when: alert_notifications.json | selectattr('name', '==', item.name) | length == 0 + loop: "{{ grafana_alert_notifications }}" no_log: true - when: ((alert_notifications['json'] | selectattr("name", "equalto", item['name'])) | list) | length == 0 \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/plugins.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/plugins.yml index bdd2c1dcf3..18bc993b9b 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/plugins.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/plugins.yml @@ -7,14 +7,12 @@ register: installed_plugins - name: Install plugins - become: true - command: "grafana-cli --pluginsDir {{ grafana_data_dir }}/plugins plugins install {{ item }}" + command: grafana-cli --pluginsDir {{ grafana_data_dir }}/plugins plugins install {{ item }} args: creates: "{{ grafana_data_dir }}/plugins/{{ item }}" - with_items: "{{ grafana_plugins | difference(installed_plugins.files) }}" - register: _plugin_install - until: _plugin_install is succeeded + loop: "{{ grafana_plugins | difference(installed_plugins.files) }}" + register: result + until: result is success retries: 5 delay: 2 - notify: - - restart grafana \ No newline at end of file + notify: restart grafana diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/preflight.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/preflight.yml index 2a9bb6ae6b..fc9ab27230 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/preflight.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/preflight.yml @@ -5,39 +5,36 @@ - grafana_server is mapping - grafana_database is mapping - grafana_security is mapping - -- name: Fail on unsupported system architectures - fail: - msg: "Sorry grafana doesn't support {{ ansible_architecture }} on this OS family ({{ ansible_os_family }}). Exiting." - when: - - ansible_architecture != "x86_64" - - not ( ansible_architecture in ['armv6l', 'armv7l'] and ansible_os_family == 'Debian' ) + - grafana_dashboards is sequence + - grafana_datasources is sequence - name: Fail when datasources aren't configured when dashboards are set to be installed fail: - msg: "You need to specify datasources for dashboards!!!" + msg: "You need to specify datasources for dashboards!" when: grafana_dashboards != [] and grafana_datasources == [] - name: Fail when grafana admin user isn't set fail: msg: "Please specify grafana admin user (grafana_security.admin_user)" when: - - grafana_security.admin_user == '' or - grafana_security.admin_user is not defined + - grafana_security.admin_user is undefined or grafana_security.admin_user | length == 0 - name: Fail when grafana admin password isn't set fail: msg: "Please specify grafana admin password (grafana_security.admin_password)" when: - - grafana_security.admin_password == '' or - grafana_security.admin_password is not defined + - grafana_security.admin_password is undefined or grafana_security.admin_password | length == 0 - name: Fail on incorrect variable types in datasource definitions fail: msg: "Boolean variables in grafana_datasources shouldn't be passed as strings. Please remove unneeded apostrophes." - when: ( item.isDefault is defined and item.isDefault is string ) or - ( item.basicAuth is defined and item.basicAuth is string ) - with_items: "{{ grafana_datasources }}" + when: + - _isDefault + _basicAuth + vars: + _isDefault: >- + {{ grafana_datasources | map(attribute='isDefault') | select('string') | list }} + _basicAuth: >- + {{ grafana_datasources | map(attribute='basicAuth') | select('string') | list }} - name: Fail on bad database configuration fail: @@ -60,8 +57,10 @@ fail: msg: "Check grafana_api_keys. The role can only be one of the following values: Viewer, Editor or Admin." when: - - item.role not in ['Viewer', 'Editor', 'Admin'] - with_items: "{{ grafana_api_keys }}" + - _unknown_roles + vars: + _unknown_roles: >- + {{ grafana_api_keys | map(attribute='role') | reject('in', ["Viewer", "Editor", "Admin"]) | list }} - name: Fail when grafana_ldap isn't set when grafana_auth.ldap is fail: @@ -70,38 +69,9 @@ - "'ldap' in grafana_auth" - grafana_ldap is not defined or ('servers' not in grafana_ldap or 'group_mappings' not in grafana_ldap) -- name: Force grafana_use_provisioning to false if grafana_version is < 5.0 ( grafana_version is set to '{{ grafana_version }}' ) - set_fact: - grafana_use_provisioning: false - when: - - grafana_version != 'latest' - - grafana_version is version_compare('5.0', '<') - - name: Fail if grafana_port is lower than 1024 and grafana_cap_net_bind_service is not true fail: msg: Trying to use a port lower than 1024 without setting grafana_cap_net_bind_service. when: - grafana_port | int <= 1024 - not grafana_cap_net_bind_service - -- name: Make sure etc/grafana/ssl/ exists - file: - path: '/etc/grafana/ssl/' - state: 'directory' - owner: 'root' - group: 'root' - mode: '0755' - -- name: Generate self signed SSL certificates - command: > - openssl req - -new - -newkey rsa:4096 - -days 365 - -nodes - -x509 - -subj "/C=US/ST=NY/L=NY/O=NA/CN=localhost" - -keyout /etc/grafana/ssl/grafana_key.key - -out /etc/grafana/ssl/grafana_cert.pem - args: - creates: '/etc/grafana/ssl/grafana_cert.pem' \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt index 2539b8c157..9822c52f2e 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt @@ -41,7 +41,7 @@ firewalld fontconfig # for grafana fping gnutls # for cifs-utils -grafana-6.2.5 +grafana-7.3.5 gssproxy # for nfs-utils htop iftop diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt index 500b799b22..77984cb374 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt @@ -40,7 +40,7 @@ firewalld fontconfig # for grafana fping gnutls # for cifs-utils -grafana-6.2.5 +grafana-7.3.5 gssproxy # for nfs-utils htop iftop diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt index 052cedc07c..7957a8a9de 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt @@ -21,7 +21,7 @@ filebeat 7.8.1 firewalld fping gnupg2 -grafana 6.2.5 +grafana 7.3.5 haproxy htop iftop diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/grafana.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/grafana.yml new file mode 100644 index 0000000000..c392422e32 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/grafana.yml @@ -0,0 +1,28 @@ +--- +- name: Grafana | Get information about installed packages as facts + package_facts: + manager: auto + when: ansible_facts.packages is undefined + +- name: Upgrade Grafana + when: ansible_facts.packages['grafana'] is defined + vars: + grafana_defaults: + # Unfortunately grafana_version in role defaults refers to the "specification" document which we cannot really use here. + # Next future upgrade will unhardcode this value. + grafana_version: 7.3.5 + block: + - name: Grafana | Print versions + debug: + msg: + - "Installed version: {{ ansible_facts.packages['grafana'][0].version }}" + - "Target version: {{ grafana_defaults.grafana_version }}" + + # Since we do not manage custom resources like plugins (it's up to the user), upgrading grafana by just installing new binary is considered complete here. + # https://grafana.com/docs/grafana/latest/installation/upgrading/ + - name: Grafana | Upgrade + import_role: + name: grafana + tasks_from: install + when: + - grafana_defaults.grafana_version is version(ansible_facts.packages['grafana'][0].version, '>') diff --git a/core/src/epicli/data/common/ansible/playbooks/upgrade.yml b/core/src/epicli/data/common/ansible/playbooks/upgrade.yml index fa9c80a60f..0195c55703 100644 --- a/core/src/epicli/data/common/ansible/playbooks/upgrade.yml +++ b/core/src/epicli/data/common/ansible/playbooks/upgrade.yml @@ -140,6 +140,15 @@ name: upgrade tasks_from: kibana +- hosts: grafana + become: true + become_method: sudo + serial: 1 + tasks: + - import_role: + name: upgrade + tasks_from: grafana + - hosts: zookeeper serial: 1 become: true diff --git a/core/src/epicli/data/common/defaults/configuration/grafana.yml b/core/src/epicli/data/common/defaults/configuration/grafana.yml index 8b693810f8..494046f3a7 100644 --- a/core/src/epicli/data/common/defaults/configuration/grafana.yml +++ b/core/src/epicli/data/common/defaults/configuration/grafana.yml @@ -2,14 +2,11 @@ kind: configuration/grafana title: "Grafana" name: default specification: - version: 6.2.5 grafana_logs_dir: "/var/log/grafana" grafana_data_dir: "/var/lib/grafana" grafana_address: "0.0.0.0" grafana_port: 3000 - # Should we use the provisioning capability when possible (provisioning require grafana >= 5.0) - grafana_use_provisioning: true # Should the provisioning be kept synced. If true, previous provisioned objects will be removed if not referenced anymore. grafana_provisioning_synced: false # External Grafana address. Variable maps to "root_url" in grafana server section diff --git a/docs/home/COMPONENTS.md b/docs/home/COMPONENTS.md index 1b07818a79..e7310003e0 100644 --- a/docs/home/COMPONENTS.md +++ b/docs/home/COMPONENTS.md @@ -23,7 +23,7 @@ Note that versions are default versions and can be changed in certain cases thro | Filebeat | 7.8.1 | https://github.com/elastic/beats | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | | Logstash OSS | 7.8.1 | https://github.com/elastic/logstash | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | | Prometheus | 2.10.0 | https://github.com/prometheus/prometheus | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| Grafana | 6.2.5 | https://github.com/grafana/grafana | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| Grafana | 7.3.5 | https://github.com/grafana/grafana | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | | node_exporter | 1.0.1 | https://github.com/prometheus/node_exporter | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | | kafka_exporter | 1.2.0 | https://github.com/danielqsj/kafka_exporter | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) | | haproxy_exporter | 0.10.0 | https://github.com/prometheus/haproxy_exporter | [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) |