Skip to content

Commit

Permalink
Merge pull request #22 from coderfool/master
Browse files Browse the repository at this point in the history 
Close #21
  • Loading branch information
@O1ahmad
O1ahmad committed Oct 1, 2021
2 parents 7e85764 + 78b4aee commit 63b88a2
Show file tree
Hide file tree
Showing 13 changed files with 26 additions and 23 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ Variables are available and organized according to the following software & mach
_The following variables can be customized to control various aspects of this installation process, ranging from software version and source location of binaries to the installation directory where they are stored:_

`grafana_user: <service-user-name>` (**default**: *grafana*)

`grafana_group: <service-group-name>` (**default**: *grafana*)
- dedicated service user and group used by `grafana` for privilege separation (see [here](https://www.beyondtrust.com/blog/entry/how-separation-privilege-improves-security) for details)

`install_type: <package | archive>` (**default**: archive)
Expand Down
1 change: 1 addition & 0 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
grafana_user: grafana
grafana_group: grafana

install_type: archive

Expand Down
10 changes: 5 additions & 5 deletions tasks/common/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
file:
path: "{{ config_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory
tags:
- config
Expand All @@ -14,7 +14,7 @@
file:
path: "{{ _logs_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory
tags:
- config
Expand All @@ -25,7 +25,7 @@
file:
path: "{{ _data_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory
tags:
- config
Expand All @@ -36,7 +36,7 @@
file:
path: "{{ _provisioning_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory
tags:
- config
Expand All @@ -47,7 +47,7 @@
file:
path: "{{ _plugins_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory
tags:
- config
Expand Down
4 changes: 2 additions & 2 deletions tasks/common/config/dashboards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
file:
path: "{{ _provisioning_dir }}/dashboards"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory

- name: Render Grafana dashboard configuration
Expand All @@ -14,7 +14,7 @@
src: dashboards.j2
dest: "{{ _provisioning_dir }}/dashboards/{{ item.name }}.yml"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: 0644
vars:
version: "{{ item.version | default(1) }}"
Expand Down
4 changes: 2 additions & 2 deletions tasks/common/config/datasources.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
file:
path: "{{ _provisioning_dir }}/datasources"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory

- name: Render Grafana datasources configuration
Expand All @@ -14,7 +14,7 @@
src: datasources.j2
dest: "{{ _provisioning_dir }}/datasources/{{ item.name }}.yml"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: 0644
vars:
version: "{{ item.version | default(1) }}"
Expand Down
2 changes: 1 addition & 1 deletion tasks/common/config/grafana_ini.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
src: "{{ grafana_config_file }}.j2"
dest: "{{ config_dir }}/{{ grafana_config_file }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: 0644
vars:
conf: "{{ grafana_config }}"
Expand Down
4 changes: 2 additions & 2 deletions tasks/common/config/notifiers.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
file:
path: "{{ _provisioning_dir }}/notifiers"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory

- name: Render Grafana provisioned notifiers configuration
Expand All @@ -14,7 +14,7 @@
src: notifiers.j2
dest: "{{ _provisioning_dir }}/notifiers/{{ item.name }}.yml"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: 0644
vars:
notifiers: "{{ item.notifiers | default([]) }}"
Expand Down
4 changes: 2 additions & 2 deletions tasks/common/config/plugins.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
file:
path: "{{ _plugins_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory

- name: Install/update grafana plugins
Expand All @@ -26,7 +26,7 @@
file:
path: "{{ _plugins_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
state: directory
mode: 0755
recurse: true
10 changes: 5 additions & 5 deletions tasks/common/install.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- name: Ensure Grafana system group exists
become: true
group:
name: "{{ grafana_user }}"
name: "{{ grafana_group }}"
state: present
system: true
tags:
Expand All @@ -13,7 +13,7 @@
user:
comment: Grafana service account
name: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
shell: "/sbin/nologin"
system: true
create_home: false
Expand All @@ -27,7 +27,7 @@
path: "{{ install_dir }}"
state: directory
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
tags:
- install

Expand All @@ -39,7 +39,7 @@
dest: "/tmp/{{ archive_url | urlsplit('path') | basename }}"
checksum: "{{ (archive_checksum|length > 0) | ternary(checksum_format+':'+archive_checksum, '') }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: '0775'
register: archive_tmp
tags:
Expand All @@ -52,7 +52,7 @@
src: "{{ archive_tmp.dest }}"
dest: "{{ install_dir }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: '0775'
remote_src: true
extra_opts:
Expand Down
2 changes: 1 addition & 1 deletion tasks/common/install/dashboards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
url: "{{ download.src if download.src is defined else _dashboard_base_url + '/' + download.id }}"
dest: "{{ download.dest | default(_provisioning_dir) }}/dashboards/{{ download.name }}.json"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: 0644
loop: "{{ provider.urls }}"
loop_control:
Expand Down
2 changes: 1 addition & 1 deletion tasks/common/preflight.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
default_service_unit:
ExecStart: "{{ install_dir }}/bin/grafana-server {{ config_spec }} {{ extra_run_args|join(' ') }}"
User: "{{ grafana_user }}"
Group: "{{ grafana_user }}"
Group: "{{ grafana_group }}"
WorkingDirectory: "{{ install_dir }}"
StandardOutput: journal
StandardError: inherit
Expand Down
2 changes: 1 addition & 1 deletion tasks/debian/install.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
dest: "/tmp/{{ package_url | urlsplit('path') | basename }}"
checksum: "{{ checksum_format }}:{{ package_checksum }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: '0775'
register: package_tmp
tags:
Expand Down
2 changes: 1 addition & 1 deletion tasks/redhat/install.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
dest: "/tmp/{{ package_url | urlsplit('path') | basename }}"
checksum: "{{ checksum_format }}:{{ package_checksum }}"
owner: "{{ grafana_user }}"
group: "{{ grafana_user }}"
group: "{{ grafana_group }}"
mode: '0775'
register: package_tmp
tags:
Expand Down

0 comments on commit 63b88a2

Please sign in to comment.