Updates to Cloud Grafana

grafana_monitoring/roles/grafana/tasks/main.yml

@@ -81,3 +81,4 @@
   ansible.builtin.systemd_service:
     state: restarted
     name: grafana-server.service
+    enabled: true

grafana_monitoring/roles/grafana/templates/cloud_datasource.yaml.j2

@@ -100,7 +100,7 @@ datasources:
     type: prometheus
     uid: "prod-chatops"
     access: proxy
-    url: https://prometheus.cloud-chatops.nubes.rl.ac.uk
+    url: https://prometheus.chatops.nubes.rl.ac.uk
     isDefault: false
     basicAuth: true
     basicAuthUser: {{ prod_chatops_prometheus_username }}

grafana_monitoring/roles/grafana/templates/grafana.ini.j2

@@ -19,14 +19,17 @@ api_url = https://iris-iam.stfc.ac.uk/userinfo
 groups_attribute_path = groups[*]
 allowed_groups = "stfc-cloud/team,stfc-cloud/admins"
 
+# Only apply role changes on dev so we can edit datasources and dashboards before pushing changes to prod.
+{% if inventory_hostname.startswith("dev") %}
+role_attribute_path=contains(groups[*], 'stfc-cloud/admins') && 'Admin' || contains(groups[*], 'stfc-cloud/team') && 'Editor' || 'Viewer'
+{% else %}
+# Keep role for all users as Viewer on production.
+role_attribute_path='Viewer'
+{% endif %}
+
 [log]
 # Raise the log level as the default is "info"
 log_level = critical
 
 [security]
 admin_password="{{ grafana_admin_password }}"
-
-{% if inventory_hostname.startswith("dev") %}
-[users]
-auto_assign_org_role=Admin
-{% endif %}

grafana_monitoring/roles/haproxy/templates/haproxy.cfg.j2

@@ -22,4 +22,5 @@ frontend {{ inventory_hostname }}
   default_backend localhost
 
 backend localhost
+  option forwardfor
   server grafana 127.0.0.1:3000 check