Merge pull request #6970 from mrsiano/gfupdates

Automatic merge from submit-queue.

Grafana roles updates.

pull the dashboards and the grafana templates from origin.
update the role accordingly.

inventory/hosts.grafana.example

@@ -4,9 +4,14 @@ nodes
 
 [OSEv3:vars]
 # Grafana Configuration
-#gf_datasource_name="example"
-#gf_prometheus_namespace="openshift-metrics"
-#gf_oauth=true
+#grafana_namespace=grafana
+#grafana_user=grafana
+#grafana_password=grafana
+#grafana_datasource_name="example"
+#grafana_prometheus_namespace="openshift-metrics"
+#grafana_prometheus_sa=prometheus
+#grafana_node_exporter=false
+#grafana_graph_granularity="2m"
 
 [masters]
 master

roles/openshift_grafana/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
-gf_body_tmp:
+grafana_base_url: https://raw.githubusercontent.com/openshift/origin/master/examples/grafana/
+datasource_payload:
   name: grafana_name
   type: prometheus
   typeLogoUrl: ''

roles/openshift_grafana/files/grafana-ocp-oauth.yml

@@ -1,661 +0,0 @@
----
-kind: Template
-apiVersion: v1
-metadata:
-  name: grafana-ocp
-  annotations:
-    "openshift.io/display-name": Grafana ocp
-    description: |
-      Grafana server with patched Prometheus datasource.
-    iconClass: icon-cogs
-    tags: "metrics,monitoring,grafana,prometheus"
-parameters:
-- description: The location of the proxy image
-  name: IMAGE_GF
-  value: mrsiano/grafana-ocp:latest
-- description: The location of the proxy image
-  name: IMAGE_PROXY
-  value: openshift/oauth-proxy:v1.0.0
-- description: External URL for the grafana route
-  name: ROUTE_URL
-  value: ""
-- description: The namespace to instantiate heapster under. Defaults to 'grafana'.
-  name: NAMESPACE
-  value: grafana
-- description: The session secret for the proxy
-  name: SESSION_SECRET
-  generate: expression
-  from: "[a-zA-Z0-9]{43}"
-objects:
-- apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-    annotations:
-      serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"grafana-ocp"}}'
-- apiVersion: authorization.openshift.io/v1
-  kind: ClusterRoleBinding
-  metadata:
-    name: gf-cluster-reader
-  roleRef:
-    name: cluster-reader
-  subjects:
-  - kind: ServiceAccount
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-- apiVersion: route.openshift.io/v1
-  kind: Route
-  metadata:
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-  spec:
-    host: "${ROUTE_URL}"
-    to:
-      name: grafana-ocp
-    tls:
-      termination: Reencrypt
-- apiVersion: v1
-  kind: Service
-  metadata:
-    name: grafana-ocp
-    annotations:
-      prometheus.io/scrape: "true"
-      prometheus.io/scheme: https
-      service.alpha.openshift.io/serving-cert-secret-name: gf-tls
-    namespace: "${NAMESPACE}"
-    labels:
-      metrics-infra: grafana-ocp
-      name: grafana-ocp
-  spec:
-    ports:
-    - name: grafana-ocp
-      port: 443
-      protocol: TCP
-      targetPort: 8443
-    selector:
-      app: grafana-ocp
-- apiVersion: v1
-  kind: Secret
-  metadata:
-    name: gf-proxy
-    namespace: "${NAMESPACE}"
-  stringData:
-    session_secret: "${SESSION_SECRET}="
-# Deploy Prometheus behind an oauth proxy
-- apiVersion: extensions/v1beta1
-  kind: Deployment
-  metadata:
-    labels:
-      app: grafana-ocp
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-  spec:
-    replicas: 1
-    selector:
-      matchLabels:
-        app: grafana-ocp
-    template:
-      metadata:
-        labels:
-          app: grafana-ocp
-        name: grafana-ocp-app
-      spec:
-        serviceAccountName: grafana-ocp
-        containers:
-        - name: oauth-proxy
-          image: ${IMAGE_PROXY}
-          imagePullPolicy: IfNotPresent
-          ports:
-          - containerPort: 8443
-            name: web
-          args:
-          - -https-address=:8443
-          - -http-address=
-          - -email-domain=*
-          - -client-id=system:serviceaccount:${NAMESPACE}:grafana-ocp
-          - -upstream=http://localhost:3000
-          - -provider=openshift
-#          - '-openshift-delegate-urls={"/api/datasources": {"resource": "namespace", "verb": "get", "resourceName": "grafana-ocp", "namespace": "${NAMESPACE}"}}'
-          - '-openshift-sar={"namespace": "${NAMESPACE}", "verb": "list", "resource": "services"}'
-          - -tls-cert=/etc/tls/private/tls.crt
-          - -tls-key=/etc/tls/private/tls.key
-          - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
-          - -cookie-secret-file=/etc/proxy/secrets/session_secret
-          - -skip-auth-regex=^/metrics,/api/datasources,/api/dashboards
-          volumeMounts:
-          - mountPath: /etc/tls/private
-            name: gf-tls
-          - mountPath: /etc/proxy/secrets
-            name: secrets
-
-        - name: grafana-ocp
-          image: ${IMAGE_GF}
-          ports:
-          - name: grafana-http
-            containerPort: 3000
-          volumeMounts:
-          - mountPath: "/root/go/src/github.com/grafana/grafana/data"
-            name: gf-data
-          - mountPath: "/root/go/src/github.com/grafana/grafana/conf"
-            name: gfconfig
-          - mountPath: /etc/tls/private
-            name: gf-tls
-          - mountPath: /etc/proxy/secrets
-            name: secrets
-          command:
-           - "./bin/grafana-server"
-
-        volumes:
-        - name: gfconfig
-          configMap:
-            name: gf-config
-        - name: secrets
-          secret:
-            secretName: gf-proxy
-        - name: gf-tls
-          secret:
-            secretName: gf-tls
-        - emptyDir: {}
-          name: gf-data
-- apiVersion: v1
-  kind: ConfigMap
-  metadata:
-    name: gf-config
-    namespace: "${NAMESPACE}"
-  data:
-    defaults.ini: |-
-      ##################### Grafana Configuration Defaults #####################
-      #
-      # Do not modify this file in grafana installs
-      #
-
-      # possible values : production, development
-      app_mode = production
-
-      # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
-      instance_name = ${HOSTNAME}
-
-      #################################### Paths ###############################
-      [paths]
-      # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
-      #
-      data = data
-      #
-      # Directory where grafana can store logs
-      #
-      logs = data/log
-      #
-      # Directory where grafana will automatically scan and look for plugins
-      #
-      plugins = data/plugins
-
-      #################################### Server ##############################
-      [server]
-      # Protocol (http, https, socket)
-      protocol = http
-
-      # The ip address to bind to, empty will bind to all interfaces
-      http_addr =
-
-      # The http port  to use
-      http_port = 3000
-
-      # The public facing domain name used to access grafana from a browser
-      domain = localhost
-
-      # Redirect to correct domain if host header does not match domain
-      # Prevents DNS rebinding attacks
-      enforce_domain = false
-
-      # The full public facing url
-      root_url = %(protocol)s://%(domain)s:%(http_port)s/
-
-      # Log web requests
-      router_logging = false
-
-      # the path relative working path
-      static_root_path = public
-
-      # enable gzip
-      enable_gzip = false
-
-      # https certs & key file
-      cert_file = /etc/tls/private/tls.crt
-      cert_key = /etc/tls/private/tls.key
-
-      # Unix socket path
-      socket = /tmp/grafana.sock
-
-      #################################### Database ############################
-      [database]
-      # You can configure the database connection by specifying type, host, name, user and password
-      # as separate properties or as on string using the url property.
-
-      # Either "mysql", "postgres" or "sqlite3", it's your choice
-      type = sqlite3
-      host = 127.0.0.1:3306
-      name = grafana
-      user = root
-      # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-      password =
-      # Use either URL or the previous fields to configure the database
-      # Example: mysql://user:secret@host:port/database
-      url =
-
-      # Max idle conn setting default is 2
-      max_idle_conn = 2
-
-      # Max conn setting default is 0 (mean not set)
-      max_open_conn =
-
-      # For "postgres", use either "disable", "require" or "verify-full"
-      # For "mysql", use either "true", "false", or "skip-verify".
-      ssl_mode = disable
-
-      ca_cert_path =
-      client_key_path =
-      client_cert_path =
-      server_cert_name =
-
-      # For "sqlite3" only, path relative to data_path setting
-      path = grafana.db
-
-      #################################### Session #############################
-      [session]
-      # Either "memory", "file", "redis", "mysql", "postgres", "memcache", default is "file"
-      provider = file
-
-      # Provider config options
-      # memory: not have any config yet
-      # file: session dir path, is relative to grafana data_path
-      # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
-      # postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
-      # mysql: go-sql-driver/mysql dsn config string, examples:
-      #         `user:password@tcp(127.0.0.1:3306)/database_name`
-      #         `user:password@unix(/var/run/mysqld/mysqld.sock)/database_name`
-      # memcache: 127.0.0.1:11211
-
-
-      provider_config = sessions
-
-      # Session cookie name
-      cookie_name = grafana_sess
-
-      # If you use session in https only, default is false
-      cookie_secure = false
-
-      # Session life time, default is 86400
-      session_life_time = 86400
-      gc_interval_time = 86400
-
-      #################################### Data proxy ###########################
-      [dataproxy]
-
-      # This enables data proxy logging, default is false
-      logging = false
-
-      #################################### Analytics ###########################
-      [analytics]
-      # Server reporting, sends usage counters to stats.grafana.org every 24 hours.
-      # No ip addresses are being tracked, only simple counters to track
-      # running instances, dashboard and error counts. It is very helpful to us.
-      # Change this option to false to disable reporting.
-      reporting_enabled = true
-
-      # Set to false to disable all checks to https://grafana.com
-      # for new versions (grafana itself and plugins), check is used
-      # in some UI views to notify that grafana or plugin update exists
-      # This option does not cause any auto updates, nor send any information
-      # only a GET request to https://grafana.com to get latest versions
-      check_for_updates = true
-
-      # Google Analytics universal tracking code, only enabled if you specify an id here
-      google_analytics_ua_id =
-
-      # Google Tag Manager ID, only enabled if you specify an id here
-      google_tag_manager_id =
-
-      #################################### Security ############################
-      [security]
-      # default admin user, created on startup
-      admin_user = admin
-
-      # default admin password, can be changed before first start of grafana,  or in profile settings
-      admin_password = admin
-
-      # used for signing
-      secret_key = SW2YcwTIb9zpOOhoPsMm
-
-      # Auto-login remember days
-      login_remember_days = 7
-      cookie_username = grafana_user
-      cookie_remember_name = grafana_remember
-
-      # disable gravatar profile images
-      disable_gravatar = false
-
-      # data source proxy whitelist (ip_or_domain:port separated by spaces)
-      data_source_proxy_whitelist =
-
-      [snapshots]
-      # snapshot sharing options
-      external_enabled = true
-      external_snapshot_url = https://snapshots-origin.raintank.io
-      external_snapshot_name = Publish to snapshot.raintank.io
-
-      # remove expired snapshot
-      snapshot_remove_expired = true
-
-      # remove snapshots after 90 days
-      snapshot_TTL_days = 90
-
-      #################################### Users ####################################
-      [users]
-      # disable user signup / registration
-      allow_sign_up = true
-
-      # Allow non admin users to create organizations
-      allow_org_create = true
-
-      # Set to true to automatically assign new users to the default organization (id 1)
-      auto_assign_org = true
-
-      # Default role new users will be automatically assigned (if auto_assign_org above is set to true)
-      auto_assign_org_role = Admin
-
-      # Require email validation before sign up completes
-      verify_email_enabled = false
-
-      # Background text for the user field on the login page
-      login_hint = email or username
-
-      # Default UI theme ("dark" or "light")
-      default_theme = dark
-
-      # External user management
-      external_manage_link_url =
-      external_manage_link_name =
-      external_manage_info =
-
-      [auth]
-      # Set to true to disable (hide) the login form, useful if you use OAuth
-      disable_login_form = true
-
-      # Set to true to disable the signout link in the side menu. useful if you use auth.proxy
-      disable_signout_menu = true
-
-      #################################### Anonymous Auth ######################
-      [auth.anonymous]
-      # enable anonymous access
-      enabled = true
-
-      # specify organization name that should be used for unauthenticated users
-      org_name = Main Org.
-
-      # specify role for unauthenticated users
-      org_role = Admin
-
-      #################################### Github Auth #########################
-      [auth.github]
-      enabled = false
-      allow_sign_up = true
-      client_id = some_id
-      client_secret = some_secret
-      scopes = user:email
-      auth_url = https://github.com/login/oauth/authorize
-      token_url = https://github.com/login/oauth/access_token
-      api_url = https://api.github.com/user
-      team_ids =
-      allowed_organizations =
-
-      #################################### Google Auth #########################
-      [auth.google]
-      enabled = false
-      allow_sign_up = true
-      client_id = some_client_id
-      client_secret = some_client_secret
-      scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-      auth_url = https://accounts.google.com/o/oauth2/auth
-      token_url = https://accounts.google.com/o/oauth2/token
-      api_url = https://www.googleapis.com/oauth2/v1/userinfo
-      allowed_domains =
-      hosted_domain =
-
-      #################################### Grafana.com Auth ####################
-      # legacy key names (so they work in env variables)
-      [auth.grafananet]
-      enabled = false
-      allow_sign_up = true
-      client_id = some_id
-      client_secret = some_secret
-      scopes = user:email
-      allowed_organizations =
-
-      [auth.grafana_com]
-      enabled = false
-      allow_sign_up = true
-      client_id = some_id
-      client_secret = some_secret
-      scopes = user:email
-      allowed_organizations =
-
-      #################################### Generic OAuth #######################
-      [auth.generic_oauth]
-      name = OAuth
-      enabled = false
-      allow_sign_up = true
-      client_id = some_id
-      client_secret = some_secret
-      scopes = user:email
-      auth_url =
-      token_url =
-      api_url =
-      team_ids =
-      allowed_organizations =
-
-      #################################### Basic Auth ##########################
-      [auth.basic]
-      enabled = false
-
-      #################################### Auth Proxy ##########################
-      [auth.proxy]
-      enabled = true
-      header_name = X-WEBAUTH-USER
-      header_property = username
-      auto_sign_up = true
-      ldap_sync_ttl = 60
-      whitelist =
-
-      #################################### Auth LDAP ###########################
-      [auth.ldap]
-      enabled = false
-      config_file = /etc/grafana/ldap.toml
-      allow_sign_up = true
-
-      #################################### SMTP / Emailing #####################
-      [smtp]
-      enabled = false
-      host = localhost:25
-      user =
-      # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
-      password =
-      cert_file =
-      key_file =
-      skip_verify = false
-      from_address = admin@grafana.localhost
-      from_name = Grafana
-      ehlo_identity =
-
-      [emails]
-      welcome_email_on_sign_up = false
-      templates_pattern = emails/*.html
-
-      #################################### Logging ##########################
-      [log]
-      # Either "console", "file", "syslog". Default is console and  file
-      # Use space to separate multiple modes, e.g. "console file"
-      mode = console file
-
-      # Either "debug", "info", "warn", "error", "critical", default is "info"
-      level = error
-
-      # optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
-      filters =
-
-      # For "console" mode only
-      [log.console]
-      level =
-
-      # log line format, valid options are text, console and json
-      format = console
-
-      # For "file" mode only
-      [log.file]
-      level =
-
-      # log line format, valid options are text, console and json
-      format = text
-
-      # This enables automated log rotate(switch of following options), default is true
-      log_rotate = true
-
-      # Max line number of single file, default is 1000000
-      max_lines = 1000000
-
-      # Max size shift of single file, default is 28 means 1 << 28, 256MB
-      max_size_shift = 28
-
-      # Segment log daily, default is true
-      daily_rotate = true
-
-      # Expired days of log file(delete after max days), default is 7
-      max_days = 7
-
-      [log.syslog]
-      level =
-
-      # log line format, valid options are text, console and json
-      format = text
-
-      # Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
-      network =
-      address =
-
-      # Syslog facility. user, daemon and local0 through local7 are valid.
-      facility =
-
-      # Syslog tag. By default, the process' argv[0] is used.
-      tag =
-
-
-      #################################### AMQP Event Publisher ################
-      [event_publisher]
-      enabled = false
-      rabbitmq_url = amqp://localhost/
-      exchange = grafana_events
-
-      #################################### Dashboard JSON files ################
-      [dashboards.json]
-      enabled = false
-      path = /var/lib/grafana/dashboards
-
-      #################################### Usage Quotas ########################
-      [quota]
-      enabled = false
-
-      #### set quotas to -1 to make unlimited. ####
-      # limit number of users per Org.
-      org_user = 10
-
-      # limit number of dashboards per Org.
-      org_dashboard = 100
-
-      # limit number of data_sources per Org.
-      org_data_source = 10
-
-      # limit number of api_keys per Org.
-      org_api_key = 10
-
-      # limit number of orgs a user can create.
-      user_org = 10
-
-      # Global limit of users.
-      global_user = -1
-
-      # global limit of orgs.
-      global_org = -1
-
-      # global limit of dashboards
-      global_dashboard = -1
-
-      # global limit of api_keys
-      global_api_key = -1
-
-      # global limit on number of logged in users.
-      global_session = -1
-
-      #################################### Alerting ############################
-      [alerting]
-      # Disable alerting engine & UI features
-      enabled = true
-      # Makes it possible to turn off alert rule execution but alerting UI is visible
-      execute_alerts = true
-
-      #################################### Internal Grafana Metrics ############
-      # Metrics available at HTTP API Url /api/metrics
-      [metrics]
-      enabled           = true
-      interval_seconds  = 10
-
-      # Send internal Grafana metrics to graphite
-      [metrics.graphite]
-      # Enable by setting the address setting (ex localhost:2003)
-      address =
-      prefix = prod.grafana.%(instance_name)s.
-
-      [grafana_net]
-      url = https://grafana.com
-
-      [grafana_com]
-      url = https://grafana.com
-
-      #################################### Distributed tracing ############
-      [tracing.jaeger]
-      # jaeger destination (ex localhost:6831)
-      address =
-      # tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
-      always_included_tag =
-      # Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
-      sampler_type = const
-      # jaeger samplerconfig param
-      # for "const" sampler, 0 or 1 for always false/true respectively
-      # for "probabilistic" sampler, a probability between 0 and 1
-      # for "rateLimiting" sampler, the number of spans per second
-      # for "remote" sampler, param is the same as for "probabilistic"
-      # and indicates the initial sampling rate before the actual one
-      # is received from the mothership
-      sampler_param = 1
-
-      #################################### External Image Storage ##############
-      [external_image_storage]
-      # You can choose between (s3, webdav, gcs)
-      provider =
-
-      [external_image_storage.s3]
-      bucket_url =
-      bucket =
-      region =
-      path =
-      access_key =
-      secret_key =
-
-      [external_image_storage.webdav]
-      url =
-      username =
-      password =
-      public_url =
-
-      [external_image_storage.gcs]
-      key_file =
-      bucket =

roles/openshift_grafana/files/grafana-ocp.yml

@@ -1,76 +0,0 @@
----
-kind: Template
-apiVersion: v1
-metadata:
-  name: grafana-ocp
-  annotations:
-    "openshift.io/display-name": Grafana ocp
-    description: |
-      Grafana server with patched Prometheus datasource.
-    iconClass: icon-cogs
-    tags: "metrics,monitoring,grafana,prometheus"
-parameters:
-- description: External URL for the grafana route
-  name: ROUTE_URL
-  value: ""
-- description: The namespace to instantiate heapster under. Defaults to 'grafana'.
-  name: NAMESPACE
-  value: grafana
-objects:
-- apiVersion: route.openshift.io/v1
-  kind: Route
-  metadata:
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-  spec:
-    host: "${ROUTE_URL}"
-    to:
-      name: grafana-ocp
-- apiVersion: v1
-  kind: Service
-  metadata:
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-    labels:
-      metrics-infra: grafana-ocp
-      name: grafana-ocp
-  spec:
-    selector:
-      name: grafana-ocp
-    ports:
-    - port: 8082
-      protocol: TCP
-      targetPort: grafana-http
-- apiVersion: v1
-  kind: ReplicationController
-  metadata:
-    name: grafana-ocp
-    namespace: "${NAMESPACE}"
-    labels:
-      metrics-infra: grafana-ocp
-      name: grafana-ocp
-  spec:
-    selector:
-      name: grafana-ocp
-    replicas: 1
-    template:
-      version: v1
-      metadata:
-        labels:
-          metrics-infra: grafana-ocp
-          name: grafana-ocp
-      spec:
-        volumes:
-        - name: data
-          emptyDir: {}
-        containers:
-        - image: "mrsiano/grafana-ocp:latest"
-          name: grafana-ocp
-          ports:
-          - name: grafana-http
-            containerPort: 3000
-          volumeMounts:
-          - name: data
-            mountPath: "/root/go/src/github.com/grafana/grafana/data"
-          command:
-          - "./bin/grafana-server"

roles/openshift_grafana/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: Eldad Marciano
-  description: Setup grafana pod
+  description: Setup grafana for openshift and node exporter dashboarding
   company: Red Hat, Inc.
   license: Apache License, Version 2.0
   min_ansible_version: 2.3

roles/openshift_grafana/tasks/gf-permissions.yml

@@ -1,12 +1,25 @@
 ---
-- name: Create gf user on htpasswd
-  command: htpasswd -c /etc/origin/master/htpasswd gfadmin
+- name: Create grafana user on htpasswd
+  htpasswd:
+    path: /etc/origin/master/htpasswd
+    name: "{{ grafana_user }}"
+    password: "{{ grafana_password }}"
 
-- name: Make sure master config use HTPasswdPasswordIdentityProvider
-  command: "sed -ie 's|AllowAllPasswordIdentityProvider|HTPasswdPasswordIdentityProvider\n      file: /etc/origin/master/htpasswd|' /etc/origin/master/master-config.yaml"
-
-- name: Grant permission for gfuser
-  command: oc adm policy add-cluster-role-to-user cluster-reader gfadmin
+- name: Set htpasswd provider for master-config
+  yedit:
+    src: /etc/origin/master/master-config.yaml
+    edits:
+    - key: a.identityProviders
+      update: true
+      value:
+      - challenge: true
+        login: true
+        mappingMethod: claim
+        name: allow_all
+        provider:
+          apiVersion: v1
+          kind: HTPasswdPasswordIdentityProvider
+          file: /etc/origin/master/htpasswd
 
 - name: Restart mater api
   command: systemctl restart atomic-openshift-master-api.service

roles/openshift_grafana/tasks/main.yml

@@ -2,121 +2,149 @@
 - name: Create grafana namespace
   oc_project:
     state: present
-    name: grafana
+    name: "{{ grafana_namespace }}"
 
 - name: Configure Grafana Permissions
   include_tasks: tasks/gf-permissions.yml
-  when: gf_oauth | default(false) | bool == true
-
-# TODO: we should grab this yaml file from openshift/origin
-- name: Templatize grafana yaml
-  template: src=grafana-ocp.yaml dest=/tmp/grafana-ocp.yaml
-  register:
-    cl_file: /tmp/grafana-ocp.yaml
-  when: gf_oauth | default(false) | bool == false
-
-# TODO: we should grab this yaml file from openshift/origin
-- name: Templatize grafana yaml
-  template: src=grafana-ocp-oauth.yaml dest=/tmp/grafana-ocp-oauth.yaml
-  register:
-    cl_file: /tmp/grafana-ocp-oauth.yaml
-  when: gf_oauth | default(false) | bool == true
+
+# TODO:// Templatize the remote files
+- name: Pull grafana yaml from openshift/origin
+  get_url:
+    url: "{{ grafana_base_url }}/grafana.yaml"
+    dest: /tmp/grafana.yaml
+
+- name: Create grafana template
+  oc_obj:
+    namespace: "{{ grafana_namespace }}"
+    kind: template
+    name: grafana
+    state: present
+    files:
+    - "/tmp/grafana.yaml"
 
 - name: Process the grafana file
   oc_process:
-    namespace: grafana
-    template_name: "{{ cl_file }}"
+    namespace: "{{ grafana_namespace }}"
+    template_name: grafana
     create: True
-    when: gf_oauth | default(false) | bool == true
 
 - name: Wait to grafana be running
-  command: oc rollout status deployment/grafana-ocp
+  command: oc rollout status deployment/grafana
 
-- name: oc adm policy add-role-to-user view -z grafana-ocp -n {{ gf_prometheus_namespace }}
+- name: Add view role to grafana user
   oc_adm_policy_user:
-    user: grafana-ocp
+    user: "{{ grafana_user }}"
     resource_kind: cluster-role
     resource_name: view
     state: present
-    role_namespace: "{{ gf_prometheus_namespace }}"
-
-- name: Get grafana route
-  oc_obj:
-    kind: route
-    name: grafana
-    namespace: grafana
-  register: route
-
-- name: Get prometheus route
-  oc_obj:
-    kind: route
-    name: prometheus
-    namespace: "{{ gf_prometheus_namespace }}"
-  register: route
+    role_namespace: "{{ grafana_prometheus_namespace }}"
 
 - name: Get the prometheus SA
-  oc_serviceaccount_secret:
-    state: list
-    service_account: prometheus
-    namespace: "{{ gf_prometheus_namespace }}"
+  shell: oc sa get-token {{ grafana_prometheus_sa }} -n {{ grafana_prometheus_namespace }}
   register: sa
 
-- name: Get the management SA bearer token
-  set_fact:
-    management_token: "{{ sa.results | oo_filter_sa_secrets }}"
-
-- name: Ensure the SA bearer token value is read
-  oc_secret:
+- name: Get prometheus route
+  oc_route:
     state: list
-    name: "{{ management_token }}"
-    namespace: "{{ gf_prometheus_namespace }}"
-  no_log: True
-  register: sa_secret
-
-- name: Get the SA bearer token for prometheus
-  set_fact:
-    token: "{{ sa_secret.results.encoded.token }}"
+    name: prometheus
+    namespace: "{{ grafana_prometheus_namespace }}"
+  register: prom_out
 
-- name: Convert to json
-  var:
-    ds_json: "{{ gf_body_tmp }} | to_json }}"
+- name: Get prometheus route
+  oc_route:
+    state: list
+    name: grafana
+    namespace: "{{ grafana_namespace }}"
+  register: grafana_out
 
-- name: Set protocol type
-  var:
-    protocol: "{{ 'https' if {{ gf_oauth }} == true else 'http' }}"
+- set_fact: ds_json={{ datasource_payload | to_json }}
+- set_fact: prometheus=prom_out.results[0].spec.host
+- set_fact: route=grafana_out.results[0].spec.host
+- set_fact: token={{ sa.stdout }}
+- set_fact:
+    payload_data: "{{ ds_json | regex_replace('grafana_name', grafana_datasource_name ) | regex_replace('prometheus_url', prometheus ) | regex_replace('satoken',  token ) }}"
 
-- name: Add gf datasrouce
+- name: Add new datasrouce to grafana
   uri:
-    url: "{{ protocol }}://{{ route }}/api/datasources"
+    url: "https://{{ route }}/api/datasources"
     user: admin
     password: admin
     method: POST
-    body: "{{ ds_json | regex_replace('grafana_name', {{ gf_datasource_name }}) | regex_replace('prometheus_url', 'https://'{{ prometheus }} ) | regex_replace('satoken', {{ token }}) }}"
+    body: "{{ payload_data }}"
+    body_format: json
     headers:
       Content-Type: "Content-Type: application/json"
   register: add_ds
 
-- name: Regex setup ds name
+- name: Pull grafana yaml from openshift/origin
+  get_url:
+    url: "{{ grafana_base_url }}/openshift-cluster-monitoring.json"
+    dest: /tmp/openshift-cluster-monitoring.json
+
+- name: Regex set data soure name for openshift dashboard
   replace:
-    path: "{{ lookup('file', 'openshift-cluster-monitoring.json') }}"
+    path: /tmp/openshift-cluster-monitoring.json
     regexp: '${DS_PR}'
-    replace: '{{ gf_datasource_name }}'
+    replace: '{{ grafana_datasource_name }}'
+    backup: yes
+
+- name: Regex setup granularity
+  replace:
+    path: /tmp/openshift-cluster-monitoring.json
+    regexp: 'Xs'
+    replace: '{{ grafana_graph_granularity }}'
     backup: yes
 
-- name: Add new dashboard
+- name: Add openshift dashboard
   uri:
-    url: "{{ protocol }}://{{ route }}/api/dashboards/db"
+    url: "https://{{ route }}/api/dashboards/db"
     user: admin
     password: admin
     method: POST
-    body: "{{ lookup('file', 'openshift-cluster-monitoring.json') }}"
+    body: "{{ lookup('file','/tmp/openshift-cluster-monitoring.json') }}"
+    body_format: json
     headers:
       Content-Type: "Content-Type: application/json"
   register: add_ds
 
 - name: Regex json tear down
   replace:
-    path: "{{ lookup('file', 'openshift-cluster-monitoring.json') }}"
+    path: /tmp/openshift-cluster-monitoring.json
+    regexp: '{{ grafana_datasource_name }}'
+    replace: '${DS_PR}'
+
+- name: Pull node exporter dashboard from openshift/origin
+  get_url:
+    url: "{{ grafana_base_url }}/node-exporter-full-dashboard.json"
+    dest: /tmp/node-exporter-full-dashboard.json
+  when: grafana_node_exporter | default(false) | bool == true
+
+
+- name: Regex set data soure name for node exporter
+  replace:
+    path: /tmp/node-exporter-full-dashboard.json
     regexp: '${DS_PR}'
-    replace: '{{ gf_datasource_name }}'
+    replace: '{{ grafana_datasource_name }}'
+    backup: yes
+  when: grafana_node_exporter | default(false) | bool == true
+
+- name: Regex setup granularity for node exporter
+  replace:
+    path: /tmp/node-exporter-full-dashboard.json
+    regexp: 'Xs'
+    replace: '{{ grafana_graph_granularity }}'
     backup: yes
+  when: grafana_node_exporter | default(false) | bool == true
+
+- name: Add node exporter dashboard
+  uri:
+    url: "https://{{ route }}/api/dashboards/db"
+    user: admin
+    password: admin
+    method: POST
+    body: "{{ lookup('file','/tmp/node-exporter-full-dashboard.json') }}"
+    body_format: json
+    headers:
+      Content-Type: "Content-Type: application/json"
+  register: add_ds
+  when: grafana_node_exporter | default(false) | bool == true