refactor grafana role

playbooks/openshift-grafana/private/config.yml

@@ -1,6 +1,29 @@
 ---
-- name: Deploy grafana server
-  hosts: masters
+- name: Grafana Install Checkpoint Start
+  hosts: all
+  gather_facts: false
   tasks:
-  - include_role:
-      name: openshift_grafana
+  - name: Set Grafana install 'In Progress'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_grafana:
+          status: "In Progress"
+          start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
+
+- name: OpenShift Grafana
+  hosts: oo_first_master
+  roles:
+  - role: openshift_grafana
+
+- name: Grafana Install Checkpoint End
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set Grafana install 'Complete'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_grafana:
+          status: "Complete"
+          end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"

playbooks/openshift-grafana/private/uninstall.yml

@@ -0,0 +1,10 @@
+---
+- name: Uninstall Grafana
+  hosts: masters[0]
+  vars:
+    openshift_grafana_state: absent
+  tasks:
+  - name: Run the Grafana Uninstall Role Tasks
+    include_role:
+      name: openshift_grafana
+      tasks_from: uninstall_grafana

playbooks/openshift-grafana/uninstall.yml

@@ -0,0 +1,2 @@
+---
+- import_playbook: private/uninstall.yml

roles/openshift_grafana/README.md

@@ -0,0 +1,78 @@
+OpenShift Grafana Playbooks
+===========================
+
+OpenShift Grafana Configuration.
+
+NOTE: Grafana is not yet supported by Red hat. This is community version of playbooks and grafana.
+
+This role handles the configuration of Grafana dashboard with Prometheus.
+
+Requirements
+------------
+
+* Ansible 2.2
+
+
+Host Variables
+--------------
+
+For configuring new clusters, the following role variables are available.
+
+Each host in either of the above groups must have the following variable
+defined:
+
+| Name                                         | Default value     | Description                                  |
+|----------------------------------------------|-------------------|----------------------------------------------|
+| openshift_grafana_namespace                  | grafana           | Default grafana namespace                    |
+| openshift_grafana_timeout                    | 300               | Default pod wait timeout                     |
+| openshift_grafana_prometheus_namespace       | openshift-metrics | Default prometheus namespace                 |
+| openshift_grafana_prometheus_serviceaccount  | promethus         | Prometheus service account                   |
+| openshift_grafana_serviceaccount_name        | grafana           | Grafana service account name                 |
+| openshift_grafana_datasource_name            | prometheus        | Default datasource name                      |
+| openshift_grafana_node_exporter              | false             | Do we want to deploy node exported dashboard |
+| openshift_grafana_graph_granularity          | 2m                | Default dashboard granularity                |
+| openshift_grafana_node_selector              | {"region":"infra"}| Default node selector                        |
+| openshift_grafana_serviceaccount_annotations | empty             | Additional service account annotation list   |
+| openshift_grafana_dashboards                 | (check defaults)  | Additional list of dashboards to deploy      |
+| openshift_grafana_hostname                   | grafana           | Grafana route hostname                       |
+| openshift_grafana_service_name               | grafana           | Grafana Service name                         |
+| openshift_grafana_service_port               | 443               | Grafana service port                         |
+| openshift_grafana_service_targetport         | 8443              | Grafana TargetPort to auth proxy             |
+| openshift_grafana_container_port             | 3000              | Grafana container port                       |
+| openshift_grafana_oauth_proxy_memory_requests| nil               | OAuthProxy memory request                    |
+| openshift_grafana_oauth_proxy_cpu_requests   | nil               | OAuthProxy CPY request                       |
+| openshift_grafana_oauth_proxy_memory_limit   | nil               | OAuthProxy Memory Limit                      |
+| openshift_grafana_oauth_proxy_cpu_limit      | nil               | OAuthProxy CPY limit                         |
+| openshift_grafana_storage_type               | emptydir          | Default grafana storage type [emptydir, pvc] |
+| openshift_grafana_pvc_name                   | grafana           | Grafana Storage Claim name                   |
+| openshift_grafana_pvc_access_modes           | ReadWriteOnce     | Grafana Storage Claim mode                   |
+| openshift_grafana_pvc_pv_selector            | {}                | Grafana PV Selector                          |
+| openshift_grafana_sc_name                    | None              | StorageClass name to use                     |
+
+Dependencies
+------------
+
+* openshift_hosted_facts
+* openshift_repos
+* lib_openshift
+
+Example Playbook
+----------------
+
+```
+- name: Configure Grafana
+  hosts: oo_first_master
+  roles:
+  - role: openshift_grafana
+```
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Mangirdas Judeikis (mudeiki@redhat.com)
+Eldad Marciano

roles/openshift_grafana/defaults/main.yaml

@@ -0,0 +1,54 @@
+---
+
+openshift_grafana_state: present
+openshift_grafana_namespace: grafana
+openshift_grafana_pod_timeout: 300
+openshift_grafana_prometheus_namespace: "{{ openshift_prometheus_namespace | default('openshift-metrics') }}"
+openshift_grafana_prometheus_serviceaccount: prometheus
+openshift_grafana_serviceaccount_name: grafana
+openshift_grafana_serviceaccount_annotations: []
+l_openshift_grafana_serviceaccount_annotations:
+  - serviceaccounts.openshift.io/oauth-redirectreference.primary='{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"grafana"}}'
+openshift_grafana_datasource_name: "prometheus"
+openshift_grafana_node_exporter: false
+openshift_grafana_graph_granularity: "2m"
+openshift_grafana_node_selector: {"region":"infra"}
+openshift_grafana_hostname: grafana-{{openshift_grafana_namespace}}.{{openshift_master_default_subdomain}}
+openshift_grafana_service_name: grafana
+openshift_grafana_service_port: 443
+openshift_grafana_service_targetport: 8443
+openshift_grafana_container_port: 3000
+
+openshift_grafana_storage_type: "emptydir"
+openshift_grafana_pvc_name: grafana
+openshift_grafana_pvc_size: "{{ openshift_grafana_storage_volume_size | default('10Gi') }}"
+openshift_grafana_pvc_access_modes: [ReadWriteOnce]
+openshift_grafana_pvc_pv_selector: "{{ openshift_grafana_storage_labels | default({}) }}"
+openshift_grafana_sc_name: "{{ openshift_grafana_storage_class | default(None) }}"
+
+openshift_grafana_dashboards: []
+l_openshift_grafana_dashboards:
+  - openshift-cluster-monitoring.json
+  - node-exporter-full-dashboard.json
+
+# container resources
+openshift_grafana_cpu_limit: null
+openshift_grafana_memory_limit: null
+openshift_grafana_cpu_requests: null
+openshift_grafana_memory_requests: null
+openshift_grafana_oauth_proxy_cpu_limit: null
+openshift_grafana_oauth_proxy_memory_limit: null
+openshift_grafana_oauth_proxy_cpu_requests: null
+openshift_grafana_oauth_proxy_memory_requests: null
+
+openshift_grafana_datasource_payload:
+  name: grafana_name
+  type: prometheus
+  typeLogoUrl: ''
+  access: proxy
+  url: https://prometheus_url
+  basicAuth: false
+  withCredentials: false
+  jsonData:
+    tlsSkipVerify: true
+    token: satoken

roles/openshift_grafana/defaults/main.yml

@@ -1,13 +0,0 @@
----
-grafana_base_url: https://raw.githubusercontent.com/openshift/origin/master/examples/grafana/
-datasource_payload:
-  name: grafana_name
-  type: prometheus
-  typeLogoUrl: ''
-  access: proxy
-  url: prometheus_url
-  basicAuth: false
-  withCredentials: false
-  jsonData:
-    tlsSkipVerify: true
-    token: satoken

roles/openshift_grafana/meta/main.yml

@@ -1,13 +1,20 @@
 ---
 galaxy_info:
-  author: Eldad Marciano
-  description: Setup grafana for openshift and node exporter dashboarding
+  author: OpenShift Development <dev@lists.openshift.redhat.com>
+  description: Deploy OpenShift grafana integration for the cluster
   company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 2.3
+  license: license (Apache)
+  min_ansible_version: 2.4
   platforms:
   - name: EL
     versions:
     - 7
+  - name: Fedora
+    versions:
+    - all
   categories:
-  - metrics
+  - openshift
+dependencies:
+- role: lib_openshift
+- role: openshift_facts
+- role: lib_utils

roles/openshift_grafana/tasks/facts.yaml

@@ -0,0 +1,30 @@
+---
+- set_fact:
+    grafana_state: "{{ openshift_grafana_state }}"
+    grafana_namespace: "{{ openshift_grafana_namespace }}"
+    grafana_timeout: "{{ openshift_grafana_pod_timeout }}"
+    grafana_prometheus_namespace: "{{ openshift_grafana_prometheus_namespace }}"
+    grafana_prometheus_serviceaccount: "{{ openshift_grafana_prometheus_serviceaccount }}"
+    grafana_serviceaccount_name: "{{ openshift_grafana_serviceaccount_name }}"
+    grafana_datasource_name: "{{ openshift_grafana_datasource_name }}"
+    grafana_node_exporter: "{{ openshift_grafana_node_exporter }}"
+    grafana_graph_granularity: "{{ openshift_grafana_graph_granularity }}"
+    grafana_datasource_json: "{{ openshift_grafana_datasource_payload | to_json }}"
+    grafana_node_selector: "{{ openshift_grafana_node_selector }}"
+    grafana_serviceaccount_annotations: "{{ l_openshift_grafana_serviceaccount_annotations + openshift_grafana_serviceaccount_annotations|list }}"
+    grafana_dashboards: "{{ l_openshift_grafana_dashboards + openshift_grafana_dashboards|list }}"
+    grafana_hostname: "{{ openshift_grafana_hostname }}"
+    grafana_service_name: "{{ openshift_grafana_service_name }}"
+    grafana_service_port: "{{ openshift_grafana_service_port }}"
+    grafana_service_targetport: "{{ openshift_grafana_service_targetport }}"
+    grafana_container_port: "{{ openshift_grafana_container_port }}"
+    grafana_oauth_proxy_memory_requests: "{{ openshift_grafana_oauth_proxy_memory_requests }}"
+    grafana_oauth_proxy_cpu_requests: "{{ openshift_grafana_oauth_proxy_cpu_requests }}"
+    grafana_oauth_proxy_memory_limit: "{{ openshift_grafana_oauth_proxy_memory_limit }}"
+    grafana_oauth_proxy_cpu_limit: "{{ openshift_grafana_oauth_proxy_cpu_limit }}"
+    grafana_storage_type: "{{ openshift_grafana_storage_type }}"
+    grafana_pvc_name: "{{ openshift_grafana_pvc_name }}"
+    grafana_pvc_size: "{{ openshift_grafana_pvc_size }}"
+    grafana_pvc_access_modes: "{{ openshift_grafana_pvc_access_modes }}"
+    grafana_pvc_pv_selector: "{{ openshift_grafana_pvc_pv_selector }}"
+    grafana_sc_name: "{{ openshift_grafana_sc_name }}"

roles/openshift_grafana/tasks/gf-permissions.yml

@@ -1,25 +0,0 @@
----
-- name: Create grafana user on htpasswd
-  htpasswd:
-    path: /etc/origin/master/htpasswd
-    name: "{{ grafana_user }}"
-    password: "{{ grafana_password }}"
-
-- name: Set htpasswd provider for master-config
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    edits:
-    - key: a.identityProviders
-      update: true
-      value:
-      - challenge: true
-        login: true
-        mappingMethod: claim
-        name: allow_all
-        provider:
-          apiVersion: v1
-          kind: HTPasswdPasswordIdentityProvider
-          file: /etc/origin/master/htpasswd
-
-- name: Restart mater api
-  command: systemctl restart atomic-openshift-master-api.service

roles/openshift_grafana/tasks/install_grafana.yaml

@@ -0,0 +1,237 @@
+---
+
+- name: Ensure that Grafana has nodes to run on
+  fail:
+    msg: |-
+      No schedulable nodes found matching node selector for Grafana - '{{ grafana_node_selector }}'
+  when:
+  - openshift_schedulable_node_labels  | lib_utils_oo_has_no_matching_selector(grafana_node_selector)
+
+- name: Create grafana namespace
+  oc_project:
+    state: present
+    name: "{{ grafana_namespace }}"
+    node_selector: "{{ grafana_node_selector | lib_utils_oo_selector_to_string_list() }}"
+    description: Grafana
+
+- name: create grafana_serviceaccount_name serviceaccount
+  oc_serviceaccount:
+    state: present
+    name: "{{ grafana_serviceaccount_name }}"
+    namespace: "{{ grafana_namespace }}"
+  changed_when: no
+
+# TODO remove this when annotations are supported by oc_serviceaccount
+- name: annotate serviceaccount
+  command: >
+    {{ openshift_client_binary }} annotate --overwrite -n {{ grafana_namespace }}
+    serviceaccount {{ grafana_serviceaccount_name }} {{ item }}
+  with_items:
+    "{{ grafana_serviceaccount_annotations }}"
+
+# create clusterrolebinding for prometheus serviceaccount
+- name: Set cluster-reader permissions for grafana
+  oc_adm_policy_user:
+    state: present
+    namespace: "{{ grafana_namespace }}"
+    resource_kind: cluster-role
+    resource_name: cluster-reader
+    user: "system:serviceaccount:{{ grafana_namespace }}:{{ grafana_serviceaccount_name }}"
+
+- name: create grafana routes
+  oc_route:
+    state: present
+    name: "{{ item.name }}"
+    host: "{{ item.host }}"
+    namespace: "{{ grafana_namespace }}"
+    service_name: "{{ item.name }}"
+    tls_termination: reencrypt
+  with_items:
+  - name: grafana
+    host: "{{ grafana_hostname }}"
+
+- name: create services for grafana
+  oc_service:
+    name: "{{ grafana_service_name }}"
+    namespace: "{{ grafana_namespace }}"
+    labels:
+      name: grafana
+    annotations:
+      prometheus.io/scrape: "true"
+      prometheus.io/scheme: https
+      service.alpha.openshift.io/serving-cert-secret-name: grafana-tls
+    ports:
+    - name: grafana
+      port: "{{ grafana_service_port }}"
+      targetPort: "{{ grafana_service_targetport }}"
+      protocol: TCP
+    selector:
+      app: grafana
+
+- name: Set grafana secrets
+  oc_secret:
+    state: present
+    name: "{{ item }}-proxy"
+    namespace: "{{ grafana_namespace }}"
+    contents:
+    - path: session_secret
+      data: "{{ 43 | lib_utils_oo_random_word }}="
+  with_items:
+  - grafana
+
+# Storage
+- name: create grafana pvc
+  oc_pvc:
+    namespace: "{{ grafana_namespace }}"
+    name: "{{ grafana_pvc_name }}"
+    access_modes: "{{ grafana_pvc_access_modes }}"
+    volume_capacity: "{{ grafana_pvc_size }}"
+    selector: "{{ grafana_pvc_pv_selector }}"
+    storage_class_name: "{{ grafana_sc_name }}"
+  when: grafana_storage_type == 'pvc'
+
+- name: template grafana components
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ mktemp.stdout }}/{{ item }}"
+  changed_when: no
+  with_items:
+  - "grafana.yml"
+  - "grafana-config.yml"
+
+- name: Set grafana configmap
+  oc_configmap:
+    state: present
+    name: "grafana-config"
+    namespace: "{{ grafana_namespace }}"
+    from_file:
+      defaults.ini: "{{ mktemp.stdout }}/grafana-config.yml"
+
+- name: Set grafana deployment
+  oc_obj:
+    state: present
+    name: "grafana"
+    namespace: "{{ grafana_namespace }}"
+    kind: deployment
+    files:
+    - "{{ mktemp.stdout }}/grafana.yml"
+
+- name: Copy Grafana files
+  copy:
+    src: "dashboards/{{ item }}"
+    dest: "{{ mktemp.stdout }}/{{ item }}"
+  with_items:
+  - "{{ grafana_dashboards }}"
+
+- name: Wait for grafana pod
+  oc_obj:
+    namespace: "{{ grafana_namespace }}"
+    kind: pod
+    state: list
+    selector: "app=grafana"
+  register: grafana_pod
+  until:
+  - "grafana_pod.results.results[0]['items'] | count > 0"
+  # Pod's 'Ready' status must be True
+  - "grafana_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1"
+  delay: 10
+  retries: "{{ (grafana_timeout | int / 10) | int }}"
+
+- name: Get the prometheus SA
+  shell: oc sa get-token {{ grafana_prometheus_serviceaccount }} -n {{ grafana_prometheus_namespace }}
+  register: prometheus_sa_token
+
+- name: Get prometheus route
+  oc_route:
+    state: list
+    name: prometheus
+    namespace: "{{ grafana_prometheus_namespace }}"
+  register: prometheus_route
+
+- name: Get prometheus route
+  oc_route:
+    state: list
+    name: grafana
+    namespace: "{{ grafana_namespace }}"
+  register: grafana_route
+
+- name: set facts
+  set_fact:
+    payload_data: "{{ grafana_datasource_json | regex_replace('grafana_name', grafana_datasource_name ) | regex_replace('prometheus_url', prometheus_route.results[0].spec.host ) | regex_replace('satoken',  prometheus_sa_token.stdout ) }}"
+    grafana_route: "https://{{ grafana_route.results[0].spec.host }}"
+
+- name: Add new datasource to grafana
+  uri:
+    url: "{{ grafana_route }}/api/datasources"
+    user: admin
+    password: admin
+    method: POST
+    body: '{{ payload_data }}'
+    body_format: json
+    headers:
+      Content-Type: "Content-Type: application/json"
+  register: add_ds
+
+- name: Regex set data soure name for openshift dashboard
+  replace:
+    path: "{{ mktemp.stdout }}/openshift-cluster-monitoring.json"
+    regexp: '{{ item.regexp }}'
+    replace: '{{ item.replace }}'
+    backup: yes
+  with_items:
+  - regexp: '##DS_PR##'
+    replace: '{{ grafana_datasource_name }}'
+  - regexp: 'Xs'
+    replace: '{{ grafana_graph_granularity }}'
+
+- name: Regex set data soure name for node exporter
+  replace:
+    path: "{{ mktemp.stdout }}/node-exporter-full-dashboard.json"
+    regexp: '{{ item.regexp }}'
+    replace: '{{ item.replace }}'
+    backup: yes
+  with_items:
+  - regexp: '##DS_PR##'
+    replace: '{{ grafana_datasource_name }}'
+  - regexp: 'Xs'
+    replace: '{{ grafana_graph_granularity }}'
+  when: grafana_node_exporter | default(false) | bool == true
+
+- set_fact:
+    cluster_monitoring_dashboard: "{{ mktemp.stdout }}/openshift-cluster-monitoring.json"
+    node_exporter_dashboard: "{{ mktemp.stdout }}/node-exporter-full-dashboard.json"
+
+- name: Slurp dashboard file
+  slurp:
+    src: "{{ cluster_monitoring_dashboard }}"
+  register: slurpfile
+
+- name: Add openshift dashboard
+  uri:
+    url: "{{ grafana_route }}/api/dashboards/db"
+    user: admin
+    password: admin
+    method: POST
+    body: '{{ slurpfile["content"] | b64decode }}'
+    body_format: json
+    headers:
+      Content-Type: "Content-Type: application/json"
+  register: add_ds
+
+- name: Slurp dashboard file
+  slurp:
+    src: "{{ node_exporter_dashboard }}"
+  register: slurpfile
+
+- name: Add node exporter dashboard
+  uri:
+    url: "{{ grafana_route }}/api/dashboards/db"
+    user: admin
+    password: admin
+    method: POST
+    body: '{{ slurpfile["content"] | b64decode }}'
+    body_format: json
+    headers:
+      Content-Type: "Content-Type: application/json"
+  register: add_ds
+  when: grafana_node_exporter | default(false) | bool == true

roles/openshift_grafana/tasks/main.yaml

@@ -0,0 +1,27 @@
+---
+
+- name: Set default image variables based on openshift_deployment_type
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ openshift_deployment_type }}.yml"
+    - "default_images.yml"
+
+- name: Create temp directory for doing work in
+  command: mktemp -d /tmp/openshift-grafana-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+  check_mode: no
+
+- include_tasks: facts.yaml
+- include_tasks: install_grafana.yaml
+  when: grafana_state == 'present'
+
+- include_tasks: uninstall_grafana.yaml
+  when: grafana_state == 'absent'
+
+- name: Delete temp directory
+  file:
+    name: "{{ mktemp.stdout }}"
+    state: absent
+  changed_when: False
+  check_mode: no

roles/openshift_grafana/tasks/main.yml

@@ -1,150 +0,0 @@
----
-- name: Create grafana namespace
-  oc_project:
-    state: present
-    name: "{{ grafana_namespace }}"
-
-- name: Configure Grafana Permissions
-  include_tasks: tasks/gf-permissions.yml
-
-# TODO:// Templatize the remote files
-- name: Pull grafana yaml from openshift/origin
-  get_url:
-    url: "{{ grafana_base_url }}/grafana.yaml"
-    dest: /tmp/grafana.yaml
-
-- name: Create grafana template
-  oc_obj:
-    namespace: "{{ grafana_namespace }}"
-    kind: template
-    name: grafana
-    state: present
-    files:
-    - "/tmp/grafana.yaml"
-
-- name: Process the grafana file
-  oc_process:
-    namespace: "{{ grafana_namespace }}"
-    template_name: grafana
-    create: True
-
-- name: Wait to grafana be running
-  command: oc rollout status deployment/grafana
-
-- name: Add view role to grafana user
-  oc_adm_policy_user:
-    user: "{{ grafana_user }}"
-    resource_kind: cluster-role
-    resource_name: view
-    state: present
-    role_namespace: "{{ grafana_prometheus_namespace }}"
-
-- name: Get the prometheus SA
-  shell: oc sa get-token {{ grafana_prometheus_sa }} -n {{ grafana_prometheus_namespace }}
-  register: sa
-
-- name: Get prometheus route
-  oc_route:
-    state: list
-    name: prometheus
-    namespace: "{{ grafana_prometheus_namespace }}"
-  register: prom_out
-
-- name: Get prometheus route
-  oc_route:
-    state: list
-    name: grafana
-    namespace: "{{ grafana_namespace }}"
-  register: grafana_out
-
-- set_fact: ds_json={{ datasource_payload | to_json }}
-- set_fact: prometheus=prom_out.results[0].spec.host
-- set_fact: route=grafana_out.results[0].spec.host
-- set_fact: token={{ sa.stdout }}
-- set_fact:
-    payload_data: "{{ ds_json | regex_replace('grafana_name', grafana_datasource_name ) | regex_replace('prometheus_url', prometheus ) | regex_replace('satoken',  token ) }}"
-
-- name: Add new datasrouce to grafana
-  uri:
-    url: "https://{{ route }}/api/datasources"
-    user: admin
-    password: admin
-    method: POST
-    body: "{{ payload_data }}"
-    body_format: json
-    headers:
-      Content-Type: "Content-Type: application/json"
-  register: add_ds
-
-- name: Pull grafana yaml from openshift/origin
-  get_url:
-    url: "{{ grafana_base_url }}/openshift-cluster-monitoring.json"
-    dest: /tmp/openshift-cluster-monitoring.json
-
-- name: Regex set data soure name for openshift dashboard
-  replace:
-    path: /tmp/openshift-cluster-monitoring.json
-    regexp: '${DS_PR}'
-    replace: '{{ grafana_datasource_name }}'
-    backup: yes
-
-- name: Regex setup granularity
-  replace:
-    path: /tmp/openshift-cluster-monitoring.json
-    regexp: 'Xs'
-    replace: '{{ grafana_graph_granularity }}'
-    backup: yes
-
-- name: Add openshift dashboard
-  uri:
-    url: "https://{{ route }}/api/dashboards/db"
-    user: admin
-    password: admin
-    method: POST
-    body: "{{ lookup('file','/tmp/openshift-cluster-monitoring.json') }}"
-    body_format: json
-    headers:
-      Content-Type: "Content-Type: application/json"
-  register: add_ds
-
-- name: Regex json tear down
-  replace:
-    path: /tmp/openshift-cluster-monitoring.json
-    regexp: '{{ grafana_datasource_name }}'
-    replace: '${DS_PR}'
-
-- name: Pull node exporter dashboard from openshift/origin
-  get_url:
-    url: "{{ grafana_base_url }}/node-exporter-full-dashboard.json"
-    dest: /tmp/node-exporter-full-dashboard.json
-  when: grafana_node_exporter | default(false) | bool == true
-
-
-- name: Regex set data soure name for node exporter
-  replace:
-    path: /tmp/node-exporter-full-dashboard.json
-    regexp: '${DS_PR}'
-    replace: '{{ grafana_datasource_name }}'
-    backup: yes
-  when: grafana_node_exporter | default(false) | bool == true
-
-- name: Regex setup granularity for node exporter
-  replace:
-    path: /tmp/node-exporter-full-dashboard.json
-    regexp: 'Xs'
-    replace: '{{ grafana_graph_granularity }}'
-    backup: yes
-  when: grafana_node_exporter | default(false) | bool == true
-
-- name: Add node exporter dashboard
-  uri:
-    url: "https://{{ route }}/api/dashboards/db"
-    user: admin
-    password: admin
-    method: POST
-    body: "{{ lookup('file','/tmp/node-exporter-full-dashboard.json') }}"
-    body_format: json
-    headers:
-      Content-Type: "Content-Type: application/json"
-  register: add_ds
-  when: grafana_node_exporter | default(false) | bool == true

roles/openshift_grafana/tasks/uninstall_grafana.yaml

@@ -0,0 +1,7 @@
+---
+
+# remove namespace - This will delete all the objects inside the namespace
+- name: Remove grafana project
+  oc_project:
+    state: absent
+    name: "{{ grafana_namespace }}"

roles/openshift_grafana/templates/grafana-config.yml.j2

@@ -0,0 +1,387 @@
+##################### Grafana Configuration Defaults #####################
+#
+# Do not modify this file in grafana installs
+#
+# possible values : production, development
+app_mode = production
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+instance_name = ${HOSTNAME}
+#################################### Paths ###############################
+[paths]
+# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
+#
+data = data
+#
+# Directory where grafana can store logs
+#
+logs = data/log
+#
+# Directory where grafana will automatically scan and look for plugins
+#
+plugins = data/plugins
+#################################### Server ##############################
+[server]
+# Protocol (http, https, socket)
+protocol = http
+# The ip address to bind to, empty will bind to all interfaces
+http_addr =
+# The http port  to use
+http_port = 3000
+# The public facing domain name used to access grafana from a browser
+domain = localhost
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+enforce_domain = false
+# The full public facing url
+root_url = %(protocol)s://%(domain)s:%(http_port)s/
+# Log web requests
+router_logging = false
+# the path relative working path
+static_root_path = public
+# enable gzip
+enable_gzip = false
+# https certs & key file
+cert_file = /etc/tls/private/tls.crt
+cert_key = /etc/tls/private/tls.key
+# Unix socket path
+socket = /tmp/grafana.sock
+#################################### Database ############################
+[database]
+# You can configure the database connection by specifying type, host, name, user and password
+# as separate properties or as on string using the url property.
+# Either "mysql", "postgres" or "sqlite3", it's your choice
+type = sqlite3
+host = 127.0.0.1:3306
+name = grafana
+user = root
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+password =
+# Use either URL or the previous fields to configure the database
+# Example: mysql://user:secret@host:port/database
+url =
+# Max idle conn setting default is 2
+max_idle_conn = 2
+# Max conn setting default is 0 (mean not set)
+max_open_conn =
+# For "postgres", use either "disable", "require" or "verify-full"
+# For "mysql", use either "true", "false", or "skip-verify".
+ssl_mode = disable
+ca_cert_path =
+client_key_path =
+client_cert_path =
+server_cert_name =
+# For "sqlite3" only, path relative to data_path setting
+path = grafana.db
+#################################### Session #############################
+[session]
+# Either "memory", "file", "redis", "mysql", "postgres", "memcache", default is "file"
+provider = file
+# Provider config options
+# memory: not have any config yet
+# file: session dir path, is relative to grafana data_path
+# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
+# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
+# mysql: go-sql-driver/mysql dsn config string, examples:
+#         `user:password@tcp(127.0.0.1:3306)/database_name`
+#         `user:password@unix(/var/run/mysqld/mysqld.sock)/database_name`
+# memcache: 127.0.0.1:11211
+provider_config = sessions
+# Session cookie name
+cookie_name = grafana_sess
+# If you use session in https only, default is false
+cookie_secure = false
+# Session life time, default is 86400
+session_life_time = 86400
+gc_interval_time = 86400
+#################################### Data proxy ###########################
+[dataproxy]
+# This enables data proxy logging, default is false
+logging = false
+#################################### Analytics ###########################
+[analytics]
+# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
+# No ip addresses are being tracked, only simple counters to track
+# running instances, dashboard and error counts. It is very helpful to us.
+# Change this option to false to disable reporting.
+reporting_enabled = true
+# Set to false to disable all checks to https://grafana.com
+# for new versions (grafana itself and plugins), check is used
+# in some UI views to notify that grafana or plugin update exists
+# This option does not cause any auto updates, nor send any information
+# only a GET request to https://grafana.com to get latest versions
+check_for_updates = true
+# Google Analytics universal tracking code, only enabled if you specify an id here
+google_analytics_ua_id =
+# Google Tag Manager ID, only enabled if you specify an id here
+google_tag_manager_id =
+#################################### Security ############################
+[security]
+# default admin user, created on startup
+admin_user = admin
+# default admin password, can be changed before first start of grafana,  or in profile settings
+admin_password = admin
+# used for signing
+secret_key = SW2YcwTIb9zpOOhoPsMm
+# Auto-login remember days
+login_remember_days = 7
+cookie_username = grafana_user
+cookie_remember_name = grafana_remember
+# disable gravatar profile images
+disable_gravatar = false
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+data_source_proxy_whitelist =
+[snapshots]
+# snapshot sharing options
+external_enabled = true
+external_snapshot_url = https://snapshots-origin.raintank.io
+external_snapshot_name = Publish to snapshot.raintank.io
+# remove expired snapshot
+snapshot_remove_expired = true
+# remove snapshots after 90 days
+snapshot_TTL_days = 90
+#################################### Users ####################################
+[users]
+# disable user signup / registration
+allow_sign_up = true
+# Allow non admin users to create organizations
+allow_org_create = true
+# Set to true to automatically assign new users to the default organization (id 1)
+auto_assign_org = true
+# Default role new users will be automatically assigned (if auto_assign_org above is set to true)
+auto_assign_org_role = Admin
+# Require email validation before sign up completes
+verify_email_enabled = false
+# Background text for the user field on the login page
+login_hint = email or username
+# Default UI theme ("dark" or "light")
+default_theme = dark
+# External user management
+external_manage_link_url =
+external_manage_link_name =
+external_manage_info =
+[auth]
+# Set to true to disable (hide) the login form, useful if you use OAuth
+disable_login_form = true
+# Set to true to disable the signout link in the side menu. useful if you use auth.proxy
+disable_signout_menu = true
+#################################### Anonymous Auth ######################
+[auth.anonymous]
+# enable anonymous access
+enabled = true
+# specify organization name that should be used for unauthenticated users
+org_name = Main Org.
+# specify role for unauthenticated users
+org_role = Admin
+#################################### Github Auth #########################
+[auth.github]
+enabled = false
+allow_sign_up = true
+client_id = some_id
+client_secret = some_secret
+scopes = user:email
+auth_url = https://github.com/login/oauth/authorize
+token_url = https://github.com/login/oauth/access_token
+api_url = https://api.github.com/user
+team_ids =
+allowed_organizations =
+#################################### Google Auth #########################
+[auth.google]
+enabled = false
+allow_sign_up = true
+client_id = some_client_id
+client_secret = some_client_secret
+scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
+auth_url = https://accounts.google.com/o/oauth2/auth
+token_url = https://accounts.google.com/o/oauth2/token
+api_url = https://www.googleapis.com/oauth2/v1/userinfo
+allowed_domains =
+hosted_domain =
+#################################### Grafana.com Auth ####################
+# legacy key names (so they work in env variables)
+[auth.grafananet]
+enabled = false
+allow_sign_up = true
+client_id = some_id
+client_secret = some_secret
+scopes = user:email
+allowed_organizations =
+[auth.grafana_com]
+enabled = false
+allow_sign_up = true
+client_id = some_id
+client_secret = some_secret
+scopes = user:email
+allowed_organizations =
+#################################### Generic OAuth #######################
+[auth.generic_oauth]
+name = OAuth
+enabled = false
+allow_sign_up = true
+client_id = some_id
+client_secret = some_secret
+scopes = user:email
+auth_url =
+token_url =
+api_url =
+team_ids =
+allowed_organizations =
+#################################### Basic Auth ##########################
+[auth.basic]
+enabled = false
+#################################### Auth Proxy ##########################
+[auth.proxy]
+enabled = true
+header_name = X-WEBAUTH-USER
+header_property = username
+auto_sign_up = true
+ldap_sync_ttl = 60
+whitelist =
+#################################### Auth LDAP ###########################
+[auth.ldap]
+enabled = false
+config_file = /etc/grafana/ldap.toml
+allow_sign_up = true
+#################################### SMTP / Emailing #####################
+[smtp]
+enabled = false
+host = localhost:25
+user =
+# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
+password =
+cert_file =
+key_file =
+skip_verify = false
+from_address = admin@grafana.localhost
+from_name = Grafana
+ehlo_identity =
+[emails]
+welcome_email_on_sign_up = false
+templates_pattern = emails/*.html
+#################################### Logging ##########################
+[log]
+# Either "console", "file", "syslog". Default is console and  file
+# Use space to separate multiple modes, e.g. "console file"
+mode = console file
+# Either "debug", "info", "warn", "error", "critical", default is "info"
+level = error
+# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
+filters =
+# For "console" mode only
+[log.console]
+level =
+# log line format, valid options are text, console and json
+format = console
+# For "file" mode only
+[log.file]
+level =
+# log line format, valid options are text, console and json
+format = text
+# This enables automated log rotate(switch of following options), default is true
+log_rotate = true
+# Max line number of single file, default is 1000000
+max_lines = 1000000
+# Max size shift of single file, default is 28 means 1 << 28, 256MB
+max_size_shift = 28
+# Segment log daily, default is true
+daily_rotate = true
+# Expired days of log file(delete after max days), default is 7
+max_days = 7
+[log.syslog]
+level =
+# log line format, valid options are text, console and json
+format = text
+# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
+network =
+address =
+# Syslog facility. user, daemon and local0 through local7 are valid.
+facility =
+# Syslog tag. By default, the process' argv[0] is used.
+tag =
+#################################### AMQP Event Publisher ################
+[event_publisher]
+enabled = false
+rabbitmq_url = amqp://localhost/
+exchange = grafana_events
+#################################### Dashboard JSON files ################
+[dashboards.json]
+enabled = false
+path = /var/lib/grafana/dashboards
+#################################### Usage Quotas ########################
+[quota]
+enabled = false
+#### set quotas to -1 to make unlimited. ####
+# limit number of users per Org.
+org_user = 10
+# limit number of dashboards per Org.
+org_dashboard = 100
+# limit number of data_sources per Org.
+org_data_source = 10
+# limit number of api_keys per Org.
+org_api_key = 10
+# limit number of orgs a user can create.
+user_org = 10
+# Global limit of users.
+global_user = -1
+# global limit of orgs.
+global_org = -1
+# global limit of dashboards
+global_dashboard = -1
+# global limit of api_keys
+global_api_key = -1
+# global limit on number of logged in users.
+global_session = -1
+#################################### Alerting ############################
+[alerting]
+# Disable alerting engine & UI features
+enabled = true
+# Makes it possible to turn off alert rule execution but alerting UI is visible
+execute_alerts = true
+#################################### Internal Grafana Metrics ############
+# Metrics available at HTTP API Url /api/metrics
+[metrics]
+enabled           = true
+interval_seconds  = 10
+# Send internal Grafana metrics to graphite
+[metrics.graphite]
+# Enable by setting the address setting (ex localhost:2003)
+address =
+prefix = prod.grafana.%(instance_name)s.
+[grafana_net]
+url = https://grafana.com
+[grafana_com]
+url = https://grafana.com
+#################################### Distributed tracing ############
+[tracing.jaeger]
+# jaeger destination (ex localhost:6831)
+address =
+# tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
+always_included_tag =
+# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
+sampler_type = const
+# jaeger samplerconfig param
+# for "const" sampler, 0 or 1 for always false/true respectively
+# for "probabilistic" sampler, a probability between 0 and 1
+# for "rateLimiting" sampler, the number of spans per second
+# for "remote" sampler, param is the same as for "probabilistic"
+# and indicates the initial sampling rate before the actual one
+# is received from the mothership
+sampler_param = 1
+#################################### External Image Storage ##############
+[external_image_storage]
+# You can choose between (s3, webdav, gcs)
+provider =
+[external_image_storage.s3]
+bucket_url =
+bucket =
+region =
+path =
+access_key =
+secret_key =
+[external_image_storage.webdav]
+url =
+username =
+password =
+public_url =
+[external_image_storage.gcs]
+key_file =
+bucket =

roles/openshift_grafana/templates/grafana.yml.j2

@@ -0,0 +1,118 @@
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: grafana
+  name: grafana
+  namespace: {{ grafana_namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: grafana
+  template:
+    metadata:
+      labels:
+        app: grafana
+      name: grafana
+    spec:
+      serviceAccountName: {{ grafana_namespace }}
+{% if grafana_node_selector is iterable and grafana_node_selector | length > 0 %}
+      nodeSelector:
+{% for key, value in grafana_node_selector.items() %}
+        {{ key }}: "{{ value }}"
+{% endfor %}
+{% endif %}
+      containers:
+      - name: oauth-proxy
+        image: "{{ l_openshift_grafana_proxy_image_prefix }}oauth-proxy:{{ l_openshift_grafana_proxy_image_version }}"
+        imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+{% if grafana_oauth_proxy_memory_requests is defined and grafana_oauth_proxy_memory_requests is not none %}
+            memory: "{{ grafana_oauth_proxy_memory_requests }}"
+{% endif %}
+{% if grafana_oauth_proxy_cpu_requests is defined and grafana_oauth_proxy_cpu_requests is not none %}
+            cpu: "{{ grafana_oauth_proxy_cpu_requests }}"
+{% endif %}
+          limits:
+{% if grafana_oauth_proxy_memory_limit is defined and grafana_oauth_proxy_memory_limit is not none %}
+            memory: "{{ grafana_oauth_proxy_memory_limit }}"
+{% endif %}
+{% if grafana_oauth_proxy_cpu_limit is defined and grafana_oauth_proxy_cpu_limit is not none %}
+            cpu: "{{ grafana_oauth_proxy_cpu_limit }}"
+{% endif %}
+        ports:
+        - containerPort: {{ grafana_service_port }}
+          name: web
+        args:
+        - -https-address=:{{ grafana_service_targetport }}
+        - -http-address=
+        - -email-domain=*
+        - -client-id=system:serviceaccount:{{ grafana_namespace }}:{{ grafana_service_name }}
+        - -upstream=http://localhost:{{ grafana_container_port }}
+        - -provider=openshift
+#       - '-openshift-delegate-urls={"/api/datasources": {"resource": "namespace", "verb": "get", "resourceName": "{{ grafana_namespace }}", "namespace": "{{ grafana_namespace }}"}}'
+        - '-openshift-sar={"namespace": "{{ grafana_namespace }}", "verb": "list", "resource": "services"}'
+        - -tls-cert=/etc/tls/private/tls.crt
+        - -tls-key=/etc/tls/private/tls.key
+        - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
+        - -cookie-secret-file=/etc/proxy/secrets/session_secret
+        - -skip-auth-regex=^/metrics,/api/datasources,/api/dashboards
+        volumeMounts:
+        - mountPath: /etc/tls/private
+          name: grafana-tls-secret
+        - mountPath: /etc/proxy/secrets
+          name: grafana-proxy-secrets
+
+      - name: grafana
+        image: "{{ l_openshift_grafana_image_prefix }}{{ l_openshift_grafana_image }}:{{ l_openshift_grafana_image_version }}"
+        imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+{% if openshift_grafana_memory_requests is defined and openshift_grafana_memory_requests is not none %}
+            memory: "{{ openshift_grafana_memory_requests }}"
+{% endif %}
+{% if openshift_grafana_cpu_requests is defined and openshift_grafana_cpu_requests is not none %}
+            cpu: "{{ openshift_grafana_cpu_requests }}"
+{% endif %}
+          limits:
+{% if openshift_grafana_memory_limit is defined and openshift_grafana_memory_limit is not none %}
+            memory: "{{ openshift_grafana_memory_limit }}"
+{% endif %}
+{% if openshift_grafana_cpu_limit is defined and openshift_grafana_cpu_limit is not none %}
+            cpu: "{{ openshift_grafana_cpu_limit }}"
+{% endif %}
+        ports:
+        - name: grafana-http
+          containerPort: {{ grafana_container_port }}
+        volumeMounts:
+        - mountPath: "/root/go/src/github.com/grafana/grafana/data"
+          name: grafana-data
+        - mountPath: "/root/go/src/github.com/grafana/grafana/conf"
+          name: grafana-config
+        - mountPath: /etc/tls/private
+          name: grafana-tls-secret
+        - mountPath: /etc/proxy/secrets
+          name: grafana-proxy-secrets
+        command:
+         - "./bin/grafana-server"
+
+      volumes:
+      - name: grafana-config
+        configMap:
+          name: grafana-config
+      - name: grafana-proxy-secrets
+        secret:
+          secretName: grafana-proxy
+      - name: grafana-tls-secret
+        secret:
+          secretName: grafana-tls
+      - name: grafana-data
+{% if grafana_storage_type == 'pvc' %}
+        persistentVolumeClaim:
+          claimName: {{ grafana_pvc_name }}
+{% else %}
+        emptydir: {}
+{% endif %}

roles/openshift_grafana/vars/default_images.yml

@@ -0,0 +1,9 @@
+---
+# image prefix defaults
+l_openshift_grafana_image_prefix: "{{ openshift_grafana_image_prefix | default('mrsiano/') }}"
+l_openshift_grafana_proxy_image_prefix: "{{ openshift_grafana_proxy_image_prefix | default('openshift/') }}"
+l_openshift_grafana_image: "{{ openshift_grafana_image| default('grafana-ocp') }}"
+
+# image version defaults
+l_openshift_grafana_image_version: "{{ openshift_grafana_image_version | default('latest') }}"
+l_openshift_grafana_proxy_image_version: "{{ openshift_grafana_proxy_image_version | default('v1.0.0') }}"

roles/openshift_grafana/vars/openshift-enterprise.yml

@@ -0,0 +1,9 @@
+---
+# image prefix defaults
+l_openshift_grafana_image_prefix: "{{ openshift_grafana_image_prefix | default('mrsiano/') }}"
+l_openshift_grafana_proxy_image_prefix: "{{ openshift_grafana_proxy_image_prefix | default('openshift/') }}"
+l_openshift_grafana_image: "{{ openshift_grafana_image| default('grafana-ocp') }}"
+
+# image version defaults
+l_openshift_grafana_image_version: "{{ openshift_grafana_image_version | default('latest') }}"
+l_openshift_grafana_proxy_image_version: "{{ openshift_grafana_proxy_image_version | default('v1.0.0') }}"