works, but needs to be cleaned up

defaults/main.yml

@@ -64,3 +64,15 @@ prometheus_postgres_exporter_port: 5432
 prometheus_redis_exporter_addr: "redis://localhost:6379"
 prometheus_redis_exporter_user: ""
 prometheus_redis_exporter_password: ""
+
+## grafana
+
+grafana_auth_anonymous_enabled: false
+grafana_auth_anonymous_org_role: Editor # Viewer
+grafana_auth_anonymous_org_name: 'Main Org.'
+grafana_auth_disable_login_form: false
+grafana_editors_can_admin: false
+grafana_users_viewers_can_edit: false
+grafana_log_level: error
+grafana_router_logging: false
+grafana_disable_sanitize_html: true

handlers/main.yml

@@ -1,9 +1,10 @@
 ---
-- name: 'prometheus | server | restart container'
-  docker_container:
-    name: prometheus
-    restart: yes
-  tags: ['prometheus']
+- name: 'grafana-prometheus | server | restart container'
+  systemd:
+    name: docker-compose@grafana-prometheus.service
+    state: restarted
+    enabled: yes
+  tags: ['grafana-prometheus']
 
 - name: 'prometheus | node exporter | restart service'
   systemd:

tasks/server/prometheus.yml

@@ -32,33 +32,67 @@
     mode: 0644
   tags: ['prometheus_server']
   notify:
-    - 'prometheus | server | restart container'
+    - 'grafana-prometheus | server | restart container'
 
-- name: 'prometheus | server | deploy container'
-  docker_container:
-    name: prometheus
-    hostname: '{{ inventory_hostname }}'
-    image: prom/prometheus:{{ prometheus_server_version }}
-    volumes:
-      - /etc/prometheus/:/etc/prometheus/
-      - prometheus_data:/prometheus
-    command:
-      - '--config.file=/etc/prometheus/prometheus.yml'
-      - '--storage.tsdb.path=/prometheus'
-      - '--storage.tsdb.retention.time={{ prometheus_retention_time }}'
-      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
-      - '--web.console.templates=/usr/share/prometheus/consoles'
-      - '--web.enable-admin-api'
-    networks:
-      - name: '{{ prometheus_docker_network }}'
-    ports:
-      - "9090:9090"
-    log_driver: syslog
-    log_options:
-      tag: docker_prometheus
-    restart_policy: 'unless-stopped'
-    pull: '{{ prometheus_docker_pull }}'
-    etc_hosts: '{{ prometheus_nodes_ip }}'
-  tags: ['prometheus_server']
-  notify:
-    - 'prometheus | server | restart container'
+- name: "grafana-prometheus | create docker-compose directory"
+  file:
+    path: /opt/docker-compose/grafana-prometheus
+    state: directory
+    mode: '0755'
+  tags: [ 'grafana-prometheus', 'prometheus_server' ]
+
+- name: "grafana-prometheus | copy docker-compose file"
+  template:
+    src: compose/grafana-prometheus.yml.j2
+    dest: /opt/docker-compose/grafana-prometheus/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0644
+  notify: "grafana-prometheus | server | restart container"
+  tags: [ 'grafana-prometheus' ]
+
+- name: "grafana-prometheus | create grafana.ini file"
+  file:
+    path: /opt/docker-compose/grafana-prometheus/grafana.ini
+    owner: '1000'
+    group: '1000'
+    mode: '0750'
+    state: touch
+  notify: "grafana-prometheus | server | restart container"
+  tags: [ 'grafana-prometheus' ]
+  ignore_errors: '{{ ansible_check_mode }}'
+
+- name: "grafana-prometheus | import grafana provisioned datasources"
+  synchronize:
+    src: "{{ grafana_provisioned_datasources_path }}"
+    dest: /opt/docker-compose/grafana-prometheus/
+  when: grafana_provisioned_datasources_path is defined
+  notify: "grafana-prometheus | server | restart container"
+  tags: [ 'grafana-prometheus' ]
+
+- name: "grafana-prometheus | import grafana provisioned dashboards"
+  synchronize:
+    src: "{{ grafana_provisioned_dashboards_path }}"
+    dest: /opt/docker-compose/grafana-prometheus/
+  when: grafana_provisioned_datasources_path is defined
+  notify: "grafana-prometheus | server | restart container"
+  tags: [ 'grafana-prometheus' ]
+
+- name: "grafana-prometheus | install unit file to systemd"
+  vars:
+    exporter: "grafana-prometheus"
+  template:
+    src: systemd/docker-compose.service.j2
+    dest: /etc/systemd/system/docker-compose@grafana-prometheus.service
+    owner: root
+    group: root
+    mode: 0600
+  tags: [ 'grafana-prometheus' ]
+
+- name: "grafana-prometheus | enable service"
+  systemd:
+    daemon_reload: yes
+    name: docker-compose@grafana-prometheus
+    enabled: true
+  ignore_errors: '{{ ansible_check_mode }}'
+  tags: [ 'grafana-prometheus' ]

templates/compose/grafana-prometheus.yml.j2

@@ -0,0 +1,104 @@
+version: "3"
+
+networks:
+  grafana:
+    name: grafana
+{% if grafana_traefik_enable is defined %}
+  traefik:
+    external: true
+{% endif %}
+
+volumes:
+  prometheus-data:
+  grafana-data:
+
+services:
+  grafana:
+    image: grafana/grafana:{{ grafana_version | default('main') }}
+    container_name: grafana
+    user: "1000:1000"
+    restart: unless-stopped
+    volumes:
+      - grafana-data:/var/lib/grafana
+      - ./grafana.ini:/etc/grafana/grafana.ini
+      - ./dashboards:/etc/grafana/provisioning/dashboards/
+      - ./datasources:/etc/grafana/provisioning/datasources/
+    environment:
+      GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}"
+      GF_AUTH_ANONYMOUS_ORG_ROLE: "{{ grafana_auth_anonymous_org_role }}"
+      GF_AUTH_ANONYMOUS_ORG_NAME: "{{ grafana_auth_anonymous_org_name }}"
+      GF_AUTH_DISABLE_LOGIN_FORM: "{{ grafana_auth_disable_login_form|string|lower }}"
+      GF_AUTH_EDITORS_CAN_ADMIN: "{{ grafana_editors_can_admin|string|lower }}"
+{% if grafana_admin_password is defined %}
+      GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
+{% endif %}
+      GF_USERS_VIEWERS_CAN_EDIT: "{{ grafana_users_viewers_can_edit|string|lower }}"
+{% if grafana_admin_password is defined %}
+      GF_ROOT_URL: "{{ grafana_domain }}"
+{% endif %}
+      GF_LOG_LEVEL: "{{ grafana_log_level|string }}"
+      GF_ROUTER_LOGGING: "{{ grafana_router_logging|string|lower }}"
+      GF_PANELS_DISABLE_SANITIZE_HTML: "{{ grafana_disable_sanitize_html|string|lower }}"
+{% if grafana_install_plugins is defined %}
+      GF_INSTALL_PLUGINS: "{{ grafana_install_plugins|string|lower }}"
+{% endif %}
+{% if grafana_smtp_enabled is defined %}
+      GF_SMTP_ENABLED: "{{ grafana_smtp_enabled|string|lower }}"
+      GF_SMTP_HOST: "{{ grafana_smtp_host|string }}"
+      GF_SMTP_FROM_ADDRESS: "{{ grafana_smtp_from_address|string }}"
+      GF_SMTP_FROM_NAME: "{{ grafana_smtp_from_name|string }}"
+      GF_SMTP_SKIP_VERIFY: "{{ grafana_smtp_skip_verify|string|lower }}"
+{% else %}
+      GF_SMTP_ENABLED: "false"
+{% endif %}
+    networks:
+      - grafana
+{% if grafana_traefik_enable is defined %}
+      - traefik
+    labels:
+      traefik.enable: true
+      traefik.docker.network: traefik
+      traefik.http.routers.grafana.rule: Host(`{{ grafana_domain|default(omit) }}`)
+      traefik.http.routers.grafana.tls: true
+      traefik.http.routers.grafana.tls.certresolver: letsencrypt
+      traefik.http.routers.grafana.entrypoints: websecure
+      traefik.http.services.grafana.loadbalancer.server.port: 3000
+{% else %}
+    ports:
+      - "{{ grafana_port | default(3000) }}:3000"
+{% endif %}
+
+  prometheus:
+    container_name: prometheus
+    image: prom/prometheus:{{ grafana_prometheus_version | default('latest') }}
+    volumes:
+      - /etc/prometheus/:/etc/prometheus/
+      - prometheus-data:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--storage.tsdb.retention.time={{ prometheus_retention_time }}'
+      - '--web.enable-lifecycle'
+    networks:
+      - grafana
+{% if grafana_traefik_enable is defined %}
+      - traefik
+    labels:
+      traefik.enable: true
+      traefik.docker.network: traefik
+      traefik.http.routers.prometheus.rule: Host(`{{ prometheus_domain|default(omit) }}`)
+      traefik.http.routers.prometheus.tls: true
+      traefik.http.routers.prometheus.tls.certresolver: letsencrypt
+      traefik.http.routers.prometheus.entrypoints: websecure
+      traefik.http.services.prometheus.loadbalancer.server.port: 9090
+{% else %}
+    ports:
+      - "{{ prometheus_port | default(9090) }}:9090"
+{% endif %}
+{% if prometheus_nodes_ip is defined %}
+    extra_hosts:
+{% for key, value in prometheus_nodes_ip.items() %}
+      - "{{ key }}:{{ value }}"
+{% endfor %}
+{% endif %}
+    restart: unless-stopped

templates/conf/prometheus.yml.j2

@@ -46,8 +46,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9100'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_mysqld_exporter_targets is defined %}
   # mysql exporter #
   - job_name: mysql
@@ -74,8 +74,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9104'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_mongodb_exporter_targets is defined %}
   # mongoDB exporter #
   - job_name: mongodb
@@ -97,8 +97,8 @@ scrape_configs:
         - {{ target }}:9216
 {% endfor %}
 {% endif %}
-{% endif %}
 
+{% endif %}
 {% if prometheus_postgres_exporter_targets is defined %}
   # postgresql exporter #
   - job_name: postgresql
@@ -120,8 +120,8 @@ scrape_configs:
         - {{ target }}:9187
 {% endfor %}
 {% endif %}
-{% endif %}
 
+{% endif %}
 {% if prometheus_phpfpm_exporter_targets is defined %}
   # PHP-FPM exporter #
   - job_name: phpfpm
@@ -137,8 +137,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9253'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_opcache_exporter_targets is defined %}
   # opcache exporter #
   - job_name: opcache
@@ -154,8 +154,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9101'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_apache_exporter_targets is defined %}
   # apache exporter #
   - job_name: apache
@@ -171,8 +171,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9117'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_haproxy_exporter_targets is defined %}
   # haproxy exporter #
   - job_name: haproxy
@@ -188,8 +188,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):8404'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_varnish_exporter_targets is defined %}
   # Varnish exporter #
   - job_name: varnish
@@ -205,8 +205,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9131'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_blackbox_exporter is defined %}
   # blackbox #
 {% if prometheus_blackbox_exporter_http is defined %}
@@ -250,8 +250,8 @@ scrape_configs:
       - target_label: __address__
         replacement: {{ prometheus_blackbox_exporter_host }}:9115
 {% endif %}
-{% endif %}
 
+{% endif %}
 {% if prometheus_redis_multi_instances_exporter_targets is defined %}
   # Redis exporter #
   - job_name: 'redis_exporter_targets'
@@ -270,8 +270,8 @@ scrape_configs:
         target_label: __address__
         regex: 'redis://(.*):63..'
         replacement: '${1}:9121'
-{% endif %}
 
+{% endif %}
 {% if prometheus_redis_exporter_targets is defined %}
   # Redis exporter #
   - job_name: redis
@@ -287,8 +287,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9121'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_proxysql_exporter_targets is defined %}
   # ProxySQL exporter #
   - job_name: proxysql
@@ -304,8 +304,8 @@ scrape_configs:
         regex: '(.*):6070'
         replacement: '${1}'
 {% endfor %}
-{% endif %}
 
+{% endif %}
 {% if prometheus_kong_exporter_targets is defined %}
   # Kong exporter #
   - job_name: kong
@@ -320,8 +320,8 @@ scrape_configs:
 {% for target in prometheus_kong_exporter_targets %}
         - {{ target }}
 {% endfor %}
-{% endif %}
 
+{% endif %}
 {% if prometheus_memcached_exporter_targets is defined %}
   # Memcached exporter #
   - job_name: memcached
@@ -337,8 +337,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9150'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_docker_exporter_targets is defined %}
   # Docker exporter #
   - job_name: docker
@@ -354,8 +354,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):9323'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_cadvisor_exporter_targets is defined %}
   # cadvisor #
   - job_name: cadvisor
@@ -370,8 +370,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):8080'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_cloudflare_exporter_targets is defined %}
   # cloudflare #
   - job_name: cloudflare
@@ -386,8 +386,8 @@ scrape_configs:
         target_label: instance
         regex: '(.*):8082'
         replacement: '${1}'
-{% endif %}
 
+{% endif %}
 {% if prometheus_pve_exporter_targets is defined %}
   # proxmox #
   - job_name: pve