From 8fcf4b127af3b96c5cb174157441436d8b11dafd Mon Sep 17 00:00:00 2001
From: Eldad Marciano <mrsiano@gmail.com>
Date: Mon, 20 Nov 2017 16:41:43 +0200
Subject: Add new grafana playbook.

this patch introduce a new playbook and roles to deploy grafana automaticly
using openshift-ansible capabilities.

this patch will abstract the grafana deployment process specially for openshift.
---
 roles/openshift_grafana/tasks/gf-permissions.yml |  12 +++
 roles/openshift_grafana/tasks/main.yml           | 122 +++++++++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 roles/openshift_grafana/tasks/gf-permissions.yml
 create mode 100644 roles/openshift_grafana/tasks/main.yml

(limited to 'roles/openshift_grafana/tasks')

diff --git a/roles/openshift_grafana/tasks/gf-permissions.yml b/roles/openshift_grafana/tasks/gf-permissions.yml
new file mode 100644
index 000000000..9d3c741ee
--- /dev/null
+++ b/roles/openshift_grafana/tasks/gf-permissions.yml
@@ -0,0 +1,12 @@
+---
+- name: Create gf user on htpasswd
+  command: htpasswd -c /etc/origin/master/htpasswd gfadmin
+
+- name: Make sure master config use HTPasswdPasswordIdentityProvider
+  command: "sed -ie 's|AllowAllPasswordIdentityProvider|HTPasswdPasswordIdentityProvider\n      file: /etc/origin/master/htpasswd|' /etc/origin/master/master-config.yaml"
+
+- name: Grant permission for gfuser
+  command: oc adm policy add-cluster-role-to-user cluster-reader gfadmin
+
+- name: Restart mater api
+  command: systemctl restart atomic-openshift-master-api.service
diff --git a/roles/openshift_grafana/tasks/main.yml b/roles/openshift_grafana/tasks/main.yml
new file mode 100644
index 000000000..6a06d40a9
--- /dev/null
+++ b/roles/openshift_grafana/tasks/main.yml
@@ -0,0 +1,122 @@
+---
+- name: Create grafana namespace
+  oc_project:
+    state: present
+    name: grafana
+
+- name: Configure Grafana Permissions
+  include_tasks: tasks/gf-permissions.yml
+  when: gf_oauth | default(false) | bool == true
+
+# TODO: we should grab this yaml file from openshift/origin
+- name: Templatize grafana yaml
+  template: src=grafana-ocp.yaml dest=/tmp/grafana-ocp.yaml
+  register:
+    cl_file: /tmp/grafana-ocp.yaml
+  when: gf_oauth | default(false) | bool == false
+
+# TODO: we should grab this yaml file from openshift/origin
+- name: Templatize grafana yaml
+  template: src=grafana-ocp-oauth.yaml dest=/tmp/grafana-ocp-oauth.yaml
+  register:
+    cl_file: /tmp/grafana-ocp-oauth.yaml
+  when: gf_oauth | default(false) | bool == true
+
+- name: Process the grafana file
+  oc_process:
+    namespace: grafana
+    template_name: "{{ cl_file }}"
+    create: True
+    when: gf_oauth | default(false) | bool == true
+
+- name: Wait to grafana be running
+  command: oc rollout status deployment/grafana-ocp
+
+- name: oc adm policy add-role-to-user view -z grafana-ocp -n {{ gf_prometheus_namespace }}
+  oc_adm_policy_user:
+    user: grafana-ocp
+    resource_kind: cluster-role
+    resource_name: view
+    state: present
+    role_namespace: "{{ gf_prometheus_namespace }}"
+
+- name: Get grafana route
+  oc_obj:
+    kind: route
+    name: grafana
+    namespace: grafana
+  register: route
+
+- name: Get prometheus route
+  oc_obj:
+    kind: route
+    name: prometheus
+    namespace: "{{ gf_prometheus_namespace }}"
+  register: route
+
+- name: Get the prometheus SA
+  oc_serviceaccount_secret:
+    state: list
+    service_account: prometheus
+    namespace: "{{ gf_prometheus_namespace }}"
+  register: sa
+
+- name: Get the management SA bearer token
+  set_fact:
+    management_token: "{{ sa.results | oo_filter_sa_secrets }}"
+
+- name: Ensure the SA bearer token value is read
+  oc_secret:
+    state: list
+    name: "{{ management_token }}"
+    namespace: "{{ gf_prometheus_namespace }}"
+  no_log: True
+  register: sa_secret
+
+- name: Get the SA bearer token for prometheus
+  set_fact:
+    token: "{{ sa_secret.results.encoded.token }}"
+
+- name: Convert to json
+  var:
+    ds_json: "{{ gf_body_tmp }} | to_json }}"
+
+- name: Set protocol type
+  var:
+    protocol: "{{ 'https' if {{ gf_oauth }} == true else 'http' }}"
+
+- name: Add gf datasrouce
+  uri:
+    url: "{{ protocol }}://{{ route }}/api/datasources"
+    user: admin
+    password: admin
+    method: POST
+    body: "{{ ds_json | regex_replace('grafana_name', {{ gf_datasource_name }}) | regex_replace('prometheus_url', 'https://'{{ prometheus }} ) | regex_replace('satoken', {{ token }}) }}"
+    headers:
+      Content-Type: "Content-Type: application/json"
+  register: add_ds
+
+- name: Regex setup ds name
+  replace:
+    path: "{{ lookup('file', 'openshift-cluster-monitoring.json') }}"
+    regexp: '${DS_PR}'
+    replace: '{{ gf_datasource_name }}'
+    backup: yes
+
+- name: Add new dashboard
+  uri:
+    url: "{{ protocol }}://{{ route }}/api/dashboards/db"
+    user: admin
+    password: admin
+    method: POST
+    body: "{{ lookup('file', 'openshift-cluster-monitoring.json') }}"
+    headers:
+      Content-Type: "Content-Type: application/json"
+  register: add_ds
+
+- name: Regex json tear down
+  replace:
+    path: "{{ lookup('file', 'openshift-cluster-monitoring.json') }}"
+    regexp: '${DS_PR}'
+    replace: '{{ gf_datasource_name }}'
+    backup: yes
-- 
cgit v1.2.3