From 228f15ee042abce19614885ba2e8f5b741029c21 Mon Sep 17 00:00:00 2001 From: Boris Ranto Date: Thu, 19 Apr 2018 23:16:16 +0200 Subject: [PATCH] Fix grafana admin user/password setting Signed-off-by: Boris Ranto --- ansible/README.md | 1 - ansible/playbook.yml | 2 +- ansible/roles/ceph-grafana/defaults/main.yml | 6 +++--- .../ceph-grafana/tasks/configure_grafana.yml | 15 ++++++++++++--- .../roles/ceph-grafana/tasks/push_dashboards.yml | 8 ++++---- .../roles/ceph-grafana/templates/dashboard.yml | 2 +- 6 files changed, 21 insertions(+), 13 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index a923fda..32d2e4b 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -76,7 +76,6 @@ These variables are only relevent when `devel_mode` is true: ## Current Limitations - Currently, metrics are only *displayed* for `osd` and `rgw` hosts. -- Authentication for grafana and graphite is fixed and creates a user `admin` with password `admin`. - Services are deployed on the dashboard host directly; there is not yet support for a containerized deployment. ## Usage diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 5cdbf63..f0cd13d 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -75,4 +75,4 @@ tasks: - name: Print dashboard URL debug: - msg: "All done! You may access your dashboard at http://{{ groups['ceph-grafana'][0] }}:3000/ with user 'admin' and password 'admin'. Note that initially the dashboard will be incomplete; after a few minutes it should have enough data collected to function properly." + msg: "All done! You may access your dashboard at http://{{ groups['ceph-grafana'][0] }}:3000/ with your pre-defined user and password (admin/admin by default). Note that initially the dashboard will be incomplete; after a few minutes it should have enough data collected to function properly." diff --git a/ansible/roles/ceph-grafana/defaults/main.yml b/ansible/roles/ceph-grafana/defaults/main.yml index 0a4ac56..570fc86 100644 --- a/ansible/roles/ceph-grafana/defaults/main.yml +++ b/ansible/roles/ceph-grafana/defaults/main.yml @@ -9,9 +9,9 @@ defaults: # version currently only applies to containers version: 5.0.4 datasource: Local - # Note: changing this value won't update the password in Grafana itself; - # change it via the web UI and then override this value to reflect. - user: admin + # You need to change these in the web UI on an already deployed machine, first + # New deployments work fine + admin_user: admin admin_password: admin plugins: - vonage-status-panel diff --git a/ansible/roles/ceph-grafana/tasks/configure_grafana.yml b/ansible/roles/ceph-grafana/tasks/configure_grafana.yml index ff61dfd..073993d 100644 --- a/ansible/roles/ceph-grafana/tasks/configure_grafana.yml +++ b/ansible/roles/ceph-grafana/tasks/configure_grafana.yml @@ -37,6 +37,15 @@ value: "{{ ansible_fqdn }}" tags: [ini] +- name: Set admin_user in grafana.ini + ini_file: + path: /etc/grafana/grafana.ini + section: security + option: admin_user + value: "{{ grafana.admin_user }}" + no_log: true + tags: [ini] + - name: Set admin_password in grafana.ini ini_file: path: /etc/grafana/grafana.ini @@ -91,7 +100,7 @@ uri: url: http://localhost:3000/api/datasources method: POST - user: admin + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes body_format: json @@ -110,7 +119,7 @@ uri: url: "http://localhost:3000/api/datasources/id/{{ grafana.datasource }}" method: GET - user: "{{ grafana.user }}" + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes register: grafana_data_source_id @@ -120,7 +129,7 @@ uri: url: "http://localhost:3000/api/datasources/{{ grafana_data_source_id.json.id }}" method: PUT - user: "{{ grafana.user }}" + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes body_format: json diff --git a/ansible/roles/ceph-grafana/tasks/push_dashboards.yml b/ansible/roles/ceph-grafana/tasks/push_dashboards.yml index a19adc7..3282418 100644 --- a/ansible/roles/ceph-grafana/tasks/push_dashboards.yml +++ b/ansible/roles/ceph-grafana/tasks/push_dashboards.yml @@ -37,7 +37,7 @@ uri: url: "http://localhost:3000/api/dashboards/db/{{ item }}" method: GET - user: "{{ grafana.user }}" + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes status_code: 200,404 @@ -58,7 +58,7 @@ uri: url: "http://localhost:3000/api/dashboards/db" method: POST - user: "{{ grafana.user }}" + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes status_code: 200 @@ -71,7 +71,7 @@ uri: url: "http://localhost:3000/api/dashboards/db/ceph-at-a-glance" method: GET - user: "{{ grafana.user }}" + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes status_code: 200 @@ -82,7 +82,7 @@ uri: url: http://localhost:3000/api/org/preferences method: PUT - user: "{{ grafana.user }}" + user: "{{ grafana.admin_user }}" password: "{{ grafana.admin_password }}" force_basic_auth: yes status_code: 200 diff --git a/ansible/roles/ceph-grafana/templates/dashboard.yml b/ansible/roles/ceph-grafana/templates/dashboard.yml index d4d3263..1ad3bee 100644 --- a/ansible/roles/ceph-grafana/templates/dashboard.yml +++ b/ansible/roles/ceph-grafana/templates/dashboard.yml @@ -18,7 +18,7 @@ _dashboards: - network-usage-by-node - osd-node-detail _credentials: - user: admin + user: {{ grafana.admin_user }} password: {{ grafana.admin_password }} _grafana_port: 3000 _home_dashboard: ceph-at-a-glance -- 2.47.3