diff options
| -rw-r--r-- | personal_infra/puppet/modules/grafana/manifests/init.pp | 21 | ||||
| -rw-r--r-- | personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp | 9 |
2 files changed, 28 insertions, 2 deletions
diff --git a/personal_infra/puppet/modules/grafana/manifests/init.pp b/personal_infra/puppet/modules/grafana/manifests/init.pp index 13c5dd66..a2fa4ad9 100644 --- a/personal_infra/puppet/modules/grafana/manifests/init.pp +++ b/personal_infra/puppet/modules/grafana/manifests/init.pp @@ -1,4 +1,4 @@ -class grafana { +class grafana($root_url, $oidc_client_id, $oidc_client_secret, $oidc_auth_url, $oidc_api_url, $oidc_token_url) { file {'/etc/yum.repos.d/grafana.repo': content => @("EOT") [grafana] @@ -18,6 +18,25 @@ class grafana { require => File['/etc/yum.repos.d/grafana.repo'], } -> + file {'/etc/grafana/grafana.ini': + content => @("EOT") + [server] + root_url=$root_url + + [auth.generic_oauth] + enabled = true + allow_sign_up = true + name = idp.pdp7.net + client_id = $oidc_client_id + client_secret = $oidc_client_secret + auth_url = $oidc_auth_url + api_url = $oidc_api_url + token_url = $oidc_token_url + scopes = openid email profile + | EOT + , + } + ~> service {'grafana-server': enable => true, ensure => running, diff --git a/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp b/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp index 5b605e49..96eab827 100644 --- a/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp +++ b/personal_infra/puppet/site/grafana.h1.int.pdp7.net.pp @@ -1,3 +1,10 @@ node 'grafana.h1.int.pdp7.net' { - class {'grafana':} + class {'grafana': + oidc_client_id => lookup('grafana.oauth.client_id'), + oidc_client_secret => lookup('grafana.oauth.client_secret'), + oidc_auth_url => lookup('grafana.oauth.auth_url'), + oidc_api_url => lookup('grafana.oauth.api_url'), + oidc_token_url => lookup('grafana.oauth.token_url'), + root_url => 'https://grafana.pdp7.net', + } } |