Note
This plugin is part of the community.grafana collection.
To install it use: ansible-galaxy collection install community.grafana.
To use it in a playbook, specify: community.grafana.grafana_datasource.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| access string |
| The access mode for this datasource. |
| additional_json_data dictionary | Default: {} | Defined data is used for datasource jsonData Data may be overridden by specifically defined parameters (like zabbix_user) |
| additional_secure_json_data dictionary | Default: {} | Defined data is used for datasource secureJsonData Data may be overridden by specifically defined parameters (like tls_client_cert) Stored as secure data, see enforce_secure_data and notes! |
| aws_access_key string | Default: "" | AWS access key for CloudWatch datasource type when aws_auth_type is keys
|
| aws_assume_role_arn string | Default: "" | AWS IAM role arn to assume for CloudWatch datasource type when aws_auth_type is arn
|
| aws_auth_type string |
| Type for AWS authentication for CloudWatch datasource type (authType of grafana api) |
| aws_credentials_profile string | Default: "" | Profile for AWS credentials for CloudWatch datasource type when aws_auth_type is credentials
|
| aws_custom_metrics_namespaces string | Default: "" | Namespaces of Custom Metrics for CloudWatch datasource type |
| aws_default_region string |
| AWS default region for CloudWatch datasource type |
| aws_secret_key string | Default: "" | AWS secret key for CloudWatch datasource type when aws_auth_type is keys
|
| basic_auth_password string | The datasource basic auth password, when basic auth is yes. | |
| basic_auth_user string | The datasource basic auth user. Setting this option with basic_auth_password will enable basic auth. | |
| client_cert path | PEM formatted certificate chain file to be used for SSL client authentication. This file can also include the key as well, and if the key is included, client_key is not required | |
| client_key path | PEM formatted file that contains your private key to be used for SSL client authentication. If client_cert contains both the certificate and key, this option is not required. | |
| database string | Name of the database for the datasource. This options is required when the ds_type is influxdb, elasticsearch (index name), mysql or postgres. | |
| ds_type string / required |
| The type of the datasource. |
| ds_url string / required | The URL of the datasource. | |
| enforce_secure_data boolean |
| Secure data is not updated per default (see notes!) To update secure data you have to enable this option! Enabling this, the task will always report changed=True |
| es_version integer |
5 | Elasticsearch version (for ds_type = elasticsearch only)Version 56 is for elasticsearch 5.6+ where you can specify the max_concurrent_shard_requests option. |
| grafana_api_key string | The Grafana API key. If set, url_username and url_password will be ignored. | |
| interval string |
| For elasticsearch ds_type, this is the index pattern used. |
| is_default boolean |
| Make this datasource the default one. |
| max_concurrent_shard_requests integer | Default: 256 | Starting with elasticsearch 5.6, you can specify the max concurrent shard per requests. |
| name string / required | The name of the datasource. | |
| org_id integer | Default: 1 | Grafana Organisation ID in which the datasource should be created. Not used when grafana_api_key is set, because the grafana_api_key only belong to one organisation. |
| password string | The datasource password. For encrypted password use additional_secure_json_data.password. | |
| sslmode string |
| SSL mode for postgres datasource type. |
| state string |
| Status of the datasource |
| time_field string | Default: "@timestamp" | Name of the time field in elasticsearch ds. For example @timestamp. |
| time_interval string | Minimum group by interval for influxdb or elasticsearch datasources.for example >10s. | |
| tls_ca_cert string | The TLS CA certificate for self signed certificates. Only used when tls_client_cert and tls_client_key are set.Stored as secure data, see enforce_secure_data and notes! | |
| tls_client_cert string | The client TLS certificate. If tls_client_cert and tls_client_key are set, this will enable TLS authentication.Starts with ----- BEGIN CERTIFICATE ----- Stored as secure data, see enforce_secure_data and notes! | |
| tls_client_key string | The client TLS private key Starts with ----- BEGIN RSA PRIVATE KEY ----- Stored as secure data, see enforce_secure_data and notes! | |
| tls_skip_verify boolean |
| Skip the TLS datasource certificate verification. |
| trends boolean |
| Use trends or not for zabbix datasource type. |
| tsdb_resolution string |
| The opentsdb time resolution. |
| tsdb_version integer |
1 | The opentsdb version. Use 1 for <=2.1, 2 for ==2.2, 3 for ==2.3. |
| url string / required | The Grafana URL. aliases: grafana_url | |
| url_password string | Default: "admin" | The Grafana password for API authentication. aliases: grafana_password |
| url_username string | Default: "admin" | The Grafana user for API authentication. aliases: grafana_user |
| use_proxy boolean |
| If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts. |
| user string | The datasource login user for influxdb datasources. | |
| validate_certs boolean |
| If no, SSL certificates will not be validated.This should only set to no used on personally controlled sites using self-signed certificates. |
| with_credentials boolean |
| Whether credentials such as cookies or auth headers should be sent with cross-site requests. |
| zabbix_password string | Password for Zabbix API | |
| zabbix_user string | User for Zabbix API |
Note
enforce_secure_data always reporting changed=True, you might just do one Task updating the datasource without any secure data and make a separate playbook/task also changing the secure data. This way it will not break any workflow.---
- name: Create elasticsearch datasource
community.grafana.grafana_datasource:
name: "datasource-elastic"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "elasticsearch"
ds_url: "https://elastic.company.com:9200"
database: "[logstash_]YYYY.MM.DD"
basic_auth_user: "grafana"
basic_auth_password: "******"
time_field: "@timestamp"
time_interval: "1m"
interval: "Daily"
es_version: 56
max_concurrent_shard_requests: 42
tls_ca_cert: "/etc/ssl/certs/ca.pem"
- name: Create influxdb datasource
community.grafana.grafana_datasource:
name: "datasource-influxdb"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "influxdb"
ds_url: "https://influx.company.com:8086"
database: "telegraf"
time_interval: ">10s"
tls_ca_cert: "/etc/ssl/certs/ca.pem"
- name: Create postgres datasource
community.grafana.grafana_datasource:
name: "datasource-postgres"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "postgres"
ds_url: "postgres.company.com:5432"
database: "db"
user: "postgres"
sslmode: "verify-full"
additional_json_data:
timescaledb: false
additional_secure_json_data:
password: "iampgroot"
- name: Create cloudwatch datasource
community.grafana.grafana_datasource:
name: "datasource-cloudwatch"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "cloudwatch"
ds_url: "http://monitoring.us-west-1.amazonaws.com"
aws_auth_type: "keys"
aws_default_region: "us-west-1"
aws_access_key: "speakFriendAndEnter"
aws_secret_key: "mel10n"
aws_custom_metrics_namespaces: "n1,n2"
- name: grafana - add thruk datasource
community.grafana.grafana_datasource:
name: "datasource-thruk"
grafana_url: "https://grafana.company.com"
grafana_user: "admin"
grafana_password: "xxxxxx"
org_id: "1"
ds_type: "sni-thruk-datasource"
ds_url: "https://thruk.company.com/sitename/thruk"
basic_auth_user: "thruk-user"
basic_auth_password: "******"
# handle secure data - workflow example
# this will create/update the datasource but dont update the secure data on updates
# so you can assert if all tasks are changed=False
- name: create prometheus datasource
community.grafana.grafana_datasource:
name: openshift_prometheus
ds_type: prometheus
ds_url: https://openshift-monitoring.company.com
access: proxy
tls_skip_verify: true
additional_json_data:
httpHeaderName1: "Authorization"
additional_secure_json_data:
httpHeaderValue1: "Bearer ihavenogroot"
# in a separate task or even play you then can force to update
# and assert if each datasource is reporting changed=True
- name: update prometheus datasource
community.grafana.grafana_datasource:
name: openshift_prometheus
ds_type: prometheus
ds_url: https://openshift-monitoring.company.com
access: proxy
tls_skip_verify: true
additional_json_data:
httpHeaderName1: "Authorization"
additional_secure_json_data:
httpHeaderValue1: "Bearer ihavenogroot"
enforce_secure_data: true
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| datasource dictionary | changed | datasource created/updated by module Sample: {'access': 'proxy', 'basicAuth': False, 'database': 'test_*', 'id': 1035, 'isDefault': False, 'jsonData': {'esVersion': 5, 'timeField': '@timestamp', 'timeInterval': '10s'}, 'name': 'grafana_datasource_test', 'orgId': 1, 'password': '', 'secureJsonFields': {'JustASecureTest': True}, 'type': 'elasticsearch', 'url': 'http://elastic.company.com:9200', 'user': '', 'withCredentials': False} |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/grafana/grafana_datasource_module.html