test: add forgejo workflow

.forgejo/workflows/molecule.yml

@@ -0,0 +1,18 @@
+---
+on: [push]
+jobs:
+  lint:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: ansible-lint .
+      - run: yamllint .
+  molecule:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: molecule test

.gitignore

@@ -1 +1,2 @@
 .kitchen/*
+*.pyc

.gitlab-ci.yml

@@ -0,0 +1,10 @@
+---
+image: nishiki/molecule:docker
+
+before_script:
+  - molecule --version
+
+molecule:
+  stage: test
+  script:
+    - molecule test

.kitchen.yml

@@ -1,27 +0,0 @@
----
-driver:
-  name: docker_cli
-
-transport:
-  name: docker_cli
-
-provisioner:
-  name: ansible_playbook
-  hosts: localhost
-  require_ansible_repo: false
-  require_ansible_omnibus: false
-  require_chef_for_busser: true
-  ansible_verbose: false
-  ansible_inventory: ./test/integration/inventory
-
-platforms:
-  - name: debian-9
-    driver_config:
-      image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.7' %>"
-      command: /bin/systemd
-      volume:
-        - /sys/fs/cgroup:/sys/fs/cgroup:ro
-      security_opt: seccomp=unconfined
-
-suites:
-  - name: default

.yamllint

@@ -2,11 +2,11 @@
 extends: default
 
 ignore: |
-  .kitchen/*
+  .kitchen*
   vendor/
+  .forgejo/
 
 rules:
   line-length:
     max: 120
     level: warning
-  truthy: false

CHANGELOG.md

@@ -3,8 +3,46 @@
 This project adheres to [Semantic Versioning](http://semver.org/).
 Which is based on [Keep A Changelog](http://keepachangelog.com/)
 
-## [Unreleased]
+## Unreleased
 
-## [1.0.0] - 2019-14-11
+### Added
+
+- test: add support debian 12
+
+### Changed
+
+- test: use personal docker registry
+
+### Removed
+
+- test: removed support debian 10
+
+### Fixed
+
+- new grafana repository
+
+## 1.1.0 - 2021-08-22
+
+### Added
+
+- feat: install unofficial plugins
+- test: add support debian 11
+
+### Changed
+
+- chore: use FQCN for module name
+- test: replace kitchen to molecule
+
+### Removed
+
+- test: remove support debian 9
+
+## 1.0.1 - 2019-08-17
+
+### Fixed
+
+- default value for grafana_plugins is empty array
+
+## 1.0.0 - 2019-04-11
 
 - first version

Gemfile

@@ -1,8 +0,0 @@
-source 'https://rubygems.org'
-
-group :development do
-  gem 'kitchen-ansible'
-  gem 'kitchen-docker_cli'
-  gem 'rubocop', '0.50.0'
-  gem 'test-kitchen'
-end

Gemfile.lock

@@ -1,92 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    ast (2.4.0)
-    builder (3.2.3)
-    erubis (2.7.0)
-    ffi (1.10.0)
-    gssapi (1.2.0)
-      ffi (>= 1.0.1)
-    gyoku (1.3.1)
-      builder (>= 2.1.2)
-    httpclient (2.8.3)
-    kitchen-ansible (0.49.1)
-      net-ssh (>= 3)
-      test-kitchen (~> 1.4)
-    kitchen-docker_cli (0.19.0)
-      test-kitchen (>= 1.3)
-    little-plugger (1.1.4)
-    logging (2.2.2)
-      little-plugger (~> 1.1)
-      multi_json (~> 1.10)
-    mixlib-install (3.11.11)
-      mixlib-shellout
-      mixlib-versioning
-      thor
-    mixlib-shellout (2.4.4)
-    mixlib-versioning (1.2.7)
-    multi_json (1.13.1)
-    net-scp (1.2.1)
-      net-ssh (>= 2.6.5)
-    net-ssh (4.2.0)
-    net-ssh-gateway (1.3.0)
-      net-ssh (>= 2.6.5)
-    nori (2.6.0)
-    parallel (1.16.0)
-    parser (2.6.2.0)
-      ast (~> 2.4.0)
-    powerpack (0.1.2)
-    rainbow (2.2.2)
-      rake
-    rake (12.3.2)
-    rubocop (0.50.0)
-      parallel (~> 1.10)
-      parser (>= 2.3.3.1, < 3.0)
-      powerpack (~> 0.1)
-      rainbow (>= 2.2.2, < 3.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.10.0)
-    rubyntlm (0.6.2)
-    rubyzip (1.2.2)
-    test-kitchen (1.24.0)
-      mixlib-install (~> 3.6)
-      mixlib-shellout (>= 1.2, < 3.0)
-      net-scp (~> 1.1)
-      net-ssh (>= 2.9, < 5.0)
-      net-ssh-gateway (~> 1.2)
-      thor (~> 0.19)
-      winrm (~> 2.0)
-      winrm-elevated (~> 1.0)
-      winrm-fs (~> 1.1)
-    thor (0.20.3)
-    unicode-display_width (1.5.0)
-    winrm (2.3.1)
-      builder (>= 2.1.2)
-      erubis (~> 2.7)
-      gssapi (~> 1.2)
-      gyoku (~> 1.0)
-      httpclient (~> 2.2, >= 2.2.0.2)
-      logging (>= 1.6.1, < 3.0)
-      nori (~> 2.0)
-      rubyntlm (~> 0.6.0, >= 0.6.1)
-    winrm-elevated (1.1.1)
-      winrm (~> 2.0)
-      winrm-fs (~> 1.0)
-    winrm-fs (1.3.2)
-      erubis (~> 2.7)
-      logging (>= 1.6.1, < 3.0)
-      rubyzip (~> 1.1)
-      winrm (~> 2.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  kitchen-ansible
-  kitchen-docker_cli
-  rubocop (= 0.50.0)
-  test-kitchen
-
-BUNDLED WITH
-   1.16.6

README.md

@@ -1,18 +1,21 @@
 # Ansible role: Grafana
 
-[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-grafana/releases)
-[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-sensu/src/branch/master/LICENSE)
+[![Version](https://img.shields.io/badge/latest_version-1.1.0-green.svg)](https://code.waks.be/nishiki/ansible-role-grafana/releases)
+[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-sensu/src/branch/main/LICENSE)
+[![Build](https://code.waks.be/nishiki/ansible-role-grafana/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-grafana/actions?workflow=molecule.yml)
 
 Install and configure Grafana
 
 ## Requirements
 
-* Ansible >= 2.7
-* Debian Stretch
+- Ansible >= 2.9
+- Debian
+  - Buster
+  - Bullseye
 
 ## Role variables
 
-* `grafana_config` - hash with the grafana configuration (see [grafana documentation](http://docs.grafana.org/installation/configuration/))
+- `grafana_config` - hash with the grafana configuration (see [grafana documentation](http://docs.grafana.org/installation/configuration/))
 
 ```
   default:
@@ -22,13 +25,23 @@ Install and configure Grafana
     admin_password: secret
 ```
 
-* `grafana_ldap_config` - hash with ldap configuration (see [grafana with ldap](http://docs.grafana.org/auth/ldap/))
-* `grafana_plugins` - array with grafana plugins (see [grafana plugins](https://grafana.com/plugins))
+- `grafana_ldap_config` - hash with ldap configuration (see [grafana with ldap](http://docs.grafana.org/auth/ldap/))
+- `grafana_plugins` - array with grafana plugins (see [grafana plugins](https://grafana.com/plugins))
 
 ```
   - name: grafana-piechart-panel
     version: 1.3.6
     state: present
+  - name: sensu-sensugo-datasource
+    url: https://github.com/sensu/grafana-sensu-go-datasource/releases/download/1.0.2/sensu-sensugo-datasource-1.0.2.zip
+```
+
+- `grafana_proxy_url` - set an URL proxy for outbound http and https requests
+- `grafana_proxy_ignore` - array with subnets or hosts to ignore
+
+```
+  - localhost
+  - 10.0.0.0/8
 ```
 
 ## How to use
@@ -41,25 +54,12 @@ Install and configure Grafana
 
 ## Development
 
-### Test syntax with yamllint
+### Test with molecule and docker
 
-* install `python` and `python-pip`
-* install yamllint `pip install yamllint`
-* run `yamllint .`
-
-### Test syntax with ansible-lint
-
-* install `python` and `python-pip`
-* install yamllint `pip install ansible-lint`
-* run `ansible-lint .`
-
-### Tests with docker
-
-* install [docker](https://docs.docker.com/engine/installation/)
-* install ruby
-* install bundler `gem install bundler`
-* install dependencies `bundle install`
-* run the tests `kitchen test`
+- install [docker](https://docs.docker.com/engine/installation/)
+- install `python3` and `python3-pip`
+- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint`
+- run `molecule test`
 
 ## License
 

defaults/main.yml

@@ -1,4 +1,5 @@
 ---
 grafana_config: {}
 grafana_ldap_config: {}
-grafana_plugins: {}
+grafana_plugins: []
+grafana_proxy_ignore: []

handlers/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: restart grafana
-  systemd:
+- name: Restart grafana
+  ansible.builtin.service:
     name: grafana-server
     state: restarted

meta/main.yml

@@ -1,16 +1,18 @@
 ---
 galaxy_info:
-  role_name: Grafana
+  role_name: grafana
+  namespace: nishiki
   author: Adrien Waksberg
   company: Adrien Waksberg
   description: Install and configure Grafana
   license: Apache2
-  min_ansible_version: 2.7
+  min_ansible_version: "2.9"
 
   platforms:
     - name: Debian
       versions:
-        - stretch
+        - bullseye
+        - bookworm
 
   galaxy_tags:
     - dashboard

molecule/default/converge.yml

@@ -0,0 +1,23 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - ansible-role-grafana
+  vars:
+    grafana_plugins:
+      - name: grafana-piechart-panel
+      - name: sensu-sensugo-datasource
+        version: 1.0.3
+        url: >
+          https://github.com/sensu/grafana-sensu-go-datasource/releases/download/1.0.3/sensu-sensugo-datasource-1.0.3.zip
+    grafana_config:
+      default:
+        instance_name: '${HOSTNAME}'
+      security:
+        admin_user: sysadmin
+        admin_password: secret
+
+  pre_tasks:
+    - name: update apt cache
+      ansible.builtin.apt:
+        update_cache: true

molecule/default/molecule.yml

@@ -0,0 +1,28 @@
+---
+driver:
+  name: docker
+platforms:
+  - name: debian12
+    image: code.waks.be/nishiki/molecule:debian12
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    command: /bin/systemd
+    capabilities:
+      - SYS_ADMIN
+  - name: debian11
+    image: code.waks.be/nishiki/molecule:debian11
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    command: /bin/systemd
+    capabilities:
+      - SYS_ADMIN
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .
+verifier:
+  name: testinfra

molecule/default/tests/test_default.py

@@ -0,0 +1,50 @@
+import testinfra.utils.ansible_runner
+
+def test_packages(host):
+  package = host.package('grafana')
+  assert package.is_installed
+
+def test_config_file(host):
+  path = host.file('/etc/grafana/grafana.ini')
+  assert path.exists
+  assert path.is_file
+  assert path.user == 'root'
+  assert path.group == 'grafana'
+  assert path.mode == 0o640
+  assert not path.contains('default')
+  assert path.contains('instance_name = "${HOSTNAME}"')
+  assert path.contains('[security]')
+  assert path.contains('admin_user = "sysadmin"')
+
+def test_default_config_file(host):
+  path = host.file('/etc/default/grafana-server')
+  assert path.exists
+  assert path.is_file
+  assert path.user == 'root'
+  assert path.group == 'root'
+  assert path.mode == 0o644
+  assert path.contains('LOG_DIR=/var/log/grafana')
+
+def test_ldap_config_file(host):
+  path = host.file('/etc/grafana/ldap.toml')
+  assert path.exists
+  assert path.is_file
+  assert path.user == 'root'
+  assert path.group == 'grafana'
+  assert path.mode == 0o640
+ 
+def test_plugins_install(host):
+  for plugin_name in ['grafana-piechart-panel', 'sensu-sensugo-datasource']:
+    path = host.file('/var/lib/grafana/plugins/%s' % plugin_name)
+    assert path.exists
+    assert path.is_directory
+    assert path.user == 'root'
+ 
+def test_service(host):
+  service = host.service('grafana-server')
+  assert service.is_running
+  assert service.is_enabled
+
+def test_socket(host):
+  socket = host.socket('tcp://0.0.0.0:3000')
+  assert socket.is_listening

tasks/main.yml

@@ -1,65 +1,89 @@
 ---
-- name: install dependencies packages
-  apt:
-    name: apt-transport-https
-  retries: 2
-  register: result
-  until: result is succeeded
+- name: Install dependencies packages
+  ansible.builtin.package:
+    name:
+      - apt-transport-https
+      - gpg
+      - unzip
   tags: grafana
 
-- name: add repository key
-  apt_key:
-    url: https://packages.grafana.com/gpg.key
-  retries: 2
-  register: result
-  until: result is succeeded
+- name: Add repository key
+  ansible.builtin.get_url:
+    url: https://apt.grafana.com/gpg.key
+    dest: /usr/share/keyrings/grafana.key
+    owner: root
+    group: root
+    mode: 0644
   tags: grafana
 
-- name: add repository
-  apt_repository:
-    repo: deb https://packages.grafana.com/oss/deb stable main
+- name: Add repository
+  ansible.builtin.apt_repository:
+    repo: deb [signed-by=/usr/share/keyrings/grafana.key] https://apt.grafana.com stable main
+    filename: grafana
   tags: grafana
 
-- name: install grafana package
-  apt:
-    name: grafana
-  retries: 2
-  register: result
-  until: result is succeeded
+- name: Install grafana package
+  ansible.builtin.package:
+    name:
+      - grafana
   tags: grafana
 
-- name: copy configuration file
-  template:
+- name: Copy default environment variables file
+  ansible.builtin.template:
+    src: default.j2
+    dest: /etc/default/grafana-server
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart grafana
+  tags: grafana
+
+- name: Copy configuration file
+  ansible.builtin.template:
     src: grafana.ini.j2
     dest: /etc/grafana/grafana.ini
     owner: root
     group: grafana
     mode: 0640
-  notify: restart grafana
+  notify: Restart grafana
   tags: grafana
 
-- name: copy ldap configuration file
-  template:
+- name: Copy ldap configuration file
+  ansible.builtin.template:
     src: ldap.toml.j2
     dest: /etc/grafana/ldap.toml
     owner: root
     group: grafana
     mode: 0640
-  notify: restart grafana
+  notify: Restart grafana
   tags: grafana
 
-- name: install plugins
-  grafana_plugin:
-    name: '{{ item.name }}'
-    version: '{{ item.version|default("latest") }}'
-    state: '{{ item.state|default("present") }}'
-  loop: '{{ grafana_plugins }}'
-  notify: restart grafana
+- name: Install official plugins
+  community.grafana.grafana_plugin:
+    name: "{{ item.name }}"
+    version: "{{ item.version | default('latest') }}"
+    state: "{{ item.state | default('present') }}"
+  loop: "{{ grafana_plugins | selectattr('url', 'undefined') }}"
+  loop_control:
+    label: "{{ item.name }}"
+  notify: Restart grafana
   tags: grafana
 
-- name: enable and start service
-  systemd:
+- name: Install unofficial plugins
+  community.grafana.grafana_plugin:
+    name: "{{ item.name }}"
+    grafana_plugin_url: "{{ item.url }}"
+    version: "{{ item.version | default('latest') }}"
+    state: "{{ item.state | default('present') }}"
+  loop: "{{ grafana_plugins | selectattr('url', 'defined') }}"
+  loop_control:
+    label: "{{ item.name }}"
+  notify: Restart grafana
+  tags: grafana
+
+- name: Enable and start service
+  ansible.builtin.service:
     name: grafana-server
     state: started
-    enabled: yes
+    enabled: true
   tags: grafana

templates/default.j2

@@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+
+GRAFANA_HOME=/usr/share/grafana
+LOG_DIR=/var/log/grafana
+DATA_DIR=/var/lib/grafana
+MAX_OPEN_FILES=10000
+CONF_DIR=/etc/grafana
+CONF_FILE=/etc/grafana/grafana.ini
+RESTART_ON_UPGRADE=true
+PLUGINS_DIR=/var/lib/grafana/plugins
+PROVISIONING_CFG_DIR=/etc/grafana/provisioning
+PID_FILE_DIR=/run/grafana
+{% if grafana_proxy_url is defined %}
+
+https_proxy={{ grafana_proxy_url }}
+http_proxy={{ grafana_proxy_url }}
+no_proxy={{ grafana_proxy_ignore|join(',') }}
+{% endif %}

templates/grafana.ini.j2

@@ -1,10 +1,10 @@
 # {{ ansible_managed }}
-{% for section, options in grafana_config.iteritems()  %}
+{% for section, options in grafana_config.items()  %}
 
 {% if section|lower != 'default' %}
 [{{ section }}]
 {% endif %}
-{% for option, value in options.iteritems() %}
+{% for option, value in options.items() %}
 {{ option }} = {% if value is sameas true %}true
 {% elif value is sameas false %}false
 {% elif value is string %}"{{ value }}"

templates/ldap.toml.j2

@@ -1,10 +1,10 @@
 # {{ ansible_managed }}
-{% for section, options in grafana_ldap_config.iteritems()  %}
+{% for section, options in grafana_ldap_config.items()  %}
 
 {% if section|lower != 'default' %}
 [{{ section }}]
 {% endif %}
-{% for option, value in options.iteritems() %}
+{% for option, value in options.items() %}
 {{ option }} = {% if value is sameas true %}true
 {% elif value is sameas false %}false
 {% elif value is string %}"{{ value }}"

test/integration/default/default.yml

@@ -1,15 +0,0 @@
----
-- hosts: localhost
-  connection: local
-  vars:
-    grafana_plugins:
-      - name: grafana-piechart-panel
-    grafana_config:
-      default:
-        instance_name: '${HOSTNAME}'
-      security:
-        admin_user: sysadmin
-        admin_password: secret
-
-  roles:
-    - ansible-role-grafana

test/integration/default/serverspec/default_spec.rb

@@ -1,44 +0,0 @@
-require 'serverspec'
-
-set :backend, :exec
-
-puts
-puts '================================'
-puts %x(ansible --version)
-puts '================================'
-
-describe package('grafana') do
-  it { should be_installed }
-end
-
-describe file('/etc/grafana/grafana.ini') do
-  it { should be_file }
-  it { should be_mode 640 }
-  it { should be_owned_by 'root' }
-  it { should be_grouped_into 'grafana' }
-  it { should_not contain 'default' }
-  it { should contain 'instance_name = "${HOSTNAME}"' }
-  it { should contain '[security]' }
-  it { should contain 'admin_user = "sysadmin"' }
-end
-
-describe file('/etc/grafana/ldap.toml') do
-  it { should be_file }
-  it { should be_mode 640 }
-  it { should be_owned_by 'root' }
-  it { should be_grouped_into 'grafana' }
-end
-
-describe file('/var/lib/grafana/plugins/grafana-piechart-panel') do
-  it { should be_directory }
-  it { should be_owned_by 'root' }
-end
-
-describe service('grafana-server') do
-  it { should be_enabled }
-  it { should be_running.under('systemd') }
-end
-
-describe port(3000) do
-  it { should be_listening.with('tcp6') }
-end

test/integration/inventory

@@ -1 +0,0 @@
-localhost