Deploying a Grafana Instance

Grafana is deployed using Ansible Deployments.

Playbook and Host

Typically, Grafana is deployed as part of the UI Deploy Stack, although it can be deployed separately.

In any case, you ultimately be calling the _grafana_upgrade.yml playbook.

Add a code block in your hosts like:

[grafana_server:children]
<Server>

Ansible Vars

Grafana config is mostly standardised, so you can just copy the whole grafana_* block from the cloud deployment.

These vars are standard and can be copied as-is:

  • grafana_service_id

  • grafana_keycloak_client_id

  • grafana_keycloak_client_secret

  • grafana_backup_version

  • grafana_smtp_host

  • grafana_smtp_username

  • grafana_smtp_password

  • grafana_auth_auto_login

You may wish to tweak these:

  • grafana_container_port

The following cause organisations and users to be created automatically, but using an older paradigm. It is probably best to leave them as-is:

  • grafana_organisation

  • grafana_users

These are generated by convention and must match both the Grafana deployment and any UI deployments which use this Grafana instance:

  • grafana_domain

Users

Users are a little complicated in Grafana right now:

Keycloak users are honoured via the SSO login button, although when you first create the user they will neither automatically appear in Grafana, nor join any organisations. You will need to:

  • Log in to Grafana on the user’s behalf. This registers the user’s existence with Grafana

  • Log out and back in with an administrator account

  • Assign the user to any relevant organisations

This was intended so that Grafana embeds work seamlessly in the UI. This model had some issues though, so we had to disable the automatic SSO. For embeds to work, the user has to sign in to the UI and Grafana separately.

Adminstrators can also create users directly in Grafana that have no relationship with Keycloak. These will obviously never work in the UI.