add overrides.conf with CAP_NET_BIND_SERVICE for grafana-server unit… (

#88) Co-authored-by: VVolodin <[email protected]>
grafana · Aug 28, 2023 · b10da86 · b10da86
1 parent a2a8f42
commit b10da86
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/roles/grafana/tasks/configure.yml b/roles/grafana/tasks/configure.yml
@@ -76,6 +76,27 @@
     - "grafana_port | int <= 1024"
     - "grafana_cap_net_bind_service"
 
+- name: Create a directory for overrides.conf unit file if it does not exist
+  ansible.builtin.file:
+    path: /etc/systemd/system/grafana-server.service.d
+    state: directory
+    mode: '0755'
+  when:
+    - "grafana_port | int <= 1024"
+    - "grafana_cap_net_bind_service"
+
+- name: "Enable grafana to ports lower than port 1024 in systemd unitfile"
+  ansible.builtin.blockinfile:
+    path: /etc/systemd/system/grafana-server.service.d/overrides.conf
+    create: true
+    block: |
+      [Service]
+      AmbientCapabilities=CAP_NET_BIND_SERVICE
+      CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+  when:
+    - "grafana_port | int <= 1024"
+    - "grafana_cap_net_bind_service"
+
 - name: "Enable and start Grafana systemd unit"
   ansible.builtin.systemd:
     name: "grafana-server"

diff --git a/roles/grafana/templates/grafana.ini.j2 b/roles/grafana/templates/grafana.ini.j2
@@ -37,6 +37,14 @@ root_url = {{ grafana_url }}
 {%   endif %}
 {% endfor %}
 
+# Plugins
+{% if grafana_plugins_ops is defined %}
+[plugins]
+{% for k,v in grafana_plugins_ops.items() %}
+{{ k }} = {{ v }}
+{% endfor %}
+{%   endif %}
+
 # Remote cache
 [remote_cache]
 {% for k,v in grafana_remote_cache.items() %}