Forge Home

Modules

Resources

PuppetEcosystemPuppet CommunityUpdates

simp_grafana

A profile module to integrate Grafana with SIMP
Project URLRSS FeedReport issues

9,429 downloads

4,928 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.6 (latest)
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 0.1.1
  • 0.1.0
released Nov 27th 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-simp_grafana', '1.0.6'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-simp_grafana
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-simp_grafana --version 1.0.6

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: simp

Documentation

simp/simp_grafana — version 1.0.6 Nov 27th 2018

Reference

Table of Contents

Classes

  • simp_grafana: Class: simp_grafana This module acts as a SIMP wrapper ("profile") for the Puppet, Inc. Approved Grafana module written by Bill Fraser and m
  • simp_grafana::config::firewall: Class simp_grafana::config::firewall This class is meant to be called from simp_grafana. It ensures that firewall rules are defined.
  • simp_grafana::config::pki: Class: simp_grafana::config::config::pki This class is meant to be called from simp_grafana. It ensures that pki rules are defined.
  • simp_grafana::params: Class: simp_grafana::params This class is meant to be called from simp_grafana. It sets variables according to platform.

Classes

simp_grafana

Class: simp_grafana

This module acts as a SIMP wrapper ("profile") for the Puppet, Inc. Approved Grafana module written by Bill Fraser and maintained by Vox Pupuli. It sets baseline of secure defaults and integrates Grafana with other SIMP components.

Welcome to SIMP!

This module is a component of the System Integrity Management Platform (SIMP), a managed security compliance framework built on Puppet.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • As a SIMP wrapper module, the defaults use the larger SIMP ecosystem to manage security compliance settings from the Puppet server.

  • If used independently, all SIMP-managed security subsystems may be disabled via the firewall and pki settings.

Parameters

Examples

  • Note If SIMP integration is not required, direct use of the component Grafana module is advised.

Examples

Resource-style class declaration
class { 'simp_grafana':
  firewall => true,
  pki      => true,
  trusted_nets     => ['10.255.0.0/16'],
  cfg             => { 'auth.ldap' => { enabled => true } },
  ldap_cfg        => {
    verbose_logging => true,
    servers         => [
      {
        host                  => 'ldap.example.com',
        # @note: If using Puppet 3.x, the param `port` MUST use arithmetic.
        #   If it does not, it will be converted into a string and the LDAP
        #   configuration file will fail to load with a type error.
        port                  => 635 + 1,
        use_ssl               => true,
        bind_dn               => 'uid=grafana,ou=Services,dc=test',
        bind_password         => '123$%^qweRTY',
        search_filter         => '(uid=%s)',
        search_base_dns       => ['ou=People,dc=test'],
        group_search_filter   => '(&(objectClass=posixGroup)(memberUid=%s))',
        group_search_base_dns => ['ou=Group,dc=test'],
        attributes            => {
          name      => 'givenName',
          surname   => 'sn',
          username  => 'uid',
          member_of => 'gidNumber',
          email     => 'mail',
        },
        group_mappings => [
          { group_dn => '50000', org_role => 'Admin'  },
          { group_dn => '50001', org_role => 'Editor' },
        ],
      },
    ],
  },
}

Parameters

The following parameters are available in the simp_grafana class.

trusted_nets

Data type: Simplib::Netlist

A whitelist of subnets (in CIDR notation) permitted access.

Default value: $::simp_grafana::params::trusted_nets

firewall

Data type: Boolean

If true, manage firewall rules to accommodate simp_grafana.

Default value: $::simp_grafana::params::firewall

pki

Data type: Variant[Boolean,Enum['simp']]

  • If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/grafana/x509
  • If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/grafana/x509
  • If false, do not include SIMP's pki module and do not use pki::copy to manage certs. You will need to appropriately assign a subset of:
    • app_pki_dir
    • app_pki_key
    • app_pki_cert
    • app_pki_ca
    • app_pki_ca_dir

Default value: simplib::lookup('simp_options::pki', { 'default_value' => false })

app_pki_external_source

Data type: String

  • If pki = 'simp' or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.

  • If pki = false, this variable has no effect.

Default value: simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' })

app_pki_dir

NOTE: Controlled in params.pp This variable controls the basepath of $app_pki_key, $app_pki_cert, $app_pki_ca, $app_pki_ca_dir, and $app_pki_crl. It defaults to /etc/pki/simp_apps/grafana/x509.

app_pki_key

NOTE: Controlled in params.pp Path and name of the private SSL key file

app_pki_cert

NOTE: Controlled in params.pp Path and name of the public SSL certificate

cfg

Data type: Hash

A passthrough to the Grafana component module, this will be merged with the SIMP defaults in ::simp_grafana::params.

Default value: {}

ldap_cfg

Data type: Hash

A passthrough to the Grafana component module. merged with the SIMP defaults in ::simp_grafana::params. @note If using Puppet 3.x, Integer values in this Hash must be declared with arithmetic expression to avoid converison to a String. For example, to set a value to 1, the value should be declared as 0 + 1.

Default value: {}

install_method

Data type: String

A passthrough to the Grafana module, this sets the installation method of Grafana to a repository by default since this is the SIMP preferred method for installing packages.

Default value: 'repo'

use_internet_repo

Data type: Boolean

If set, allow the ::grafana module to point to the appropriate package repository on the Internet automatically.

Default value: false

version

Data type: String

Version of grafana to install

Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })

rpm_iteration

Data type: String

Default value: '1'

simp_dashboards

Data type: Boolean

Install SIMP dashboards

Default value: false

simp_grafana::config::firewall

Class simp_grafana::config::firewall

This class is meant to be called from simp_grafana. It ensures that firewall rules are defined.

simp_grafana::config::pki

Class: simp_grafana::config::config::pki

This class is meant to be called from simp_grafana. It ensures that pki rules are defined.

simp_grafana::params

Class: simp_grafana::params

This class is meant to be called from simp_grafana. It sets variables according to platform.