DEV Community

rndmh3ro
rndmh3ro

Posted on • Originally published at zufallsheld.de on

TIL how to create Azure Prometheus datasources with Ansible

Since I spent some time today on this, I’d rather write it down. Creating a Prometheus datasource that uses Azure Authentication was not straight forward.

Here’s the end result:

---
- name: Create a datasource in Grafana
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Create prometheus datasource
      community.grafana.grafana_datasource:
        name: prometheus_test
        ds_type: prometheus
        ds_url: https://example.westeurope.prometheus.monitor.azure.com
        url: "https://example.com"
        url_username: foo
        url_password: bar
        enforce_secure_data: true
        additional_json_data:
          azureCredentials:
            authType: clientsecret
            azureCloud: AzureCloud
            clientId: "{{ lookup('cloud.terraform.tf_output', 'clientid', project_path=playbook_dir + '../terraform/') }}"
            tenantId: "{{ lookup('cloud.terraform.tf_output', 'tenant_id', project_path=playbook_dir + '../terraform/') }}"
        additional_secure_json_data:
          azureClientSecret: "{{ lookup('cloud.terraform.tf_output', 'password', project_path=playbook_dir + '../terraform/') }}"

Enter fullscreen mode Exit fullscreen mode

(Bonus: I lookup the client and tenant ID from Terraform state.)

How did I get to this? By creating the datasource by hand and then querying it via the Grafana API:

> curl -s 'https://example.com/api/datasources/7' | jq .
{
  "id": 7,
  "uid": "3E8CgP2Vk",
  "orgId": 1,
  "name": "Prometheus",
  "type": "prometheus",
  "typeLogoUrl": "",
  "access": "proxy",
  "url": "https://example.com.westeurope.prometheus.monitor.azure.com",
  "user": "",
  "database": "",
  "basicAuth": false,
  "withCredentials": false,
  "isDefault": false,
  "jsonData": {
    "azureCredentials": {
      "authType": "clientsecret",
      "azureCloud": "AzureCloud",
      "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    },
    "httpMethod": "POST"
  },
  "secureJsonFields": {
    "azureClientSecret": true,
    "basicAuthPassword": true
  },
  "version": 10,
  "readOnly": false
}

Enter fullscreen mode Exit fullscreen mode

There you get the jsonData and secureJsonFields. These are the special, required fields that you have to pass to Ansible to get exactly what you want.

Top comments (0)