From 4b1e603486723a9a81a37713df6151b1b9e58163 Mon Sep 17 00:00:00 2001
From: Hannes Feldt <feldt@astron.nl>
Date: Wed, 26 Jul 2023 11:59:25 +0200
Subject: [PATCH] bump

---
 grafana-central.nomad | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/grafana-central.nomad b/grafana-central.nomad
index e3bb136..875250a 100644
--- a/grafana-central.nomad
+++ b/grafana-central.nomad
@@ -1,5 +1,5 @@
 job "central-management" {
-  datacenters = ["dc1"]
+  datacenters = ["nl-east"]
   type = "service"
 
   constraint {
@@ -27,7 +27,7 @@ job "central-management" {
 
     service {
       name = "s3-storage"
-      port = "9000"
+      port = "http_api"
       connect {
         sidecar_service {}
       }
@@ -76,7 +76,7 @@ job "central-management" {
 
     service {
       name = "mimir"
-      port = "8080"
+      port = "http"
       connect {
         sidecar_service {
 
@@ -195,14 +195,14 @@ job "central-management" {
     network {
       mode ="bridge"
       port "http" {
-        static = 3001
+        static = 3000
         to     = 3000
       }
     }
 
     service {
       name = "grafana"
-      port = "3000"
+      port = "http"
 
       connect {
         sidecar_service {
@@ -241,6 +241,11 @@ job "central-management" {
         extra_hosts = [
           "prometheus:127.0.0.1"
         ]
+        mount {
+          type   = "bind"
+          source = "local/grafana.ini"
+          target = "/etc/grafana/grafana.ini"
+        }
       }
 
       env {
@@ -250,7 +255,23 @@ job "central-management" {
         GF_DATABASE_NAME = "grafana"
         GF_DATABASE_USER = "postgres"
         GF_DATABASE_PASSWORD = "password"
+        GF_AUTH_GENERIC_OAUTH_ENABLED = "true"
+        GF_AUTH_GENERIC_OAUTH_CLIENT_ID = "grafanadop94"
+        GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET = "F94JfdTjhNe4BFmewHEJZgqm3UIvZL0O"
+      }
+      template {
+        data = <<EOH
+        [auth.generic_oauth]
+        name = ASTRON Keycloak
+        allow_sign_up = true
+        auto_login = false
+        scopes = email profile roles
+        auth_url = https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/auth
+        token_url = https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/token
+        api_url = https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/userinfo
+        EOH
 
+        destination = "local/grafana.ini"
       }
 
       resources {
@@ -273,7 +294,7 @@ job "central-management" {
 
     service {
       name = "postgres"
-      port = "5432"
+      port = "postgres"
       task = "postgres"
 
       connect {
@@ -320,7 +341,7 @@ job "central-management" {
 
     service {
       name = "prometheus"
-      port = "9090"
+      port = "prometheus"
       connect {
         sidecar_service {
           proxy {
-- 
GitLab