logging: add promtail + loki + grafana #190
13 changed files with 196 additions and 9 deletions
31
docker-compose/loki/datasources.yaml.j2
Normal file
31
docker-compose/loki/datasources.yaml.j2
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# Configuration file version
|
||||||
|
apiVersion: 1
|
||||||
|
|
||||||
|
# Mark provisioned data sources for deletion if they are no longer in a provisioning file.
|
||||||
|
# It takes no effect if data sources are already listed in the deleteDatasources section.
|
||||||
|
prune: true
|
||||||
|
|
||||||
|
# List of data sources to insert/update depending on what's
|
||||||
|
# available in the database.
|
||||||
|
datasources:
|
||||||
|
# <string, required> Sets the name you use to refer to
|
||||||
|
# the data source in panels and queries.
|
||||||
|
- name: Loki
|
||||||
|
# <string, required> Sets the data source type.
|
||||||
|
type: loki
|
||||||
|
# <string, required> Sets the access mode, either
|
||||||
|
# proxy or direct (Server or Browser in the UI).
|
||||||
|
# Some data sources are incompatible with any setting
|
||||||
|
# but proxy (Server).
|
||||||
|
access: direct
|
||||||
|
# <int> Sets the organization id. Defaults to orgId 1.
|
||||||
|
orgId: 1
|
||||||
|
# <string> Sets the data source's URL, including the
|
||||||
|
# port.
|
||||||
|
url: http://loki:3100
|
||||||
|
# <int> Sets the version. Used to compare versions when
|
||||||
|
# updating. Ignored when creating a new data source.
|
||||||
|
version: 1
|
||||||
|
# <bool> Allows users to edit data sources from the
|
||||||
|
# Grafana UI.
|
||||||
|
editable: false
|
50
docker-compose/loki/docker-compose.yml.j2
Normal file
50
docker-compose/loki/docker-compose.yml.j2
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
# https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/prometheus_grafana_loki
|
||||||
|
# https://ghazanfaralidevops.medium.com/grafana-loki-promtail-complete-end-to-end-project-d698aaa636d6
|
||||||
|
services:
|
||||||
|
loki:
|
||||||
|
image: grafana/loki:3.2.0
|
||||||
|
container_name: loki
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- loki:/loki
|
||||||
|
- ./loki-config.yml:/etc/loki-config.yml
|
||||||
|
command:
|
||||||
|
- '-config.file=/etc/loki-config.yml'
|
||||||
|
ports:
|
||||||
|
- "3100:3100"
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
|
||||||
|
grafana:
|
||||||
|
image: grafana/grafana:9.4.3
|
||||||
|
container_name: grafana
|
||||||
|
restart: always
|
||||||
|
env_file: grafana.env
|
||||||
|
volumes:
|
||||||
|
- grafana:/var/lib/grafana
|
||||||
|
- ./datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
|
||||||
|
ports:
|
||||||
|
- "3101:3000"
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- postfix
|
||||||
|
|
||||||
|
######## Networks ########
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
internal:
|
||||||
|
|
||||||
|
######## Volumes ########
|
||||||
|
volumes:
|
||||||
|
loki:
|
||||||
|
grafana:
|
||||||
|
|
||||||
|
|
||||||
|
# TODO: http://vm-test-2204.mgrote.net:9080/targets + wenn firewall aus
|
||||||
|
# TODO: grafana dashboard und datasource als code? + https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources
|
||||||
|
# TODO: URLS: http://docker10.mgrote.net:3101/explore?orgId=1&left=%7B%22datasource%22:%22U4h5CxgHz%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22datasource%22:%7B%22type%22:%22loki%22,%22uid%22:%22U4h5CxgHz%22%7D%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D + http://docker10.mgrote.net:3100/ready + http://vm-test-2204.mgrote.net:9080/config
|
||||||
|
# TODO: grafana an LDAP: https://github.com/lldap/lldap/blob/main/example_configs/grafana_ldap_config.toml
|
||||||
|
# TODO: send mail testen
|
||||||
|
# TODO: depends on + healhtchecks
|
||||||
|
# TODO Mikrotik in Logging? oder lieber alles rsyslog
|
13
docker-compose/loki/grafana.env.j2
Normal file
13
docker-compose/loki/grafana.env.j2
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# GENERAL
|
||||||
|
TZ=Europe/Berlin
|
||||||
|
|
||||||
|
# GRAFANA
|
||||||
|
GF_SECURITY_ADMIN_USER=admin # TODO
|
||||||
|
GF_SECURITY_ADMIN_PASSWORD=admin # TODO
|
||||||
|
GF_USERS_ALLOW_SIGN_UP=false
|
||||||
|
|
||||||
|
# GRAFANA EMAIL
|
||||||
|
GF_SMTP_ENABLED=true
|
||||||
|
GF_SMTP_HOST=postfix
|
||||||
|
GF_SMTP_USER=grafana@mgrote.net
|
||||||
|
GF_SMTP_PASSWORD=""
|
43
docker-compose/loki/loki-config.yml.j2
Normal file
43
docker-compose/loki/loki-config.yml.j2
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
auth_enabled: false
|
||||||
|
|
||||||
|
server:
|
||||||
|
http_listen_port: 3100
|
||||||
|
|
||||||
|
common:
|
||||||
|
instance_addr: 127.0.0.1
|
||||||
|
path_prefix: /loki
|
||||||
|
storage:
|
||||||
|
filesystem:
|
||||||
|
chunks_directory: /loki/chunks
|
||||||
|
rules_directory: /loki/rules
|
||||||
|
replication_factor: 1
|
||||||
|
ring:
|
||||||
|
kvstore:
|
||||||
|
store: inmemory
|
||||||
|
|
||||||
|
query_range:
|
||||||
|
results_cache:
|
||||||
|
cache:
|
||||||
|
embedded_cache:
|
||||||
|
enabled: true
|
||||||
|
max_size_mb: 100
|
||||||
|
|
||||||
|
schema_config:
|
||||||
|
configs:
|
||||||
|
- from: 2020-10-24
|
||||||
|
store: tsdb
|
||||||
|
object_store: filesystem
|
||||||
|
schema: v13
|
||||||
|
index:
|
||||||
|
prefix: index_
|
||||||
|
period: 24h
|
||||||
|
|
||||||
|
analytics:
|
||||||
|
reporting_enabled: false
|
||||||
|
|
||||||
|
|
||||||
|
# TODO alertmanager
|
||||||
|
# TODO promtail
|
||||||
|
# TODO prometheus
|
||||||
|
# TODO retention
|
||||||
|
# TODO Doku wie alles zusammenspielt
|
|
@ -9,7 +9,22 @@ file_header: |
|
||||||
#----------------------------------------------------------------#
|
#----------------------------------------------------------------#
|
||||||
# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
|
# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
|
||||||
ansible_forgejo_user: svc_ansible
|
ansible_forgejo_user: svc_ansible
|
||||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # User ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||||
|
|
||||||
|
### patrickjahns.promtail
|
||||||
|
promtail_version: "3.0.0" # TODO renovate
|
||||||
|
promtail_loki_server_url: "http://docker10.mgrote.net:3100" # TODO passt das für blocky?
|
||||||
|
promtail_user_additional_groups: root
|
||||||
|
promtail_config_scrape_configs:
|
||||||
|
- job_name: system
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- localhost
|
||||||
|
labels:
|
||||||
|
host: "{{ ansible_fqdn }}"
|
||||||
|
job: varlogs
|
||||||
|
__path__: /var/log/**/**
|
||||||
|
# TODO add docker und lokale logs wenn sie cniht in /var/log liegen: https://ruanbekker.medium.com/logging-with-docker-promtail-and-grafana-loki-d920fd790ca8
|
||||||
|
|
||||||
### mgrote_user_setup
|
### mgrote_user_setup
|
||||||
dotfiles:
|
dotfiles:
|
||||||
|
@ -83,6 +98,11 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
from_ip: 192.168.2.0/24
|
from_ip: 192.168.2.0/24
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
ufw_default_incoming_policy: deny
|
ufw_default_incoming_policy: deny
|
||||||
ufw_default_outgoing_policy: allow
|
ufw_default_outgoing_policy: allow
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,11 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
from_ip: 192.168.2.0/24
|
from_ip: 192.168.2.0/24
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
- rule: allow
|
- rule: allow
|
||||||
to_port: 53
|
to_port: 53
|
||||||
comment: 'dns'
|
comment: 'dns'
|
||||||
|
|
|
@ -140,6 +140,11 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
from_ip: 192.168.2.0/24
|
from_ip: 192.168.2.0/24
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
- rule: allow
|
- rule: allow
|
||||||
from_ip: 192.168.0.0/16
|
from_ip: 192.168.0.0/16
|
||||||
comment: 'docker networks'
|
comment: 'docker networks'
|
||||||
|
|
|
@ -14,6 +14,11 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
from_ip: 192.168.2.0/24
|
from_ip: 192.168.2.0/24
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
- rule: allow
|
- rule: allow
|
||||||
to_port: 445
|
to_port: 445
|
||||||
comment: 'smb'
|
comment: 'smb'
|
||||||
|
|
|
@ -41,6 +41,11 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
from_ip: 192.168.2.0/24
|
from_ip: 192.168.2.0/24
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
- rule: allow
|
- rule: allow
|
||||||
to_port: "{{ gitea_http_port }}"
|
to_port: "{{ gitea_http_port }}"
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
|
|
|
@ -18,6 +18,11 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
from_ip: 192.168.2.0/24
|
from_ip: 192.168.2.0/24
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
- rule: allow
|
- rule: allow
|
||||||
to_port: "{{ lldap_http_port }}"
|
to_port: "{{ lldap_http_port }}"
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
|
|
|
@ -7,10 +7,14 @@ ufw_rules:
|
||||||
comment: 'ssh'
|
comment: 'ssh'
|
||||||
from_ip: 0.0.0.0/0
|
from_ip: 0.0.0.0/0
|
||||||
- rule: allow
|
- rule: allow
|
||||||
to_port: 80 #TODO passt?
|
to_port: 80
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'munin'
|
comment: 'munin'
|
||||||
|
- rule: allow
|
||||||
|
to_port: 9080
|
||||||
|
protocol: tcp
|
||||||
|
comment: 'promtail'
|
||||||
|
from_ip: 192.168.2.0/24
|
||||||
### mgrote_restic
|
### mgrote_restic
|
||||||
restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/munin"
|
restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/munin"
|
||||||
|
|
||||||
|
|
|
@ -66,6 +66,9 @@ compose_files:
|
||||||
state: present
|
state: present
|
||||||
- name: act-runner
|
- name: act-runner
|
||||||
state: present
|
state: present
|
||||||
|
- name: loki
|
||||||
|
state: present
|
||||||
|
network: postfix
|
||||||
|
|
||||||
### oefenweb.ufw
|
### oefenweb.ufw
|
||||||
ufw_rules:
|
ufw_rules:
|
||||||
|
|
|
@ -4,8 +4,6 @@
|
||||||
- role: mgrote_munin_node
|
- role: mgrote_munin_node
|
||||||
become: true
|
become: true
|
||||||
tags: "munin"
|
tags: "munin"
|
||||||
when: "not 'laptop' in group_names"
|
- role: patrickjahns.promtail
|
||||||
|
become: true
|
||||||
### Die Host müssen auch beim Docker-Container: "munin-master eingetragen" werden.
|
tags: "promtail"
|
||||||
### wird nur auf physischen Rechnern ausgeführt.
|
|
||||||
### Wenn ein Plugin nicht geht: munin-node-configure --shell --families=contrib,auto | sh -x
|
|
||||||
|
|
Loading…
Reference in a new issue