loki: Add role+playbook for Grafana Loki

The current Grafana Loki server, *loki0.pyrocufflink.blue*, runs Fedora
CoreOS and is managed by Ignition and *cfg*.  Since I have declared
*cfg* a failed experiment, I'm going to re-deploy Loki on a new VM
running Fedora Linux and managed by Ansible.

The *loki* role installs Podman and defines a systemd-managed container
to run Grafana Loki.

group_vars/loki.yml

@@ -0,0 +1,4 @@
+data_volumes:
+- dev: /dev/vdb
+  fstype: btrfs
+  mountpoint: /var/lib/loki

hosts

@@ -89,6 +89,8 @@ k8s-ctrl0.pyrocufflink.blue
 k8s-controller
 k8s-node
 
+[loki]
+
 [minio-backups]
 chromie.pyrocufflink.blue
 

loki.yml

@@ -0,0 +1,5 @@
+- hosts: loki
+  roles:
+  - role: loki
+    tags:
+    - loki

roles/loki/defaults/main.yml

@@ -0,0 +1,39 @@
+loki_config:
+  auth_enabled: false
+
+  server:
+    http_listen_port: 3100
+    http_listen_address: 127.0.0.1
+    grpc_listen_port: 9096
+
+  common:
+    instance_addr: 127.0.0.1
+    path_prefix: /var/lib/loki
+    storage:
+      filesystem:
+        chunks_directory: /var/lib/loki/chunks
+        rules_directory: /var/lib/loki/rules
+    replication_factor: 1
+    ring:
+      kvstore:
+        store: inmemory
+
+  query_range:
+    results_cache:
+      cache:
+        embedded_cache:
+          enabled: true
+          max_size_mb: 100
+
+  schema_config:
+    configs:
+    - from: 2020-10-24
+      store: tsdb
+      object_store: filesystem
+      schema: v12
+      index:
+        prefix: index_
+        period: 24h
+
+  query_scheduler:
+    max_outstanding_requests_per_tenant: 1024

roles/loki/files/loki.container

@@ -0,0 +1,25 @@
+# vim: set ft=systemd :
+[Unit]
+Description=Grafana Loki
+After=network-online.target
+Wants=network-online.target
+StartLimitIntervalSec=1m
+StartLimitBurst=60
+
+[Service]
+ExecStartPre=/bin/install -o 10001 -g 10001 -d %S/%P
+ExecStartPre=/bin/chcon -t container_file_t %S/%P
+ExecReload=/usr/bin/podman kill --cidfile=%t/%N.cid --signal HUP
+TimeoutStartSec=5m
+Restart=always
+RstartSec=1s
+
+[Container]
+Image=docker.io/grafana/loki:2.9.4
+Exec=-config.file=/etc/loki/config.yml
+Volume=%S/%P:/var/lib/loki:rw
+Volume=/etc/loki:/etc/loki:ro
+Network=host
+
+[Install]
+WantedBy=multi-user.target

roles/loki/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- systemd-base

roles/loki/tasks/main.yml

@@ -0,0 +1,67 @@
+- name: ensure required packages are installed
+  package:
+    name:
+    - podman
+    state: present
+  tags:
+  - install
+
+- name: ensure loki container unit is configured
+  copy:
+    src: loki.container
+    dest: /etc/containers/systemd/loki.container
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload systemd
+  tags:
+  - container
+
+- name: ensure loki configuration directory exists
+  file:
+    path: /etc/loki
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - config
+- name: ensure loki is configured
+  copy:
+    dest: /etc/loki/config.yml
+    content: >-
+      {{ loki_config|to_nice_yaml(indent=2) }}
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  tags:
+  - config
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: ensure loki starts at boot
+  service:
+    name: loki
+    enabled: true
+  tags:
+  - service
+- name: ensure loki is running
+  service:
+    name: loki
+    state: started
+  tags:
+  - service
+
+- name: ensure firewall is configured for loki
+  firewalld:
+    port: '{{ item }}'
+    state: enabled
+    immediate: true
+    permanent: true
+  loop:
+  - 3100/tcp
+  - 9096/tcp
+  when: host_uses_firewalld|d(true)|bool
+  tags:
+  - firewalld