Merge branch 'loki'
This commit is contained in:
1
roles/loki-caddy/defaults/main.yml
Normal file
1
roles/loki-caddy/defaults/main.yml
Normal file
@@ -0,0 +1 @@
|
||||
loki_caddy_server_name: loki.{{ ansible_domain }}
|
||||
3
roles/loki-caddy/meta/main.yml
Normal file
3
roles/loki-caddy/meta/main.yml
Normal file
@@ -0,0 +1,3 @@
|
||||
dependencies:
|
||||
- role: caddy
|
||||
tags: caddy
|
||||
24
roles/loki-caddy/tasks/main.yml
Normal file
24
roles/loki-caddy/tasks/main.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
- name: ensure caddy is configured to proxy for loki
|
||||
template:
|
||||
src: Caddyfile.j2
|
||||
dest: /etc/caddy/Caddyfile.d/loki.caddyfile
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
notify:
|
||||
- reload caddy
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: ensure client ca is configured
|
||||
copy:
|
||||
dest: /etc/caddy/loki-client-ca.crt
|
||||
content: >-
|
||||
{{ loki_caddy_client_ca|d('') }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
notify:
|
||||
- reload caddy
|
||||
tags:
|
||||
- cert
|
||||
33
roles/loki-caddy/templates/Caddyfile.j2
Normal file
33
roles/loki-caddy/templates/Caddyfile.j2
Normal file
@@ -0,0 +1,33 @@
|
||||
{# vim: set sw=4 ts=4 sts=4 et : #}
|
||||
{{ loki_caddy_server_name }} {
|
||||
tls {
|
||||
client_auth {
|
||||
mode verify_if_given
|
||||
trusted_ca_cert_file /etc/caddy/loki-client-ca.crt
|
||||
}
|
||||
}
|
||||
@anonymous {
|
||||
expression {tls_client_subject} == null
|
||||
}
|
||||
@grafana {
|
||||
header X-Grafana-User *
|
||||
}
|
||||
handle @anonymous {
|
||||
route /loki/api/v1/push {
|
||||
reverse_proxy 127.0.0.1:3100
|
||||
}
|
||||
route /metrics {
|
||||
reverse_proxy 127.0.0.1:3100
|
||||
}
|
||||
route /ready {
|
||||
reverse_proxy 127.0.0.1:3100
|
||||
}
|
||||
respond 403
|
||||
}
|
||||
handle @grafana {
|
||||
reverse_proxy 127.0.0.1:3100
|
||||
}
|
||||
tls {{ loki_caddy_acme.email }} {
|
||||
ca {{ loki_caddy_acme.url }}
|
||||
}
|
||||
}
|
||||
39
roles/loki/defaults/main.yml
Normal file
39
roles/loki/defaults/main.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
loki_config:
|
||||
auth_enabled: false
|
||||
|
||||
server:
|
||||
http_listen_port: 3100
|
||||
http_listen_address: 127.0.0.1
|
||||
grpc_listen_port: 9096
|
||||
|
||||
common:
|
||||
instance_addr: 127.0.0.1
|
||||
path_prefix: /var/lib/loki
|
||||
storage:
|
||||
filesystem:
|
||||
chunks_directory: /var/lib/loki/chunks
|
||||
rules_directory: /var/lib/loki/rules
|
||||
replication_factor: 1
|
||||
ring:
|
||||
kvstore:
|
||||
store: inmemory
|
||||
|
||||
query_range:
|
||||
results_cache:
|
||||
cache:
|
||||
embedded_cache:
|
||||
enabled: true
|
||||
max_size_mb: 100
|
||||
|
||||
schema_config:
|
||||
configs:
|
||||
- from: 2020-10-24
|
||||
store: tsdb
|
||||
object_store: filesystem
|
||||
schema: v12
|
||||
index:
|
||||
prefix: index_
|
||||
period: 24h
|
||||
|
||||
query_scheduler:
|
||||
max_outstanding_requests_per_tenant: 1024
|
||||
25
roles/loki/files/loki.container
Normal file
25
roles/loki/files/loki.container
Normal file
@@ -0,0 +1,25 @@
|
||||
# vim: set ft=systemd :
|
||||
[Unit]
|
||||
Description=Grafana Loki
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
StartLimitIntervalSec=1m
|
||||
StartLimitBurst=60
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/bin/install -o 10001 -g 10001 -d %S/%P
|
||||
ExecStartPre=/bin/chcon -t container_file_t %S/%P
|
||||
ExecReload=/usr/bin/podman kill --cidfile=%t/%N.cid --signal HUP
|
||||
TimeoutStartSec=5m
|
||||
Restart=always
|
||||
RstartSec=1s
|
||||
|
||||
[Container]
|
||||
Image=docker.io/grafana/loki:2.9.4
|
||||
Exec=-config.file=/etc/loki/config.yml
|
||||
Volume=%S/%P:/var/lib/loki:rw
|
||||
Volume=/etc/loki:/etc/loki:ro
|
||||
Network=host
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
2
roles/loki/meta/main.yml
Normal file
2
roles/loki/meta/main.yml
Normal file
@@ -0,0 +1,2 @@
|
||||
dependencies:
|
||||
- systemd-base
|
||||
67
roles/loki/tasks/main.yml
Normal file
67
roles/loki/tasks/main.yml
Normal file
@@ -0,0 +1,67 @@
|
||||
- name: ensure required packages are installed
|
||||
package:
|
||||
name:
|
||||
- podman
|
||||
state: present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure loki container unit is configured
|
||||
copy:
|
||||
src: loki.container
|
||||
dest: /etc/containers/systemd/loki.container
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
notify:
|
||||
- reload systemd
|
||||
tags:
|
||||
- container
|
||||
|
||||
- name: ensure loki configuration directory exists
|
||||
file:
|
||||
path: /etc/loki
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
tags:
|
||||
- config
|
||||
- name: ensure loki is configured
|
||||
copy:
|
||||
dest: /etc/loki/config.yml
|
||||
content: >-
|
||||
{{ loki_config|to_nice_yaml(indent=2) }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: ensure loki starts at boot
|
||||
service:
|
||||
name: loki
|
||||
enabled: true
|
||||
tags:
|
||||
- service
|
||||
- name: ensure loki is running
|
||||
service:
|
||||
name: loki
|
||||
state: started
|
||||
tags:
|
||||
- service
|
||||
|
||||
- name: ensure firewall is configured for loki
|
||||
firewalld:
|
||||
port: '{{ item }}'
|
||||
state: enabled
|
||||
immediate: true
|
||||
permanent: true
|
||||
loop:
|
||||
- 3100/tcp
|
||||
- 9096/tcp
|
||||
when: host_uses_firewalld|d(true)|bool
|
||||
tags:
|
||||
- firewalld
|
||||
Reference in New Issue
Block a user