Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PMM-9315 Integrate Loki with PMM #3216

Draft
wants to merge 2 commits into
base: v3
Choose a base branch
from
+566 −0
Draft

PMM-9315 Integrate Loki with PMM #3216

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0558fcd
PMM-9315 Inegrate Loki with PMM
ademidoff Sep 29, 2024
8590c19
PMM-9315 Inegrate Loki with PMM
ademidoff Sep 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions build/ansible/roles/loki/files/Dockerfile.loki
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# TODO: the image should be percona/pmm-server:3 once PMM v3 is released.

# To build the image, run the following in the project root directory:
# docker buildx build --progress plain -t perconalab/pmm-server:loki-3.2 -f ./build/ansible/roles/loki/files/Dockerfile.loki . # mind the dot
FROM perconalab/pmm-server:3-dev-latest

USER root

RUN sed -i '/^assumeyes/d' /etc/dnf/dnf.conf

COPY build/ansible/roles/loki/files/loki.sh /tmp/
COPY build/ansible/roles/loki/files/pmm.conf /etc/nginx/conf.d/pmm.conf
COPY build/ansible/roles/loki/files/nginx.conf /etc/nginx/nginx.conf
RUN chown pmm:pmm /etc/nginx/conf.d/pmm.conf /etc/nginx/nginx.conf
RUN chmod +x /tmp/loki.sh && /bin/bash -e /tmp/loki.sh && rm /tmp/loki.sh

USER pmm

VOLUME /srv

ENV GF_ANALYTICS_CHECK_FOR_UPDATES=false
ENV GF_ANALYTICS_REPORTING_ENABLED=false
215 changes: 215 additions & 0 deletions build/ansible/roles/loki/files/loki.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,215 @@
#!/bin/bash -e

# Add grafana repository
cat <<EOF > /etc/yum.repos.d/grafana.repo
[grafana]
name=grafana
baseurl=https://rpm.grafana.com
repo_gpgcheck=1
enabled=0
gpgcheck=1
gpgkey=https://rpm.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

# Install loki and promtail, which also creates dedicated users
dnf install -y --disablerepo="*" --enablerepo=grafana loki promtail

# Add promtail and loki users to pmm user group
usermod -a -G pmm promtail
usermod -a -G pmm loki

mkdir -p /srv/loki
chown pmm:pmm /srv/loki

cat <<EOF > /etc/supervisord.d/loki.ini
[program:loki]
priority = 20
command =
/usr/bin/loki
-config.file /etc/loki/config.yml
user = pmm
autorestart = true
autostart = true
startretries = 1000
startsecs = 3
stopsignal = TERM
stopwaitsecs = 10
stdout_logfile = /srv/logs/loki.log
stdout_logfile_maxbytes = 10MB
stdout_logfile_backups = 3
redirect_stderr = true
[program:promtail]
priority = 21
command =
/usr/bin/promtail
-config.file /srv/loki/promtail.yml
user = pmm
autorestart = true
autostart = true
startretries = 1000
startsecs = 3
stopsignal = TERM
stopwaitsecs = 10
stdout_logfile = /srv/logs/promtail.log
stdout_logfile_maxbytes = 10MB
stdout_logfile_backups = 3
redirect_stderr = true
EOF

cat <<EOF > /etc/loki/config.yml
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
log_level: debug
grpc_server_max_concurrent_streams: 1000
common:
instance_addr: 127.0.0.1
path_prefix: /srv/loki
storage:
filesystem:
chunks_directory: /srv/loki/chunks
rules_directory: /srv/loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
ingester_rf1:
enabled: false
query_range:
results_cache:
cache:
embedded_cache:
enabled: true
max_size_mb: 100
schema_config:
configs:
- from: 2020-10-24
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
pattern_ingester:
enabled: true
metric_aggregation:
enabled: true
loki_address: 127.0.0.1:3100
ruler:
alertmanager_url: http://127.0.0.1:9093
frontend:
encoding: protobuf
analytics:
reporting_enabled: false
EOF

cat <<EOF > /srv/loki/promtail.yml
# Important: too much scraping during init process can overload the system.
# https://github.com/grafana/loki/issues/11398
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://127.0.0.1:3100/loki/api/v1/push
scrape_configs:
- job_name: nginx
static_configs:
- targets:
- 127.0.0.1
labels:
job: nginx
__path__: /srv/logs/nginx.log
- job_name: grafana
static_configs:
- targets:
- 127.0.0.1
labels:
job: grafana
__path__: /srv/logs/grafana.log
- job_name: pmm-agent
static_configs:
- targets:
- 127.0.0.1
labels:
job: pmm-agent
__path__: /srv/logs/pmm-agent.log
node_name: pmm-server
- job_name: pmm-managed
static_configs:
- targets:
- 127.0.0.1
labels:
job: pmm-managed
__path__: /srv/logs/pmm-managed.log
- job_name: qan
static_configs:
- targets:
- 127.0.0.1
labels:
job: qan
__path__: /srv/logs/qani-api2.log
- job_name: victoriametrics
static_configs:
- targets:
- 127.0.0.1
labels:
job: victoriametrcis
__path__: /srv/logs/victoriametrics.log
- job_name: clickhouse
static_configs:
- targets:
- 127.0.0.1
labels:
job: clickhouse
__path__: /srv/logs/clickhouse-server.log
- job_name: supervisor
static_configs:
- targets:
- 127.0.0.1
labels:
job: supervisor
__path__: /srv/logs/supervisord.log
EOF

cat <<EOF > /usr/share/grafana/conf/provisioning/datasources/loki.yml
apiVersion: 1
datasources:
- name: Loki
type: loki
uid: loki
access: proxy
url: http://127.0.0.1:3100
EOF

# Change ownership of all files we added
chown pmm:pmm /etc/supervisord.d/loki.ini
chown pmm:pmm /etc/loki/config.yml
chown pmm:pmm /srv/loki/promtail.yml
chown pmm:pmm /usr/share/grafana/conf/provisioning/datasources/loki.yml
63 changes: 63 additions & 0 deletions build/ansible/roles/loki/files/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# user pmm; ## It's ignored when the master process is not run by root.
worker_processes 2;

daemon off;

error_log /dev/stderr warn;
pid /run/nginx.pid;

events {
worker_connections 4096;
}

http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

log_format json_format escape=json '{'
'"time_local": "$time_local",'
'"host": "$http_host",'
'"remote_addr": "$remote_addr",'
'"request_method": "$request_method",'
'"request": "$request_uri",'
'"request_time": "$request_time",'
'"body_bytes_sent": "$body_bytes_sent",'
'"server_protocol": "$server_protocol",'
'"status": "$status",'
'"http_referrer":"$http_referer",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_user_agent": "$http_user_agent"'
'}';

access_log /dev/stdout json_format;

sendfile on;
gzip on;
etag on;

keepalive_timeout 65;

resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 3s;

## TODO https://jira.percona.com/browse/PMM-4670
# CWE-693, CWE-16
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# TODO X-XSS-Protection useless for modern browsers which support CSP. We need to implement CSP instead.
add_header X-XSS-Protection "1; mode=block";
# CWE-524, CWE-525
add_header Cache-control "no-cache";
add_header Pragma "no-cache";

include /etc/nginx/conf.d/*.conf;
}
Loading
Loading