init

2022-11-14 21:01:18 +07:00
commit 335091569a
38 changed files with 2101 additions and 0 deletions
--- a/loki-server/.env
+++ b/loki-server/.env
@@ -0,0 +1 @@
+HOST=t.realmanual.ru
--- a/loki-server/data/grafana/datasources.yaml
+++ b/loki-server/data/grafana/datasources.yaml
@@ -0,0 +1,7 @@
+apiVersion: 1
+datasources:
+- access: proxy
+  isDefault: true
+  name: loki-main
+  type: loki
+  url: http://loki:3100
--- a/loki-server/data/grafana/grafana.ini
+++ b/loki-server/data/grafana/grafana.ini
@@ -0,0 +1,25 @@
+[analytics]
+check_for_updates = true
+[auth.ldap]
+allow_sign_up = true
+config_file = /etc/grafana/ldap.toml
+enabled = false
+[grafana_net]
+url = https://logs.bildme.ru
+[log]
+mode = console
+[paths]
+data = /var/lib/grafana/data
+logs = /var/log/grafana
+plugins = /var/lib/grafana/plugins
+provisioning = /etc/grafana/provisioning
+[server]
+root_url = https://logs.bildme.ru
+[smtp]
+enabled = true
+from_address = logs@bildme.ru
+from_name = Logs Bildme.ru
+host = smtp.eu.mailgun.org:587
+password = PASSWORD
+skip_verify = true
+user = logs@bildme.ru
--- a/loki-server/data/grafana/ldap.toml
+++ b/loki-server/data/grafana/ldap.toml
@@ -0,0 +1,26 @@
+verbose_logging = true
+
+[[servers]]
+host = "ipa.bildme.ru"
+port = 636
+use_ssl = true
+start_tls = false
+ssl_skip_verify = true
+bind_dn = "uid=system,cn=sysaccounts,cn=etc,dc=ipa,dc=bildme,dc=ru"
+bind_password = "PASSWORD"
+search_filter = "(uid=%s)"
+search_base_dns = ["cn=users,cn=accounts,dc=ipa,dc=bildme,dc=ru"]
+group_search_base_dns = ["cn=admins,cn=groups,cn=accounts,dc=ipa,dc=bildme,dc=ru"]
+
+[servers.attributes]
+name = "givenName"
+surname = "sn"
+username = "uid"
+member_of = "memberOf"
+email =  "mail"
+
+# Administrators
+[[servers.group_mappings]]
+grafana_admin = true
+group_dn = "cn=admins,cn=groups,cn=accounts,dc=ipa,dc=bildme,dc=ru"
+org_role = "Admin"
--- a/loki-server/data/local-config.yaml
+++ b/loki-server/data/local-config.yaml
@@ -0,0 +1,62 @@
+auth_enabled: false
+
+server:
+  grpc_listen_port: 9095
+  http_listen_port: 3100
+
+compactor:
+  retention_delete_delay: 2h
+  retention_delete_worker_count: 150
+  retention_enabled: true
+  shared_store: filesystem
+  working_directory: /loki/boltdb-shipper-compactor
+
+ingester:
+  chunk_block_size: 262144
+  chunk_idle_period: 3m
+  chunk_retain_period: 1m
+  lifecycler:
+    ring:
+      kvstore:
+        store: inmemory
+      replication_factor: 1
+  max_transfer_retries: 0
+  wal:
+    dir: /loki/wal
+
+limits_config:
+  enforce_metric_name: false
+  max_entries_limit_per_query: 5000
+  per_stream_rate_limit: 8M
+  per_stream_rate_limit_burst: 16M
+  reject_old_samples: true
+  reject_old_samples_max_age: 360h
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+common:
+  path_prefix: /loki
+  storage:
+    filesystem:
+      chunks_directory: /loki/chunks
+      rules_directory: /loki/rules
+  replication_factor: 1
+  ring:
+    instance_addr: 127.0.0.1
+    kvstore:
+      store: inmemory
+
+chunk_store_config:
+  max_look_back_period: 0s
+
+table_manager:
+  retention_deletes_enabled: true
+  retention_period: 360h
--- a/loki-server/data/user.file
+++ b/loki-server/data/user.file
@@ -0,0 +1 @@
+loki:$$2y$$05$$UZwmFTrItdJngPd3eLTn5uw5SKU4fyB0d22aWA0sG1A/Cx9PONtM6
--- a/loki-server/docker-compose.yaml
+++ b/loki-server/docker-compose.yaml
@@ -0,0 +1,63 @@
+version: "3.9"
+
+services:
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.logs.entrypoints=https"
+      - "traefik.http.routers.logs.rule=Host(`logs.${HOST}`)"
+      - "traefik.http.routers.logs.tls=true"
+      - "traefik.http.routers.logs.tls.certresolver=letsEncrypt"
+      - "traefik.http.services.logs-service.loadbalancer.server.port=3000"
+      - "traefik.docker.network=webproxy"
+    environment:
+      - GF_PATHS_DATA=/var/lib/grafana/data
+      - GF_PATHS_LOGS=/var/log/grafana
+      - GF_PATHS_PLUGINS=/var/lib/grafana/plugins
+      - GF_PATHS_PROVISIONING=/etc/grafana/provisioning
+      - GF_AUTH_ANONYMOUS_ENABLED=false
+      - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_USERS_ALLOW_ORG_CREATE=false
+    volumes:
+      - ./data/grafana/grafana.ini:/etc/grafana/grafana.ini
+      - ./data/grafana/ldap.toml:/etc/grafana/ldap.toml
+      - ./data/grafana/datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+    expose:
+     - 3000
+    networks:
+      - loki
+      - webproxy
+
+  loki:
+    image: grafana/loki:2.6.1
+    container_name: loki
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.loki.entrypoints=https"
+      - "traefik.http.routers.loki.rule=Host(`loki.${HOST}`)"
+      - "traefik.http.routers.loki.tls=true"
+      - "traefik.http.routers.loki.tls.certresolver=letsEncrypt"
+      - "traefik.http.routers.loki.middlewares=loki-auth"
+      - "traefik.http.services.loki-service.loadbalancer.server.port=3100"
+      - "traefik.http.middlewares.loki-auth.basicauth.usersfile=/mnt/user.file" # loki\loki123
+      - "traefik.docker.network=webproxy"
+    command: -config.file=/etc/loki/local-config.yaml
+    volumes:
+      - ./data/local-config.yaml:/etc/loki/local-config.yaml
+      - ./data/loki/loki:/loki
+      - ./data/user.file:/mnt/user.file
+    expose:
+      - 3100
+    networks:
+      - loki
+      - webproxy
+
+networks:
+  loki:
+    name: loki
+  webproxy:
+    name: webproxy
				`@@ -0,0 +1 @@`
				`loki:$$2y$$05$$UZwmFTrItdJngPd3eLTn5uw5SKU4fyB0d22aWA0sG1A/Cx9PONtM6`