You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
# LOKI PROMTAIL GRAFANA
|
|
|
|
|
|
|
|
Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur via LOKI / PROMTAIL
|
|
|
|
|
|
|
|
## CONFIGURATION
|
|
|
|
|
|
|
|
### LOKI AGENT HOST
|
|
|
|
|
|
|
|
Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
|
|
|
|
```yml
|
|
|
|
labels:
|
|
|
|
logging: "promtail"
|
|
|
|
logging_jobname: "containerlogs"
|
|
|
|
```
|
|
|
|
|
|
|
|
#### TLS
|
|
|
|
|
|
|
|
- Create certs:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
|
|
|
|
```
|
|
|
|
> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)
|
|
|
|
|
|
|
|
- TLS config:
|
|
|
|
```yaml
|
|
|
|
server:
|
|
|
|
http_listen_port: 3100
|
|
|
|
grpc_listen_port: 9443
|
|
|
|
|
|
|
|
http_tls_config:
|
|
|
|
client_auth_type: RequireAndVerifyClientCert
|
|
|
|
client_ca_file: /opt/loki/certs/loki_CA_.cer
|
|
|
|
cert_file: /etc/loki/server.crt
|
|
|
|
key_file: /etc/loki/server.key
|
|
|
|
grpc_tls_config:
|
|
|
|
client_auth_type: RequireAndVerifyClientCert
|
|
|
|
client_ca_file: /opt/loki/certs/loki_CA_.cer
|
|
|
|
cert_file: /etc/loki/server.crt
|
|
|
|
key_file: /etc/loki/server.key
|
|
|
|
```
|
|
|
|
|
|
|
|
### GRAFANA HOST
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## UTILISATION
|
|
|
|
|
|
|
|
```bash
|
|
|
|
docker-compose up -d
|
|
|
|
```
|
|
|
|
|
|
|
|
## DASHBOARD
|
|
|
|
|
|
|
|
> import dashboard ID: 17514
|
|
|
|
> Faire la dashboard standard
|
|
|
|
|
|
|
|
- [ ] schema type
|
|
|
|
- [ ] provisionner dashboard
|
|
|
|
- [ ] Pormtail config
|
|
|
|
- [ ] TLS config (https)
|
|
|
|
- [ ] SSH logs
|
|
|
|
|
|
|
|
|
|
|
|
> le scraping des metrics du serveur distant se font désormais via TLS
|