loki/README.md

# LOKI PROMTAIL GRAFANA

Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur via LOKI / PROMTAIL

## CONFIGURATION

### LOKI AGENT HOST

Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
```yml
    labels:
      logging: "promtail"
      logging_jobname: "containerlogs"
```

#### TLS 

- Create certs:

```bash
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
```
> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)

- TLS config:
```yaml
server:
  http_listen_port: 3100
  grpc_listen_port: 9443

  http_tls_config:
    client_auth_type: RequireAndVerifyClientCert    
    client_ca_file: /opt/loki/certs/loki_CA_.cer 
    cert_file: /etc/loki/server.crt
    key_file: /etc/loki/server.key
  grpc_tls_config:
    client_auth_type: RequireAndVerifyClientCert
    client_ca_file: /opt/loki/certs/loki_CA_.cer   
    cert_file: /etc/loki/server.crt
    key_file: /etc/loki/server.key
```

### GRAFANA HOST



## UTILISATION

```bash
docker-compose up -d
```

## DASHBOARD

> import dashboard ID: 17514
> Faire la dashboard standard

- [ ] schema type
- [ ] provisionner dashboard
- [ ] Pormtail config
- [ ] TLS config (https)
- [ ] SSH logs


> le scraping des metrics du serveur distant se font désormais via TLS