|
|
|
@ -4,6 +4,8 @@ Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur
|
|
|
|
|
|
|
|
|
|
## CONFIGURATION
|
|
|
|
|
|
|
|
|
|
### LOKI AGENT HOST
|
|
|
|
|
|
|
|
|
|
Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
|
|
|
|
|
```yml
|
|
|
|
|
labels:
|
|
|
|
@ -11,6 +13,37 @@ Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au d
|
|
|
|
|
logging_jobname: "containerlogs"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### TLS
|
|
|
|
|
|
|
|
|
|
- Create certs:
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
|
|
|
|
|
```
|
|
|
|
|
> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)
|
|
|
|
|
|
|
|
|
|
- TLS config:
|
|
|
|
|
```yaml
|
|
|
|
|
server:
|
|
|
|
|
http_listen_port: 3100
|
|
|
|
|
grpc_listen_port: 9443
|
|
|
|
|
|
|
|
|
|
http_tls_config:
|
|
|
|
|
client_auth_type: RequireAndVerifyClientCert
|
|
|
|
|
client_ca_file: /opt/loki/certs/loki_CA_.cer
|
|
|
|
|
cert_file: /etc/loki/server.crt
|
|
|
|
|
key_file: /etc/loki/server.key
|
|
|
|
|
grpc_tls_config:
|
|
|
|
|
client_auth_type: RequireAndVerifyClientCert
|
|
|
|
|
client_ca_file: /opt/loki/certs/loki_CA_.cer
|
|
|
|
|
cert_file: /etc/loki/server.crt
|
|
|
|
|
key_file: /etc/loki/server.key
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### GRAFANA HOST
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## UTILISATION
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
@ -26,4 +59,7 @@ docker-compose up -d
|
|
|
|
|
- [ ] provisionner dashboard
|
|
|
|
|
- [ ] Pormtail config
|
|
|
|
|
- [ ] TLS config (https)
|
|
|
|
|
- [ ] SSH logs
|
|
|
|
|
- [ ] SSH logs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
> le scraping des metrics du serveur distant se font désormais via TLS
|