Verified Commit 563c3c5c authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

loki/promtail: Use a bearer token instead of basic auth

It simplifies it a bit.
parent 896ab5b0
Pipeline #9520 passed with stage
in 1 minute
$ANSIBLE_VAULT;1.1;AES256
32393361373264633531353264623563303635643964323839616366656632363933626233386538
3037343264613038613164303261626232333761336534340a313033636232643864663033656563
32313164646232663663343235316361336163373265313639313032623239646339383530343039
3236613365643235650a333066633439633964303532396466613464623166383162373161656566
66666336623138363266393034376532313465633032363433383731613133656437323563346334
34623433613437333861376638396461373439376463383830343531626666333935393262323636
39343566336266316630373463633562643761353932613163663836613761383565373230326361
34333433343330353831303233613236343132303239396666626437633832363433656532376236
3062
37643130346638613539323431666164623435666264346231643964626232343534666338646335
3834376365383264306438316137313163613262323630370a666637316461396132383864633539
37653062643062663563353635376462396237616634626633633762366334373665306563643366
3139316239303165380a653166623863366130346231313465336666383365646264396337303334
30383231653734613230376139326137306137333037616636336663656532316637633531313538
63643330643031663563643430666165323933633933363436306334643166313231616664666664
653339626466616537613738636465346538
loki_nginx_htpasswd: /etc/nginx/auth/loki
......@@ -6,23 +6,11 @@
copy: src=loki.yaml dest=/etc/loki/ owner=root group=root mode=0644
notify: restart loki
- name: install python-passlib
pacman: name=python-passlib
- name: create htpasswd for nginx loki endpoint
htpasswd:
path: "{{ loki_nginx_htpasswd }}"
name: "{{ vault_loki_nginx_user }}"
password: "{{ vault_loki_nginx_passwd }}"
owner: root
group: http
mode: 0640
- name: make nginx log dir
file: path=/var/log/nginx/loki state=directory owner=root group=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/logging.conf" owner=root group=root mode=644
template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/logging.conf" owner=root group=root mode=640
notify: reload nginx
tags: ['nginx']
......
......@@ -12,8 +12,9 @@ server {
error_log /var/log/nginx/loki/error.log;
location = /loki/api/v1/push {
auth_basic "Loki :)";
auth_basic_user_file {{ loki_nginx_htpasswd }};
if ($http_authorization != "Bearer {{ vault_loki_token }}") {
return 403;
}
proxy_pass http://127.0.0.1:3100$request_uri;
}
......
......@@ -9,9 +9,7 @@ positions:
clients:
- url: http://{{ hostvars['monitoring.archlinux.org']['wireguard_address'] }}/loki/api/v1/push
basic_auth:
username: '{{ vault_loki_nginx_user }}'
password: '{{ vault_loki_nginx_passwd }}'
bearer_token: '{{ vault_loki_token }}'
scrape_configs:
- job_name: journal
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment