Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
David Runge
infrastructure
Commits
563c3c5c
Verified
Commit
563c3c5c
authored
Jul 08, 2021
by
Kristian Klausen
🎉
Browse files
loki/promtail: Use a bearer token instead of basic auth
It simplifies it a bit.
parent
896ab5b0
Changes
5
Hide whitespace changes
Inline
Side-by-side
group_vars/all/vault_loki.yml
View file @
563c3c5c
$ANSIBLE_VAULT;1.1;AES256
$ANSIBLE_VAULT;1.1;AES256
32393361373264633531353264623563303635643964323839616366656632363933626233386538
37643130346638613539323431666164623435666264346231643964626232343534666338646335
3037343264613038613164303261626232333761336534340a313033636232643864663033656563
3834376365383264306438316137313163613262323630370a666637316461396132383864633539
32313164646232663663343235316361336163373265313639313032623239646339383530343039
37653062643062663563353635376462396237616634626633633762366334373665306563643366
3236613365643235650a333066633439633964303532396466613464623166383162373161656566
3139316239303165380a653166623863366130346231313465336666383365646264396337303334
66666336623138363266393034376532313465633032363433383731613133656437323563346334
30383231653734613230376139326137306137333037616636336663656532316637633531313538
34623433613437333861376638396461373439376463383830343531626666333935393262323636
63643330643031663563643430666165323933633933363436306334643166313231616664666664
39343566336266316630373463633562643761353932613163663836613761383565373230326361
653339626466616537613738636465346538
34333433343330353831303233613236343132303239396666626437633832363433656532376236
3062
roles/loki/defaults/main.yml
deleted
100644 → 0
View file @
896ab5b0
loki_nginx_htpasswd
:
/etc/nginx/auth/loki
roles/loki/tasks/main.yml
View file @
563c3c5c
...
@@ -6,23 +6,11 @@
...
@@ -6,23 +6,11 @@
copy
:
src=loki.yaml dest=/etc/loki/ owner=root group=root mode=0644
copy
:
src=loki.yaml dest=/etc/loki/ owner=root group=root mode=0644
notify
:
restart loki
notify
:
restart loki
-
name
:
install python-passlib
pacman
:
name=python-passlib
-
name
:
create htpasswd for nginx loki endpoint
htpasswd
:
path
:
"
{{
loki_nginx_htpasswd
}}"
name
:
"
{{
vault_loki_nginx_user
}}"
password
:
"
{{
vault_loki_nginx_passwd
}}"
owner
:
root
group
:
http
mode
:
0640
-
name
:
make nginx log dir
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/loki state=directory owner=root group=root mode=0755
file
:
path=/var/log/nginx/loki state=directory owner=root group=root mode=0755
-
name
:
set up nginx
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/logging.conf" owner=root group=root mode=64
4
template
:
src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/logging.conf" owner=root group=root mode=64
0
notify
:
reload nginx
notify
:
reload nginx
tags
:
[
'
nginx'
]
tags
:
[
'
nginx'
]
...
...
roles/loki/templates/nginx.d.conf.j2
View file @
563c3c5c
...
@@ -12,8 +12,9 @@ server {
...
@@ -12,8 +12,9 @@ server {
error_log /var/log/nginx/loki/error.log;
error_log /var/log/nginx/loki/error.log;
location = /loki/api/v1/push {
location = /loki/api/v1/push {
auth_basic "Loki :)";
if ($http_authorization != "Bearer {{ vault_loki_token }}") {
auth_basic_user_file {{ loki_nginx_htpasswd }};
return 403;
}
proxy_pass http://127.0.0.1:3100$request_uri;
proxy_pass http://127.0.0.1:3100$request_uri;
}
}
...
...
roles/promtail/templates/promtail.yaml.j2
View file @
563c3c5c
...
@@ -9,9 +9,7 @@ positions:
...
@@ -9,9 +9,7 @@ positions:
clients:
clients:
- url: http://{{ hostvars['monitoring.archlinux.org']['wireguard_address'] }}/loki/api/v1/push
- url: http://{{ hostvars['monitoring.archlinux.org']['wireguard_address'] }}/loki/api/v1/push
basic_auth:
bearer_token: '{{ vault_loki_token }}'
username: '{{ vault_loki_nginx_user }}'
password: '{{ vault_loki_nginx_passwd }}'
scrape_configs:
scrape_configs:
- job_name: journal
- job_name: journal
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment