This repository has been archived by the owner on Aug 2, 2023. It is now read-only.
Define node and module streams with specific labels #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Discover Loki settings from local Redis replica. Add new labels: - module_id, by regex-matching journal fields - node_id, same as the NODE_ID environment variable The watched journal fields are - _UID for rootless modules: also subuids are matched with the regex pattern - _SYSTEMD_UNIT, CONTAINER_NAME, SYSLOG_IDENTIFIER for rootfull modules: if any of them contains the MODULE_ID the journal record matches Also drop "nodename" label
The module is configured at service startup. It discovers the cluster default Loki instance each time it is restarted. Update README.md
Reconfigure and restart promtail service when a module is added or removed to the local node.
gsanchietti
reviewed
Jul 4, 2023
There was a problem hiding this comment.
It seems to me we are losing a bit of flexibility but it should not be a real problem.
Since Promtail is already part of the core, can we also address the notes 2 inside the PR description.
I'm going to leave the implementation review to @Amygos which knows the module better than me
Co-authored-by: Giacomo Sanchietti <[email protected]>
|
This is an example of Promtail clients:
- bearer_token: b5389fbb-afd4-4001-8d0a-9aefa6fdde41
url: http://10.5.3.1:20008/loki/api/v1/push
positions:
filename: /var/lib/promtail/positions.yml
ignore_invalid_yaml: true
sync_period: 10s
scrape_configs:
- job_name: journal
journal:
json: true
max_age: 12h
relabel_configs:
- replacement: '1'
target_label: node_id
- regex: (1001|1[7-9][0-9][0-9][0-9][0-9]|16[6-9][0-9][0-9][0-9]|165[6-9][0-9][0-9]|1655[4-9][0-9]|16553[6-9]|2[0-2][0-9][0-9][0-9][0-9]|23[0-0][0-9][0-9][0-9]|2310[0-6][0-9]|23107[0-2])
replacement: traefik1
source_labels:
- __journal__uid
target_label: module_id
- regex: (1002|2[4-8][0-9][0-9][0-9][0-9]|23[2-9][0-9][0-9][0-9]|231[1-9][0-9][0-9]|2310[8-9][0-9]|23107[2-9]|29[0-5][0-9][0-9][0-9]|296[0-5][0-9][0-9]|29660[0-8])
replacement: ldapproxy1
source_labels:
- __journal__uid
target_label: module_id
- regex: (1003|29[7-9][0-9][0-9][0-9]|296[7-9][0-9][0-9]|2966[1-9][0-9]|29660[8-9]|3[0-5][0-9][0-9][0-9][0-9]|36[0-1][0-9][0-9][0-9]|362[0-0][0-9][0-9]|3621[0-3][0-9]|36214[0-4])
replacement: loki1
source_labels:
- __journal__uid
target_label: module_id
- regex: .*\bpromtail1\b.*
replacement: promtail1
source_labels:
- __journal__systemd_unit
- __journal_syslog_identifier
- __journal_container_name
target_label: module_id
- regex: (1004|3[7-9][0-9][0-9][0-9][0-9]|36[3-9][0-9][0-9][0-9]|362[2-9][0-9][0-9]|3621[5-9][0-9]|36214[4-9]|4[0-1][0-9][0-9][0-9][0-9]|42[0-6][0-9][0-9][0-9]|427[0-5][0-9][0-9]|4276[0-7][
0-9]|42768[0-0])
replacement: openldap1
source_labels:
- __journal__systemd_unit
- __journal_syslog_identifier
- __journal_container_name
target_label: module_id
- regex: (1004|3[7-9][0-9][0-9][0-9][0-9]|36[3-9][0-9][0-9][0-9]|362[2-9][0-9][0-9]|3621[5-9][0-9]|36214[4-9]|4[0-1][0-9][0-9][0-9][0-9]|42[0-6][0-9][0-9][0-9]|427[0-5][0-9][0-9]|4276[0-7][
0-9]|42768[0-0])
replacement: openldap1
source_labels:
- __journal__uid
target_label: module_id
- regex: (1005|4[3-8][0-9][0-9][0-9][0-9]|42[8-9][0-9][0-9][0-9]|427[7-9][0-9][0-9]|4276[9-9][0-9]|42768[0-9]|49[0-2][0-9][0-9][0-9]|493[0-1][0-9][0-9]|4932[0-0][0-9]|49321[0-6])
replacement: mail1
source_labels:
- __journal__uid
target_label: module_id
server:
disable: true |
gsanchietti
approved these changes
Jul 27, 2023
Amygos
approved these changes
Jul 27, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PR changes Promtail configuration generator (
expandconfighelper) so it can tag each journal record with two labels:node_idlabel. It is simply taken from the Promtail module environment variable, NODE_ID, and written in the config.module_idlabel is set by looking at some journal record fieldsnodenamelabel, is not added any more.The Promtail configuration must be expanded each time a module is added/removed from the node where Promtail runs. For this purpose the
module-addedandmodule-removedevents are watched².The Loki instance discovery occurs in
expandconfigwith the Python library code.The action
configure-moduleis removed because it is not used and there are no plans to implement alternative Promtail configuration methods.See also
Notes:
regex-enginemust be present in the Core Python environmentmodule-addedisn't really perfect to capture a module log since the beginning because it occurs aftercreate-modulereturns. In future work this limitation can be overcome by merging the Promtail service in the Core itself, like Redis or with a dedicated event.