systemd and configure: add loki, grafana and prometheus config

build-images.sh

@@ -37,8 +37,8 @@ buildah add "${container}" ui/dist /ui
 # Setup the entrypoint, ask to reserve one TCP port with the label and set a rootless container
 buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=traefik@any:routeadm node:tunadm" \
-    --label="org.nethserver.tcp-ports-demand=5" \
-    --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$tag ghcr.io/nethserver/nethsecurity-api:$tag ghcr.io/nethserver/nethsecurity-ui:$tag ghcr.io/nethserver/nethsecurity-proxy:$tag docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:v$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version" \
+    --label="org.nethserver.tcp-ports-demand=8" \
+    --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$tag ghcr.io/nethserver/nethsecurity-api:$tag ghcr.io/nethserver/nethsecurity-ui:$tag ghcr.io/nethserver/nethsecurity-proxy:$tag docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version" \
     "${container}"
 # Commit the image
 buildah commit "${container}" "${repobase}/${reponame}"

imageroot/actions/configure-module/20configure

@@ -68,6 +68,22 @@ with open('promtail.env', 'w') as promtail:
     promtail.write(f'PROMTAIL_ADDRESS={promtail_address}\n')
     promtail.write(f'PROMTAIL_PORT={promtail_port}\n')
 
+with open('loki.env', 'w') as lfp:
+    pass
+
+with open('grafana.env', 'w') as gfp:
+    pass
+
+with open('prometheus.env', 'w') as pfp:
+    pass
+
+with open('prometheus.yml', 'w', encoding='utf-8') as fp:
+    fp.write("global:\n")
+    fp.write("scrape_configs:\n")
+    fp.write('  - job_name: "units"\n')
+    fp.write('    file_sd_configs:\n')
+    fp.write('      - files:\n')
+    fp.write('        - "/prometheus/prometheus.d/*.yml"\n')
 
 network = agent.read_envfile('network.env')
 tun = network.get('OVPN_TUN')

imageroot/systemd/user/controller.service

@@ -1,7 +1,7 @@
 [Unit]
 Description=Podman controller.service
-Requires=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path
-Before=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path
+Requires=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service
+Before=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service
 ConditionPathExists=%S/state/environment
 ConditionPathExists=%S/state/network.env
 

imageroot/systemd/user/grafana.service

@@ -0,0 +1,30 @@
+[Unit]
+Description=Podman grafana.service
+BindsTo=controller.service
+After=promethus.service
+After=loki.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/grafana.pid %t/grafana.ctr-id
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/grafana.pid \
+    --cidfile %t/grafana.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name grafana \
+    --volume grafana-storage:/var/lib/grafana:z \
+    --network=host \
+    --env-file=%S/state/grafana.env \
+    --env-file=%S/state/config.env \
+    ${GRAFANA_IMAGE}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/grafana.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/grafana.ctr-id
+PIDFile=%t/grafana.pid
+Type=forking
+
+[Install]
+WantedBy=default.target

imageroot/systemd/user/loki.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=Podman loki.service
+BindsTo=controller.service
+Before=promtail.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/loki.pid %t/loki.ctr-id
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/loki.pid \
+    --cidfile %t/loki.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name loki \
+    --volume=loki-data:/loki:z \
+    --network=host \
+    --env-file=%S/state/loki.env \
+    --env-file=%S/state/config.env \
+    ${LOKI_IMAGE} \
+    -config.file=/etc/loki/local-config.yaml \
+    -log.level warn
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/loki.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/loki.ctr-id
+PIDFile=%t/loki.pid
+Type=forking
+
+[Install]
+WantedBy=default.target

imageroot/systemd/user/prometheus.service

@@ -0,0 +1,33 @@
+[Unit]
+Description=Podman prometheus.service
+BindsTo=controller.service
+After=vpn.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+WorkingDirectory=%S/state
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/prometheus.pid %t/prometheus.ctr-id
+ExecStartPre=/usr/bin/mkdir -vp %S/state/prometheus.d
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/prometheus.pid \
+    --cidfile %t/prometheus.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name prometheus \
+    --volume=%S/state/prometheus.yml:/prometheus/prometheus.yml:z \
+    --volume=./prometheus.d/:/prometheus/prometheus.d/:z \
+    --volume=prometheus-data:/prometheus:z \
+    --network=host \
+    --env-file=%S/state/prometheus.env \
+    --env-file=%S/state/config.env \
+    ${PROMETHEUS_IMAGE}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/prometheus.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/prometheus.ctr-id
+PIDFile=%t/prometheus.pid
+Type=forking
+
+[Install]
+WantedBy=default.target