From 8f682431bb6b4bda2c5d8232314ea76121159c8d Mon Sep 17 00:00:00 2001
From: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
Date: Tue, 27 Feb 2024 13:33:56 +0100
Subject: [PATCH] systemd and configure: add loki, grafana and prometheus
 config

---
 build-images.sh                               |  4 +--
 .../actions/configure-module/20configure      | 16 +++++++++
 imageroot/systemd/user/controller.service     |  4 +--
 imageroot/systemd/user/grafana.service        | 30 +++++++++++++++++
 imageroot/systemd/user/loki.service           | 31 +++++++++++++++++
 imageroot/systemd/user/prometheus.service     | 33 +++++++++++++++++++
 6 files changed, 114 insertions(+), 4 deletions(-)
 create mode 100644 imageroot/systemd/user/grafana.service
 create mode 100644 imageroot/systemd/user/loki.service
 create mode 100644 imageroot/systemd/user/prometheus.service

diff --git a/build-images.sh b/build-images.sh
index e5d9ba8..eb0f9d7 100755
--- a/build-images.sh
+++ b/build-images.sh
@@ -37,8 +37,8 @@ buildah add "${container}" ui/dist /ui
 # Setup the entrypoint, ask to reserve one TCP port with the label and set a rootless container
 buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=traefik@any:routeadm node:tunadm" \
-    --label="org.nethserver.tcp-ports-demand=5" \
-    --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$tag ghcr.io/nethserver/nethsecurity-api:$tag ghcr.io/nethserver/nethsecurity-ui:$tag ghcr.io/nethserver/nethsecurity-proxy:$tag docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:v$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version" \
+    --label="org.nethserver.tcp-ports-demand=8" \
+    --label="org.nethserver.images=ghcr.io/nethserver/nethsecurity-vpn:$tag ghcr.io/nethserver/nethsecurity-api:$tag ghcr.io/nethserver/nethsecurity-ui:$tag ghcr.io/nethserver/nethsecurity-proxy:$tag docker.io/grafana/promtail:$promtail_version docker.io/grafana/loki:$loki_version docker.io/prom/prometheus:v$prometheus_version docker.io/grafana/grafana:$grafana_version" \
     "${container}"
 # Commit the image
 buildah commit "${container}" "${repobase}/${reponame}"
diff --git a/imageroot/actions/configure-module/20configure b/imageroot/actions/configure-module/20configure
index f06ad40..13a27ce 100755
--- a/imageroot/actions/configure-module/20configure
+++ b/imageroot/actions/configure-module/20configure
@@ -68,6 +68,22 @@ with open('promtail.env', 'w') as promtail:
     promtail.write(f'PROMTAIL_ADDRESS={promtail_address}\n')
     promtail.write(f'PROMTAIL_PORT={promtail_port}\n')
 
+with open('loki.env', 'w') as lfp:
+    pass
+
+with open('grafana.env', 'w') as gfp:
+    pass
+
+with open('prometheus.env', 'w') as pfp:
+    pass
+
+with open('prometheus.yml', 'w', encoding='utf-8') as fp:
+    fp.write("global:\n")
+    fp.write("scrape_configs:\n")
+    fp.write('  - job_name: "units"\n')
+    fp.write('    file_sd_configs:\n')
+    fp.write('      - files:\n')
+    fp.write('        - "/prometheus/prometheus.d/*.yml"\n')
 
 network = agent.read_envfile('network.env')
 tun = network.get('OVPN_TUN')
diff --git a/imageroot/systemd/user/controller.service b/imageroot/systemd/user/controller.service
index a68abed..70c3165 100644
--- a/imageroot/systemd/user/controller.service
+++ b/imageroot/systemd/user/controller.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Podman controller.service
-Requires=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path
-Before=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path
+Requires=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service
+Before=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service
 ConditionPathExists=%S/state/environment
 ConditionPathExists=%S/state/network.env
 
diff --git a/imageroot/systemd/user/grafana.service b/imageroot/systemd/user/grafana.service
new file mode 100644
index 0000000..59a8e5c
--- /dev/null
+++ b/imageroot/systemd/user/grafana.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Podman grafana.service
+BindsTo=controller.service
+After=promethus.service
+After=loki.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/grafana.pid %t/grafana.ctr-id
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/grafana.pid \
+    --cidfile %t/grafana.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name grafana \
+    --volume grafana-storage:/var/lib/grafana:z \
+    --network=host \
+    --env-file=%S/state/grafana.env \
+    --env-file=%S/state/config.env \
+    ${GRAFANA_IMAGE}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/grafana.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/grafana.ctr-id
+PIDFile=%t/grafana.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
diff --git a/imageroot/systemd/user/loki.service b/imageroot/systemd/user/loki.service
new file mode 100644
index 0000000..a46486e
--- /dev/null
+++ b/imageroot/systemd/user/loki.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=Podman loki.service
+BindsTo=controller.service
+Before=promtail.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/loki.pid %t/loki.ctr-id
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/loki.pid \
+    --cidfile %t/loki.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name loki \
+    --volume=loki-data:/loki:z \
+    --network=host \
+    --env-file=%S/state/loki.env \
+    --env-file=%S/state/config.env \
+    ${LOKI_IMAGE} \
+    -config.file=/etc/loki/local-config.yaml \
+    -log.level warn
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/loki.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/loki.ctr-id
+PIDFile=%t/loki.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
diff --git a/imageroot/systemd/user/prometheus.service b/imageroot/systemd/user/prometheus.service
new file mode 100644
index 0000000..61ba495
--- /dev/null
+++ b/imageroot/systemd/user/prometheus.service
@@ -0,0 +1,33 @@
+[Unit]
+Description=Podman prometheus.service
+BindsTo=controller.service
+After=vpn.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+WorkingDirectory=%S/state
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/prometheus.pid %t/prometheus.ctr-id
+ExecStartPre=/usr/bin/mkdir -vp %S/state/prometheus.d
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/prometheus.pid \
+    --cidfile %t/prometheus.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name prometheus \
+    --volume=%S/state/prometheus.yml:/prometheus/prometheus.yml:z \
+    --volume=./prometheus.d/:/prometheus/prometheus.d/:z \
+    --volume=prometheus-data:/prometheus:z \
+    --network=host \
+    --env-file=%S/state/prometheus.env \
+    --env-file=%S/state/config.env \
+    ${PROMETHEUS_IMAGE}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/prometheus.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/prometheus.ctr-id
+PIDFile=%t/prometheus.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
\ No newline at end of file