Configure loki #144
Configure loki #144
Conversation
| @@ -0,0 +1,17 @@ | |||
| all: | |||
| vars: | |||
| do_spaces_bucket_name: verse-loki-storage | |||
There was a problem hiding this comment.
is this a bucket for persistent storage of application data? Is that different from a DO volume?
There was a problem hiding this comment.
That's correct! By using a Spaces Bucket, instead of a DO Volume (which is attached to a Droplet), we can change where/how we are hosting Loki in the future without losing our storage, since they are decoupled.
There was a problem hiding this comment.
Ah, you are thinking ahead to a post-droplet world, gotcha!
roles/loki/tasks/main.yml
Outdated
| register: output | ||
|
|
||
| - name: Check that Loki is running | ||
| ansible.builtin.assert: |
|
@mplorentz - This PR is now ready for full review. The Loki server has been configured using it, and is standing up at loki.planetary.tools, and integrated as a datasource in Grafana now. |
README.md
Outdated
| @@ -10,6 +10,11 @@ published here in case they are useful for other scuttlebutt/nostr users. | |||
| 1. Install Ansible and Ansible Galaxy | |||
| 2. Run `ansible-galaxy install -r requirements.yml` | |||
|
|
|||
| # Running ansible against Droplets created under the `terraform` repository | |||
| All new droplets created using the [terraform repo](https://github.com/verse-pbc/terraform) will require the use of the [ansible_ssh_key](./ansible_ssh_key). | |||
| This key is encrypted with ansible-vault, and can be decrypted with a call to `ansible-vault decrypt ./ansible_ssh_key`, so you can use it locally while executing | |||
There was a problem hiding this comment.
This seems way too easy to mess up and commit the password to git. Let's find a better solution before merging.
I think normally ansible decrypts vaults during playbook execution by reading the password in the VAULT_PASS environment variable. I realize now that that isn't documented in this README. Is that something you have configured locally? If not maybe check if that works for you, and update the README if it does? I guess we are intending to move to a jumpbox here soon, but it's probably still good to have it documented.
There was a problem hiding this comment.
This is a good callout. In reality, I don't think this key needs to be shared here at all. I'll remove this section, and the key here, to avoid future-Ben from inevitably making this mistake.
Configure logging agent
Description
This PR collects up work required to install and configure a Loki server on a new Droplet. Given that so much peripheral work was needed amongst these scripts, since the new Droplet for Loki is being created using the new terraform provisioning process, there are a lot of changes across these scripts along with the Loki configuration.
Related Issues
Changes Made
hardenrole.Additional Notes
This installs and configures the Loki server itself, but integration with our existing Grafana instance is another step (to be carried out manually, for now). This also does not configure the agents that will push logs to Loki, which will come as a next PR here.