~dricottone/container-images

2cd08baad5738a20fe7666f768229a28a1461d72 — Dominic Ricottone 1 year, 3 months ago 860dce6
Logging stack

syslog-ng -> promtail -> loki -> grafana

A new tag for haproxy which supports syslog logging with practically no
configuration required.
M README.md => README.md +5 -1
@@ 11,11 11,14 @@ It should be easy to get things working on another build system.
|[apkbuilder](/~dricottone/container-images/tree/dev/item/apkbuilder/README.md)|latest|`registry.intra.dominic-ricottone.com/apkbuilder:latest`|
|[dnsmasq](/~dricottone/container-images/tree/dev/item/dnsmasq/README.md)|latest|`registry.intra.dominic-ricottone.com/dnsmasq:latest`|
|[fcgi](/~dricottone/container-images/tree/dev/item/fcgi/README.md)|latest|`registry.intra.dominic-ricottone.com/fcgi:latest`|
|[haproxy](/~dricottone/container-images/tree/dev/item/haproxy/README.md)|latest|`registry.intra.dominic-ricottone.com/haproxy:latest`|
|[grafana](/~dricottone/container-images/tree/dev/item/grafana/README.md)|latest|`registry.intra.dominic-ricottone.com/grafana:latest`|
|[haproxy](/~dricottone/container-images/tree/dev/item/haproxy/README.md)|latest,syslog|`registry.intra.dominic-ricottone.com/haproxy:latest`|
|[loki](/~dricottone/container-images/tree/dev/item/loki/README.md)|latest|`registry.intra.dominic-ricottone.com/loki:latest`|
|[nginx](/~dricottone/container-images/tree/dev/item/nginx/README.md)|latest,webdav|`registry.intra.dominic-ricottone.com/nginx:latest`|
|[nitter](/~dricottone/container-images/tree/dev/item/nitter/README.md)|amd64,arm64|`registry.intra.dominic-ricottone.com/nitter:amd64`|
|[php](/~dricottone/container-images/tree/dev/item/php/README.md)|latest,readwrite,fpm,development,fpm-development|`registry.intra.dominic-ricottone.com/php:latest`|
|[postfix](/~dricottone/container-images/tree/dev/item/postfix/README.md)|latest,tls-in,tls-out|`registry.intra.dominic-ricottone.com/postfix:latest`|
|[promtail](/~dricottone/container-images/tree/dev/item/promtail/README.md)|latest|`registry.intra.dominic-ricottone.com/promtail:latest`|
|[srht-core](/~dricottone/container-images/tree/dev/item/srht-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-core:latest`|
|[srht-git-api](/~dricottone/container-images/tree/dev/item/srht-git-api/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-api:latest`|
|[srht-git-core](/~dricottone/container-images/tree/dev/item/srht-git-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-core:latest`|


@@ 30,6 33,7 @@ It should be easy to get things working on another build system.
|[srht-todo-core](/~dricottone/container-images/tree/dev/item/srht-todo-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-core:latest`|
|[srht-todo-lmtp](/~dricottone/container-images/tree/dev/item/srht-todo-lmtp/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-lmtp:latest`|
|[srht-todo-webhooks](/~dricottone/container-images/tree/dev/item/srht-todo-webhooks/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-webhooks:latest`|
|[syslog-ng](/~dricottone/container-images/tree/dev/item/syslog-ng/README.md)|latest|`registry.intra.dominic-ricottone.com/syslog-ng:latest`|

## License


A grafana/Dockerfile => grafana/Dockerfile +4 -0
@@ 0,0 1,4 @@
FROM docker.io/grafana/grafana:10.0.3

COPY loki.yml /etc/grafana/provisioning/datasources/loki.yml


A grafana/Makefile => grafana/Makefile +13 -0
@@ 0,0 1,13 @@
CONMAN=sudo docker

REGISTRY=registry.intra.dominic-ricottone.com
IMAGE=grafana
TAG=latest

image:
	$(CONMAN) buildx build --push \
		--platform linux/arm64,linux/amd64 \
		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
		.

.PHONY: image

A grafana/README.md => grafana/README.md +36 -0
@@ 0,0 1,36 @@
# grafana


## Build and Deploy

```
make image
```


### Tags

 + `latest`

----

## Use

Can be used with any container manager toolchain.

The `$datadir` must be owned by UID 472.

Try:

```
$conman run --detach --name grafana --restart always \
    --mount type=bind,src=$datadir,/var/lib/grafana \
    registry.intra.dominic-ricottone.com/grafana:latest
```

Should be used with `registry.intra.dominic-ricottone.com/syslog`,
`registry.intra.dominic-ricottone.com/loki`,
and `registry.intra.dominic-ricottone.com/promtail`.

The default login is `admin`:`admin`.


A grafana/loki.yml => grafana/loki.yml +8 -0
@@ 0,0 1,8 @@
apiVersion: 1

datasources:
  - name: Loki
    type: loki
    url: http://loki:3100
    isDefault: true


M haproxy/Dockerfile => haproxy/Dockerfile +0 -2
@@ 2,7 2,5 @@ FROM docker.io/library/haproxy:alpine

COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

# Overriding the CMD to load all '*.cfg' files in '/usr/local/etc/haproxy.d';
# lexical order, newer files overriding older files
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy.d"]


A haproxy/Dockerfile.syslog => haproxy/Dockerfile.syslog +12 -0
@@ 0,0 1,12 @@
FROM docker.io/library/haproxy:alpine

COPY haproxy.syslog.cfg /usr/local/etc/haproxy/haproxy.cfg

CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy.d"]

USER root
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
RUN apk add --no-cache su-exec


M haproxy/Makefile => haproxy/Makefile +13 -4
@@ 2,12 2,21 @@ CONMAN=sudo docker

REGISTRY=registry.intra.dominic-ricottone.com
IMAGE=haproxy
TAG=latest
TAG_LOCAL=latest
TAG_SYSLOG=syslog

image:
image: image-local image-syslog

image-local:
	$(CONMAN) buildx build --push \
		--platform linux/arm64,linux/amd64 \
		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
		--tag $(REGISTRY)/$(IMAGE):$(TAG_LOCAL) \
		.

.PHONY: image
image-syslog:
	$(CONMAN) buildx build --push \
		--platform linux/arm64,linux/amd64 \
		--tag $(REGISTRY)/$(IMAGE):$(TAG_SYSLOG) \
		. -f Dockerfile.syslog

.PHONY: image image-local image-syslog

M haproxy/README.md => haproxy/README.md +11 -0
@@ 11,6 11,8 @@ make image
### Tags

 + `latest`
 + `syslog` which logs to a `syslog` server at $LOGDEST
   (`default: 127.0.0.1:514`)

----



@@ 44,3 46,12 @@ $conman run --detach --name haproxy --restart always \
    registry.intra.dominic-ricottone.com/haproxy:latest
```

Or, to log to a `syslog` server at `syslog:1514`, try:

```
$conman run --detach --name haproxy --restart always \
    --mount type=bind,src=$confdir,dst=/usr/local/etc/haproxy.d,readonly \
    --env LOGDEST=syslog:1514 \
    registry.intra.dominic-ricottone.com/haproxy:syslog
```


A haproxy/entrypoint.sh => haproxy/entrypoint.sh +5 -0
@@ 0,0 1,5 @@
#!/bin/sh
sed -i /usr/local/etc/haproxy/haproxy.cfg -e "s/^  log 127.0.0.1:514/  log ${LOGDEST}/"

su-exec haproxy "$@"


M haproxy/haproxy.cfg => haproxy/haproxy.cfg +0 -6
@@ 11,9 11,3 @@ defaults
  log global
  default-server init-addr none

#frontend stats_frontend
#  bind :8404
#  http-request use-service prometheus-exporter if { path /metrics }
#  stats enable
#  stats uri /stats
#  stats refresh 10s

A haproxy/haproxy.syslog.cfg => haproxy/haproxy.syslog.cfg +14 -0
@@ 0,0 1,14 @@
global
  ssl-default-bind-options ssl-min-ver TLSv1.2
  log 127.0.0.1:514 local0
  maxconn 1024

defaults
  timeout connect 10s
  timeout client 30s
  timeout server 30s
  mode http
  log global
  option httplog
  default-server init-addr none


A loki/Dockerfile => loki/Dockerfile +4 -0
@@ 0,0 1,4 @@
FROM docker.io/grafana/loki:2.8.3

COPY local-config.yaml /etc/loki/local-config.yaml


A loki/Makefile => loki/Makefile +13 -0
@@ 0,0 1,13 @@
CONMAN=sudo docker

REGISTRY=registry.intra.dominic-ricottone.com
IMAGE=loki
TAG=latest

image:
	$(CONMAN) buildx build --push \
		--platform linux/arm64,linux/amd64 \
		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
		.

.PHONY: image

A loki/README.md => loki/README.md +30 -0
@@ 0,0 1,30 @@
# loki


## Build and Deploy

```
make image
```


### Tags

 + `latest`

----

## Use

Can be used with any container manager toolchain.

Try:

```
$conman run --detach --name loki --restart always \
    registry.intra.dominic-ricottone.com/loki:latest
```

Should be used with `registry.intra.dominic-ricottone.com/syslog`
and `registry.intra.dominic-ricottone.com/promtail`.


A loki/local-config.yaml => loki/local-config.yaml +29 -0
@@ 0,0 1,29 @@
auth_enabled: false

server:
  http_listen_port: 3100
  grpc_listen_port: 9096

common:
  path_prefix: /tmp/loki
  storage:
    filesystem:
      chunks_directory: /tmp/loki/chunks
      rules_directory: /tmp/loki/rules
  replication_factor: 1
  ring:
    kvstore:
      store: inmemory

schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h

analytics:
  reporting_enabled: false

A promtail/Dockerfile => promtail/Dockerfile +4 -0
@@ 0,0 1,4 @@
FROM docker.io/grafana/promtail:2.8.3

COPY config.yml /etc/promtail/config.yml


A promtail/Makefile => promtail/Makefile +13 -0
@@ 0,0 1,13 @@
CONMAN=sudo docker

REGISTRY=registry.intra.dominic-ricottone.com
IMAGE=promtail
TAG=latest

image:
	$(CONMAN) buildx build --push \
		--platform linux/arm64,linux/amd64 \
		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
		.

.PHONY: image

A promtail/README.md => promtail/README.md +30 -0
@@ 0,0 1,30 @@
# promtail


## Build and Deploy

```
make image
```


### Tags

 + `latest`

----

## Use

Can be used with any container manager toolchain.

Try:

```
$conman run --detach --name promtail --restart always \
    registry.intra.dominic-ricottone.com/promtail:latest
```

Should be used with `registry.intra.dominic-ricottone.com/syslog`
and `registry.intra.dominic-ricottone.com/loki`.


A promtail/config.yml => promtail/config.yml +29 -0
@@ 0,0 1,29 @@
server:
  http_listen_port: 9080

positions:
  filename: /tmp/positions.yaml

clients:
  - url: http://loki:3100/loki/api/v1/push

scrape_configs:
  - job_name: syslog
    syslog:
      listen_address: 0.0.0.0:601
      idle_timeout: 60s
      label_structured_data: yes
      labels:
        job: "syslog"
    relabel_configs:
      - source_labels: [__syslog_message_hostname]
        target_label: hostname
      - source_labels: [__syslog_message_severity]
        target_label: severity
      - source_labels: [__syslog_message_app_name]
        target_label: app_name
      - source_labels: [__syslog_message_facility]
        target_label: facility
      - source_labels: [__syslog_connection_hostname]
        target_label: connection_hostname


A syslog-ng/Dockerfile => syslog-ng/Dockerfile +11 -0
@@ 0,0 1,11 @@
FROM docker.io/library/alpine:latest

COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf

RUN apk add --no-cache syslog-ng

EXPOSE 514/udp
EXPOSE 601/tcp

ENTRYPOINT ["/usr/sbin/syslog-ng", "-F"]


A syslog-ng/Makefile => syslog-ng/Makefile +13 -0
@@ 0,0 1,13 @@
CONMAN=sudo docker

REGISTRY=registry.intra.dominic-ricottone.com
IMAGE=syslog-ng
TAG=latest

image:
	$(CONMAN) buildx build --push \
		--platform linux/arm64,linux/amd64 \
		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
		.

.PHONY: image

A syslog-ng/README.md => syslog-ng/README.md +30 -0
@@ 0,0 1,30 @@
# syslog-ng


## Build and Deploy

```
make image
```


### Tags

 + `latest`

----

## Use

Can be used with any container manager toolchain.

Try:

```
$conman run --detach --name syslog --restart always \
    registry.intra.dominic-ricottone.com/syslog-ng:latest
```

Should be used with `registry.intra.dominic-ricottone.com/loki`
and `registry.intra.dominic-ricottone.com/promtail`.


A syslog-ng/syslog-ng.conf => syslog-ng/syslog-ng.conf +17 -0
@@ 0,0 1,17 @@
@version: 4.1

source src_inet {
  network(transport("udp") port(514));
  network(transport("tcp") port(601));
};

destination dest_promtail {
  syslog("promtail" transport("tcp") port(601));
  file("/var/log/test.log");
};

log {
  source(src_inet);
  destination(dest_promtail);
};