From 2cd08baad5738a20fe7666f768229a28a1461d72 Mon Sep 17 00:00:00 2001
From: Dominic Ricottone <me@dominic-ricottone.com>
Date: Tue, 8 Aug 2023 00:04:18 -0500
Subject: [PATCH] Logging stack

syslog-ng -> promtail -> loki -> grafana

A new tag for haproxy which supports syslog logging with practically no
configuration required.
---
 README.md                  |  6 +++++-
 grafana/Dockerfile         |  4 ++++
 grafana/Makefile           | 13 +++++++++++++
 grafana/README.md          | 36 ++++++++++++++++++++++++++++++++++++
 grafana/loki.yml           |  8 ++++++++
 haproxy/Dockerfile         |  2 --
 haproxy/Dockerfile.syslog  | 12 ++++++++++++
 haproxy/Makefile           | 17 +++++++++++++----
 haproxy/README.md          | 11 +++++++++++
 haproxy/entrypoint.sh      |  5 +++++
 haproxy/haproxy.cfg        |  6 ------
 haproxy/haproxy.syslog.cfg | 14 ++++++++++++++
 loki/Dockerfile            |  4 ++++
 loki/Makefile              | 13 +++++++++++++
 loki/README.md             | 30 ++++++++++++++++++++++++++++++
 loki/local-config.yaml     | 29 +++++++++++++++++++++++++++++
 promtail/Dockerfile        |  4 ++++
 promtail/Makefile          | 13 +++++++++++++
 promtail/README.md         | 30 ++++++++++++++++++++++++++++++
 promtail/config.yml        | 29 +++++++++++++++++++++++++++++
 syslog-ng/Dockerfile       | 11 +++++++++++
 syslog-ng/Makefile         | 13 +++++++++++++
 syslog-ng/README.md        | 30 ++++++++++++++++++++++++++++++
 syslog-ng/syslog-ng.conf   | 17 +++++++++++++++++
 24 files changed, 344 insertions(+), 13 deletions(-)
 create mode 100644 grafana/Dockerfile
 create mode 100644 grafana/Makefile
 create mode 100644 grafana/README.md
 create mode 100644 grafana/loki.yml
 create mode 100644 haproxy/Dockerfile.syslog
 create mode 100644 haproxy/entrypoint.sh
 create mode 100644 haproxy/haproxy.syslog.cfg
 create mode 100644 loki/Dockerfile
 create mode 100644 loki/Makefile
 create mode 100644 loki/README.md
 create mode 100644 loki/local-config.yaml
 create mode 100644 promtail/Dockerfile
 create mode 100644 promtail/Makefile
 create mode 100644 promtail/README.md
 create mode 100644 promtail/config.yml
 create mode 100644 syslog-ng/Dockerfile
 create mode 100644 syslog-ng/Makefile
 create mode 100644 syslog-ng/README.md
 create mode 100644 syslog-ng/syslog-ng.conf

diff --git a/README.md b/README.md
index ef79b53..f05c8c0 100644
--- a/README.md
+++ b/README.md
@@ -11,11 +11,14 @@ It should be easy to get things working on another build system.
 |[apkbuilder](/~dricottone/container-images/tree/dev/item/apkbuilder/README.md)|latest|`registry.intra.dominic-ricottone.com/apkbuilder:latest`|
 |[dnsmasq](/~dricottone/container-images/tree/dev/item/dnsmasq/README.md)|latest|`registry.intra.dominic-ricottone.com/dnsmasq:latest`|
 |[fcgi](/~dricottone/container-images/tree/dev/item/fcgi/README.md)|latest|`registry.intra.dominic-ricottone.com/fcgi:latest`|
-|[haproxy](/~dricottone/container-images/tree/dev/item/haproxy/README.md)|latest|`registry.intra.dominic-ricottone.com/haproxy:latest`|
+|[grafana](/~dricottone/container-images/tree/dev/item/grafana/README.md)|latest|`registry.intra.dominic-ricottone.com/grafana:latest`|
+|[haproxy](/~dricottone/container-images/tree/dev/item/haproxy/README.md)|latest,syslog|`registry.intra.dominic-ricottone.com/haproxy:latest`|
+|[loki](/~dricottone/container-images/tree/dev/item/loki/README.md)|latest|`registry.intra.dominic-ricottone.com/loki:latest`|
 |[nginx](/~dricottone/container-images/tree/dev/item/nginx/README.md)|latest,webdav|`registry.intra.dominic-ricottone.com/nginx:latest`|
 |[nitter](/~dricottone/container-images/tree/dev/item/nitter/README.md)|amd64,arm64|`registry.intra.dominic-ricottone.com/nitter:amd64`|
 |[php](/~dricottone/container-images/tree/dev/item/php/README.md)|latest,readwrite,fpm,development,fpm-development|`registry.intra.dominic-ricottone.com/php:latest`|
 |[postfix](/~dricottone/container-images/tree/dev/item/postfix/README.md)|latest,tls-in,tls-out|`registry.intra.dominic-ricottone.com/postfix:latest`|
+|[promtail](/~dricottone/container-images/tree/dev/item/promtail/README.md)|latest|`registry.intra.dominic-ricottone.com/promtail:latest`|
 |[srht-core](/~dricottone/container-images/tree/dev/item/srht-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-core:latest`|
 |[srht-git-api](/~dricottone/container-images/tree/dev/item/srht-git-api/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-api:latest`|
 |[srht-git-core](/~dricottone/container-images/tree/dev/item/srht-git-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-git-core:latest`|
@@ -30,6 +33,7 @@ It should be easy to get things working on another build system.
 |[srht-todo-core](/~dricottone/container-images/tree/dev/item/srht-todo-core/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-core:latest`|
 |[srht-todo-lmtp](/~dricottone/container-images/tree/dev/item/srht-todo-lmtp/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-lmtp:latest`|
 |[srht-todo-webhooks](/~dricottone/container-images/tree/dev/item/srht-todo-webhooks/README.md)|latest|`registry.intra.dominic-ricottone.com/srht-todo-webhooks:latest`|
+|[syslog-ng](/~dricottone/container-images/tree/dev/item/syslog-ng/README.md)|latest|`registry.intra.dominic-ricottone.com/syslog-ng:latest`|
 
 ## License
 
diff --git a/grafana/Dockerfile b/grafana/Dockerfile
new file mode 100644
index 0000000..ea78197
--- /dev/null
+++ b/grafana/Dockerfile
@@ -0,0 +1,4 @@
+FROM docker.io/grafana/grafana:10.0.3
+
+COPY loki.yml /etc/grafana/provisioning/datasources/loki.yml
+
diff --git a/grafana/Makefile b/grafana/Makefile
new file mode 100644
index 0000000..7c68f92
--- /dev/null
+++ b/grafana/Makefile
@@ -0,0 +1,13 @@
+CONMAN=sudo docker
+
+REGISTRY=registry.intra.dominic-ricottone.com
+IMAGE=grafana
+TAG=latest
+
+image:
+	$(CONMAN) buildx build --push \
+		--platform linux/arm64,linux/amd64 \
+		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
+		.
+
+.PHONY: image
diff --git a/grafana/README.md b/grafana/README.md
new file mode 100644
index 0000000..7a45b44
--- /dev/null
+++ b/grafana/README.md
@@ -0,0 +1,36 @@
+# grafana
+
+
+## Build and Deploy
+
+```
+make image
+```
+
+
+### Tags
+
+ + `latest`
+
+----
+
+## Use
+
+Can be used with any container manager toolchain.
+
+The `$datadir` must be owned by UID 472.
+
+Try:
+
+```
+$conman run --detach --name grafana --restart always \
+    --mount type=bind,src=$datadir,/var/lib/grafana \
+    registry.intra.dominic-ricottone.com/grafana:latest
+```
+
+Should be used with `registry.intra.dominic-ricottone.com/syslog`,
+`registry.intra.dominic-ricottone.com/loki`,
+and `registry.intra.dominic-ricottone.com/promtail`.
+
+The default login is `admin`:`admin`.
+
diff --git a/grafana/loki.yml b/grafana/loki.yml
new file mode 100644
index 0000000..afe0beb
--- /dev/null
+++ b/grafana/loki.yml
@@ -0,0 +1,8 @@
+apiVersion: 1
+
+datasources:
+  - name: Loki
+    type: loki
+    url: http://loki:3100
+    isDefault: true
+
diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile
index 32daa1f..b570f2d 100644
--- a/haproxy/Dockerfile
+++ b/haproxy/Dockerfile
@@ -2,7 +2,5 @@ FROM docker.io/library/haproxy:alpine
 
 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 
-# Overriding the CMD to load all '*.cfg' files in '/usr/local/etc/haproxy.d';
-# lexical order, newer files overriding older files
 CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy.d"]
 
diff --git a/haproxy/Dockerfile.syslog b/haproxy/Dockerfile.syslog
new file mode 100644
index 0000000..2ba22a3
--- /dev/null
+++ b/haproxy/Dockerfile.syslog
@@ -0,0 +1,12 @@
+FROM docker.io/library/haproxy:alpine
+
+COPY haproxy.syslog.cfg /usr/local/etc/haproxy/haproxy.cfg
+
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy.d"]
+
+USER root
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+RUN apk add --no-cache su-exec
+
diff --git a/haproxy/Makefile b/haproxy/Makefile
index 18c8f68..b8fea92 100644
--- a/haproxy/Makefile
+++ b/haproxy/Makefile
@@ -2,12 +2,21 @@ CONMAN=sudo docker
 
 REGISTRY=registry.intra.dominic-ricottone.com
 IMAGE=haproxy
-TAG=latest
+TAG_LOCAL=latest
+TAG_SYSLOG=syslog
 
-image:
+image: image-local image-syslog
+
+image-local:
 	$(CONMAN) buildx build --push \
 		--platform linux/arm64,linux/amd64 \
-		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
+		--tag $(REGISTRY)/$(IMAGE):$(TAG_LOCAL) \
 		.
 
-.PHONY: image
+image-syslog:
+	$(CONMAN) buildx build --push \
+		--platform linux/arm64,linux/amd64 \
+		--tag $(REGISTRY)/$(IMAGE):$(TAG_SYSLOG) \
+		. -f Dockerfile.syslog
+
+.PHONY: image image-local image-syslog
diff --git a/haproxy/README.md b/haproxy/README.md
index 7f627fa..e5658f4 100644
--- a/haproxy/README.md
+++ b/haproxy/README.md
@@ -11,6 +11,8 @@ make image
 ### Tags
 
  + `latest`
+ + `syslog` which logs to a `syslog` server at $LOGDEST
+   (`default: 127.0.0.1:514`)
 
 ----
 
@@ -44,3 +46,12 @@ $conman run --detach --name haproxy --restart always \
     registry.intra.dominic-ricottone.com/haproxy:latest
 ```
 
+Or, to log to a `syslog` server at `syslog:1514`, try:
+
+```
+$conman run --detach --name haproxy --restart always \
+    --mount type=bind,src=$confdir,dst=/usr/local/etc/haproxy.d,readonly \
+    --env LOGDEST=syslog:1514 \
+    registry.intra.dominic-ricottone.com/haproxy:syslog
+```
+
diff --git a/haproxy/entrypoint.sh b/haproxy/entrypoint.sh
new file mode 100644
index 0000000..10c150d
--- /dev/null
+++ b/haproxy/entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+sed -i /usr/local/etc/haproxy/haproxy.cfg -e "s/^  log 127.0.0.1:514/  log ${LOGDEST}/"
+
+su-exec haproxy "$@"
+
diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg
index cd70a0d..1eee5cb 100644
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@@ -11,9 +11,3 @@ defaults
   log global
   default-server init-addr none
 
-#frontend stats_frontend
-#  bind :8404
-#  http-request use-service prometheus-exporter if { path /metrics }
-#  stats enable
-#  stats uri /stats
-#  stats refresh 10s
diff --git a/haproxy/haproxy.syslog.cfg b/haproxy/haproxy.syslog.cfg
new file mode 100644
index 0000000..91cffe1
--- /dev/null
+++ b/haproxy/haproxy.syslog.cfg
@@ -0,0 +1,14 @@
+global
+  ssl-default-bind-options ssl-min-ver TLSv1.2
+  log 127.0.0.1:514 local0
+  maxconn 1024
+
+defaults
+  timeout connect 10s
+  timeout client 30s
+  timeout server 30s
+  mode http
+  log global
+  option httplog
+  default-server init-addr none
+
diff --git a/loki/Dockerfile b/loki/Dockerfile
new file mode 100644
index 0000000..d113d37
--- /dev/null
+++ b/loki/Dockerfile
@@ -0,0 +1,4 @@
+FROM docker.io/grafana/loki:2.8.3
+
+COPY local-config.yaml /etc/loki/local-config.yaml
+
diff --git a/loki/Makefile b/loki/Makefile
new file mode 100644
index 0000000..369ea53
--- /dev/null
+++ b/loki/Makefile
@@ -0,0 +1,13 @@
+CONMAN=sudo docker
+
+REGISTRY=registry.intra.dominic-ricottone.com
+IMAGE=loki
+TAG=latest
+
+image:
+	$(CONMAN) buildx build --push \
+		--platform linux/arm64,linux/amd64 \
+		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
+		.
+
+.PHONY: image
diff --git a/loki/README.md b/loki/README.md
new file mode 100644
index 0000000..06198f2
--- /dev/null
+++ b/loki/README.md
@@ -0,0 +1,30 @@
+# loki
+
+
+## Build and Deploy
+
+```
+make image
+```
+
+
+### Tags
+
+ + `latest`
+
+----
+
+## Use
+
+Can be used with any container manager toolchain.
+
+Try:
+
+```
+$conman run --detach --name loki --restart always \
+    registry.intra.dominic-ricottone.com/loki:latest
+```
+
+Should be used with `registry.intra.dominic-ricottone.com/syslog`
+and `registry.intra.dominic-ricottone.com/promtail`.
+
diff --git a/loki/local-config.yaml b/loki/local-config.yaml
new file mode 100644
index 0000000..deb88b3
--- /dev/null
+++ b/loki/local-config.yaml
@@ -0,0 +1,29 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+  grpc_listen_port: 9096
+
+common:
+  path_prefix: /tmp/loki
+  storage:
+    filesystem:
+      chunks_directory: /tmp/loki/chunks
+      rules_directory: /tmp/loki/rules
+  replication_factor: 1
+  ring:
+    kvstore:
+      store: inmemory
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+analytics:
+  reporting_enabled: false
diff --git a/promtail/Dockerfile b/promtail/Dockerfile
new file mode 100644
index 0000000..7219e01
--- /dev/null
+++ b/promtail/Dockerfile
@@ -0,0 +1,4 @@
+FROM docker.io/grafana/promtail:2.8.3
+
+COPY config.yml /etc/promtail/config.yml
+
diff --git a/promtail/Makefile b/promtail/Makefile
new file mode 100644
index 0000000..c9229fe
--- /dev/null
+++ b/promtail/Makefile
@@ -0,0 +1,13 @@
+CONMAN=sudo docker
+
+REGISTRY=registry.intra.dominic-ricottone.com
+IMAGE=promtail
+TAG=latest
+
+image:
+	$(CONMAN) buildx build --push \
+		--platform linux/arm64,linux/amd64 \
+		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
+		.
+
+.PHONY: image
diff --git a/promtail/README.md b/promtail/README.md
new file mode 100644
index 0000000..ad8dc53
--- /dev/null
+++ b/promtail/README.md
@@ -0,0 +1,30 @@
+# promtail
+
+
+## Build and Deploy
+
+```
+make image
+```
+
+
+### Tags
+
+ + `latest`
+
+----
+
+## Use
+
+Can be used with any container manager toolchain.
+
+Try:
+
+```
+$conman run --detach --name promtail --restart always \
+    registry.intra.dominic-ricottone.com/promtail:latest
+```
+
+Should be used with `registry.intra.dominic-ricottone.com/syslog`
+and `registry.intra.dominic-ricottone.com/loki`.
+
diff --git a/promtail/config.yml b/promtail/config.yml
new file mode 100644
index 0000000..2468ed5
--- /dev/null
+++ b/promtail/config.yml
@@ -0,0 +1,29 @@
+server:
+  http_listen_port: 9080
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  - url: http://loki:3100/loki/api/v1/push
+
+scrape_configs:
+  - job_name: syslog
+    syslog:
+      listen_address: 0.0.0.0:601
+      idle_timeout: 60s
+      label_structured_data: yes
+      labels:
+        job: "syslog"
+    relabel_configs:
+      - source_labels: [__syslog_message_hostname]
+        target_label: hostname
+      - source_labels: [__syslog_message_severity]
+        target_label: severity
+      - source_labels: [__syslog_message_app_name]
+        target_label: app_name
+      - source_labels: [__syslog_message_facility]
+        target_label: facility
+      - source_labels: [__syslog_connection_hostname]
+        target_label: connection_hostname
+
diff --git a/syslog-ng/Dockerfile b/syslog-ng/Dockerfile
new file mode 100644
index 0000000..7848c4b
--- /dev/null
+++ b/syslog-ng/Dockerfile
@@ -0,0 +1,11 @@
+FROM docker.io/library/alpine:latest
+
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+
+RUN apk add --no-cache syslog-ng
+
+EXPOSE 514/udp
+EXPOSE 601/tcp
+
+ENTRYPOINT ["/usr/sbin/syslog-ng", "-F"]
+
diff --git a/syslog-ng/Makefile b/syslog-ng/Makefile
new file mode 100644
index 0000000..1ae15a9
--- /dev/null
+++ b/syslog-ng/Makefile
@@ -0,0 +1,13 @@
+CONMAN=sudo docker
+
+REGISTRY=registry.intra.dominic-ricottone.com
+IMAGE=syslog-ng
+TAG=latest
+
+image:
+	$(CONMAN) buildx build --push \
+		--platform linux/arm64,linux/amd64 \
+		--tag $(REGISTRY)/$(IMAGE):$(TAG) \
+		.
+
+.PHONY: image
diff --git a/syslog-ng/README.md b/syslog-ng/README.md
new file mode 100644
index 0000000..669c772
--- /dev/null
+++ b/syslog-ng/README.md
@@ -0,0 +1,30 @@
+# syslog-ng
+
+
+## Build and Deploy
+
+```
+make image
+```
+
+
+### Tags
+
+ + `latest`
+
+----
+
+## Use
+
+Can be used with any container manager toolchain.
+
+Try:
+
+```
+$conman run --detach --name syslog --restart always \
+    registry.intra.dominic-ricottone.com/syslog-ng:latest
+```
+
+Should be used with `registry.intra.dominic-ricottone.com/loki`
+and `registry.intra.dominic-ricottone.com/promtail`.
+
diff --git a/syslog-ng/syslog-ng.conf b/syslog-ng/syslog-ng.conf
new file mode 100644
index 0000000..7ef3d1c
--- /dev/null
+++ b/syslog-ng/syslog-ng.conf
@@ -0,0 +1,17 @@
+@version: 4.1
+
+source src_inet {
+  network(transport("udp") port(514));
+  network(transport("tcp") port(601));
+};
+
+destination dest_promtail {
+  syslog("promtail" transport("tcp") port(601));
+  file("/var/log/test.log");
+};
+
+log {
+  source(src_inet);
+  destination(dest_promtail);
+};
+
-- 
2.45.2