Update 7 files

- /configs/grafana-configs/datasources.yaml
- /configs/grafana-configs/grafana.ini
- /configs/grafana-configs/ldap.toml
- /configs/grafana-configs/.env
- /configs/grafana-configs/backup-tool.sh
- /configs/loki-configs/local-config.yaml
- /docker-cmpose.yml

configs/grafana-configs/.env

@@ -0,0 +1,16 @@
+GRAFANA_TOKEN=
+GRAFANA_ADMIN_ACCOUNT=admin
+GRAFANA_ADMIN_PASSWORD=admin
+
+VERIFY_SSL=false
+GRAFANA_URL=http://grafana:3000
+
+AWS_S3_BUCKET_NAME=grafana
+AWS_S3_BUCKET_KEY=grafana-backup
+AWS_DEFAULT_REGION=ru-nsk
+AWS_ACCESS_KEY_ID=grafana-user
+AWS_SECRET_ACCESS_KEY=grafana-user
+AWS_ENDPOINT_URL=https://s3.domain.ru
+
+RESTORE=false
+ARCHIVE_FILE=

configs/grafana-configs/backup-tool.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# readme from https://hub.docker.com/r/ysde/docker-grafana-backup-tool
+
+docker run --user $(id -u):$(id -g) --rm --name grafana-backup-tool \
+           -v $pwd/backup/:/opt/grafana-backup-tool/_OUTPUT_ \
+					 --env-file .env \
+					 --network loki \
+           ysde/docker-grafana-backup-tool

configs/grafana-configs/grafana.ini

@@ -0,0 +1,25 @@
+[analytics]
+check_for_updates = true
+[auth.ldap]
+allow_sign_up = true
+config_file = /etc/grafana/ldap.toml
+enabled = false
+[grafana_net]
+url = https://loki.pm.org.ru
+[log]
+mode = console
+[paths]
+data = /var/lib/grafana/data
+logs = /var/log/grafana
+plugins = /var/lib/grafana/plugins
+provisioning = /etc/grafana/provisioning
+[server]
+root_url = https://logs.bildme.ru
+[smtp]
+enabled = true
+from_address = logs@pm.org.ru
+from_name = Logs Bildme.ru
+host = smtp.mail.ru:587
+password = PASSWORD
+skip_verify = true
+user = logs@pm.org.ru

configs/grafana-configs/ldap.toml

@@ -0,0 +1,26 @@
+verbose_logging = true
+
+[[servers]]
+host = "ipa.pm.org.ru"
+port = 636
+use_ssl = true
+start_tls = false
+ssl_skip_verify = true
+bind_dn = "uid=system,cn=sysaccounts,cn=etc,dc=ipa,dc=pm,dc=org,dc=ru"
+bind_password = "PASSWORD"
+search_filter = "(uid=%s)"
+search_base_dns = ["cn=users,cn=accounts,dc=ipa,dc=pm,dc=org,dc=ru"]
+group_search_base_dns = ["cn=admins,cn=groups,cn=accounts,dc=ipa,dc=pm,dc=org,dc=ru"]
+
+[servers.attributes]
+name = "givenName"
+surname = "sn"
+username = "uid"
+member_of = "memberOf"
+email =  "mail"
+
+# Administrators
+[[servers.group_mappings]]
+grafana_admin = true
+group_dn = "cn=admins,cn=groups,cn=accounts,dc=ipa,dc=pm,dc=org,dc=ru"
+org_role = "Admin"

configs/loki-configs/local-config.yaml

@@ -0,0 +1,63 @@
+auth_enabled: false
+
+server:
+  grpc_listen_port: 9095
+  http_listen_port: 3100
+
+compactor:
+  retention_delete_delay: 2h
+  retention_delete_worker_count: 150
+  retention_enabled: true
+  shared_store: filesystem
+  working_directory: /loki/boltdb-shipper-compactor
+
+ingester:
+  chunk_block_size: 262144
+  chunk_idle_period: 3m
+  chunk_retain_period: 1m
+  lifecycler:
+    ring:
+      kvstore:
+        store: inmemory
+      replication_factor: 1
+  max_transfer_retries: 0
+  wal:
+    dir: /loki/wal
+
+limits_config:
+  enforce_metric_name: false
+  max_entries_limit_per_query: 5000
+  per_stream_rate_limit: 8M
+  per_stream_rate_limit_burst: 16M
+  reject_old_samples: true
+  reject_old_samples_max_age: 360h
+
+schema_config:
+  configs:
+    - from: 2023-10-24
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+common:
+  path_prefix: /loki
+  storage:
+    filesystem:
+      chunks_directory: /loki/chunks
+      rules_directory: /loki/rules
+  replication_factor: 1
+  ring:
+    instance_addr: 127.0.0.1
+    kvstore:
+      store: inmemory
+
+chunk_store_config:
+  max_look_back_period: 0s
+
+table_manager:
+  retention_deletes_enabled: true
+  retention_period: 360h
+

docker-cmpose.yml

@@ -0,0 +1,64 @@
+version: "3.9"
+
+services:
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.logs.entrypoints=https"
+      - "traefik.http.routers.logs.rule=Host(`logs.${HOST}`)"
+      - "traefik.http.routers.logs.tls=true"
+      - "traefik.http.routers.logs.tls.certresolver=letsEncrypt"
+      - "traefik.http.services.logs-service.loadbalancer.server.port=3000"
+      - "traefik.docker.network=webproxy"
+    environment:
+      - GF_PATHS_DATA=/var/lib/grafana/data
+      - GF_PATHS_LOGS=/var/log/grafana
+      - GF_PATHS_PLUGINS=/var/lib/grafana/plugins
+      - GF_PATHS_PROVISIONING=/etc/grafana/provisioning
+      - GF_AUTH_ANONYMOUS_ENABLED=false
+      - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_USERS_ALLOW_ORG_CREATE=false
+    volumes:
+      - ./configs/grafana-configs/grafana.ini:/etc/grafana/grafana.ini
+      - ./configs/grafana-configs/ldap.toml:/etc/grafana/ldap.toml
+      - ./configs/grafana-configs/datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+      - ./configs/grafana-configs/backup:/backup
+      - ./data/grafana-storage:/var/lib/grafana
+    expose:
+     - 3000
+    networks:
+      - loki
+      - proxy
+
+  loki:
+    image: grafana/loki:2.6.1
+    container_name: loki
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.loki.entrypoints=https"
+      - "traefik.http.routers.loki.rule=Host(`loki.${HOST}`)"
+      - "traefik.http.routers.loki.tls=true"
+      - "traefik.http.routers.loki.tls.certresolver=letsEncrypt"
+      - "traefik.http.routers.loki.middlewares=loki-auth"
+      - "traefik.http.services.loki-service.loadbalancer.server.port=3100"
+      - "traefik.http.middlewares.loki-auth.basicauth.users=loki:$$2y$$05$$UZwmFTrItdJngPd3eLTn5uw5SKU4fyB0d22aWA0sG1A/Cx9PONtM6" # loki\loki123
+      - "traefik.docker.network=webproxy"
+    command: -config.file=/etc/loki/local-config.yaml
+    volumes:
+      - ./data/loki-storage:/loki
+      - ./configs/loki-configs/local-config.yaml:/etc/loki/local-config.yaml
+    expose:
+      - 3100
+    networks:
+      - loki
+      - proxy
+
+networks:
+  loki:
+    name: loki
+  webproxy:
+    name: webproxy