Date: Sun, 01 Oct 2023 08:16:31 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 274194] sysutils/loki: New rc.d file for promtail Message-ID: <bug-274194-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274194 Bug ID: 274194 Summary: sysutils/loki: New rc.d file for promtail Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: turkay.eren@gmail.com CC: freebsd@funzi.org Flags: maintainer-feedback?(freebsd@funzi.org) CC: freebsd@funzi.org Hello, Thank you for packaging loki in bug #256030. I realized that loki and promt= ail binaries are installed with the package but only loki has an rc.d script. F= or most cases, when you install loki as a centralized log server, you only configure and run promtail to read/send logs from other nodes. I would love to take initiative on this issue and this will be my first contribution to FreeBSD community. I can simply copy .in file for promtail = and send a patch but I wanted to make sure we discuss other considerations such= as default configuration file and user to run. Default Files Provided by Grafana =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D On official release page, Grafana team provides pre-built binaries and configuration files. For Debian/Ubuntu systems [0], the default configurati= on file looks like this: ``` server: http_listen_port: 9080 grpc_listen_port: 0 positions: filename: /tmp/positions.yaml clients: - url: http://localhost:3100/loki/api/v1/push scrape_configs: - job_name: system static_configs: - targets: - localhost labels: job: varlogs __path__: /var/log/*log ``` Which I believe it's OK configuration file. When you run promtail, it will start reading logs out of the box and you will be able to extend it. Howeve= r, the problem is that their systemd file runs with user `promtail`. As you can guess, this user will not be able to read /var/log/. Whenever I installed promtail, I always changed systemd service to run as root because I need lo= gs in /var/log/ along with application specific logs. The application does not crash. You simply see a number of error messages in promtail logs. But generating error messages after the installation is not a good default behavior. Also, `positions.yml` is too important to put into /tmp/. After a system reboot, promtail will not be able to know which line it read last. So, putt= ing it into /usr/local/etc/promtail/ makes more sense. [0] https://github.com/grafana/loki/releases/download/v2.9.1/promtail_2.9.1_amd= 64.deb Which User To Run On =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D I do not see a problem with providing default configuration like above (with fixes) and running log aggregator as root because you mostly want to run as root. Usually, there are different users for different applications, each writing to different directory, and you need to read all application logs, label them, and send it. However, if that causes a security concern within FreeBSD, we can simply comment the example configuration file and put a note in there. Alternative= ly, we can write a message after package install, reminding that `promtail_user= `, `promtail_group` is present. The configuration file above is only an example, provided by official grafa= na team. We are not bound to use it as-is, we can also think of adding additio= nal defaults based on user needs. Thank you for your time reading the report. Best, Eren --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274194-7788>