Loki 配置与 s3

Loki config with s3

我无法让 Loki 使用 docker-compose 连接到 AWS S3。日志在 Grafana 中可见,但 S3 存储桶仍为空。

s3 存储桶是 public,我附加了一个 IAM 角色以允许 s3:FullAccess

我将 loki 更新到 v2.0.0 并将周期更改为 24 小时,但没有任何区别。 loki 日志中没有错误。

以下是从 docker 日志 (loki) 中选择的行:

msg="Starting Loki" version="(version=master-4e661cd, branch=master, revision=4e661cde)"
caller=server.go:225 http=[::]:3100 grpc=[::]:9095 msg="server listening on addresses"
caller=worker.go:65 msg="no address specified, not starting worker"
msg="cleaning up mapped rules directory" path=/loki/tmprules
msg=initialising module=memberlist-kv
msg=initialising module=store
msg=initialising module=server
msg=initialising module=ring
msg="value is nil" key=collectors/ring index=1
msg=initialising module=ingester
msg="not loading tokens from file, tokens file path is empty"
msg="instance not found in ring, adding with no tokens" ring=ingester
msg="auto-joining cluster after timeout" ring=ingester
msg=initialising module=table-manager
msg=initialising module=distributor
msg=initialising module=ingester-querier
msg=initialising module=ruler
msg="ruler up and running"
msg="Loki started"
msg="synching tables" expected_tables=132

这是我的 loki.config:

auth_enabled: false

server:
  http_listen_port: 3100

distributor:
  ring:
    kvstore:
      store: memberlist

ingester:
  lifecycler:
    ring:
      kvstore:
        store: memberlist
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 5m
  chunk_retain_period: 30s

schema_config:
  configs:
  - from: 2020-10-27
    store: boltdb-shipper
    object_store: s3
    schema: v11
    index:
      prefix: index_
      period: 24h
  
storage_config:
  boltdb_shipper:
    active_index_directory: /loki/index
    cache_location: /loki/index_cache
    resync_interval: 5s
    shared_store: s3
  
  aws:
     s3: s3://AKIARE3@us-east-1/mydomain.com.docker.loki.logs
     s3forcepathstyle: true 

limits_config:
  enforce_metric_name: false
  reject_old_samples: true
  reject_old_samples_max_age: 168h     

这里是docker-compose.yaml

version: "3.8"

networks:
  traefik:
    external: true

volumes:
  data:
   
services:
  fluentd:
    image: grafana/fluent-plugin-loki:master
    command:
      - "fluentd"
      - "-v"
      - "-p"
      - "/fluentd/plugins"
    environment:
      LOKI_URL: http://loki:3100
      LOKI_USERNAME:
      LOKI_PASSWORD:
    container_name: "fluentd"
    restart: always
    ports:
      - '24224:24224'
    networks:
      - traefik
    volumes:
      - type: bind
        source: ./config/fluent.conf
        target: /fluentd/etc/fluent.conf
    logging:
      options:
        tag: docker.monitoring
  
  loki:
    image: grafana/loki:master
    container_name: "loki"
    restart: always
    networks:
      - traefik
    volumes:
      - type: volume
        source: data
        target: /loki
    ports:
      - 3100
    volumes:
      - type: bind
        source: ./config/s3.loki.conf
        target: /loki/etc/loki.conf
    depends_on:
      - fluentd

我终于解决了这个问题。它需要一个压实机,但没有给出任何警告。最佳做法是创建一个没有任何 public 访问权限的 AWS s3 存储桶。接下来创建一个仅具有编程访问权限的 IAM 用户。创建一个访问策略,仅授予对您创建的存储桶的完全访问权限。将策略附加到用户的权限。您不需要将策略附加到存储桶本身。检查您的 URL 中是否有“/”,您是否使用 %2F 将其转义,否则您将收到身份验证错误。请注意,此配置适用于昨天发布的 loki v2.0.0。

这是我的完整工作 docker-compose 和 loki 配置文件。我把它们放到外网来开启prometheus监控。

这是我的 docker-compose.yaml

    version: "3.8"
    
    networks:
      appnet:
        external: true
    
    volumes:
      loki_data:
       
    services:
      fluentd:
        container_name: "fluentd"
        image: grafana/fluent-plugin-loki:master
        command:
          - "fluentd"
          - "-v"
          - "-p"
          - "/fluentd/plugins"
        environment:
          LOKI_URL: http://loki:3100
          LOKI_USERNAME:
          LOKI_PASSWORD:
        restart: always
        ports:
          - '24224:24224'
        networks:
          - appnet
        volumes:
          - type: bind
            source: ./config/fluent.conf
            target: /fluentd/etc/fluent.conf
      
      loki:
        container_name: "loki"
        image: grafana/loki:2.0.0
        restart: always
        networks:
          - appnet
        ports:
          - 3100
        volumes:
          - type: volume
            source: loki_data
            target: /data
          - type: bind
            source: ./config/s3-loki-bolt-conf.yml
            target: /etc/loki/local-config.yaml
        command: -config.file=/etc/loki/local-config.yaml        
        depends_on:
          - fluentd

这是我在 prometheus/config/s3-loki-bolt-conf.yml 中的 loki 配置。您可以随意命名此文件,但保留上面的目标文件名,因为它是 loki 默认配置文件。

    auth_enabled: false
    
    ingester:
      chunk_idle_period: 3m
      chunk_block_size: 262144
      chunk_retain_period: 1m
      max_transfer_retries: 0
      lifecycler:
        ring:
          kvstore:
            store: inmemory
          replication_factor: 1
    
    limits_config:
      enforce_metric_name: false
      reject_old_samples: true
      reject_old_samples_max_age: 168h
    
    compactor:
      working_directory: /loki/boltdb-shipper-compactor
      shared_store: aws
      
    schema_config:
      configs:
      - from: 2020-07-01
        store: boltdb-shipper
        object_store: aws
        schema: v11
        index:
          prefix: loki_index_
          period: 24h
          
    server:
      http_listen_port: 3100
    
    storage_config:
      aws:
        s3: s3://AKIARE123456:NURD%2FFsP0Q123456789@us-west-1/mydomain.com.docker.loki.logs
      boltdb_shipper:
        active_index_directory: /loki/index
        shared_store: s3
        cache_location: /loki/boltdb-cache
    
    chunk_store_config:
      max_look_back_period: 0s
    
    table_manager:
      retention_deletes_enabled: false
      retention_period: 0s

对于那些想要使用 boltdb-shipper 并存储在 S3 兼容对象存储中的人(在我的例子中来自 Scaleway),使用 helm 和 loki 2.0.0

这是我的 values.yml:

loki:
  enabled: true
  config:
    auth_enabled: false

    ingester:
      chunk_idle_period: 3m
      chunk_block_size: 262144
      chunk_retain_period: 1m
      max_transfer_retries: 0
      lifecycler:
        ring:
          kvstore:
            store: inmemory
          replication_factor: 1

    limits_config:
      enforce_metric_name: false
      reject_old_samples: true
      reject_old_samples_max_age: 168h

    compactor:
      working_directory: /data/loki/boltdb-shipper-compactor
      shared_store: aws

    schema_config:
      configs:
        - from: 2020-11-13
          store: boltdb-shipper
          object_store: aws
          schema: v11
          index:
            prefix: loki_index_
            period: 24h

    server:
      http_listen_port: 3100

    storage_config:
      aws:
        s3: s3://<key>:<secret>@s3.fr-par.scw.cloud/<bucket-name>
        region: fr-par
        s3forcepathstyle: true
      boltdb_shipper:
        active_index_directory: /data/loki/index
        shared_store: s3
        cache_location: /data/loki/boltdb-cache

    chunk_store_config:
      max_look_back_period: 0s

    table_manager:
      retention_deletes_enabled: true
      retention_period: 720h

promtail:
  enabled: true