Feature #23295
closed
Add arvados_loki role to Ansible
Description
Add a new role tools/ansible/roles/arvados_loki. It requires the arvados_loki_config_file variable to be set in inventory. It has tasks to do the following:
- Install the
lokipackage. - Upload
arvados_loki_config_filefrom the control node to/etc/loki/config.ymlon the managed node. - Ensure the
lokisystemd service is enabled and running, and restart it if configuration changed.
The arvados_controller role follows most of this same pattern, except the configuration upload happens in arvados_service because it's shared across multiple roles. This case is simpler so you can just have it in the same role.
We will want to add an nginx front-end but that can be a follow-up ticket. (Partly because I need to think about whether it makes sense to build it on arvados_nginx_site.)
Documentation is not in scope for this ticket. It makes more sense to write documentation once we have the complete collection of Alloy+Loki+Grafana all implemented.
Updated by Lucas Di Pentima 4 months ago
ยท Edited
Our Salt installer uses the package sources from the grafana-formula project, that is to say, it gets Grafana-related packages from Grafana itself.
Here's the list of sources depending on the distro, the Debian-specific one is:
name: deb https://apt.grafana.com stable main file: /etc/apt/sources.list.d/grafana.list key_url: https://apt.grafana.com/gpg.key
Updated by Brett Smith 4 months ago
Given this, the new role needs to look more like arvados_docker: it should install package pins, install the repository, then install the package. You can start writing the tasks now (if you haven't already) and I'll work on putting good pins together.
Updated by Brett Smith 4 months ago
We discussed at standup we are rarely affected by Loki changes, so pinning the major version seems fine. It should look like this (untested, feel free to fix typos):
Package: loki
Pin: version 3.*
Pin-Priority: 995
Updated by Brett Smith 4 months ago
For the playbook, add a play for a new arvados_loki group that includes the role, following the same pattern as most of the plays in there now.
My understanding is that we typically delpoy such that all the Arvados servers run Alloy, and then send logs to a separate server running Loki+Grafana. But any of these could be shuffled around so I think it makes sense to have separate groups for all of them.
Updated by Stephen Smith 4 months ago
Changes at arvados|117c4811ee8acf89691aeb3c161c5fef705c9119 branch 23295-loki-ansible-role
- The role:
- Adds the apt version pin following the example of
arvados_docker - Adds the grafana repo, notifies apt-update and flushes handlers
- Installs loki v3.*
- Copies the provided config file
- Enables and restarts (if config changed) or starts loki.service
- Adds the apt version pin following the example of
- Added example arvados_loki group to full inventory with some descriptions and invoke the role on the group in the main playbook
Updated by Lucas Di Pentima 4 months ago
A couple comments:
- I think that if we pin the loki package, it's better to not repeat the version information in the install package step, to avoid future issues.
- The
arvados_lokirole needs to depend ondistro_aptso that it can notify 'apt update'. Check how it's declared inroles/arvados_docker/meta/main.yml
Updated by Stephen Smith 4 months ago
Changes at arvados|3724c52910058b9e5945cc5d907bfac648f89cca
- Added the distro_apt dependency
- Removed redundant version specifier from apt task
Updated by Lucas Di Pentima 4 months ago
A couple more comments:
- I believe the task that checks/creates the
/etc/loki/directory and the one that writes the configuration file need to havebecome: yes. - Also, I would make sure that ownership & permissions on
/etc/loki/are also correctly set.
With that, it LGTM. Thanks!
Updated by Stephen Smith 4 months ago
- Status changed from In Progress to Resolved
Made those changes and fixed incorrectly named meta file after running the playbook again to check for mistakes
Updated by Brett Smith 4 months ago
- Related to Idea #18337: Easier install using Ansible added