[arch-commits] Commit in loki/trunk (PKGBUILD loki.service promtail.service)
Date: Monday, December 28, 2020 @ 04:09:41 Author: daurnimator Revision: 794333 upgpkg: loki 2.1.0-1 Modified: loki/trunk/PKGBUILD loki/trunk/loki.service loki/trunk/promtail.service --+ PKGBUILD | 27 ++- loki.service |1 + promtail.service |2 +- 3 files changed, 20 insertions(+), 10 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-12-28 03:42:06 UTC (rev 794332) +++ PKGBUILD2020-12-28 04:09:41 UTC (rev 794333) @@ -1,9 +1,9 @@ # Maintainer: Daurnimator # Maintainer: Jelle van der Waa -pkgname=('loki' 'promtail' 'logcli') -pkgver=1.5.0 -pkgrel=2 +pkgname=('loki' 'loki-canary' 'promtail' 'logcli') +pkgver=2.1.0 +pkgrel=1 pkgdesc='like Prometheus, but for logs' url='https://github.com/grafana/loki' arch=('x86_64') @@ -13,18 +13,18 @@ source=($pkgname-$pkgver.tar.gz::https://github.com/grafana/loki/archive/v$pkgver.tar.gz promtail.sysusers promtail.service promtail.tmpfiles loki.sysusers loki.service loki.tmpfiles) -sha512sums=('31d61ba9cb47afeb0971fe35347683cf96e3b7a4da44b640b0065e64268109c2a1e9011f94d3fcf7912e98f8b079a001cd892a06e3f8d11796f23c8acfc93fff' +sha512sums=('e488e393bf123b1f822e1dc304c3938f67c3872e9fc33b0caf377927d97cecb0a191c4ff42bf4e7d573a87d03adbef170dbcfbadf206022a5c29205dc36c12ce' '2b6c44b18ea3c9f955a7450222180d0b20b5fc551d0b7e5d0d8949e40adc847c4166829146260f87a75732cc5473eab0347dd56fc2125517698bac0652738c74' - 'a3427ddecada33b90658635962c4ea36ced6b9d0e1686ce898884980c2ce1a82be2ddcfa6b42736392653f48fa561408633d6016b77e2b513029ba0cec977727' + 'b63ee3f5c3948f50f1ea46247c5e828f6f0b48294e3ccfe190c13516d24dcecd17ecb985e53048654f843f953625de6a0a8c1edd8adbe1b15edb877e6aa63af4' '598042c40673a7914c5a1eeccfb78f832379a61f4360212c5d86f667343cf2fc78e98d9025f9717ea64f3e16e0a28f08cd7709706d811656722019f6167dd788' 'f00b3cb64b71d3ca5a422a2bdff1f81a3e2707c4f73bcb27e24338eabff039b96125c847aaae43c9b22ccc47f89585118c1d0e0b29c4eb7b6f9260c68f8a8324' - '3c40d70366ee0ac3d11c87a818d82dfb4e64143e905187b287f7716ee009640bab6676b8a348e526458a00e4cff35fbd8e9d81bdaa6db38a5d673294f09e6638' + '41726c7c0a13f672ee0ab58e8decc5c3bd7558d7efdc219dc16f567895c9fdfc44eb730c7ea426edc9e778bbe45c58570986f7141946f3b3f78f563441a86901' 'de40d1e6752edbf8c21317ce1ee10f98dfc869e569c07092c613f7144e261e9438683a145a2e0e37e2a9fc758c5c2f02e1d0ac1c60347e98b147e4a550ec6040') build() { cd loki-$pkgver - for cmd in loki promtail logcli; do + for cmd in loki loki-canary promtail logcli; do go build \ -trimpath \ -buildmode=pie \ @@ -33,7 +33,8 @@ -ldflags " \ -X github.com/grafana/loki/pkg/build.Version=$pkgver -X github.com/grafana/loki/pkg/build.BuildDate=$(date -u +'%Y-%m-%dT%H:%M:%SZ' --date=@${SOURCE_DATE_EPOCH}) - -extldflags ${LDFLAGS}" \ + -linkmode external + -extldflags \"${LDFLAGS}\"" \ ./cmd/"$cmd" done } @@ -41,7 +42,7 @@ check() { cd loki-$pkgver - go test -v $(go list ./... | grep -v "distributor") + go test -v ./... } package_loki() { @@ -58,6 +59,14 @@ install -Dm644 ${srcdir}/loki.service "$pkgdir/usr/lib/systemd/system/loki.service" } +package_loki-canary() { + pkgdesc="A standalone app that audits the log capturing performance of Loki" + + cd loki-$pkgver + + install -Dm755 -t "$pkgdir"/usr/bin loki-canary +} + package_promtail() { pkgdesc="An agent which ships the contents of local logs to a private Loki instance or Grafana Cloud" backup=('etc/loki/promtail.yaml') Modified: loki.service === --- loki.service2020-12-28 03:42:06 UTC (rev 794332) +++ loki.service2020-12-28 04:09:41 UTC (rev 794333) @@ -1,5 +1,6 @@ [Unit] Description=Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system +Documentation=https://grafana.com/docs/loki/latest/ After=network.target [Service] Modified: promtail.service === --- promtail.service2020-12-28 03:42:06 UTC (rev 794332) +++ promtail.service2020-12-28 04:09:41 UTC (rev 794333) @@ -1,6 +1,6 @@ [Unit] Description=promtail is the agent responsible for gathering logs and sending them to Loki. -Documentation=https://github.com/grafana/loki/blob/master/docs/promtail.md +Documentation=https://grafana.com/docs/loki/latest/clients/promtail/ [Service] Type=simple
[arch-commits] Commit in loki/trunk (PKGBUILD loki.service promtail.service)
Date: Monday, January 27, 2020 @ 15:54:48 Author: jelle Revision: 374088 Updates to hardening and loki user Modified: loki/trunk/PKGBUILD loki/trunk/loki.service loki/trunk/promtail.service --+ PKGBUILD | 22 ++ loki.service | 22 +- promtail.service |8 ++-- 3 files changed, 45 insertions(+), 7 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-01-27 15:47:00 UTC (rev 374087) +++ PKGBUILD2020-01-27 15:54:48 UTC (rev 374088) @@ -10,11 +10,16 @@ depends=('glibc') makedepends=('go-pie') backup=('etc/loki/loki.yaml' 'etc/loki/promtail.yaml') -source=($pkgname-$pkgver.tar.gz::https://github.com/grafana/loki/archive/v$pkgver.tar.gz promtail.sysusers promtail.service promtail.tmpfiles) +source=($pkgname-$pkgver.tar.gz::https://github.com/grafana/loki/archive/v$pkgver.tar.gz +promtail.sysusers promtail.service promtail.tmpfiles +loki.sysusers loki.service loki.tmpfiles) sha512sums=('db2c5e81b2b24d884f2c56531e577beae693cc06e30fe74b4d89b6b1c3857992396aeb46877ab5b787b268741cc9de75fd5ed53c548de6abac701afe97477df2' '2b6c44b18ea3c9f955a7450222180d0b20b5fc551d0b7e5d0d8949e40adc847c4166829146260f87a75732cc5473eab0347dd56fc2125517698bac0652738c74' - 'a3d08bffb40b496d020bde93cc7a76e315e35aa8d3372585fe49de9e916759e0b904148f3a0d89b832fabceb83ef129ad0c455dea8bc476f4cdf7e4c7ef7a53b' - '598042c40673a7914c5a1eeccfb78f832379a61f4360212c5d86f667343cf2fc78e98d9025f9717ea64f3e16e0a28f08cd7709706d811656722019f6167dd788') + 'a3427ddecada33b90658635962c4ea36ced6b9d0e1686ce898884980c2ce1a82be2ddcfa6b42736392653f48fa561408633d6016b77e2b513029ba0cec977727' + '598042c40673a7914c5a1eeccfb78f832379a61f4360212c5d86f667343cf2fc78e98d9025f9717ea64f3e16e0a28f08cd7709706d811656722019f6167dd788' + 'f00b3cb64b71d3ca5a422a2bdff1f81a3e2707c4f73bcb27e24338eabff039b96125c847aaae43c9b22ccc47f89585118c1d0e0b29c4eb7b6f9260c68f8a8324' + '3c40d70366ee0ac3d11c87a818d82dfb4e64143e905187b287f7716ee009640bab6676b8a348e526458a00e4cff35fbd8e9d81bdaa6db38a5d673294f09e6638' + 'de40d1e6752edbf8c21317ce1ee10f98dfc869e569c07092c613f7144e261e9438683a145a2e0e37e2a9fc758c5c2f02e1d0ac1c60347e98b147e4a550ec6040') build() { cd loki-$pkgver @@ -22,16 +27,19 @@ LDFLAGS="-extldflags $LDFLAGS" go build \ +-mod=vendor \ -trimpath \ -ldflags "$LDFLAGS" \ ./cmd/loki go build \ +-mod=vendor \ -trimpath \ -ldflags "$LDFLAGS" \ ./cmd/promtail go build \ +-mod=vendor \ -trimpath \ -ldflags "$LDFLAGS" \ ./cmd/logcli @@ -51,7 +59,13 @@ install -Dm644 cmd/promtail/promtail-local-config.yaml $pkgdir/etc/loki/promtail.yaml install -Dm644 cmd/loki/loki-local-config.yaml $pkgdir/etc/loki/loki.yaml + # Promtail install -Dm644 ${srcdir}/promtail.sysusers "$pkgdir/usr/lib/sysusers.d/promtail.conf" + install -Dm644 ${srcdir}/promtail.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/promtail.conf" install -Dm644 ${srcdir}/promtail.service "$pkgdir/usr/lib/systemd/system/promtail.service" - install -Dm644 ${srcdir}/promtail.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/promtail.conf" + + # Loki + install -Dm644 ${srcdir}/loki.sysusers "$pkgdir/usr/lib/sysusers.d/loki.conf" + install -Dm644 ${srcdir}/loki.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/loki.conf" + install -Dm644 ${srcdir}/loki.service "$pkgdir/usr/lib/systemd/system/loki.service" } Modified: loki.service === --- loki.service2020-01-27 15:47:00 UTC (rev 374087) +++ loki.service2020-01-27 15:54:48 UTC (rev 374088) @@ -1,7 +1,27 @@ [Unit] Description=Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system +After=network.target [Service] Type=simple -ExecStart=/usr/bin/loki -config.file /etc/loki/loki.yaml +ExecStart=/usr/bin/loki -boltdb.dir /var/lib/loki/index -local.chunk-directory /var/lib/loki/chunks -config.file /etc/loki/loki.yaml TimeoutStopSec=30s +User=loki + +NoNewPrivileges=true +MemoryDenyWriteExecute=true +RestrictRealtime=true + +ProtectHome=true +ProtectSystem=strict +ReadWritePaths=/var/lib/loki +PrivateTmp=true + +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true + +[Install] +WantedBy=multi-user.target Modified: promtail.service === --- promtail.service2020-01-27 15:47:00 UTC (rev 374087) +++ promtail.service2020-01-27 15:54:48 UTC (rev 374088) @@ -9,10 +9,14 @@ TimeoutStopSec=30s NoNewPrivileges=true +MemoryDenyWriteExecute=true +RestrictRealtime=true + ProtectHome=true -# Needs to write to /var/log/positions.yml -#ProtectSystem=full +ProtectSystem=strict +ReadWritePaths=/var/lib/prom