configure

imageroot/actions/configure-module/20configure

@@ -70,14 +70,16 @@ with open('promtail.env', 'w') as promtail:
 
 with open('loki.env', 'w') as lfp:
     lfp.write(f"LOKI_HTTP_PORT={ports[5]}\n")
-    lfp.write(f"LOKI_GRPC_PORT={ports[5]}\n")
-    lfp.write(f"LOKI_RETENTION={request.get('loki_rentention', '180d')}\n")
+    lfp.write(f"LOKI_GRPC_PORT={ports[6]}\n")
+    lfp.write(f"LOKI_RETENTION={request.get('loki_rentention', '180')}d\n") # retention in days
 
 with open('grafana.env', 'w') as gfp:
-    pass
+    gfp.write(f"GF_DEFAULT_INSTANCE_NAME={request['host']}\n")
+    gfp.write(f"GF_SERVER_HTTP_PORT={ports['8']}\n")
+    gfp.write("GF_SERVER_HTTP_ADDR=127.0.0.1\n")
 
 with open('prometheus.env', 'w') as pfp:
-    pass
+    pfp.write(f"PROMETHEUS_PORT={ports[7]}\n")
 
 with open('prometheus.yml', 'w', encoding='utf-8') as fp:
     fp.write("global:\n")

imageroot/actions/configure-module/validate-input.json

@@ -11,7 +11,8 @@
             "lets_encrypt": true,
             "ovpn_network": "127.2.10.0",
             "ovpn_netmask": "255.255.0.0",
-            "ovpn_cn": "nethsec"
+            "ovpn_cn": "nethsec",
+            "loki_retention": 180
         }
     ],
     "type": "object",
@@ -51,6 +52,11 @@
             "type": "string",
             "description": "Controller name, it must be a valid CN of x509 certificate'",
             "minLength": 2
+        },
+        "loki_retention": {
+            "type": "integer",
+            "description": "Retention policy for Loki logs, default is 180 days",
+            "minimum": 1
         }
     }
 }

imageroot/actions/create-module/20initialize

@@ -14,8 +14,8 @@ ui_port=$(echo $TCP_PORTS | cut -d',' -f3)
 proxy_port=$(echo $TCP_PORTS | cut -d',' -f4)
 promtail_port=$(echo $TCP_PORTS | cut -d',' -f5)
 # port 6 and 7 are reserved for loki
-prometheus_port=$(echo $TCP_PORTS | cut -d',' -f8)
-grafana_port=$(echo $TCP_PORTS | cut -d',' -f9)
+# port 8 is reserved for prometheus
+# port 9 is reserved for grafana
 
 num=$(echo $MODULE_ID | sed 's/nethsecurity\-controller//')
 
@@ -31,8 +31,6 @@ UI_PORT=$ui_port
 UI_BIND_IP=127.0.0.1
 PROXY_PORT=$proxy_port
 PROXY_BIND_UI=127.0.0.1
-PROMETHEUS_PORT=$prometheus_port
-GRAFANA_PORT=$grafana_port
 EOF
 
 cat << EOF > secret.env

imageroot/systemd/user/grafana.service

@@ -19,7 +19,6 @@ ExecStart=/usr/bin/podman run \
     --volume grafana-storage:/var/lib/grafana:z \
     --network=host \
     --env-file=%S/state/grafana.env \
-    --env-file=%S/state/config.env \
     ${GRAFANA_IMAGE}
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/grafana.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/grafana.ctr-id

imageroot/systemd/user/loki.service

@@ -6,7 +6,6 @@ Before=promtail.service
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 EnvironmentFile=%S/state/environment
-EnvironmentFile=%S/state/network.env
 Restart=always
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/loki.pid %t/loki.ctr-id
@@ -20,7 +19,6 @@ ExecStart=/usr/bin/podman run \
     --volume %S/etc/loki.yaml:/etc/loki/local-config.yaml:z \
     --network=host \
     --env-file=%S/state/loki.env \
-    --env-file=%S/state/config.env \
     ${LOKI_IMAGE} \
     -config.expand-env=true \
     -config.file=/etc/loki/local-config.yaml \

imageroot/systemd/user/prometheus.service

@@ -6,6 +6,7 @@ After=vpn.service
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 EnvironmentFile=%S/state/environment
+EnvironmentFile=%S/state/prometheus.env
 WorkingDirectory=%S/state
 Restart=always
 TimeoutStopSec=70
@@ -21,9 +22,7 @@ ExecStart=/usr/bin/podman run \
     --volume=./prometheus.d/:/prometheus/prometheus.d/:z \
     --volume=prometheus-data:/prometheus:z \
     --network=host \
-    --env-file=%S/state/prometheus.env \
-    --env-file=%S/state/config.env \
-    ${PROMETHEUS_IMAGE}
+    ${PROMETHEUS_IMAGE} --web.listen-address=127.0.0.1:${PROMETHEUS_PORT}
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/prometheus.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/prometheus.ctr-id
 PIDFile=%t/prometheus.pid