shipping_openbao_logs #17

Closed

Michal.Wrobel wants to merge 130 commits from shipping_openbao_logs into development

pull from: shipping_openbao_logs

merge into: DevFW-CICD:development

DevFW-CICD:main

DevFW-CICD:WIP-s3-backup-cronjob

DevFW-CICD:development

DevFW-CICD:local_edpbuilder

DevFW-CICD:IPCEICIS-2951

DevFW-CICD:sso_jobs_push_to_cefor

DevFW-CICD:IPCEICIS-3796

DevFW-CICD:michals-silly-game

DevFW-CICD:django-backstage-template

DevFW-CICD:kindserver_development

DevFW-CICD:update_provider_argocd

DevFW-CICD:IPCEICIS-3110

DevFW-CICD:IPCEICIS-3111

DevFW-CICD:root_path_argocd_test

DevFW-CICD:forgego_10_update

DevFW-CICD:IPCEICIS-2435_change_argocd_path_routing_to_domain

DevFW-CICD:IPCEICIS-2643_install_keycloak_and_eso_first

DevFW-CICD:forgejo_runner_configuration_test

DevFW-CICD:helm_hydrate

DevFW-CICD:feature/externaldns_certmanager_test

Conversation 1 Commits 130 Files changed 6 +201 -6

Michal.Wrobel commented 2025-03-20 14:51:09 +00:00

Owner

Copy link

No description provided.

<yet to be described>

Michal.Wrobel added 91 commits 2025-03-20 14:51:09 +00:00

bao audit enable file file_path=stdout 524d0c67e0

echos for testing bc90465579

echo deleted 5518e9e2d7

rm /tmp/init.txt moved a few lines down 3dd9b7a544

provisional solution for the shipping done a4502f2ecb

Merge branch 'alloy_implementation' into shipping_openbao_logs ... 28916f2278

# Conflicts:
#	.gitignore

adding a side-car logging container for openbao 83e1215d7d

testing 48a28127ce

operations/helm/charts/alloy path fixed de8dc94e28

removing alloy as a separate pod in the same namespace 29d4ca9fe6

sidecar container added e2ad485759

adjustment of openbao.ymal f1d940561d

config map separately 4b553dd258

test 3eec895f67

new directory for the configmap f873cd8aef

ref-implementation/openbao/sidecar-container-alloy-configmap 2890437647

path: "stacks/ref-implementation/openbao-alloy-configmap" deaed1bdcc

extraVolumes: ... 7b77d870c6

- name: sidecar-container-alloy-config
      configMap:
        name: sidecar-container-alloy-config

extraContainers: ... f0632db48b

- name: grafana-alloy
     image: grafana/alloy:latest
     ports:
       - containerPort: 12345
     volumeMounts:
       - name: sidecar-container-alloy-config
         mountPath: /etc/alloy
         subPath: config.yaml
     args:
       - --config.file=/etc/alloy/config.yaml

test be1c3cee7a

extraVolumes deprecated 4e673f674d

/etc/alloy/config.yaml aeca6100f5

# args: ... 27dc5966e9

#    - --config.file=/etc/alloy/config.yaml

volumes: ... 872c9dc8e5

- name: alloy-data
      emptyDir: {}

/tmp/alloy/data c30cf9f380

securityContext: ... 8617e200ea

runAsUser: 1000
        fsGroup: 1000

runAsUser: 0 46072b8f81

runAsUser: 1000 # Run as non-root user ... e993c274b0

fsGroup: 1000

Merge pull request 'openbao_logs_second_way' (#16) from openbao_logs_second_way into shipping_openbao_logs ... 779df9fb9c

Reviewed-on: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks/pulls/16

runAsUser: 0 67876f18b9

fsGroup: 1000 ... 93fe631736

runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 100

# volumeMounts: ... 815f6a2822

#   - name: alloy-data
      #     mountPath: /var/lib/alloy/data

# extraContainers: ... b7de02d293

#   - name: grafana-alloy
  #     image: grafana/alloy:latest
  #     ports:
  #       - containerPort: 12345

user 0 43b172d8d4

# volumeMounts: ... 8db5e5950d

#   - name: alloy-data
      #     mountPath: /var/lib/alloy/data
      # securityContext:
      #   runAsUser: 0

["/bin/sh", "-c", "while kill -0 $(pidof main-container) 2>/dev/null; do sleep 1; done; echo 'OpenBao has crashed - giving Alloy time to collect logs...'; sleep 20"] ef22f9e7be

curlimages/curl:latest 57779745e9

busybox e4611e967e

image: alpine:latest bc189a53e0

bao audit enable file file_path=/var/log/openbao.log 46d6a22b65

touch /var/log/openbao.log ... 52f484d463

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log

touch /var/log/openbao.log ... ac3988f9ac

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log removed

while kill -0 $(pidof openbao) 2>/dev/null; do sleep 1; done; ... abdbcff9fd

echo 'OpenBao has crashed - giving Alloy time to collect logs...' >> var/log/openbao.log;
          sleep 20;
          echo 'Sidecar exiting.';
          exit 1;

# while kill -0 $(pidof openbao) 2>/dev/null; do sleep 1; done; ... 1c71f8555d

# echo 'OpenBao has crashed - giving Alloy time to collect logs...' >> var/log/openbao.log;
          # sleep 20;
          # echo 'Sidecar exiting.';
          # exit 1;

no exit fb0eebef13

while true; do ... 3bb9b4b059

echo 'Hello'
          sleep 5;
          done
        "]

touch /var/log/openbao.log ... 0b5b2b25fd

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log

command: ["/bin/sh", "-c", " ... 055713e4a5

while true; do
            echo 'Hello'
          sleep 5;
          done
        "]

command: ["/bin/sh", "-c", " ... 3d39948468

while true; do
            echo 'Hello'
          sleep 5;
          done
        "]

securityContext: ... 3cd6a846b2

runAsUser: 1001

runAsUser: 0 7efc8124b0

runAsUser: 1 18d03cee74

- name: init-log-permissions ... 80ca890f5f

image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /var/log && chmod -R 775 /var/log"]
      securityContext:
        runAsUser: 0
      volumeMounts:
        - mountPath: /var/log
          name: log-storage

- name: init-log-permissions ... 1938cc8f44

image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /var/log && chmod -R 775 /var/log"]
      volumeMounts:
        - mountPath: /var/log
          name: log-storage

mountPath: /var/log/test 8f7ccf5fa7

volumes: ... 4d93d50874

- name: log-storage
      path: /var/log/test

emptyDir: {} ... 0971384fd2

volumeMounts:
        - name: log-storage
          mountPath: /var/log/test

volumes: ... cba0a236f5

- name: log-storage
      path: /var/log/test

volumeMounts: ... da3624d82a

- mountPath: /var/log/test
      name: plugins
      readOnly: false

volumeMounts: ... d946b419e7

- mountPath: /
      name: plugins
      readOnly: false

# volumeMounts: ... ac4d10d619

#   - mountPath: /
  #     name: plugins
  #     readOnly: false

volumes: ... ff72720654

- name: log-storage
      emptyDir: {}

volumeMounts: ... e72e440e51

- mountPath: /var/log/test
      name: plugins
      readOnly: false

volumeMounts: ... 5ffb47d1ca

- mountPath: /var/log/test
      name: log-storage
      readOnly: false

touch /var/log/openbao.log ... 12d35ad1e9

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/log/openbao.log
      bao audit enable file file_path=/var/log/openbao.log removed

mountPath: /openbao/logs e7d693465d

bao audit enable file file_path=/openbao/logs/openbao.log 1bf5b468bc

touch /openbao/logs/openbao.log d51e0859a9

# touch /openbao/logs/openbao.log ... 974e0182cc

# bao audit enable file file_path=/openbao/logs/openbao.log

bao audit enable -path="stdout" file file_path=stdout ... a5ec02205a

bao audit enable -path="file" file file_path=/openbao/logs/openbao.log

local.file_match "openbao_file_logs" { ... 3e1b284e3b

path_targets = [{"__path__" = "/openbao/logs/*"}]
        sync_period = "5s"
      }

      loki.source.file "openbao_logs" {
        targets    = local.file_match.openbao_file_logs.output
        forward_to = [loki.write.local_loki.receiver]
      }

targets = local.file_match.openbao_file_logs.targets 5843e9498b

alloy is back 0dbf646477

name changes c9c67a9d54

path_targets = [{"__path__" = "/var/log/*"}] 285e823936

mountPath: /var/lib/alloy/data 140dddd955

mountPath: /var/lib/alloy/data 005f7503ce

/openbao/logs/pupa2 6385e39067

runAsUser: 100 88df4ea8f4

/var 87522c11db

mountPath: /var/lib 2058f6a36b

mountPath: /var/lib/alloy ec2fc47ea2

- name: config-volume ... 39eab1ef93

configMap:
        name: sidecar-container-alloy-config

- --config.file=/var/lib/alloy/config/config.yaml c376f6d0c6

mountPath: /etc/alloy ... 267a04fee5

items:
                - key: "config.yaml"
                  path: "config.alloy"

- name: config-volume ... d866169744

mountPath: /etc/alloy
              items:
                - key: "config.yaml"
                  path: "config.alloy"

- key: "config.yaml" ... 3db4058181

path: "/config.alloy"
                - key: "config.yaml"
                  path: "/pupa/config.alloy"

config.alloy 02c739524b

path_targets = [{"__path__" = "/openbao/logs/*"}] 350398cb23

url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push" 64677a02d1

log-sidecar removed d21c543f2c

Michal.Wrobel added 1 commit 2025-03-20 15:03:24 +00:00

/openbao/logs/alive/main.alive 3937c98d00

Michal.Wrobel added 1 commit 2025-03-20 15:14:07 +00:00

touch /shared/main.alive; trap 'rm -f /shared/main.alive; exit 0' TERM; while true; do sleep 1; done 5f5ac62b0b

Michal.Wrobel added 1 commit 2025-03-20 15:18:46 +00:00

those command were deleted 4601d2f25d

Michal.Wrobel added 1 commit 2025-03-24 11:54:30 +00:00

livenessProbe: ... d41a27305e

enabled: true

Michal.Wrobel added 1 commit 2025-03-24 12:12:48 +00:00

livenessProbe: ... f39c8c979b

enabled: true
    execCommand:
      - /bin/sh
      - -c
      - bao status

Michal.Wrobel added 1 commit 2025-03-24 12:32:44 +00:00

# bao audit enable -path="stdout" file file_path=stdout ... dcce720122

# bao audit enable -path="file" file file_path=/openbao/logs/openbao.log

Michal.Wrobel added 1 commit 2025-03-24 12:33:15 +00:00

### 8f28c30364

Michal.Wrobel added 1 commit 2025-03-24 12:38:18 +00:00

bao operator init >> /tmp/init.txt 8d7a7cb1bf

Michal.Wrobel added 1 commit 2025-03-24 12:41:50 +00:00

cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} ... aae508014a

echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
      echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
      echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
      rm /tmp/init.txt

Michal.Wrobel added 1 commit 2025-03-24 12:50:10 +00:00

sleep 10 2c5cad03c8

Michal.Wrobel added 1 commit 2025-03-24 12:50:35 +00:00

100 5086db7cba

Michal.Wrobel added 1 commit 2025-03-24 12:57:41 +00:00

# rm /tmp/init.txt 4620a92aee

Michal.Wrobel added 1 commit 2025-03-24 13:20:57 +00:00

rm /tmp/init.txt ... 71a5463237

bao audit enable -path="stdout" file file_path=stdout
      bao audit enable -path="file" file file_path=/openbao/logs/openbao.log

Michal.Wrobel added 1 commit 2025-03-24 13:50:19 +00:00

no liveness probe 320e67a1d2

Michal.Wrobel commented 2025-03-24 14:06:21 +00:00

Author

Owner

Copy link

⚠️ Please squash the commits ⚠️

⚠️ Please squash the commits ⚠️

requested review from richardrobertreitz 2025-03-24 14:06:41 +00:00

Michal.Wrobel added 1 commit 2025-03-25 10:18:55 +00:00

- name: host-log ... 547938acd4

hostPath:
        path: /var/log
        type: Directory

Michal.Wrobel added 1 commit 2025-03-25 11:51:04 +00:00

logging setup c6e71f8aeb

Michal.Wrobel added 1 commit 2025-03-25 12:03:31 +00:00

test be7881e2ec

Michal.Wrobel added 1 commit 2025-03-25 12:13:42 +00:00

# bao audit enable -path="file" file file_path=/openbao/logs/openbao.log 2372cefe0b

Michal.Wrobel added 1 commit 2025-03-25 12:19:18 +00:00

/openbao/logs/openbao/openbao.log bb3c6cf438

Michal.Wrobel added 1 commit 2025-03-25 12:26:32 +00:00

sidecar container detached 5c197fd0f1

Michal.Wrobel added 1 commit 2025-03-25 12:52:58 +00:00

apiVersion: v1 ... 278cf798f4

kind: ConfigMap
metadata:
  name: openbao-logrotate-config
  namespace: openbao
data:
  openbao: |
    /var/log/openbao/*.log {
    size 5k
    rotate 7
    compress
    missingok
    notifempty
    postrotate
        kill -SIGHUP $(pidof bao)
    endscript
    }

Michal.Wrobel added 1 commit 2025-03-25 12:59:28 +00:00

bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log 42be001b3c

Michal.Wrobel added 1 commit 2025-03-25 13:08:05 +00:00

/var/log/openbao/openbao/*.log { c34d538073

Michal.Wrobel added 1 commit 2025-03-25 14:02:53 +00:00

mkdir pupa d941d12bcd

Michal.Wrobel added 1 commit 2025-03-25 14:16:09 +00:00

sleep 60 5c9b4c679d

Michal.Wrobel added 1 commit 2025-03-26 10:01:36 +00:00

loki.source.syslog "tcp_socket" { ... 2a8bdd0f6d

listener {
          address = "0.0.0.0:1514"
        }
        forward_to = [loki.write.local_loki.receiver]
      }

Michal.Wrobel added 1 commit 2025-03-26 10:46:06 +00:00

extraPorts: ... 08a4037929

- name: "tcp_socket"
    port: 1514
    targetPort: 1514
    protocol: "TCP"
    appProtocol: "tcp"

Michal.Wrobel added 1 commit 2025-03-26 10:53:15 +00:00

extraPorts: ... e901ac85fc

- name: "tcp_socket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"

Michal.Wrobel added 1 commit 2025-03-26 11:28:41 +00:00

# extraPorts: ... c16ad82150

#   - name: "tcp_socket"
  #     port: 1514
  #     targetPort: 1514
  #     protocol: "TCP"
  #     appProtocol: "tcp"

Michal.Wrobel added 1 commit 2025-03-26 11:30:34 +00:00

address = "0.0.0.0:12345" d64ecf325b

Michal.Wrobel added 1 commit 2025-03-26 11:34:52 +00:00

forward_to = [loki.write.local_loki.receiver] bfc8972580

Michal.Wrobel added 1 commit 2025-03-26 11:38:43 +00:00

address = "0.0.0.0:1514" e8c6aeb3c2

Michal.Wrobel added 1 commit 2025-03-26 11:43:05 +00:00

extraPorts: ... ecf2ed5787

- name: "tcp_socket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"

Michal.Wrobel added 1 commit 2025-03-26 11:50:17 +00:00

create: false ... 21ce529abe

name: alloy-config
    key: config.alloy

Michal.Wrobel added 1 commit 2025-03-26 11:56:06 +00:00

- name: "tcpsocket" a1925e083b

Michal.Wrobel added 1 commit 2025-03-26 12:03:26 +00:00

create: false ... 2fda5818ec

name: alloy-config
  key: config.alloy

Michal.Wrobel added 1 commit 2025-03-26 12:16:06 +00:00

loki.source.kubernetes "all_pod_logs" { ... 992749c6fc

targets    = discovery.relabel.pod_logs.output
        forward_to = [loki.write.local_loki.receiver]
      }

Michal.Wrobel added 1 commit 2025-03-26 12:46:11 +00:00

labels = { component = "loki.source.syslog", protocol = "tcp" } 574fe29565

Michal.Wrobel added 1 commit 2025-03-26 12:55:50 +00:00

loki.source.syslog "tcp_socket" { ... 1f429f079b

listener {
          address = "0.0.0.0:1514"
          labels   = { component = "loki.source.syslog", protocol = "tcp" }
        }
        forward_to = [loki.write.local_loki.receiver]
      }

Michal.Wrobel closed this pull request 2025-04-02 13:33:26 +00:00

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

richardrobertreitz

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: DevFW-CICD/stacks#17

No description provided.