amazon-s3fluentdboltdbgrafana-loki

Loki config with s3


I can't get Loki to connect to AWS S3 using docker-compose. Logs are visible in Grafana but the S3 bucket remains empty.

The s3 bucket is public and I have an IAM role attached to allow s3:FullAccess.

I updated loki to v2.0.0 and changed the period to 24h but it made no difference. There are no errors in the loki logs.

Here are the selected lines from docker logs (loki):

msg="Starting Loki" version="(version=master-4e661cd, branch=master, revision=4e661cde)"
caller=server.go:225 http=[::]:3100 grpc=[::]:9095 msg="server listening on addresses"
caller=worker.go:65 msg="no address specified, not starting worker"
msg="cleaning up mapped rules directory" path=/loki/tmprules
msg=initialising module=memberlist-kv
msg=initialising module=store
msg=initialising module=server
msg=initialising module=ring
msg="value is nil" key=collectors/ring index=1
msg=initialising module=ingester
msg="not loading tokens from file, tokens file path is empty"
msg="instance not found in ring, adding with no tokens" ring=ingester
msg="auto-joining cluster after timeout" ring=ingester
msg=initialising module=table-manager
msg=initialising module=distributor
msg=initialising module=ingester-querier
msg=initialising module=ruler
msg="ruler up and running"
msg="Loki started"
msg="synching tables" expected_tables=132

Here is my loki.config:

auth_enabled: false

server:
  http_listen_port: 3100

distributor:
  ring:
    kvstore:
      store: memberlist

ingester:
  lifecycler:
    ring:
      kvstore:
        store: memberlist
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 5m
  chunk_retain_period: 30s

schema_config:
  configs:
  - from: 2020-10-27
    store: boltdb-shipper
    object_store: s3
    schema: v11
    index:
      prefix: index_
      period: 24h
  
storage_config:
  boltdb_shipper:
    active_index_directory: /loki/index
    cache_location: /loki/index_cache
    resync_interval: 5s
    shared_store: s3
  
  aws:
     s3: s3://AKIARE3@us-east-1/mydomain.com.docker.loki.logs
     s3forcepathstyle: true 

limits_config:
  enforce_metric_name: false
  reject_old_samples: true
  reject_old_samples_max_age: 168h     

Here is docker-compose.yaml

version: "3.8"

networks:
  traefik:
    external: true

volumes:
  data:
   
services:
  fluentd:
    image: grafana/fluent-plugin-loki:master
    command:
      - "fluentd"
      - "-v"
      - "-p"
      - "/fluentd/plugins"
    environment:
      LOKI_URL: http://loki:3100
      LOKI_USERNAME:
      LOKI_PASSWORD:
    container_name: "fluentd"
    restart: always
    ports:
      - '24224:24224'
    networks:
      - traefik
    volumes:
      - type: bind
        source: ./config/fluent.conf
        target: /fluentd/etc/fluent.conf
    logging:
      options:
        tag: docker.monitoring
  
  loki:
    image: grafana/loki:master
    container_name: "loki"
    restart: always
    networks:
      - traefik
    volumes:
      - type: volume
        source: data
        target: /loki
    ports:
      - 3100
    volumes:
      - type: bind
        source: ./config/s3.loki.conf
        target: /loki/etc/loki.conf
    depends_on:
      - fluentd

Solution

  • I finally did work this out. It requires a compactor but gives no warning about it. Best practice is to create an AWS s3 bucket without any public access. Next create an IAM user with programmatic access only. Create an access policy which gives full access only to the bucket you created. Attach the policy to the user's permissions. You do not need to attach a policy to the bucket itself. Check if you have "/" in your URL that you escape it with %2F otherwise you will get an auth error. Note that this config is for loki v2.0.0 which was released yesterday.

    Here are my complete working docker-compose and loki config files. I put them on an external network to enable prometheus monitoring.

    here is my docker-compose.yaml

        version: "3.8"
        
        networks:
          appnet:
            external: true
        
        volumes:
          loki_data:
           
        services:
          fluentd:
            container_name: "fluentd"
            image: grafana/fluent-plugin-loki:master
            command:
              - "fluentd"
              - "-v"
              - "-p"
              - "/fluentd/plugins"
            environment:
              LOKI_URL: http://loki:3100
              LOKI_USERNAME:
              LOKI_PASSWORD:
            restart: always
            ports:
              - '24224:24224'
            networks:
              - appnet
            volumes:
              - type: bind
                source: ./config/fluent.conf
                target: /fluentd/etc/fluent.conf
          
          loki:
            container_name: "loki"
            image: grafana/loki:2.0.0
            restart: always
            networks:
              - appnet
            ports:
              - 3100
            volumes:
              - type: volume
                source: loki_data
                target: /data
              - type: bind
                source: ./config/s3-loki-bolt-conf.yml
                target: /etc/loki/local-config.yaml
            command: -config.file=/etc/loki/local-config.yaml        
            depends_on:
              - fluentd
    

    Here is my loki config in prometheus/config/s3-loki-bolt-conf.yml. You can name this anything you want but keep the target file name as above as it is the loki default config file.

        auth_enabled: false
        
        ingester:
          chunk_idle_period: 3m
          chunk_block_size: 262144
          chunk_retain_period: 1m
          max_transfer_retries: 0
          lifecycler:
            ring:
              kvstore:
                store: inmemory
              replication_factor: 1
        
        limits_config:
          enforce_metric_name: false
          reject_old_samples: true
          reject_old_samples_max_age: 168h
        
        compactor:
          working_directory: /loki/boltdb-shipper-compactor
          shared_store: aws
          
        schema_config:
          configs:
          - from: 2020-07-01
            store: boltdb-shipper
            object_store: aws
            schema: v11
            index:
              prefix: loki_index_
              period: 24h
              
        server:
          http_listen_port: 3100
        
        storage_config:
          aws:
            s3: s3://ACCESS_KEY:SECRET_ACCESS_KEY@us-west-1/mydomain.com.docker.loki.logs
          boltdb_shipper:
            active_index_directory: /loki/index
            shared_store: s3
            cache_location: /loki/boltdb-cache
        
        chunk_store_config:
          max_look_back_period: 0s
        
        table_manager:
          retention_deletes_enabled: false
          retention_period: 0s