From 891a4356f41b482356bd391b1a870b5ccbb63841 Mon Sep 17 00:00:00 2001
From: Ricky Grassmuck <rigrassm@gmail.com>
Date: Fri, 15 Oct 2021 15:48:30 -0500
Subject: [PATCH] Add Promtail Nomad Pack

---
 packs/promtail/README.md                    |  16 +++
 packs/promtail/metadata.hcl                 |  11 ++
 packs/promtail/outputs.tpl                  |   1 +
 packs/promtail/templates/_helpers.tpl       |  51 ++++++++++
 packs/promtail/templates/promtail.nomad.tpl | 102 +++++++++++++++++++
 packs/promtail/variables.hcl                | 107 ++++++++++++++++++++
 6 files changed, 288 insertions(+)
 create mode 100644 packs/promtail/README.md
 create mode 100644 packs/promtail/metadata.hcl
 create mode 100644 packs/promtail/outputs.tpl
 create mode 100644 packs/promtail/templates/_helpers.tpl
 create mode 100644 packs/promtail/templates/promtail.nomad.tpl
 create mode 100644 packs/promtail/variables.hcl

diff --git a/packs/promtail/README.md b/packs/promtail/README.md
new file mode 100644
index 0000000..80cf1d3
--- /dev/null
+++ b/packs/promtail/README.md
@@ -0,0 +1,16 @@
+# Promtail
+
+[Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) is an agent which ships the contents of local logs to a private Loki instance or [Grafana Cloud](https://grafana.com/oss/loki). It is usually deployed to every machine that has applications needed to be monitored.
+
+This pack deploys Promtail as a Nomad [System Job](https://www.nomadproject.io/docs/schedulers#system) using the `grafana/promtail` Docker image and Consul Service named "promtail".
+
+## Dependencies
+
+This pack requires Linux clients to run properly.
+
+
+## Configuration
+
+This pack allows passing a pre-made Promtail configuration file by setting the `config_file` variable to a filepath relative to the directory the `nomad-pack` command is being called from. If the custom config file being used will require the promtail container to rune as a privileged container, you must set the `privileged_container` variable to `true`.
+
+If no custom configuration file is provided, a default template will be used which is configured to scrape systemd-journal logs by default. You will need to set the `client_urls` variable with a list of URL's in order for promtail to ship the logs. **Using the default configuration sets the container to be run as privileged**.
\ No newline at end of file
diff --git a/packs/promtail/metadata.hcl b/packs/promtail/metadata.hcl
new file mode 100644
index 0000000..5af39af
--- /dev/null
+++ b/packs/promtail/metadata.hcl
@@ -0,0 +1,11 @@
+app {
+  url    = "https://grafana.com/docs/promtail/latest/clients/promtail"
+  author = "Ricky Grassmuck"
+}
+
+pack {
+  name        = "promtail"
+  description = "Promtail is an agent which ships the contents of local logs to a private Loki instance or Grafana Cloud."
+  url         = "https://github.com/hashicorp/nomad-pack-community-registry/promtail"
+  version     = "0.0.1"
+}
diff --git a/packs/promtail/outputs.tpl b/packs/promtail/outputs.tpl
new file mode 100644
index 0000000..740a973
--- /dev/null
+++ b/packs/promtail/outputs.tpl
@@ -0,0 +1 @@
+Promtail successfully deployed.
\ No newline at end of file
diff --git a/packs/promtail/templates/_helpers.tpl b/packs/promtail/templates/_helpers.tpl
new file mode 100644
index 0000000..082df96
--- /dev/null
+++ b/packs/promtail/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+// allow nomad-pack to set the job name
+
+[[- define "job_name" -]]
+[[- if eq .promtail.job_name "" -]]
+[[- .nomad_pack.pack.name | quote -]]
+[[- else -]]
+[[- .promtail.job_name | quote -]]
+[[- end -]]
+[[- end -]]
+
+// only deploys to a region if specified
+
+[[- define "region" -]]
+[[- if not (eq .promtail.region "") -]]
+region = [[ .promtail.region | quote]]
+[[- end -]]
+[[- end -]]
+
+// Use provided config file if defined, else render a default
+[[- define "promtail_config" -]]
+[[- if (eq .promtail.config_file "") -]]
+server:
+  http_listen_port: 9080
+  log_level: [[ .promtail.log_level ]]
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  [[ range $idx, $url := .promtail.client_urls ]][[if $idx]]  [[end]][[ $url | printf "- url: %s\n" ]][[ end ]]
+scrape_configs:
+- job_name: journal
+  journal:
+    max_age: [[ .promtail.journal_max_age ]]
+    json: false
+    labels:
+      job: systemd-journal
+  relabel_configs:
+  - source_labels:
+    - __journal__systemd_unit
+    target_label: systemd_unit
+  - source_labels:
+    - __journal__hostname
+    target_label: nodename
+  - source_labels:
+    - __journal_syslog_identifier
+    target_label: syslog_identifier
+[[- else -]]
+[[ $config := .promtail.config_file ]][[ fileContents $config ]]
+[[- end -]]
+[[- end -]]
\ No newline at end of file
diff --git a/packs/promtail/templates/promtail.nomad.tpl b/packs/promtail/templates/promtail.nomad.tpl
new file mode 100644
index 0000000..1a7779e
--- /dev/null
+++ b/packs/promtail/templates/promtail.nomad.tpl
@@ -0,0 +1,102 @@
+job [[ template "job_name" . ]] {
+
+  [[ template "region" . ]]
+
+  datacenters = [ [[ range $idx, $dc := .promtail.datacenters ]][[if $idx]],[[end]][[ $dc | quote ]][[ end ]] ]
+  type = "system"
+  
+  constraint {
+    attribute = "${attr.kernel.name}"
+    value     = "linux"
+  }
+
+  group "promtail" {
+    count = 1
+
+    network {
+      mode = "bridge"
+      port "http" {
+        to = [[ .promtail.http_port ]]
+      }
+    }
+
+    service {
+      name = [[ .promtail.service_name | quote ]]
+      port = "http"
+      [[- if not (eq (len .promtail.upstreams) 0) ]] // Render Connect upstreams if defined
+      connect {
+        sidecar_service {
+          proxy {
+            [[- range $upstream := .promtail.upstreams ]]
+            upstreams {
+              destination_name = [[ $upstream.name | quote ]]
+              local_bind_port  = [[ $upstream.port ]]
+            }
+            [[- end ]]
+          }
+        }
+      }
+      [[- end ]]
+      check {
+        name = [[ .promtail.service_check_name | quote ]]
+        port = "http"
+        type = "http"
+        path = "/ready"
+        timeout = "2s"
+        interval = "10s"
+      }
+    }
+
+    task "promtail" {
+      driver = "docker"
+      privileged = true
+      
+      template {
+        destination = "local/promtail-config.yaml"
+        data = <<EOT
+[[ template "promtail_config" . ]]
+EOT
+      }
+
+      config {
+        image = "grafana/promtail:[[ .promtail.version_tag ]]"
+        args = [
+          "-config.file=/etc/promtail/promtail-config.yaml",
+          "-log.level=[[ .promtail.log_level ]]"
+        ]
+
+        privileged = [[ if or (.promtail.mount_journal) (.promtail.mount_machine_id) (.promtail.privileged_container) ]]true[[ else ]]false[[ end ]]
+
+        mount {
+          type = "bind"
+          target = "/etc/promtail/promtail-config.yaml"
+          source = "local/promtail-config.yaml"
+          readonly = false
+          bind_options { propagation = "rshared" }
+        }
+        [[ if .promtail.mount_journal ]]
+        mount {
+          type = "bind"
+          target = "/var/log/journal"
+          source = "/var/log/journal"
+          readonly = true
+          bind_options { propagation = "rshared" }
+        }
+        [[ end ]]
+        [[ if .promtail.mount_machine_id ]]
+        mount {
+          type = "bind"
+          target = "/etc/machine-id"
+          source = "/etc/machine-id"
+          readonly = false
+          bind_options { propagation = "rshared" }
+        }
+        [[ end ]]
+      }
+      resources {
+        cpu    = [[ .promtail.resources.cpu ]]
+        memory = [[ .promtail.resources.memory ]]
+      }
+    }
+  }
+}
diff --git a/packs/promtail/variables.hcl b/packs/promtail/variables.hcl
new file mode 100644
index 0000000..19c2d45
--- /dev/null
+++ b/packs/promtail/variables.hcl
@@ -0,0 +1,107 @@
+variable "job_name" {
+  description = "The name to use as the job name which overrides using the pack name."
+  type        = string
+  // If "", the pack name will be used
+  default     = ""
+}
+
+variable "service_name" {
+  description = "Name used to register the Consul Service"
+  type		    = string
+  default     = "promtail"
+}
+
+variable "service_check_name" {
+  description = "Name of the service check registered with the Consul Service"
+  type		    = string
+  default     = "Readiness"
+}
+
+variable "datacenters" {
+  description = "A list of datacenters in the region which are eligible for task placement."
+  type        = list(string)
+  default     = ["dc1"]
+}
+
+variable "region" {
+  description = "The region where the job should be placed."
+  type        = string
+  default     = "global"
+}
+
+variable "version_tag" {
+  description = "The docker image version. For options, see https://hub.docker.com/grafana/promtail"
+  type        = string
+  default     = "latest"
+}
+
+variable "http_port" {
+  description = "The Nomad client port that routes to the Promtail."
+  type        = number
+  default     = 9080
+}
+
+variable "resources" {
+  description = "The resource to assign to the promtail service task."
+  type = object({
+    cpu    = number
+    memory = number
+  })
+  default = {
+    cpu    = 200,
+    memory = 256
+  }
+}
+
+variable "config_file" {
+  type		= string
+  default = ""
+}
+
+variable "mount_journal" {
+  description = "Controls whether /var/log/journal is mounted in the container. If true, container will be run privileged."
+  type		= bool
+  default = true
+}
+
+variable "mount_machine_id" {
+  description = "Controls whether /etc/machine-id is mounted in the container. If true, container will be run privileged."
+  type		= bool
+  default = true
+}
+
+// Default configuration mounts paths /var/log/journal and /etc/machine-id from 
+//   the nomad client. This requires a privileged container.
+variable "privileged_container" {
+  description = "Run as a privileged container. Setting mount_journal or mount_machine_id to true will override this."
+  type		= bool
+  default = false
+}
+
+// Default config options used when no config file is specified
+variable "client_urls" {
+  description = "A list of client url's for promtail to send it's data to."
+  type		= list(string)
+  default = []
+}
+
+variable "journal_max_age" {
+  description = "Maximum age of journald entries to scrape."
+  type		= string
+  default = "12h"
+}
+
+variable "log_level" {
+  description = "Promtail log level configuration."
+  type		= string
+  default = "info"
+}
+
+variable "upstreams" {
+  description = "Define Connect Upstreams used by Promtail."
+  type = list(object({
+    name = string
+    port = number
+  }))
+  default = []
+}
\ No newline at end of file