diff --git a/.files b/.files
index c2dc24f..47055c4 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index bc42aec..114a87d 100644
--- a/.rev
+++ b/.rev
@@ -64,4 +64,12 @@
978660
+
+ acea345a39e787e7b788531e63d2756c
+ 2.5.0+git.1649366683.2d9d0ee23
+
+ dimstar_suse
+
+ 986284
+
diff --git a/.servicemark b/.servicemark
index 7c627be..57f95a9 100644
--- a/.servicemark
+++ b/.servicemark
@@ -1 +1 @@
-830c103328ace4a8c9d24dc542e19c6e
+93bcf989890c61883ff04115a33cf9a4
diff --git a/harden_promtail.service.patch b/harden_promtail.service.patch
index 60aa367..3e86845 100644
--- a/harden_promtail.service.patch
+++ b/harden_promtail.service.patch
@@ -1,7 +1,7 @@
-Index: loki-2.2.1+git.1617669398.babea82e/docs/sources/clients/aws/ec2/promtail.service
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/aws/ec2/promtail.service
===================================================================
---- loki-2.2.1+git.1617669398.babea82e.orig/docs/sources/clients/aws/ec2/promtail.service
-+++ loki-2.2.1+git.1617669398.babea82e/docs/sources/clients/aws/ec2/promtail.service
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/clients/aws/ec2/promtail.service
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/aws/ec2/promtail.service
@@ -1,6 +1,18 @@
[Unit]
Description=Promtail
@@ -17,7 +17,7 @@ Index: loki-2.2.1+git.1617669398.babea82e/docs/sources/clients/aws/ec2/promtail.
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
-+# end of automatic additions
++# end of automatic additions
User=root
WorkingDirectory=/opt/promtail/
ExecStartPre=/bin/sleep 30
diff --git a/loki.changes b/loki.changes
index 3517b39..cb5c9f2 100644
--- a/loki.changes
+++ b/loki.changes
@@ -1,4 +1,29 @@
-------------------------------------------------------------------
+Thu Jun 30 10:38:28 UTC 2022 - Marcus Rueckert
+
+- also track quilt series file to make it easy to setup a quilt
+ working copy
+
+-------------------------------------------------------------------
+Thu Jun 30 10:35:08 UTC 2022 - Marcus Rueckert
+
+- also make the config file permissions more strict:
+ /etc/loki/loki.yaml root:loki u=rw,g=r,o=
+ /etc/loki/promtail.yaml root:root u=rw,g=r,o=
+
+-------------------------------------------------------------------
+Thu Jun 30 10:22:20 UTC 2022 - Marcus Rueckert
+
+- default configs reference paths in /tmp. move those to proper
+ places:
+ loki data dir: /var/lib/loki loki:loki u=rwx,g=rx,o=
+ promtail data dir: /var/lib/promtail root:root u=rwx,g=rx,o=
+
+ Existing configs will not be updated
+
+ Added proper-data-directories.patch
+
+-------------------------------------------------------------------
Mon May 23 07:35:18 UTC 2022 - ecsos@opensuse.org
- Update to version 2.5.0+git.1649366683.2d9d0ee23:
diff --git a/loki.spec b/loki.spec
index 0858476..f7e3ab1 100644
--- a/loki.spec
+++ b/loki.spec
@@ -16,6 +16,9 @@
#
+%global loki_datadir /var/lib/loki
+%global promtail_datadir /var/lib/promtail
+
Name: loki
Version: 2.5.0+git.1649366683.2d9d0ee23
Release: 0
@@ -28,7 +31,9 @@ Source1: loki.service
Source2: promtail.service
Source3: sysconfig.loki
Source4: sysconfig.promtail
+Source99: series
Patch0: harden_promtail.service.patch
+Patch1: proper-data-directories.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: golang-packaging
BuildRequires: systemd-devel
@@ -65,8 +70,7 @@ Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation
This package contains the LogCLI command-line tool.
%prep
-%setup -q %{name}-%{version}
-%patch0 -p1
+%autosetup -p1 %{name}-%{version}
%build
%define buildpkg github.com/grafana/loki/pkg/build
@@ -94,9 +98,9 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcloki
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcpromtail
# Config files
-install -Dm644 cmd/loki/loki-local-config.yaml \
+install -Dm640 cmd/loki/loki-local-config.yaml \
%{buildroot}%{_sysconfdir}/loki/loki.yaml
-install -Dm644 clients/cmd/promtail/promtail-local-config.yaml \
+install -Dm640 clients/cmd/promtail/promtail-local-config.yaml \
%{buildroot}%{_sysconfdir}/loki/promtail.yaml
# Binaries
@@ -105,6 +109,8 @@ install -Dm755 loki %{buildroot}%{_bindir}
install -Dm755 promtail %{buildroot}%{_bindir}
install -Dm755 logcli %{buildroot}%{_bindir}
+install -D -d -m 0750 %{buildroot}%{promtail_datadir} %{buildroot}%{loki_datadir}
+
%pre
%service_add_pre loki.service
@@ -138,15 +144,18 @@ install -Dm755 logcli %{buildroot}%{_bindir}
%{_fillupdir}/sysconfig.loki
%{_bindir}/loki
%dir %{_sysconfdir}/loki
-%config(noreplace) %{_sysconfdir}/loki/loki.yaml
+%config(noreplace) %attr(-,root,loki) %{_sysconfdir}/loki/loki.yaml
%{_sbindir}/rcloki
+%dir %attr(-,loki,loki) %{loki_datadir}/
%files -n promtail
%{_unitdir}/promtail.service
%{_fillupdir}/sysconfig.promtail
%{_bindir}/promtail
+%dir %{_sysconfdir}/loki
%config(noreplace) %{_sysconfdir}/loki/promtail.yaml
%{_sbindir}/rcpromtail
+%dir %{promtail_datadir}/
%files -n logcli
%{_bindir}/logcli
diff --git a/proper-data-directories.patch b/proper-data-directories.patch
new file mode 100644
index 0000000..07f3c37
--- /dev/null
+++ b/proper-data-directories.patch
@@ -0,0 +1,310 @@
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/cmd/loki/loki-local-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/cmd/loki/loki-local-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/cmd/loki/loki-local-config.yaml
+@@ -5,11 +5,11 @@ server:
+ grpc_listen_port: 9096
+
+ common:
+- path_prefix: /tmp/loki
++ path_prefix: /var/lib/loki
+ storage:
+ filesystem:
+- chunks_directory: /tmp/loki/chunks
+- rules_directory: /tmp/loki/rules
++ chunks_directory: /var/lib/loki/chunks
++ rules_directory: /var/lib/loki/rules
+ replication_factor: 1
+ ring:
+ instance_addr: 127.0.0.1
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/configuration/examples.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/configuration/examples.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/configuration/examples.md
+@@ -148,7 +148,7 @@ storage_config:
+ keyspace: lokiindex
+
+ filesystem:
+- directory: /tmp/loki/chunks
++ directory: /var/lib/loki/chunks
+
+ ```
+
+@@ -184,10 +184,10 @@ schema_config:
+
+ storage_config:
+ boltdb:
+- directory: /tmp/loki/index
++ directory: /var/lib/loki/index
+
+ filesystem:
+- directory: /tmp/loki/chunks
++ directory: /var/lib/loki/chunks
+
+ limits_config:
+ enforce_metric_name: false
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/configuration/examples/cassandra-index.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/configuration/examples/cassandra-index.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/configuration/examples/cassandra-index.yaml
+@@ -19,5 +19,5 @@ storage_config:
+ keyspace: lokiindex
+
+ filesystem:
+- directory: /tmp/loki/chunks
+-
+\ No newline at end of file
++ directory: /var/lib/loki/chunks
++
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/configuration/examples/complete-local-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/configuration/examples/complete-local-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/configuration/examples/complete-local-config.yaml
+@@ -26,10 +26,10 @@ schema_config:
+
+ storage_config:
+ boltdb:
+- directory: /tmp/loki/index
++ directory: /var/lib/loki/index
+
+ filesystem:
+- directory: /tmp/loki/chunks
++ directory: /var/lib/loki/chunks
+
+ limits_config:
+ enforce_metric_name: false
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/operations/storage/filesystem.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/operations/storage/filesystem.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/operations/storage/filesystem.md
+@@ -10,7 +10,7 @@ Very simply it stores all the objects (c
+ ```yaml
+ storage_config:
+ filesystem:
+- directory: /tmp/loki/
++ directory: /var/lib/loki/
+ ```
+
+ A folder is created for every tenant all the chunks for one tenant are stored in that directory.
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/rules/_index.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/rules/_index.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/rules/_index.md
+@@ -260,12 +260,12 @@ The local implementation reads the rule
+ A typical local configuration might look something like:
+ ```
+ -ruler.storage.type=local
+- -ruler.storage.local.directory=/tmp/loki/rules
++ -ruler.storage.local.directory=/var/lib/loki/rules
+ ```
+
+ With the above configuration, the Ruler would expect the following layout:
+ ```
+-/tmp/loki/rules//rules1.yaml
++/var/lib/loki/rules//rules1.yaml
+ /rules2.yaml
+ ```
+ Yaml files are expected to be [Prometheus compatible](#Prometheus_Compatible) but include LogQL expressions as specified in the beginning of this doc.
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/upgrading/_index.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/upgrading/_index.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/upgrading/_index.md
+@@ -862,8 +862,8 @@ Not every environment will allow this ca
+ In 1.4.0 and earlier the included config file in the docker container was using directories:
+
+ ```
+-/tmp/loki/index
+-/tmp/loki/chunks
++/var/lib/loki/index
++/var/lib/loki/chunks
+ ```
+
+ In 1.5.0 this has changed:
+@@ -879,9 +879,9 @@ This will mostly affect anyone using doc
+
+ One possible upgrade path would look like this:
+
+-If I were running Loki with this command `docker run -d --name=loki --mount source=loki-data,target=/tmp/loki -p 3100:3100 grafana/loki:1.4.0`
++If I were running Loki with this command `docker run -d --name=loki --mount source=loki-data,target=/var/lib/loki -p 3100:3100 grafana/loki:1.4.0`
+
+-This would mount a docker volume named `loki-data` to the `/tmp/loki` folder which is where Loki will persist the `index` and `chunks` folder in 1.4.0
++This would mount a docker volume named `loki-data` to the `/var/lib/loki` folder which is where Loki will persist the `index` and `chunks` folder in 1.4.0
+
+ To move to 1.5.0 I can do the following (please note that your container names and paths and volumes etc may be different):
+
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/operator/internal/manifests/distributor.go
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/operator/internal/manifests/distributor.go
++++ loki-2.5.0+git.1649366683.2d9d0ee23/operator/internal/manifests/distributor.go
+@@ -18,8 +18,8 @@ const (
+ walVolumeName = "wal"
+ configVolumeName = "config"
+ storageVolumeName = "storage"
+- walDirectory = "/tmp/wal"
+- dataDirectory = "/tmp/loki"
++ walDirectory = "/var/lib/loki/wal"
++ dataDirectory = "/var/lib/loki"
+ secretDirectory = "/etc/proxy/secrets"
+ )
+
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-cloudflare.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/clients/cmd/promtail/promtail-cloudflare.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-cloudflare.yaml
+@@ -3,7 +3,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://localhost:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-docker-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/clients/cmd/promtail/promtail-docker-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-docker-config.yaml
+@@ -3,7 +3,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://loki:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-local-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/clients/cmd/promtail/promtail-local-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-local-config.yaml
+@@ -3,7 +3,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://localhost:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-local-limit-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/clients/cmd/promtail/promtail-local-limit-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-local-limit-config.yaml
+@@ -3,7 +3,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://localhost:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-local-pubsub-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/clients/cmd/promtail/promtail-local-pubsub-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/clients/cmd/promtail/promtail-local-pubsub-config.yaml
+@@ -3,7 +3,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://localhost:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/lambda-promtail/_index.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/clients/lambda-promtail/_index.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/lambda-promtail/_index.md
+@@ -134,7 +134,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://ip_or_hostname_where_Loki_run:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/promtail/configuration.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/clients/promtail/configuration.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/clients/promtail/configuration.md
+@@ -1865,7 +1865,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://ip_or_hostname_where_loki_runs:3100/loki/api/v1/push
+@@ -1891,7 +1891,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://loki_addr:3100/loki/api/v1/push
+@@ -1917,7 +1917,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://ip_or_hostname_where_Loki_run:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/getting-started/get-logs-into-loki.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/getting-started/get-logs-into-loki.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/getting-started/get-logs-into-loki.md
+@@ -26,7 +26,7 @@ The following instructions should help y
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://loki:3100/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/getting-started/troubleshooting.md
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/docs/sources/getting-started/troubleshooting.md
++++ loki-2.5.0+git.1649366683.2d9d0ee23/docs/sources/getting-started/troubleshooting.md
+@@ -31,7 +31,7 @@ Promtail yet. There may be one of many r
+ them off. Here is what you can do:
+ - Start Promtail after Loki, e.g., 60 seconds later.
+ - To force Promtail to re-send log messages, delete the positions file
+- (default location `/tmp/positions.yaml`).
++ (default location `/var/lib/promtail/positions.yaml`).
+ - Promtail is ignoring targets and isn't reading any logs because of a
+ configuration issue.
+ - This can be detected by turning on debug logging in Promtail and looking
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/production/docker/config/promtail-gateway.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/production/docker/config/promtail-gateway.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/production/docker/config/promtail-gateway.yaml
+@@ -4,7 +4,7 @@ server:
+ log_level: "debug"
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://loki-gateway:80/loki/api/v1/push
+Index: loki-2.5.0+git.1649366683.2d9d0ee23/production/simple-scalable/promtail-config.yaml
+===================================================================
+--- loki-2.5.0+git.1649366683.2d9d0ee23.orig/production/simple-scalable/promtail-config.yaml
++++ loki-2.5.0+git.1649366683.2d9d0ee23/production/simple-scalable/promtail-config.yaml
+@@ -4,7 +4,7 @@ server:
+ grpc_listen_port: 0
+
+ positions:
+- filename: /tmp/positions.yaml
++ filename: /var/lib/promtail/positions.yaml
+
+ clients:
+ - url: http://gateway:3100/loki/api/v1/push
diff --git a/series b/series
new file mode 100644
index 0000000..216f2b7
--- /dev/null
+++ b/series
@@ -0,0 +1,2 @@
+harden_promtail.service.patch
+proper-data-directories.patch