feat(logging): fan out grafana-alloy to remaining hosts + delete promtail (step 2) #122

New issue

Closed

opened 2026-06-07 14:33:21 +02:00 by dominik.polakovics · 1 comment

dominik.polakovics commented 2026-06-07 14:33:21 +02:00

Owner

Copy link

Step 2 of #118 (promtail→alloy migration). Do after the nas canary (step 1) is verified in Grafana.

Agent Brief

Category: enhancement

Summary: Once the nas canary proves the alloy config, switch the remaining four hosts (fw, mail, web-arm, amzebs-01) from utils/modules/promtail to utils/modules/alloy, and delete the now-unused promtail module.

Background / why: Completes the fleet migration started in step 1. The shared alloy module already exists and is verified on nas; the config is host-agnostic (it just reads the local journal), so the remaining hosts switch by swapping the import.

Tasks:

• In each of hosts/{fw,mail,web-arm,amzebs-01}/configuration.nix: replace the ./utils/modules/promtail import with ./utils/modules/alloy.
• Delete utils/modules/promtail (default.nix + secrets.yaml).
• Remove the now-orphan utils/modules/promtail/... creation rule from .sops.yaml.

Acceptance:

• pre-commit eval green for all hosts.
• After deploy: all five hosts visible in Grafana Loki with the expected labels; promtail no longer running anywhere.

Note: fw and web-arm may still be on 25.11 with the temporary docker_29 pin — that's independent of this change. If their 26.05 bumps land first, even better. Part of #118.

*Step 2 of #118 (promtail→alloy migration). Do after the nas canary (step 1) is verified in Grafana.* ## Agent Brief **Category:** enhancement **Summary:** Once the nas canary proves the alloy config, switch the remaining four hosts (fw, mail, web-arm, amzebs-01) from `utils/modules/promtail` to `utils/modules/alloy`, and delete the now-unused promtail module. **Background / why:** Completes the fleet migration started in step 1. The shared alloy module already exists and is verified on nas; the config is host-agnostic (it just reads the local journal), so the remaining hosts switch by swapping the import. **Tasks:** - In each of `hosts/{fw,mail,web-arm,amzebs-01}/configuration.nix`: replace the `./utils/modules/promtail` import with `./utils/modules/alloy`. - Delete `utils/modules/promtail` (`default.nix` + `secrets.yaml`). - Remove the now-orphan `utils/modules/promtail/...` creation rule from `.sops.yaml`. **Acceptance:** - pre-commit eval green for all hosts. - After deploy: all five hosts visible in Grafana Loki with the expected labels; promtail no longer running anywhere. **Note:** fw and web-arm may still be on 25.11 with the temporary docker_29 pin — that's independent of this change. If their 26.05 bumps land first, even better. Part of #118.

dominik.polakovics added the

needs-triage

enhancement

labels 2026-06-07 14:33:21 +02:00

dominik.polakovics referenced this issue 2026-06-07 14:50:05 +02:00

fix(fw,web-arm): pin docker_29 to unblock fleet eval #123

dominik.polakovics referenced this issue 2026-06-07 14:50:36 +02:00

feat(logging): migrate fleet journal shipping from promtail to grafana-alloy #118

dominik.polakovics commented 2026-06-07 16:53:16 +02:00

Author

Owner

Copy link

This was generated by AI during triage.

Triage → ready-for-agent

Step-2 fan-out is unblocked; prerequisites verified:

• Step 1 (nas canary, #121 / PR #124) merged and confirmed live in Grafana.
• Eval-unblock (docker_29, PR #123) is in main, so a shared-module change passes the pre-commit dry-build on fw/web-arm.
• alloy-env secret already decrypts on all four targets. .sops.yaml's utils/modules/alloy rule mirrors promtail's recipient set exactly (web-arm, ldap-server-arm = mail, fw, nas, amzebs-01) — no secret rewiring needed.
• services.alloy is present on 25.11. All four targets (fw, mail, web-arm, amzebs-01) are still on 25.11, but the module exists there, so the swap holds now and survives each host's later 26.05 bump.
• No afk/122 claim — free to pick up.

Verify nuance (not caught by eval/build)

The four targets run grafana-alloy 1.12.2 (25.11); the nas canary proved 1.16.0 (26.05). config.alloy uses only GA-stable components (loki.source.journal, loki.process stages, loki.write, discovery.relabel, sys.env), so the version gap is low-risk — but config.alloy is shipped as a static environment.etc file, so neither the pre-commit eval nor the build parses it. Post-deploy verification must include at least one 25.11 host (e.g. mail or amzebs-01) in Grafana/Loki, not lean on the nas/1.16.0 precedent alone. Each host re-verifies alloy again at its 26.05 bump (#106/#108/#110/#112).

Reminder from the brief

When deleting utils/modules/promtail (default.nix + secrets.yaml), also remove its now-orphan creation rule from .sops.yaml (the utils/modules/promtail/... block) — keep the utils/modules/alloy rule.

> *This was generated by AI during triage.* ## Triage → ready-for-agent Step-2 fan-out is unblocked; prerequisites verified: - **Step 1 (nas canary, #121 / PR #124)** merged and confirmed live in Grafana. - **Eval-unblock (docker_29, PR #123)** is in `main`, so a shared-module change passes the pre-commit dry-build on fw/web-arm. - **`alloy-env` secret already decrypts on all four targets.** `.sops.yaml`'s `utils/modules/alloy` rule mirrors promtail's recipient set exactly (web-arm, ldap-server-arm = mail, fw, nas, amzebs-01) — no secret rewiring needed. - **`services.alloy` is present on 25.11.** All four targets (fw, mail, web-arm, amzebs-01) are still on 25.11, but the module exists there, so the swap holds now and survives each host's later 26.05 bump. - No `afk/122` claim — free to pick up. ### Verify nuance (not caught by eval/build) The four targets run **grafana-alloy 1.12.2** (25.11); the nas canary proved **1.16.0** (26.05). `config.alloy` uses only GA-stable components (`loki.source.journal`, `loki.process` stages, `loki.write`, `discovery.relabel`, `sys.env`), so the version gap is low-risk — **but** `config.alloy` is shipped as a static `environment.etc` file, so neither the pre-commit eval nor the build parses it. **Post-deploy verification must include at least one 25.11 host** (e.g. mail or amzebs-01) in Grafana/Loki, not lean on the nas/1.16.0 precedent alone. Each host re-verifies alloy again at its 26.05 bump (#106/#108/#110/#112). ### Reminder from the brief When deleting `utils/modules/promtail` (default.nix + secrets.yaml), also remove its now-orphan creation rule from `.sops.yaml` (the `utils/modules/promtail/...` block) — keep the `utils/modules/alloy` rule.

dominik.polakovics added

ready-for-agent

and removed

needs-triage

labels 2026-06-07 16:53:16 +02:00

dominik.polakovics referenced this issue from a commit 2026-06-07 17:02:59 +02:00

feat(logging): fan out grafana-alloy to remaining hosts, delete promtail

dominik.polakovics referenced this issue from a pull request that will close it, 2026-06-07 17:03:47 +02:00

feat(logging): fan out grafana-alloy to remaining hosts, delete promtail #125

dominik.polakovics referenced this issue 2026-06-07 18:07:50 +02:00

feat(logging): fan out grafana-alloy to remaining hosts, delete promtail #125

dominik.polakovics closed this issue 2026-06-07 18:09:12 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

chore/epicenter-vm-disk-128g

fix/lab-pin-opus-4-8

feat/diag-on-internal-vms

feat/dev-lab

feat/fw-cpu-priorities-and-nix-shell

No results found.

Labels

Clear labels   

bug

  

enhancement

  

in-progress

  

needs-info

  

needs-triage

  

p0

  

ready-for-agent

  

ready-for-human

  

wontfix

No labels

bug

enhancement

in-progress

needs-info

needs-triage

p0

ready-for-agent

ready-for-human

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Cloonar/nixos#122

No description provided.