bob/Operation-Blue-Laminate-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

almost ready

Browse Source
This commit is contained in:
bob
2026-06-01 10:52:06 -05:00
parent 8b0eb0db78
commit 763305ca89
94 changed files with 8766 additions and 2674 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
monitoring/alloy/config.alloy Normal file
View File

@@ -0,0 +1,67 @@
// Grafana Alloy — the single OTLP ingress for the BlueLaminate fleet.
//
// Receives OTLP (gRPC :4317 / HTTP :4318) from the C2 and the Python workers, batches it,
// then fans the three signals out to the local backends:
// metrics -> Prometheus (remote-write)
// logs -> Loki (push API)
// traces -> Tempo (OTLP gRPC on :4319, a non-colliding port)
//
// OTLP is bound on 0.0.0.0 so apps on other LAN hosts can push to this LXC. Everything it
// forwards to listens on localhost only (see each backend's config) — Alloy is the only
// thing that talks to Loki/Prometheus/Tempo. See README "Hardening" to add a bearer token.
otelcol.receiver.otlp "in" {
grpc {
endpoint = "0.0.0.0:4317"
}
http {
endpoint = "0.0.0.0:4318"
}
output {
metrics = [otelcol.processor.batch.default.input]
logs = [otelcol.processor.batch.default.input]
traces = [otelcol.processor.batch.default.input]
}
}
otelcol.processor.batch "default" {
output {
metrics = [otelcol.exporter.prometheus.to_prom.input]
logs = [otelcol.exporter.loki.to_loki.input]
traces = [otelcol.exporter.otlp.to_tempo.input]
}
}
// --- metrics -> Prometheus remote-write ---------------------------------------------------
otelcol.exporter.prometheus "to_prom" {
forward_to = [prometheus.remote_write.local.receiver]
}
prometheus.remote_write "local" {
endpoint {
url = "http://localhost:9090/api/v1/write"
}
}
// --- logs -> Loki push --------------------------------------------------------------------
otelcol.exporter.loki "to_loki" {
forward_to = [loki.write.local.receiver]
}
loki.write "local" {
endpoint {
url = "http://localhost:3100/loki/api/v1/push"
}
}
// --- traces -> Tempo ----------------------------------------------------------------------
// Tempo's own OTLP receiver listens on :4319 so it doesn't collide with this Alloy receiver
// on :4317/:4318. TLS off — it's a localhost hop.
otelcol.exporter.otlp "to_tempo" {
client {
endpoint = "localhost:4319"
tls {
insecure = true
}
}
}