lambda-promtail: Add ability to ingest logs from S3 #5065
Conversation
|
am I supposed to manually edit the changelog? the PR template is a little ambiguous to me |
|
I can't speak to the cloudformation (not my jam) but we should add the variables (bucket name, prefixes) and lambda permissions and s3 event notification to the terraform to support this. |
|
@AndreZiviani yes, please manually add a changelog entry to this PR. |
AndreZiviani
force-pushed
the
feat/lambda-promtail-s3
branch
from
c8cd46f to
9c9f4a9
Compare
AndreZiviani
force-pushed
the
feat/lambda-promtail-s3
branch
from
9c9f4a9 to
f560050
Compare
AndreZiviani
force-pushed
the
feat/lambda-promtail-s3
branch
from
f167211 to
74f88ac
Compare
|
sorry for those force pushes, I made a mistake when merging/rebasing... |
|
@AndreZiviani let me know if you need help with any of the outstanding comments :) |
|
thanks @cstyan, I had to focus on other things this past week, will try to address your suggestions on Monday/Tuesday |
There was a problem hiding this comment.
Hey, this is looking good. Thanks for the PR! I've left a few suggestions here that could improve the approach, but I also think we could do those in a followup PR if you prefer (either done by yourself or someone else, maybe @cstyan?).
There was a problem hiding this comment.
Looking good, a few more comments but they're mostly style nits.
I think it would be a good idea to eventually move the global variables we have in main.go that we're now using within other files for batchSize to a struct of config options or something like that, but that doesn't need to happen in this PR.
| if stream, ok := b.streams[labels]; ok { | ||
| stream.Entries = append(stream.Entries, e.entry) | ||
| return | ||
|
|
||
| b.size += stream.Size() | ||
|
|
||
| } else { | ||
|
|
||
| b.streams[labels] = &logproto.Stream{ | ||
| Labels: labels, | ||
| Entries: []logproto.Entry{e.entry}, | ||
| } | ||
|
|
||
| b.size += b.streams[labels].Size() |
There was a problem hiding this comment.
nit again: we could simplify to something like this
stream, ok := b.streams[labels];
if !ok {
b.streams[labels] = &logproto.Stream{
Labels: labels,
}
stream = b.stream[labels]
}
stream.Entries = append(stream.Entries, e.entry)
b.size += stream.Size()
| return nil, err | ||
| var s3Client *s3.Client | ||
|
|
||
| if c, ok := s3Clients[labels["bucket_region"]]; ok { |
There was a problem hiding this comment.
do we only need a single client per bucket region? there isn't the possibility of different buckets in the same region requiring different clients for auth reasons?
There was a problem hiding this comment.
I suspect we can ignore this for now as multiple regions/bucket auth can be attached to this lambda.
There was a problem hiding this comment.
I think multiple buckets with different auth options would increase the complexity, it would be easier to configure another lambda with another role
| @@ -38,7 +38,7 @@ func parseCWEvent(ctx context.Context, b *batch, ev *events.CloudwatchLogsEvent) | |||
| } | |||
|
|
|||
| func processCWEvent(ctx context.Context, ev *events.CloudwatchLogsEvent) error { | |||
| batch := newBatch() | |||
| batch, _ := newBatch(ctx) | |||
There was a problem hiding this comment.
We should not swallow this error. Perhaps newBatch shouldn't accept entries and then newBatch won't need to return an error.
There was a problem hiding this comment.
since the batch will always be empty here it should never fail, thats why I ignored it
| if stream, ok := b.streams[labels]; ok { | ||
| stream.Entries = append(stream.Entries, e.entry) | ||
|
|
||
| b.size += stream.Size() |
There was a problem hiding this comment.
This Size() method doesn't actually measure what we're expecting (it's part of the generated protobuf). Instead, I'd keep track of the line's bytel length as they're added, like so:
https://github.com/grafana/loki/blob/main/clients/pkg/promtail/client/batch.go#L44-L45
There was a problem hiding this comment.
I see, will fix that
| return nil, err | ||
| var s3Client *s3.Client | ||
|
|
||
| if c, ok := s3Clients[labels["bucket_region"]]; ok { |
There was a problem hiding this comment.
I suspect we can ignore this for now as multiple regions/bucket auth can be attached to this lambda.
What this PR does / why we need it:
Allows lambda-promtail to ingest load balancer logs stored on S3, before it was only possible to ingest logs from CloudWatch
Which issue(s) this PR fixes:
Special notes for your reviewer:
I've made it somewhat modular allowing to plug new datasources (e.g. SNS, SQS...) on the same lambda function easier but it is not trivial to have the same lambda receive events from multiple sources in go (it's easy on other languages) that's why I changed the event parameter to a map of interface.
Since Loki now accepts out of order writes I'm sending the timestamp from the log itself.
I've also copied the batch feature from promtail itself because a S3 log can be quite big.
Most of the changes are either inspired or straight copied from promtail source code.
Checklist
CHANGELOG.mdabout the changes.