IONOS Cloud: Logging as a Service Howto
About a year ago, our partner IONOS Cloud released an early access preview for their new Logging as a Service (LaaS) offering. The LaaS offering provides a centralized and scalable solution for logging, monitoring, and analyzing logs.
It has been available for a few months now, and we have been using it for our Nomad cluster for a while. Currently, the configuration must be done entirely through the IONOS Cloud API. In this blog post, we will delve into the details.
You need to obtain an access token to interact with the IONOS Cloud API. You can either send a GET request to https://api.ionos.com/auth/v1/tokens/generate
and authenticate with Basic Auth (use the credentials that you use for logging into the Datacenter Designer) or use the Token Manager within the Datacenter Designer to create a token for you. All future requests require sending the obtained token as a Bearer token in each request.
To create a new Logging pipeline, POST the following request to https://logging.de-txl.ionos.com/pipelines
:
{
"properties": {
"name": "Test",
"logs": [
{
"public": true,
"source": "generic",
"tag": "demo",
"destinations": [
{
"type": "loki",
"retentionInDays": 7
}
],
"protocol": "tcp"
}
]
}
}
The API response will look similar to this:
{
"id": "5abcc55b-45b6-4e77-a0ae-381c635ba122",
"type": "Pipeline",
"metadata": {
"createdDate": "2024-04-21T18:28:17Z",
"createdBy": "user@example.com",
"createdByUserId": "12345678",
"createdByUserUuid": "c39776e8-ef1d-4558-8b7f-35b01694d126",
"lastModifiedDate": "2024-04-21T18:43:51Z",
"lastModifiedBy": "user@example.com",
"lastModifiedByUserId": "12345678",
"lastModifiedByUserUuid": "c39776e8-ef1d-4558-8b7f-35b01694d126",
"state": "AVAILABLE"
},
"properties": {
"name": "Test",
"logs": [
{
"public": false,
"source": "generic",
"tag": "demo",
"destinations": [
{
"type": "loki",
"retentionInDays": 7
}
],
"protocol": "tcp"
}
],
"tcpAddress": "tcp-8351899c6add-logs.3059a012db44.logging.de-txl.ionos.com:9000",
"httpAddress": "",
"grafanaAddress": "grafana.3059a012db44.logging.de-txl.ionos.com",
"resourceTier": "s",
"key": "cMoyrIvZAUYGkgtMSTsIklGw"
}
}
Here's the catch: We set the flag public
to true for the demo tag when posting the data. The API ignores the setting and sets the flag to false for some odd reason. If the public flag is false, the API will ignore (or not display) the data.
Thus, we must patch the resource to update the public
flag and set it to true
. This can be done by sending a PATCH request to the url https://logging.de-txl.ionos.com/pipelines/5abcc55b-45b6-4e77-a0ae-381c635ba122
:
{
"properties": {
"name": "Test",
"logs": [
{
"public": true,
"source": "generic",
"tag": "demo",
"destinations": [
{
"type": "loki",
"retentionInDays": 7
}
],
"protocol": "tcp"
}
]
}
}
Also, in the first response, the API generated a Shared Key for us which FluentBit needs to authenticate against the API endpoint. If you missed this, you can generate an additional shared Key by sending a POST request to this url https://logging.de-txl.ionos.com/pipelines/5abcc55b-45b6-4e77-a0ae-381c635ba122/key
.
Besides that, the first response contains the TCP endpoint for FluentBit. The following configuration is needed for FluentBit to connect to that TCP endpoint:
[OUTPUT]
Name forward
Match *
Port 9000
Tag <TAG>
Host <TCP_ENDPOINT>
tls on
Shared_Key <KEY>
Replace <TAG>
with the default tag you want to use, <TCP_ENDPOINT>
with just the hostname of the tcpAddress
in the API response, and <KEY>
with the Shared Key that was generated for you.
LaaS uses Grafana to display and query the logging data. The url for your Grafana instance can be found in the first response sent by the API, e.g. grafana.3059a012db44.logging.de-txl.ionos.com
. If you cannot log into Grafana with your Datacenter Designer credentials, you may need to convert your email address to all lowercase letters.
To learn more about the IONOS Cloud LaaS offering, check their service documentation as well as the API docs.