Fix syslog proxy

Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803
2022-09-04 20:21:02 -07:00 · 2022-09-04 20:21:02 -07:00 · 67df912755
commit 67df912755
parent d62c96fe34
3 changed files with 47 additions and 17 deletions
--- a/.secrets-baseline
+++ b/.secrets-baseline
@ -171,7 +171,7 @@
        "filename": "nomad/syslogng.nomad",
        "hashed_secret": "298b5925fe7c7458cb8a12a74621fdedafea5ad6",
        "is_verified": false,
-        "line_number": 171,
+        "line_number": 159,
        "is_secret": false
      },
      {
@ -179,7 +179,7 @@
        "filename": "nomad/syslogng.nomad",
        "hashed_secret": "3a1cec2d3c3de7e4da4d99c6731ca696c24b72b4",
        "is_verified": false,
-        "line_number": 171,
+        "line_number": 159,
        "is_secret": false
      }
    ],
@ -210,5 +210,5 @@
      }
    ]
  },
-  "generated_at": "2022-09-04T21:06:55Z"
+  "generated_at": "2022-09-05T03:20:56Z"
 }
--- a/nomad/syslogng.nomad
+++ b/nomad/syslogng.nomad
@ -92,13 +92,6 @@ EOF
  group "syslogng" {
    count = 1

-    constraint {
-      attribute = "${node.unique.name}"
-      # Needs to be on a predictable node for routing
-      # Maybe a loadbalancer could be used for routing from any node
-      value = "n2"
-    }
-
    network {
      mode = "bridge"
      port "main" {
@ -113,6 +106,8 @@ EOF
      connect {
        sidecar_service {
          proxy {
+            local_service_port = 514
+
            upstreams {
              destination_name = "syslogng-promtail"
              local_bind_port = 1000
@ -128,13 +123,6 @@ EOF
          }
        }
      }
-
-      tags = [
-        "traefik.enable=true",
-        "traefik.tcp.routers.syslogngtcp.entrypoints=syslogtcp",
-        "traefik.tcp.routers.syslogngtcp.rule=HostSNI(`*`)",
-        "traefik.udp.routers.syslogngudp.entrypoints=syslogudp",
-      ]
    }

    task "syslogng" {
--- a/nomad/traefik/traefik.nomad
+++ b/nomad/traefik/traefik.nomad
@ -32,9 +32,14 @@ job "traefik" {
      port "web" {
        static = 80
      }
+
      port "websecure" {
        static = 443
      }
+
+      port "syslog" {
+        static = 514
+      }
    }

    ephemeral_disk {
@ -224,6 +229,43 @@ CF_ZONE_API_TOKEN={{ .Data.data.api_token_zone_read }}
        change_mode = "noop"
      }

+      template {
+        data = <<EOH
+{{ with service "syslogng" -}}
+[tcp.routers]
+  [tcp.routers.syslogtcp]
+    entryPoints = ["syslogtcp"]
+    service = "syslogngtcp"
+    rule = "HostSNI(`*`)"
+
+[tcp.services]
+  [tcp.services.syslogngtcp]
+    [tcp.services.syslogngtcp.loadBalancer]
+      {{ range . -}}
+      [[tcp.services.syslogngtcp.loadBalancer.servers]]
+        address = "{{ .Address }}:{{ .Port }}"
+      {{ end -}}
+{{ end }}
+
+{{ with service "syslogng" -}}
+[udp.routers]
+  [udp.routers.syslogudp]
+    entryPoints = ["syslogudp"]
+    service = "syslogngudp"
+
+[udp.services]
+  [udp.services.syslogngudp]
+    [udp.services.syslogngudp.loadBalancer]
+      {{ range . -}}
+      [[udp.services.syslogngudp.loadBalancer.servers]]
+        address = "{{ .Address }}:{{ .Port }}"
+      {{ end -}}
+{{ end }}
+        EOH
+        destination = "local/config/conf/route-syslog-ng.toml"
+        change_mode = "noop"
+      }
+
      template {
        data = <<EOH
 [http.middlewares]