SlideShare a Scribd company logo

Logs/Metrics Gathering With OpenShift EFK Stack

J
Josef Karásek

A talk given at https://devconf.cz/cz/2018

Software
1 of 30
Download to read offline
Logs/Metrics Gathering With OpenShift EFK Stack DevConf, Brno, January 27 2018 Josef Karásek Jan Wozniak Software Engineer Software Engineer 1
@Pepe_CZ2 ONE YEAR AGO
@Pepe_CZ ● The project was officially added to the Group 2 in OpenShift organisation ● The Dev team grew in size: ○ Rich Megginson ○ Noriko Hosoi ○ Lukáš Vlček ○ Jeff Cantrill ○ Eric Wolinetz ○ Jan Wozniak ○ Josef Karásek ADDITIONS TO THE TEAM 3 WE HAVE GROWN
@Pepe_CZ ● Collecting Distributed Logs ● Common Data Model ● Security model - Multi-Tenancy ● Integration with Red Hat products and their upstream projects ● Scalability ● Enable “Big Data” Analysis ● All Open Source Watch the talk on YouTube! MAIN OBJECTIVES 4 WHAT WE WANT TO ACHIEVE
@Pepe_CZ5 LOGGING SYSTEM - ABSTRACT COMPONENTS Log files Journal Collector Data Warehouse (Cluster) Visualization Guests Containers Services Applications Tlog Syslog Host ... Host Load Balancer Logging System Monitoring Log files Journal Collector Guests Containers Services Applications Tlog Syslog
@Pepe_CZ6 CURRENT OPENSHIFT LOGGING Elasticsearch (Cluster) Kibana ES service Logging Namespace Prometheus OpenShift Cluster pod pod project pod pod project openshift docker/cri OS Fluentd journald /var/log/containers/*.log Curator audit ES reencrypt route Fluentd browserManageIQ Kopf Mux (Fluentd)*
@Pepe_CZ FLUENTD - COLLECTOR AND NORMALIZER RUBY BASED LOG AGENT ● Configuration - Apache like, ruby based ● Scalable, secure msgpack secure_forward ● Hundreds of plugins ● Easy to write ruby plugins ● Kubernetes metadata plugin ● OpenStack reference architecture ● Use rsyslog via RELP plugin <filter kubernetes.journal.container**> @type record_transformer enable_ruby <record> time ${Time.at((record["_SOURCE_REALTIME_ TIMESTAMP"] || record["__REALTIME_TIMESTAMP"]).to_f / 1000000.0).utc.to_datetime.rfc3339(6 )} ... 7
@Pepe_CZ WIDELY USED, JAVA BASED SEARCH ENGINE ELASTICSEARCH - DATA WAREHOUSE ● Based on Apache Lucene ● Great for full text log searching ● Very good for TSD ● SearchGuard for security, authz ● Openshift Elasticsearch plugin ● OpenStack, oVirt reference architecture ● Curator for log trimming { "_id": "AVm4sS7SHNq31gLBPp4-", "_index": ".operations.2017.01.18", "_score": 1.0, "_source": { "@timestamp": "2017-01-17T21:45:41.000000-00:00", "Hostname": “os.rmeggins.test", "message": "Journal stopped", "systemd": { "t": { "PID": “109”, ... }, "_type": "com.redhat.viaq.common" 8
@Pepe_CZ9 KIBANA - VISUALIZATION Node.js Based - Tightly Coupled with Elasticsearch
@Pepe_CZ10 ARCHITECTURE - LOGGING DETAIL Elasticsearch (Cluster) ES service/externalIP Logging System - OpenShift Platform Fluentd OpenShift ES plugin SearchGuard plugin Kibana container Auth proxy container OpenShift OAuth OpenShift API K8s metadata User project and roles Browser Add token and userid headers Token and userid headers Kibana Pod
@Pepe_CZ11 QUICKSTART - oc cluster up --logging ● Deploy OpenShift with oc cluster up ● Shutdown cluster ● Restart docker ● Bring cluster back up with existing configuration There is currently a bug that the pods cannot inter-network e.g. Fluentd cannot talk to Elasticsearch unless docker is restarted while the cluster is down. $ sudo oc cluster down $ sudo systemctl restart docker $ sudo oc cluster up --use-existing-config …
@Pepe_CZ12 QUICKSTART - minishift start --logging ● Set up minishift [1] - use [1] https://github.com/MiniShift/minishift minishift start --logging
@Pepe_CZ13 ViaQ - LOGGING THE HARD WAY ● Follow directions on GitHub ● Uses openshift-ansible to set up an all-in-one cluster ● Configures logging for external access - similar to how oVirt uses logging ● Extensible for more complex deployments
@Pepe_CZ14 EXAMPLE ANSIBLE INVENTORY FILES ● deploy_cluster.yml playbook to deploy OpenShift and logging ● All-in-one inventory based on OpenShift Origin 3.7.1 # Make sure to set version and to install logging [OSEv3:vars] openshift_release=v3.7.1 openshift_logging_install_logging=true openshift_image_tag=v3.7.1 openshift_logging_es_allow_external=true
@Pepe_CZ15 TROUBLESHOOTING ● logging-dump.sh - an “sosreport” for logging [1],[2] ○ Contains pod logs, config ○ Look at the pod log files for errors ○ Good for attaching to bug reports [1] https://github.com/openshift/origin-aggregated-logging/blob/master /hack/README-dump.md [2] https://github.com/openshift/origin-aggregated-logging/blob/master /hack/logging-dump.sh
@Pepe_CZ16 TROUBLESHOOTING ● Query Elasticsearch from command line - es_util Where <query> could be something like Instead of project.* use .operations.* for system logs ● Get the list of indices oc get pods | grep logging-es # get the pod name espod=logging-es-..... oc exec -c elasticsearch $espod -- es_util --query “project.*/_search?sort=@timestamp:desc&q=<query>” | python -mjson.tool | more level:error oc exec -c elasticsearch $espod -- indices
@Pepe_CZ17 USING WITH oVirt ● oVirt uses Collectd to gather metrics and monitoring data ● Collectd writes to Fluentd using http input ● Fluentd also gathers oVirt engine logs ● Fluentd sends data to external Elasticsearch endpoint ● Logging is configured with ovirt-metrics-engine and ovirt-logs-engine projects ● Links: https://www.ovirt.org/blog/2017/12/ovirt-metrics-store/ https://www.ovirt.org/develop/release-management/features/me trics/metrics-store/
@Pepe_CZ18 USING WITH OpenStack ● OpenStack can be configured with a Fluentd client ● OpenStack uses secure_forward to send logs to mux ● Upstream documentation is here[1] ● Downstream documentation is here[2] [1]http://opstools-ansible.readthedocs.io/en/latest/tripleo_integration .html [2]https://access.redhat.com/documentation/en-us/red_hat_opensta ck_platform/10/html/advanced_overcloud_customization/sect-monito ring_tools_configuration
@Pepe_CZ19 LOGGING CUSTOM APPLICATION DATA ● Have clear definition of fields in log messages ● Send logs to stdout ● Configure application to output single-line JSON BEST PRACTICES { "hostname":"myhost.test", "level":"info", "message":"Server listening on 0.0.0.0:8080", "time":"2018-01-24T17:35:10+01:00" }
@Pepe_CZ20 LOGGING CUSTOM APPLICATION DATA ● Or even: BEST PRACTICES { "application": { "accounts": { "hostname":"myhost.test", "level":"info", "message":"Server listening on 0.0.0.0:8080", "time":"2018-01-24T17:35:10+01:00" } } }
@Pepe_CZ21 LOGGING CUSTOM APPLICATION DATA These things are easy... BEST PRACTICES func initLogger() *log.Entry { log.SetFormatter(&log.JSONFormatter) log.SetOutput(os.Stdout) return log.WithFields(log.Fields{ "hostname": os.Getenv("HOSTNAME"), }) }
@Pepe_CZ22 LOGGING CUSTOM APPLICATION DATA Log line: Becomes: JSON FORMATTED MESSAGE FIELD INFO[0000] 2018-01-24T17:35:10+01:00 message="{"level":"warn","message":"Function deprecated", "some_field":"some_value"}" { "level":"warn", "some_field":"some_value", "message":"Function deprecated", ... }
@Pepe_CZ23 LOGGING CUSTOM APPLICATION DATA ● Plain text messages ○ ...the default for most loggers ○ Searching such logs becomes a real CSI crime scene investigation WORST PRACTICE { "level":"info", "message":"ERROR[0000] 2018-01-24T17:35:10+01:00 NullPointerException in ...", ... }
@Pepe_CZ24 DEMO
@Pepe_CZ25 FUTURE DIRECTIONS ● Support CRI log format - not docker json-file compatible ● Fluentd does not scale well - look for alternatives: rsyslog, fluent-bit, Elastic Beats ● Fluentd RELP input - rsyslog to fluentd[1] ● More integration with Prometheus - fluentd metrics, other metrics ● Elasticsearch 5 (OpenShift 3.10), Elasticsearch 6 (OpenShift 3.11 or later) ● Grafana - display metrics and log data on same dashboard - aggregate from different sources ● Message Queue integration [1] https://github.com/ViaQ/fluent-plugin-relp
@Pepe_CZ26 ARCHITECTURE USING QUEUE Log sources Collector Elasticsearch (Cluster) Kibana Host ... Host Mux - Normalizer Mux - Normalizer Logging SystemMessage Queue Separate topics for Raw and Normalized Log sources Collector Raw Raw Raw Raw “Big Data” Analysis Archival “Tailing” Monitoring Normalized
@Pepe_CZ27 WHERE TO FIND THE CODE?
@Pepe_CZ28 SOURCE CODE & MAILING LIST ● OpenShift Aggregated Logging ○ https://github.com/openshift/origin-aggregated-logging ○ #openshift-dev FreeNode IRC ● ViaQ ○ https://github.com/ViaQ ○ #viaq FreeNode IRC ● CentOS OpsTools SIG ○ https://wiki.centos.org/SpecialInterestGroup/OpsTools ○ #centos-devel FreeNode IRC ○ centos-devel mailing list
@Pepe_CZ Q & A 29
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews 30

Recommended

Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Lee Myring
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Marco Pas
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introductionRico Chen
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installationRobert Bohne
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptxBhushan Rane
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialTim Vaillancourt
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For DevelopersKevin Brockhoff
 

Recommended

Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Lee Myring
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Marco Pas
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introductionRico Chen
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installationRobert Bohne
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptxBhushan Rane
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialTim Vaillancourt
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For DevelopersKevin Brockhoff
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRobert Bohne
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaArvind Kumar G.S
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With PrometheusKnoldus Inc.
 
Observability in Java: Getting Started with OpenTelemetry
Observability in Java: Getting Started with OpenTelemetryObservability in Java: Getting Started with OpenTelemetry
Observability in Java: Getting Started with OpenTelemetryDevOps.com
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform TrainingYevgeniy Brikman
 
Clustering and High Availability
Clustering and High Availability Clustering and High Availability
Clustering and High Availability Information Technology
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioDevOpsDays Tel Aviv
 
OpenTelemetry For Operators
OpenTelemetry For OperatorsOpenTelemetry For Operators
OpenTelemetry For OperatorsKevin Brockhoff
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For ArchitectsKevin Brockhoff
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesAlexei Ledenev
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on AzureMithun Shanbhag
 
OpenTelemetry Introduction
OpenTelemetry Introduction OpenTelemetry Introduction
OpenTelemetry Introduction DimitrisFinas1
 
Steering the Course with Helm
Steering the Course with HelmSteering the Course with Helm
Steering the Course with HelmDirk Jablonski
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
 
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfOpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfssuser9e06a61
 
HPC on OpenStack
HPC on OpenStackHPC on OpenStack
HPC on OpenStackErich Birngruber
 

More Related Content

What's hot

Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRobert Bohne
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaArvind Kumar G.S
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With PrometheusKnoldus Inc.
 
Observability in Java: Getting Started with OpenTelemetry
Observability in Java: Getting Started with OpenTelemetryObservability in Java: Getting Started with OpenTelemetry
Observability in Java: Getting Started with OpenTelemetryDevOps.com
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform TrainingYevgeniy Brikman
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioDevOpsDays Tel Aviv
 
OpenTelemetry For Operators
OpenTelemetry For OperatorsOpenTelemetry For Operators
OpenTelemetry For OperatorsKevin Brockhoff
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleKnoldus Inc.
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For ArchitectsKevin Brockhoff
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesAlexei Ledenev
 
OpenTelemetry Introduction
OpenTelemetry Introduction OpenTelemetry Introduction
OpenTelemetry Introduction DimitrisFinas1
 
Steering the Course with Helm
Steering the Course with HelmSteering the Course with Helm
Steering the Course with HelmDirk Jablonski
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
 

What's hot (20)

Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with Prometheus
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABC
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With Prometheus
 
Observability in Java: Getting Started with OpenTelemetry
Observability in Java: Getting Started with OpenTelemetryObservability in Java: Getting Started with OpenTelemetry
Observability in Java: Getting Started with OpenTelemetry
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
 
Clustering and High Availability
Clustering and High Availability Clustering and High Availability
Clustering and High Availability
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with Prometheus
 
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.ioTHE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io
 
OpenTelemetry For Operators
OpenTelemetry For OperatorsOpenTelemetry For Operators
OpenTelemetry For Operators
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red Hat
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for Kubernetes
 
Terraform on Azure
Terraform on AzureTerraform on Azure
Terraform on Azure
 
OpenTelemetry Introduction
OpenTelemetry Introduction OpenTelemetry Introduction
OpenTelemetry Introduction
 
Steering the Course with Helm
Steering the Course with HelmSteering the Course with Helm
Steering the Course with Helm
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
 

Similar to Logs/Metrics Gathering With OpenShift EFK Stack

OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfOpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfssuser9e06a61
 
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cnLearn OpenStack from trystack.cn
Learn OpenStack from trystack.cnOpenCity Community
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentdSoluto
 
Bgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudBgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudJacek Gebal
 
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoStorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoAlluxio, Inc.
 
Mulesoft Meetup Milano #9 - Batch Processing and CI/CD
Mulesoft Meetup Milano #9 - Batch Processing and CI/CDMulesoft Meetup Milano #9 - Batch Processing and CI/CD
Mulesoft Meetup Milano #9 - Batch Processing and CI/CDGonzalo Marcos Ansoain
 
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4Robert Bohne
 
Buildout: creating and deploying repeatable applications in python
Buildout: creating and deploying repeatable applications in pythonBuildout: creating and deploying repeatable applications in python
Buildout: creating and deploying repeatable applications in pythonCodeSyntax
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Microsoft
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsLuca Mazzaferro
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil FrameworkVeilFramework
 
Odo improving the developer experience on OpenShift - hack &amp; sangria
Odo improving the developer experience on OpenShift - hack &amp; sangriaOdo improving the developer experience on OpenShift - hack &amp; sangria
Odo improving the developer experience on OpenShift - hack &amp; sangriaJorge Morales
 
Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform GainRejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform GainŁukasz Piątkowski
 
OpenStack Integration with OpenContrail and OpenDaylight
OpenStack Integration with OpenContrail and OpenDaylightOpenStack Integration with OpenContrail and OpenDaylight
OpenStack Integration with OpenContrail and OpenDaylightSyed Moneeb
 
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...Puppet
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsThe Linux Foundation
 
Creating new Tizen profiles using the Yocto Project
Creating new Tizen profiles using the Yocto ProjectCreating new Tizen profiles using the Yocto Project
Creating new Tizen profiles using the Yocto ProjectLeon Anavi
 
OpenDaylight Integration with OpenStack Neutron: A Tutorial
OpenDaylight Integration with OpenStack Neutron: A TutorialOpenDaylight Integration with OpenStack Neutron: A Tutorial
OpenDaylight Integration with OpenStack Neutron: A Tutorialmestery
 

Similar to Logs/Metrics Gathering With OpenShift EFK Stack (20)

OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfOpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
 
HPC on OpenStack
HPC on OpenStackHPC on OpenStack
HPC on OpenStack
 
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cnLearn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
 
Bgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudBgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloud
 
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoStorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
 
Mulesoft Meetup Milano #9 - Batch Processing and CI/CD
Mulesoft Meetup Milano #9 - Batch Processing and CI/CDMulesoft Meetup Milano #9 - Batch Processing and CI/CD
Mulesoft Meetup Milano #9 - Batch Processing and CI/CD
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
 
Buildout: creating and deploying repeatable applications in python
Buildout: creating and deploying repeatable applications in pythonBuildout: creating and deploying repeatable applications in python
Buildout: creating and deploying repeatable applications in python
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperations
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
 
Odo improving the developer experience on OpenShift - hack &amp; sangria
Odo improving the developer experience on OpenShift - hack &amp; sangriaOdo improving the developer experience on OpenShift - hack &amp; sangria
Odo improving the developer experience on OpenShift - hack &amp; sangria
 
Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform GainRejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform Gain
 
OpenStack Integration with OpenContrail and OpenDaylight
OpenStack Integration with OpenContrail and OpenDaylightOpenStack Integration with OpenContrail and OpenDaylight
OpenStack Integration with OpenContrail and OpenDaylight
 
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
 
Creating new Tizen profiles using the Yocto Project
Creating new Tizen profiles using the Yocto ProjectCreating new Tizen profiles using the Yocto Project
Creating new Tizen profiles using the Yocto Project
 
OpenDaylight Integration with OpenStack Neutron: A Tutorial
OpenDaylight Integration with OpenStack Neutron: A TutorialOpenDaylight Integration with OpenStack Neutron: A Tutorial
OpenDaylight Integration with OpenStack Neutron: A Tutorial
 

Recently uploaded

VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 

Recently uploaded (20)

VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 

Logs/Metrics Gathering With OpenShift EFK Stack

  • 1. Logs/Metrics Gathering With OpenShift EFK Stack DevConf, Brno, January 27 2018 Josef Karásek Jan Wozniak Software Engineer Software Engineer 1
  • 3. @Pepe_CZ ● The project was officially added to the Group 2 in OpenShift organisation ● The Dev team grew in size: ○ Rich Megginson ○ Noriko Hosoi ○ Lukáš Vlček ○ Jeff Cantrill ○ Eric Wolinetz ○ Jan Wozniak ○ Josef Karásek ADDITIONS TO THE TEAM 3 WE HAVE GROWN
  • 4. @Pepe_CZ ● Collecting Distributed Logs ● Common Data Model ● Security model - Multi-Tenancy ● Integration with Red Hat products and their upstream projects ● Scalability ● Enable “Big Data” Analysis ● All Open Source Watch the talk on YouTube! MAIN OBJECTIVES 4 WHAT WE WANT TO ACHIEVE
  • 5. @Pepe_CZ5 LOGGING SYSTEM - ABSTRACT COMPONENTS Log files Journal Collector Data Warehouse (Cluster) Visualization Guests Containers Services Applications Tlog Syslog Host ... Host Load Balancer Logging System Monitoring Log files Journal Collector Guests Containers Services Applications Tlog Syslog
  • 6. @Pepe_CZ6 CURRENT OPENSHIFT LOGGING Elasticsearch (Cluster) Kibana ES service Logging Namespace Prometheus OpenShift Cluster pod pod project pod pod project openshift docker/cri OS Fluentd journald /var/log/containers/*.log Curator audit ES reencrypt route Fluentd browserManageIQ Kopf Mux (Fluentd)*
  • 7. @Pepe_CZ FLUENTD - COLLECTOR AND NORMALIZER RUBY BASED LOG AGENT ● Configuration - Apache like, ruby based ● Scalable, secure msgpack secure_forward ● Hundreds of plugins ● Easy to write ruby plugins ● Kubernetes metadata plugin ● OpenStack reference architecture ● Use rsyslog via RELP plugin <filter kubernetes.journal.container**> @type record_transformer enable_ruby <record> time ${Time.at((record["_SOURCE_REALTIME_ TIMESTAMP"] || record["__REALTIME_TIMESTAMP"]).to_f / 1000000.0).utc.to_datetime.rfc3339(6 )} ... 7
  • 8. @Pepe_CZ WIDELY USED, JAVA BASED SEARCH ENGINE ELASTICSEARCH - DATA WAREHOUSE ● Based on Apache Lucene ● Great for full text log searching ● Very good for TSD ● SearchGuard for security, authz ● Openshift Elasticsearch plugin ● OpenStack, oVirt reference architecture ● Curator for log trimming { "_id": "AVm4sS7SHNq31gLBPp4-", "_index": ".operations.2017.01.18", "_score": 1.0, "_source": { "@timestamp": "2017-01-17T21:45:41.000000-00:00", "Hostname": “os.rmeggins.test", "message": "Journal stopped", "systemd": { "t": { "PID": “109”, ... }, "_type": "com.redhat.viaq.common" 8
  • 9. @Pepe_CZ9 KIBANA - VISUALIZATION Node.js Based - Tightly Coupled with Elasticsearch
  • 10. @Pepe_CZ10 ARCHITECTURE - LOGGING DETAIL Elasticsearch (Cluster) ES service/externalIP Logging System - OpenShift Platform Fluentd OpenShift ES plugin SearchGuard plugin Kibana container Auth proxy container OpenShift OAuth OpenShift API K8s metadata User project and roles Browser Add token and userid headers Token and userid headers Kibana Pod
  • 11. @Pepe_CZ11 QUICKSTART - oc cluster up --logging ● Deploy OpenShift with oc cluster up ● Shutdown cluster ● Restart docker ● Bring cluster back up with existing configuration There is currently a bug that the pods cannot inter-network e.g. Fluentd cannot talk to Elasticsearch unless docker is restarted while the cluster is down. $ sudo oc cluster down $ sudo systemctl restart docker $ sudo oc cluster up --use-existing-config …
  • 12. @Pepe_CZ12 QUICKSTART - minishift start --logging ● Set up minishift [1] - use [1] https://github.com/MiniShift/minishift minishift start --logging
  • 13. @Pepe_CZ13 ViaQ - LOGGING THE HARD WAY ● Follow directions on GitHub ● Uses openshift-ansible to set up an all-in-one cluster ● Configures logging for external access - similar to how oVirt uses logging ● Extensible for more complex deployments
  • 14. @Pepe_CZ14 EXAMPLE ANSIBLE INVENTORY FILES ● deploy_cluster.yml playbook to deploy OpenShift and logging ● All-in-one inventory based on OpenShift Origin 3.7.1 # Make sure to set version and to install logging [OSEv3:vars] openshift_release=v3.7.1 openshift_logging_install_logging=true openshift_image_tag=v3.7.1 openshift_logging_es_allow_external=true
  • 15. @Pepe_CZ15 TROUBLESHOOTING ● logging-dump.sh - an “sosreport” for logging [1],[2] ○ Contains pod logs, config ○ Look at the pod log files for errors ○ Good for attaching to bug reports [1] https://github.com/openshift/origin-aggregated-logging/blob/master /hack/README-dump.md [2] https://github.com/openshift/origin-aggregated-logging/blob/master /hack/logging-dump.sh
  • 16. @Pepe_CZ16 TROUBLESHOOTING ● Query Elasticsearch from command line - es_util Where <query> could be something like Instead of project.* use .operations.* for system logs ● Get the list of indices oc get pods | grep logging-es # get the pod name espod=logging-es-..... oc exec -c elasticsearch $espod -- es_util --query “project.*/_search?sort=@timestamp:desc&q=<query>” | python -mjson.tool | more level:error oc exec -c elasticsearch $espod -- indices
  • 17. @Pepe_CZ17 USING WITH oVirt ● oVirt uses Collectd to gather metrics and monitoring data ● Collectd writes to Fluentd using http input ● Fluentd also gathers oVirt engine logs ● Fluentd sends data to external Elasticsearch endpoint ● Logging is configured with ovirt-metrics-engine and ovirt-logs-engine projects ● Links: https://www.ovirt.org/blog/2017/12/ovirt-metrics-store/ https://www.ovirt.org/develop/release-management/features/me trics/metrics-store/
  • 18. @Pepe_CZ18 USING WITH OpenStack ● OpenStack can be configured with a Fluentd client ● OpenStack uses secure_forward to send logs to mux ● Upstream documentation is here[1] ● Downstream documentation is here[2] [1]http://opstools-ansible.readthedocs.io/en/latest/tripleo_integration .html [2]https://access.redhat.com/documentation/en-us/red_hat_opensta ck_platform/10/html/advanced_overcloud_customization/sect-monito ring_tools_configuration
  • 19. @Pepe_CZ19 LOGGING CUSTOM APPLICATION DATA ● Have clear definition of fields in log messages ● Send logs to stdout ● Configure application to output single-line JSON BEST PRACTICES { "hostname":"myhost.test", "level":"info", "message":"Server listening on 0.0.0.0:8080", "time":"2018-01-24T17:35:10+01:00" }
  • 20. @Pepe_CZ20 LOGGING CUSTOM APPLICATION DATA ● Or even: BEST PRACTICES { "application": { "accounts": { "hostname":"myhost.test", "level":"info", "message":"Server listening on 0.0.0.0:8080", "time":"2018-01-24T17:35:10+01:00" } } }
  • 21. @Pepe_CZ21 LOGGING CUSTOM APPLICATION DATA These things are easy... BEST PRACTICES func initLogger() *log.Entry { log.SetFormatter(&log.JSONFormatter) log.SetOutput(os.Stdout) return log.WithFields(log.Fields{ "hostname": os.Getenv("HOSTNAME"), }) }
  • 22. @Pepe_CZ22 LOGGING CUSTOM APPLICATION DATA Log line: Becomes: JSON FORMATTED MESSAGE FIELD INFO[0000] 2018-01-24T17:35:10+01:00 message="{"level":"warn","message":"Function deprecated", "some_field":"some_value"}" { "level":"warn", "some_field":"some_value", "message":"Function deprecated", ... }
  • 23. @Pepe_CZ23 LOGGING CUSTOM APPLICATION DATA ● Plain text messages ○ ...the default for most loggers ○ Searching such logs becomes a real CSI crime scene investigation WORST PRACTICE { "level":"info", "message":"ERROR[0000] 2018-01-24T17:35:10+01:00 NullPointerException in ...", ... }
  • 25. @Pepe_CZ25 FUTURE DIRECTIONS ● Support CRI log format - not docker json-file compatible ● Fluentd does not scale well - look for alternatives: rsyslog, fluent-bit, Elastic Beats ● Fluentd RELP input - rsyslog to fluentd[1] ● More integration with Prometheus - fluentd metrics, other metrics ● Elasticsearch 5 (OpenShift 3.10), Elasticsearch 6 (OpenShift 3.11 or later) ● Grafana - display metrics and log data on same dashboard - aggregate from different sources ● Message Queue integration [1] https://github.com/ViaQ/fluent-plugin-relp
  • 26. @Pepe_CZ26 ARCHITECTURE USING QUEUE Log sources Collector Elasticsearch (Cluster) Kibana Host ... Host Mux - Normalizer Mux - Normalizer Logging SystemMessage Queue Separate topics for Raw and Normalized Log sources Collector Raw Raw Raw Raw “Big Data” Analysis Archival “Tailing” Monitoring Normalized
  • 28. @Pepe_CZ28 SOURCE CODE & MAILING LIST ● OpenShift Aggregated Logging ○ https://github.com/openshift/origin-aggregated-logging ○ #openshift-dev FreeNode IRC ● ViaQ ○ https://github.com/ViaQ ○ #viaq FreeNode IRC ● CentOS OpsTools SIG ○ https://wiki.centos.org/SpecialInterestGroup/OpsTools ○ #centos-devel FreeNode IRC ○ centos-devel mailing list