OpenShift Logging Concepts: Difference between revisions
Line 69: | Line 69: | ||
OPTIONS='... --log-opt max-size=10M --log-opt max-file=5 --log-level="warn"' | OPTIONS='... --log-opt max-size=10M --log-opt max-file=5 --log-level="warn"' | ||
This is explained here: https://docs.openshift.com/container-platform/latest/install_config/install/host_preparation.html#managing-docker-container-logs |
Revision as of 00:14, 7 February 2018
External
- https://docs.openshift.com/container-platform/latest/install_config/aggregate_logging.html
- https://docs.openshift.com/container-platform/latest/install_config/install/advanced_install.html#advanced-install-cluster-logging
- https://docs.openshift.com/container-platform/latest/install_config/aggregate_logging_sizing.html#install-config-aggregate-logging-sizing
Internal
Overview
OpenShift provides log aggregation with the EFK stack. fluentd is used to capture logs from nodes, pods and application and stored log data in ElasticSearch. Kibana offers a UI for ElasticSearch. fluentd, ElasticSearch and Kibana are deployed as OpenShift pods, on dedicated infrastructure nodes. Logging components communicate securely. They are usually part of the "logging" namespace. Application developers can view the logs for projects they have view access for. Cluster administrators can view all logs.
Logging support is not provided by default but it can be enabled during installation, by setting "openshift_hosted_logging_deploy=true" in the Ansible hosts file.
OpenShift Master and Node Processes Logging Level
Installation
The "logging" Project
For more about projects, see OpenShift Concepts - Projects.
Sizing
Operation Logs
The operations logs consist of /var/log/messages on nodes and the logs from the projects "default", "open shift", and "openshift-infra". OpenShift gives the option to manage the operation logs with a separated ElasticSearch/Kibana cluster. If openshift_logging_use_ops is set to "true" in the OpenShift Ansible inventory file, Fluentd splits logs between the main cluster and an operation logs cluster. A second Elasticsearch and Kibana are deployed. The deployments are distinguishable by the -ops suffix included in their names.
Ops Cluster
Components
Organizatorium
Logging - From Source to Human
Anything sent to stdout/stderr of a container is managed by Docker and placed in host filesystem files.
In OpenShift that goes to /var/lib/docker/containers/<container-id>/<container-id>-json.log
More details about this:
NOKB the log processing process, from a container generating the logs to oc logs.
Docker Container Logs
Docker containers use a json-file logging driver and store logs in /var/lib/docker/containers/<hash>/<hash>-json.log
Aggregated logging is only supported using the journald driver in Docker. More details in https://docs.openshift.com/container-platform/latest/install_config/aggregate_logging.html#fluentd-upgrade-source.
The size of the docker-managed logs is set in the Docker's sysconfig file:
OPTIONS='... --log-opt max-size=10M --log-opt max-file=5 --log-level="warn"'
This is explained here: https://docs.openshift.com/container-platform/latest/install_config/install/host_preparation.html#managing-docker-container-logs